fred-runtime 2.0.7__tar.gz → 2.0.10__tar.gz

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fred-runtime
-Version: 2.0.7
+Version: 2.0.10
 Summary: Runtime adapters and infrastructure wiring for Fred v2 agents.
 Author-email: Thales <noreply@thalesgroup.com>
 License: Apache-2.0
@@ -12,8 +12,9 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Operating System :: OS Independent
 Requires-Python: <3.13,>=3.12
 Description-Content-Type: text/markdown
-Requires-Dist: fred-core>=1.5.3
+Requires-Dist: fred-core>=2.0.5
 Requires-Dist: fred-sdk>=0.1.11
+Requires-Dist: alembic>=1.18.4
 Requires-Dist: deepagents>=0.4.11
 Requires-Dist: httpx>=0.28.1
 Requires-Dist: langchain-mcp-adapters>=0.2.1
@@ -30,7 +31,9 @@ Requires-Dist: bandit>=1.8.6; extra == "dev"
 Requires-Dist: basedpyright==1.31.0; extra == "dev"
 Requires-Dist: detect-secrets>=1.5.0; extra == "dev"
 Requires-Dist: pytest>=8.4.2; extra == "dev"
+Requires-Dist: pytest-asyncio>=1.2.0; extra == "dev"
 Requires-Dist: pytest-cov>=6.2.1; extra == "dev"
+Requires-Dist: pytest-socket>=0.7.0; extra == "dev"
 Requires-Dist: ruff>=0.12.5; extra == "dev"
 
 # fred-runtime

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/app/agent_app.py

@@ -814,6 +814,7 @@ class _AgentTemplateSummary(BaseModel):
     template_agent_id: str
     title: str
     description: str
+    description_by_lang: dict[str, str] | None = None
     kind: ExecutionCategory
     default_tuning: AgentTuning
     available_mcp_servers: list[MCPServerConfiguration] = Field(default_factory=list)
@@ -2060,6 +2061,7 @@ def _build_agent_router(
                 template_agent_id=definition.agent_id,
                 title=definition.role,
                 description=definition.description,
+                description_by_lang=getattr(definition, "description_by_lang", None),
                 kind=definition.execution_category,
                 default_tuning=_definition_to_agent_tuning(definition),
                 available_mcp_servers=_available_mcp_servers_for_definition(definition),
@@ -2101,22 +2103,20 @@ def _build_agent_router(
             ]
         )
 
-    @router.get("/sessions", dependencies=_auth_deps)
-    async def list_sessions(user_id: str) -> list[str]:
+    @router.get("/sessions")
+    async def list_sessions(
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+        user_id: str | None = None,
+    ) -> list[str]:
         """
-        Return the session IDs for a user, most recent first.
+        Return the session IDs for the authenticated user, most recent first.
 
-        GET <configured base_url>/agents/sessions?user_id=<user_id>
-        Authorization: Bearer <user JWT> (same auth as execute endpoints)
-        Response: JSON array of session_id strings
-
-        Why this endpoint exists:
-        - the UI needs to list past conversations for a returning user
-        - the checkpointer has no user_id index; only the history store does
+        GET <configured base_url>/agents/sessions
+        Authorization: Bearer <user JWT>
 
-        How to use it:
-        - GET /agents/sessions?user_id=alice
-        - returns ["session-3", "session-1", ...]  most recent first
+        Security: user identity is always extracted from the JWT token.
+        The user_id query parameter is accepted only in dev mode (security
+        disabled) for CLI convenience; it is ignored when security is enabled.
         """
         history_store = get_runtime_context().config.history_store
         if history_store is None:
@@ -2124,29 +2124,30 @@ def _build_agent_router(
                 status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
                 detail="No history store configured — session listing is unavailable.",
             )
-        return await history_store.list_sessions(user_id=user_id)
+        effective_uid = caller.uid if caller is not None else user_id
+        if effective_uid is None:
+            return []
+        return await history_store.list_sessions(user_id=effective_uid)
 
     @router.get(
         "/sessions/{session_id}/messages",
-        dependencies=_auth_deps,
         response_model=list[ChatMessage],
     )
-    async def get_session_messages(session_id: str) -> list[ChatMessage]:
+    async def get_session_messages(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> list[ChatMessage]:
         """
         Return the conversation history for a session as a flat message list.
 
         GET <configured base_url>/agents/sessions/{session_id}/messages
-        Authorization: Bearer <user JWT> (same auth as execute endpoints)
-        Response: JSON array of ChatMessage objects (role/channel/parts/metadata).
+        Authorization: Bearer <user JWT>
 
-        Why the history store is the source of truth:
-        - the history store writes one row per message, keyed by (session_id, rank)
-        - it is agent-type-agnostic and works for both ReAct and Graph agents
-        - the checkpointer (former source) only works for agents with a ``messages``
-          channel in state and is not queryable per user_id
+        Security: only rows belonging to the authenticated user are returned.
+        Returns [] when the session does not exist or belongs to another user —
+        callers cannot distinguish the two cases by design.
 
         Returns 503 when no history store is configured (stateless pod mode).
-        Returns [] when the session exists but has no rows yet.
         """
         history_store = get_runtime_context().config.history_store
         if history_store is None:
@@ -2154,27 +2155,29 @@ def _build_agent_router(
                 status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
                 detail="No history store configured — session history is unavailable.",
             )
-        return await history_store.get(session_id=session_id)
+        caller_uid = caller.uid if caller is not None else None
+        return await history_store.get(session_id=session_id, user_id=caller_uid)
 
     @router.delete(
         "/sessions/{session_id}",
-        dependencies=_auth_deps,
         status_code=status.HTTP_200_OK,
     )
-    async def delete_session_history(session_id: str) -> dict[str, int]:
+    async def delete_session_history(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> dict[str, int]:
         """
-        Permanently delete all history rows for a session.
+        Permanently delete history rows for a session.
 
         DELETE <base_url>/agents/sessions/{session_id}
 
-        Why this endpoint exists:
-        - developers need to clean up test sessions from the CLI without
-          restarting the pod or connecting to the database directly
-        - devops need to reclaim storage from stale or abandoned conversations
-        - checkpoint state is NOT touched; delete the checkpoint separately
-          via DELETE /agents/checkpoints/{session_id} if required
+        Security: only rows belonging to the authenticated user are deleted.
+        Returns {"deleted": 0} when the session does not exist or belongs to
+        another user — callers cannot distinguish the two cases by design.
+
+        Checkpoint state is NOT touched; delete separately via
+        DELETE /agents/checkpoints/{session_id} if required.
 
-        Returns {"deleted": N} where N is the number of rows removed.
         Returns 503 when no history store is configured.
         """
         history_store = get_runtime_context().config.history_store
@@ -2183,7 +2186,10 @@ def _build_agent_router(
                 status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
                 detail="No history store configured — session history is unavailable.",
             )
-        count = await history_store.delete_session(session_id=session_id)
+        caller_uid = caller.uid if caller is not None else None
+        count = await history_store.delete_session(
+            session_id=session_id, user_id=caller_uid
+        )
         return {"deleted": count}
 
     # ------------------------------------------------------------------
@@ -2199,8 +2205,36 @@ def _build_agent_router(
             )
         return cp
 
-    @router.get("/checkpoints", dependencies=_auth_deps)
+    def _get_history_store_for_owned_access(
+        caller: KeycloakUser | None,
+    ) -> HistoryStorePort | None:
+        """Return the history store used as ownership oracle, failing closed.
+
+        Why this helper exists:
+        - checkpoint tables do not carry user_id, so ownership checks depend on
+          the history store
+        - when security is enabled, proceeding without that oracle would leak
+          checkpoint visibility across users
+
+        How to use it:
+        - call from checkpoint endpoints before listing or mutating per-session
+          checkpoint data
+        """
+        if caller is None:
+            return None
+        history_store = get_runtime_context().config.history_store
+        if history_store is None:
+            raise HTTPException(
+                status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+                detail=(
+                    "No history store configured — ownership checks are unavailable."
+                ),
+            )
+        return history_store
+
+    @router.get("/checkpoints")
     async def list_checkpoint_threads(
+        caller: KeycloakUser | None = Depends(_authenticated_user),
         limit: int = 100,
     ) -> list[_CheckpointThreadSummary]:
         """
@@ -2271,6 +2305,15 @@ def _build_agent_router(
                 .limit(limit)
             )
             rows = (await conn.execute(stmt)).fetchall()
+
+        # Scope to the caller's own sessions using the history store as the
+        # ownership oracle (checkpoint tables carry no user_id column).
+        caller_uid = caller.uid if caller is not None else None
+        history_store = _get_history_store_for_owned_access(caller)
+        if caller_uid is not None and history_store is not None:
+            owned = set(await history_store.list_sessions(user_id=caller_uid))
+            rows = [r for r in rows if str(r.thread_id) in owned]
+
         return [
             _CheckpointThreadSummary(
                 session_id=str(row.thread_id),
@@ -2338,8 +2381,11 @@ def _build_agent_router(
             blob_bytes_approx=int(blob_bytes),
         )
 
-    @router.get("/checkpoints/{session_id}", dependencies=_auth_deps)
-    async def get_checkpoint_thread(session_id: str) -> _CheckpointThreadDetail:
+    @router.get("/checkpoints/{session_id}")
+    async def get_checkpoint_thread(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> _CheckpointThreadDetail:
         """
         Return all checkpoints for one session, newest first.
 
@@ -2360,7 +2406,20 @@ def _build_agent_router(
 
         Returns 503 when no checkpointer is configured.
         Returns an empty checkpoints list when the session has no rows.
+        Returns 403 when the session does not belong to the authenticated user.
         """
+        caller_uid = caller.uid if caller is not None else None
+        history_store = _get_history_store_for_owned_access(caller)
+        if (
+            caller_uid is not None
+            and history_store is not None
+            and not await history_store.session_belongs_to_user(session_id, caller_uid)
+        ):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Access denied.",
+            )
+
         from sqlalchemy import desc, func, select
 
         cp = _get_checkpointer()
@@ -2429,25 +2488,38 @@ def _build_agent_router(
 
     @router.delete(
         "/checkpoints/{session_id}",
-        dependencies=_auth_deps,
         status_code=status.HTTP_204_NO_CONTENT,
         response_model=None,
     )
-    async def delete_checkpoint_thread(session_id: str) -> None:
+    async def delete_checkpoint_thread(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> None:
         """
         Purge all checkpoint data for one session.
 
         DELETE <base_url>/agents/checkpoints/{session_id}
 
-        Deletes all rows in the checkpoints, blobs, and writes tables for the
-        given session_id.  This is irreversible — the agent will lose the ability
-        to resume from any prior HITL pause or conversation state for this session.
+        Security: the session must belong to the authenticated user.
+        Returns 403 when ownership cannot be confirmed via the history store.
 
-        History store rows (session_history) are NOT deleted — only checkpoint
-        state is purged.  Use this to reclaim storage from stale or test sessions.
+        Deletes all rows in the checkpoints, blobs, and writes tables.
+        History store rows are NOT deleted — use DELETE /sessions/{session_id}
+        to remove those separately.
 
-        Returns 204 on success, 503 when no checkpointer is configured.
+        Returns 204 on success, 403 when not owned, 503 when no checkpointer.
         """
+        caller_uid = caller.uid if caller is not None else None
+        history_store = _get_history_store_for_owned_access(caller)
+        if (
+            caller_uid is not None
+            and history_store is not None
+            and not await history_store.session_belongs_to_user(session_id, caller_uid)
+        ):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Access denied.",
+            )
         cp = _get_checkpointer()
         await cp.adelete_thread(session_id)
 
@@ -2850,6 +2922,12 @@ def create_agent_app(
         await container.initialize_sql()
         container.start_metrics_exporter()
         await container.start_kpi_tasks()
+        checkpointer = container.get_checkpointer()
+        history_store = container.get_history_store()
+        if (checkpointer is None) != (history_store is None):
+            raise RuntimeError(
+                "Invalid runtime storage state: checkpointer and history store must be configured together."
+            )
         set_runtime_context(
             FredRuntimeContext(
                 RuntimeConfig(
@@ -2857,8 +2935,8 @@ def create_agent_app(
                     service_name=config.app.name,
                     timeouts=config.ai.timeout,
                     chat_model_factory=chat_factory,
-                    checkpointer=container.get_checkpointer(),
-                    history_store=container.get_history_store(),
+                    checkpointer=checkpointer,
+                    history_store=history_store,
                     mcp_configuration=config.get_mcp_configuration(),
                     control_plane_url=config.platform.control_plane_url,
                     kpi_writer=container.get_kpi_writer(),

fred_runtime-2.0.10/fred_runtime/app/container.py

@@ -0,0 +1,27 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Pod container factory — single composition-root entry point."""
+
+from __future__ import annotations
+
+from fred_runtime.app.config import AgentPodConfig
+from fred_runtime.app.context import PodApplicationContext
+
+PodContainer = PodApplicationContext
+
+
+def build_pod_container(configuration: AgentPodConfig) -> PodContainer:
+    """Create a fresh PodApplicationContext with no side effects."""
+    return PodApplicationContext(configuration)

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/app/context.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 """PodApplicationContext — single composition root for a fred-runtime agent pod."""
 
 from __future__ import annotations

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/app/dependencies.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 """FastAPI dependency helpers for pod container injection."""
 
 from __future__ import annotations

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/app/mcp_config.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 """Typed representation of the mcp_catalog.yaml loaded by an agent pod."""
 
 from __future__ import annotations

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/__init__.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from .completion import completion_candidates
 from .entrypoint import build_parser, main
 from .history_display import (

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/completion.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 from collections.abc import Sequence

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/entrypoint.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import argparse

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/history_display.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import json

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/kpi_display.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import re

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/pod_client.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import json

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/repl.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import getpass

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/repl_helpers.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import uuid

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/cli/url_helpers.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from __future__ import annotations
 
 import os

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/client.py

@@ -1,3 +1,17 @@
+# Copyright Thales 2026
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 """
 Compatibility shim — all implementation has moved to fred_runtime.cli.*
 

{fred_runtime-2.0.7 → fred_runtime-2.0.10}/fred_runtime/common/context_aware_tool.py

@@ -6,6 +6,7 @@ from typing import Any, Callable, Optional
 
 import httpx  # ← we log/inspect HTTP errors coming from MCP adapters
 from fred_core.common import OwnerFilter
+from fred_core.common.team_id import is_personal_team_id
 from fred_core.kpi.kpi_writer_structures import KPIActor
 from fred_sdk.support.mcp_utils import normalize_mcp_content
 from langchain_core.tools import BaseTool
@@ -20,6 +21,7 @@ from fred_runtime.runtime_context import get_runtime_context
 from fred_runtime.runtime_support import (
     RuntimeContextProvider,
     get_document_library_tags_ids,
+    get_document_uids,
     get_vector_search_scopes,
 )
 
@@ -170,6 +172,15 @@ class ContextAwareTool(BaseTool):
                 library_ids,
             )
 
+        document_uids = get_document_uids(context)
+        if document_uids and "document_uids" in tool_properties:
+            kwargs["document_uids"] = document_uids
+            logger.info(
+                "ContextAwareTool(%s) injecting document filter: %s",
+                self.name,
+                document_uids,
+            )
+
         session_id = context.session_id
         if (
             session_id
@@ -183,19 +194,24 @@ class ContextAwareTool(BaseTool):
                 session_id,
             )
 
-        # Force team_id depending on agent settings
-        if "team_id" in tool_properties and settings.team_id:
-            kwargs["team_id"] = settings.team_id
+        # Force team_id depending on agent settings.
+        # Personal-space IDs ("personal-<uuid>") are not real ReBAC teams;
+        # don't forward them to tools that look up team membership.
+        effective_team_id = (
+            settings.team_id if not is_personal_team_id(settings.team_id) else None
+        )
+        if "team_id" in tool_properties and effective_team_id:
+            kwargs["team_id"] = effective_team_id
             logger.info(
                 "ContextAwareTool(%s) injecting team_id: %s",
                 self.name,
-                settings.team_id,
+                effective_team_id,
             )
 
         # Force owner_filter depending on agent settings
         if "owner_filter" in tool_properties:
             owner_filter = (
-                OwnerFilter.TEAM if settings.team_id else OwnerFilter.PERSONAL
+                OwnerFilter.TEAM if effective_team_id else OwnerFilter.PERSONAL
             )
             kwargs["owner_filter"] = owner_filter.value
             logger.info(