fred-runtime 2.0.7__tar.gz → 2.0.8__tar.gz

{fred_runtime-2.0.7 → fred_runtime-2.0.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fred-runtime
-Version: 2.0.7
+Version: 2.0.8
 Summary: Runtime adapters and infrastructure wiring for Fred v2 agents.
 Author-email: Thales <noreply@thalesgroup.com>
 License: Apache-2.0

{fred_runtime-2.0.7 → fred_runtime-2.0.8}/fred_runtime/app/agent_app.py

@@ -814,6 +814,7 @@ class _AgentTemplateSummary(BaseModel):
     template_agent_id: str
     title: str
     description: str
+    description_by_lang: dict[str, str] | None = None
     kind: ExecutionCategory
     default_tuning: AgentTuning
     available_mcp_servers: list[MCPServerConfiguration] = Field(default_factory=list)
@@ -2060,6 +2061,7 @@ def _build_agent_router(
                 template_agent_id=definition.agent_id,
                 title=definition.role,
                 description=definition.description,
+                description_by_lang=getattr(definition, "description_by_lang", None),
                 kind=definition.execution_category,
                 default_tuning=_definition_to_agent_tuning(definition),
                 available_mcp_servers=_available_mcp_servers_for_definition(definition),
@@ -2101,22 +2103,20 @@ def _build_agent_router(
             ]
         )
 
-    @router.get("/sessions", dependencies=_auth_deps)
-    async def list_sessions(user_id: str) -> list[str]:
+    @router.get("/sessions")
+    async def list_sessions(
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+        user_id: str | None = None,
+    ) -> list[str]:
         """
-        Return the session IDs for a user, most recent first.
+        Return the session IDs for the authenticated user, most recent first.
 
-        GET <configured base_url>/agents/sessions?user_id=<user_id>
-        Authorization: Bearer <user JWT> (same auth as execute endpoints)
-        Response: JSON array of session_id strings
-
-        Why this endpoint exists:
-        - the UI needs to list past conversations for a returning user
-        - the checkpointer has no user_id index; only the history store does
+        GET <configured base_url>/agents/sessions
+        Authorization: Bearer <user JWT>
 
-        How to use it:
-        - GET /agents/sessions?user_id=alice
-        - returns ["session-3", "session-1", ...]  most recent first
+        Security: user identity is always extracted from the JWT token.
+        The user_id query parameter is accepted only in dev mode (security
+        disabled) for CLI convenience; it is ignored when security is enabled.
         """
         history_store = get_runtime_context().config.history_store
         if history_store is None:
@@ -2124,29 +2124,30 @@ def _build_agent_router(
                 status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
                 detail="No history store configured — session listing is unavailable.",
             )
-        return await history_store.list_sessions(user_id=user_id)
+        effective_uid = caller.uid if caller is not None else user_id
+        if effective_uid is None:
+            return []
+        return await history_store.list_sessions(user_id=effective_uid)
 
     @router.get(
         "/sessions/{session_id}/messages",
-        dependencies=_auth_deps,
         response_model=list[ChatMessage],
     )
-    async def get_session_messages(session_id: str) -> list[ChatMessage]:
+    async def get_session_messages(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> list[ChatMessage]:
         """
         Return the conversation history for a session as a flat message list.
 
         GET <configured base_url>/agents/sessions/{session_id}/messages
-        Authorization: Bearer <user JWT> (same auth as execute endpoints)
-        Response: JSON array of ChatMessage objects (role/channel/parts/metadata).
+        Authorization: Bearer <user JWT>
 
-        Why the history store is the source of truth:
-        - the history store writes one row per message, keyed by (session_id, rank)
-        - it is agent-type-agnostic and works for both ReAct and Graph agents
-        - the checkpointer (former source) only works for agents with a ``messages``
-          channel in state and is not queryable per user_id
+        Security: only rows belonging to the authenticated user are returned.
+        Returns [] when the session does not exist or belongs to another user —
+        callers cannot distinguish the two cases by design.
 
         Returns 503 when no history store is configured (stateless pod mode).
-        Returns [] when the session exists but has no rows yet.
         """
         history_store = get_runtime_context().config.history_store
         if history_store is None:
@@ -2154,27 +2155,29 @@ def _build_agent_router(
                 status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
                 detail="No history store configured — session history is unavailable.",
             )
-        return await history_store.get(session_id=session_id)
+        caller_uid = caller.uid if caller is not None else None
+        return await history_store.get(session_id=session_id, user_id=caller_uid)
 
     @router.delete(
         "/sessions/{session_id}",
-        dependencies=_auth_deps,
         status_code=status.HTTP_200_OK,
     )
-    async def delete_session_history(session_id: str) -> dict[str, int]:
+    async def delete_session_history(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> dict[str, int]:
         """
-        Permanently delete all history rows for a session.
+        Permanently delete history rows for a session.
 
         DELETE <base_url>/agents/sessions/{session_id}
 
-        Why this endpoint exists:
-        - developers need to clean up test sessions from the CLI without
-          restarting the pod or connecting to the database directly
-        - devops need to reclaim storage from stale or abandoned conversations
-        - checkpoint state is NOT touched; delete the checkpoint separately
-          via DELETE /agents/checkpoints/{session_id} if required
+        Security: only rows belonging to the authenticated user are deleted.
+        Returns {"deleted": 0} when the session does not exist or belongs to
+        another user — callers cannot distinguish the two cases by design.
+
+        Checkpoint state is NOT touched; delete separately via
+        DELETE /agents/checkpoints/{session_id} if required.
 
-        Returns {"deleted": N} where N is the number of rows removed.
         Returns 503 when no history store is configured.
         """
         history_store = get_runtime_context().config.history_store
@@ -2183,7 +2186,10 @@ def _build_agent_router(
                 status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
                 detail="No history store configured — session history is unavailable.",
             )
-        count = await history_store.delete_session(session_id=session_id)
+        caller_uid = caller.uid if caller is not None else None
+        count = await history_store.delete_session(
+            session_id=session_id, user_id=caller_uid
+        )
         return {"deleted": count}
 
     # ------------------------------------------------------------------
@@ -2199,8 +2205,36 @@ def _build_agent_router(
             )
         return cp
 
-    @router.get("/checkpoints", dependencies=_auth_deps)
+    def _get_history_store_for_owned_access(
+        caller: KeycloakUser | None,
+    ) -> HistoryStorePort | None:
+        """Return the history store used as ownership oracle, failing closed.
+
+        Why this helper exists:
+        - checkpoint tables do not carry user_id, so ownership checks depend on
+          the history store
+        - when security is enabled, proceeding without that oracle would leak
+          checkpoint visibility across users
+
+        How to use it:
+        - call from checkpoint endpoints before listing or mutating per-session
+          checkpoint data
+        """
+        if caller is None:
+            return None
+        history_store = get_runtime_context().config.history_store
+        if history_store is None:
+            raise HTTPException(
+                status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+                detail=(
+                    "No history store configured — ownership checks are unavailable."
+                ),
+            )
+        return history_store
+
+    @router.get("/checkpoints")
     async def list_checkpoint_threads(
+        caller: KeycloakUser | None = Depends(_authenticated_user),
         limit: int = 100,
     ) -> list[_CheckpointThreadSummary]:
         """
@@ -2271,6 +2305,15 @@ def _build_agent_router(
                 .limit(limit)
             )
             rows = (await conn.execute(stmt)).fetchall()
+
+        # Scope to the caller's own sessions using the history store as the
+        # ownership oracle (checkpoint tables carry no user_id column).
+        caller_uid = caller.uid if caller is not None else None
+        history_store = _get_history_store_for_owned_access(caller)
+        if caller_uid is not None and history_store is not None:
+            owned = set(await history_store.list_sessions(user_id=caller_uid))
+            rows = [r for r in rows if str(r.thread_id) in owned]
+
         return [
             _CheckpointThreadSummary(
                 session_id=str(row.thread_id),
@@ -2338,8 +2381,11 @@ def _build_agent_router(
             blob_bytes_approx=int(blob_bytes),
         )
 
-    @router.get("/checkpoints/{session_id}", dependencies=_auth_deps)
-    async def get_checkpoint_thread(session_id: str) -> _CheckpointThreadDetail:
+    @router.get("/checkpoints/{session_id}")
+    async def get_checkpoint_thread(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> _CheckpointThreadDetail:
         """
         Return all checkpoints for one session, newest first.
 
@@ -2360,7 +2406,20 @@ def _build_agent_router(
 
         Returns 503 when no checkpointer is configured.
         Returns an empty checkpoints list when the session has no rows.
+        Returns 403 when the session does not belong to the authenticated user.
         """
+        caller_uid = caller.uid if caller is not None else None
+        history_store = _get_history_store_for_owned_access(caller)
+        if (
+            caller_uid is not None
+            and history_store is not None
+            and not await history_store.session_belongs_to_user(session_id, caller_uid)
+        ):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Access denied.",
+            )
+
         from sqlalchemy import desc, func, select
 
         cp = _get_checkpointer()
@@ -2429,25 +2488,38 @@ def _build_agent_router(
 
     @router.delete(
         "/checkpoints/{session_id}",
-        dependencies=_auth_deps,
         status_code=status.HTTP_204_NO_CONTENT,
         response_model=None,
     )
-    async def delete_checkpoint_thread(session_id: str) -> None:
+    async def delete_checkpoint_thread(
+        session_id: str,
+        caller: KeycloakUser | None = Depends(_authenticated_user),
+    ) -> None:
         """
         Purge all checkpoint data for one session.
 
         DELETE <base_url>/agents/checkpoints/{session_id}
 
-        Deletes all rows in the checkpoints, blobs, and writes tables for the
-        given session_id.  This is irreversible — the agent will lose the ability
-        to resume from any prior HITL pause or conversation state for this session.
+        Security: the session must belong to the authenticated user.
+        Returns 403 when ownership cannot be confirmed via the history store.
 
-        History store rows (session_history) are NOT deleted — only checkpoint
-        state is purged.  Use this to reclaim storage from stale or test sessions.
+        Deletes all rows in the checkpoints, blobs, and writes tables.
+        History store rows are NOT deleted — use DELETE /sessions/{session_id}
+        to remove those separately.
 
-        Returns 204 on success, 503 when no checkpointer is configured.
+        Returns 204 on success, 403 when not owned, 503 when no checkpointer.
         """
+        caller_uid = caller.uid if caller is not None else None
+        history_store = _get_history_store_for_owned_access(caller)
+        if (
+            caller_uid is not None
+            and history_store is not None
+            and not await history_store.session_belongs_to_user(session_id, caller_uid)
+        ):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Access denied.",
+            )
         cp = _get_checkpointer()
         await cp.adelete_thread(session_id)
 
@@ -2850,6 +2922,12 @@ def create_agent_app(
         await container.initialize_sql()
         container.start_metrics_exporter()
         await container.start_kpi_tasks()
+        checkpointer = container.get_checkpointer()
+        history_store = container.get_history_store()
+        if (checkpointer is None) != (history_store is None):
+            raise RuntimeError(
+                "Invalid runtime storage state: checkpointer and history store must be configured together."
+            )
         set_runtime_context(
             FredRuntimeContext(
                 RuntimeConfig(
@@ -2857,8 +2935,8 @@ def create_agent_app(
                     service_name=config.app.name,
                     timeouts=config.ai.timeout,
                     chat_model_factory=chat_factory,
-                    checkpointer=container.get_checkpointer(),
-                    history_store=container.get_history_store(),
+                    checkpointer=checkpointer,
+                    history_store=history_store,
                     mcp_configuration=config.get_mcp_configuration(),
                     control_plane_url=config.platform.control_plane_url,
                     kpi_writer=container.get_kpi_writer(),

{fred_runtime-2.0.7 → fred_runtime-2.0.8}/fred_runtime.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fred-runtime
-Version: 2.0.7
+Version: 2.0.8
 Summary: Runtime adapters and infrastructure wiring for Fred v2 agents.
 Author-email: Thales <noreply@thalesgroup.com>
 License: Apache-2.0

{fred_runtime-2.0.7 → fred_runtime-2.0.8}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "fred-runtime"
-version = "2.0.7"
+version = "2.0.8"
 description = "Runtime adapters and infrastructure wiring for Fred v2 agents."
 readme = "README.md"
 requires-python = ">=3.12,<3.13"

{fred_runtime-2.0.7 → fred_runtime-2.0.8}/tests/test_history.py

@@ -331,7 +331,13 @@ def test_postgres_history_store_satisfies_history_store_port() -> None:
     """
     from fred_core.history.postgres_history_store import PostgresHistoryStore
 
-    required = {"save", "get", "list_sessions", "delete_session"}
+    required = {
+        "save",
+        "get",
+        "list_sessions",
+        "delete_session",
+        "session_belongs_to_user",
+    }
 
     # Implementation must have all required methods.
     impl_attrs = set(dir(PostgresHistoryStore))
@@ -423,4 +429,127 @@ def test_get_session_messages_returns_empty_list_for_unknown_session(
 
     assert response.status_code == 200
     assert response.json() == []
-    mock_store.get.assert_awaited_once_with(session_id="session-new")
+    # In dev mode (security disabled) caller_uid is None — user_id=None is passed
+    # so the store returns all rows for the session (no ownership filter applied).
+    mock_store.get.assert_awaited_once_with(session_id="session-new", user_id=None)
+
+
+# ---------------------------------------------------------------------------
+# Test 5 — Session endpoint user isolation (security behaviour)
+# ---------------------------------------------------------------------------
+
+
+def _make_app_with_user(monkeypatch, tmp_path, user_uid: str):
+    """
+    Build a test app where _authenticated_user is overridden to return a fixed
+    KeycloakUser.  Used to verify ownership enforcement without real Keycloak.
+    """
+    from fred_core.security.structure import KeycloakUser
+
+    fake_user = KeycloakUser(uid=user_uid, username=user_uid, roles=[])
+
+    # Patch _make_user_dependency before create_routes() runs so the closure
+    # produced by create_agent_app picks up our fake-user factory.
+    monkeypatch.setattr(
+        agent_app_module,
+        "_make_user_dependency",
+        lambda _fn, _enabled: lambda: fake_user,
+    )
+    return _make_app(monkeypatch, tmp_path), fake_user
+
+
+def test_list_sessions_uses_jwt_uid_not_query_param(monkeypatch, tmp_path) -> None:
+    """
+    GET /agents/sessions must use the JWT-extracted uid, ignoring any user_id
+    query parameter supplied by the caller.
+
+    Why this test exists:
+    - the old implementation accepted user_id as a caller-supplied query param,
+      allowing any authenticated user to list another user's sessions
+    - after the fix, the JWT uid is always used when security is enabled
+    - this test verifies that a user_id query param is silently ignored when the
+      caller is authenticated
+
+    How to use it:
+    - offline: _make_user_dependency is monkeypatched to inject a fixed user
+    """
+    app, fake_user = _make_app_with_user(monkeypatch, tmp_path, "alice-uid")
+
+    mock_store = AsyncMock()
+    mock_store.list_sessions = AsyncMock(return_value=["s-alice-1", "s-alice-2"])
+    mock_ctx = RuntimeContext(
+        RuntimeConfig(
+            knowledge_flow_url="http://localhost:8111/knowledge-flow/v1",
+            history_store=mock_store,
+        )
+    )
+
+    with TestClient(app) as client:
+        monkeypatch.setattr(agent_app_module, "get_runtime_context", lambda: mock_ctx)
+        # Pass a different user_id in the query string — must be ignored.
+        response = client.get("/pod/v1/agents/sessions?user_id=liam-uid")
+
+    assert response.status_code == 200
+    # Store must have been called with alice's uid, not liam's.
+    mock_store.list_sessions.assert_awaited_once_with(user_id="alice-uid")
+
+
+def test_get_session_messages_passes_caller_uid_to_store(monkeypatch, tmp_path) -> None:
+    """
+    GET /sessions/{id}/messages must pass the JWT uid as user_id to the history
+    store so only the caller's rows are returned.
+
+    Why this test exists:
+    - verifies that cross-user message history access is blocked at the store call
+      level — a user cannot read another user's conversation by knowing a session_id
+    """
+    app, fake_user = _make_app_with_user(monkeypatch, tmp_path, "alice-uid")
+
+    mock_store = AsyncMock()
+    mock_store.get = AsyncMock(return_value=[])
+    mock_ctx = RuntimeContext(
+        RuntimeConfig(
+            knowledge_flow_url="http://localhost:8111/knowledge-flow/v1",
+            history_store=mock_store,
+        )
+    )
+
+    with TestClient(app) as client:
+        monkeypatch.setattr(agent_app_module, "get_runtime_context", lambda: mock_ctx)
+        response = client.get("/pod/v1/agents/sessions/session-liam/messages")
+
+    assert response.status_code == 200
+    mock_store.get.assert_awaited_once_with(
+        session_id="session-liam", user_id="alice-uid"
+    )
+
+
+def test_delete_session_passes_caller_uid_to_store(monkeypatch, tmp_path) -> None:
+    """
+    DELETE /sessions/{id} must pass the JWT uid as user_id so only the caller's
+    rows are deleted — prevents one user from deleting another user's history.
+
+    Why this test exists:
+    - delete without user scoping is an irreversible cross-user data destruction
+      vector; this verifies the ownership filter is applied at the store layer
+    """
+    app, fake_user = _make_app_with_user(monkeypatch, tmp_path, "alice-uid")
+
+    mock_store = AsyncMock()
+    mock_store.delete_session = AsyncMock(return_value=3)
+    mock_ctx = RuntimeContext(
+        RuntimeConfig(
+            knowledge_flow_url="http://localhost:8111/knowledge-flow/v1",
+            history_store=mock_store,
+        )
+    )
+
+    with TestClient(app) as client:
+        monkeypatch.setattr(agent_app_module, "get_runtime_context", lambda: mock_ctx)
+        response = client.delete("/pod/v1/agents/sessions/session-liam")
+
+    assert response.status_code == 200
+    assert response.json() == {"deleted": 3}
+    mock_store.delete_session.assert_awaited_once_with(
+        session_id="session-liam", user_id="alice-uid"
+    )