Skip to main content

RequestValidator

ai_memory::validate

Struct RequestValidator 

Source 
pub struct RequestValidator;
Expand description

Shared validation facade routed through by HTTP handlers, MCP tools, and CLI subcommands (issue #966, Wave-2 Tier-C1).

Each method bundles the field-level + cross-field checks for a single request shape. Behavior is identical to chaining the per-field free functions in the order they appear inside the method body — RequestValidator is the canonical surface for adding NEW cross-field rules without forcing every caller to re-audit its inline validator sequence.

§NSA CSI MCP Security mapping

Primary defense against NSA concern (i) Tool parameter injection (real-world issue) and implementation of NSA recommendation (c) Validate parameters per the NSA Cybersecurity Information document on MCP security (U/OO/6030316-26 | PP-26-1834, May 2026, Version 1.0). Every wire-entry layer — HTTP routes (EXPECTED_PRODUCTION_ROUTES_COUNT=89 in src/lib.rs), MCP tools (Profile::full().expected_tool_count()=74 per src/profile.rs), CLI subcommands (EXPECTED_CLI_SUBCOMMANDS_DEFAULT=80 / _SAL=82 in src/lib.rs) — routes DTO-bundling validation through RequestValidator so adding a new cross-field invariant is one struct-method edit rather than 3+ audited per-surface edits. The typed ValidationError { field, reason } carries explicit field attribution while preserving byte-equal wire-side error messages for v0.6.x backwards compatibility. Mapping anchor: request_validator_input_validation in docs/compliance/_inventory/v0.7.0-capabilities.json; narrative in docs/compliance/nsa-csi-mcp.html §3.9 (concern i) and §4.3 (recommendation c).

§Example

use crate::validate::RequestValidator;

// Inside an HTTP handler:
RequestValidator::validate_create(&body)?;

// Inside an MCP tool:
RequestValidator::validate_link_triple(&source_id, &target_id, &relation)
    .map_err(|e| e.to_string())?;

Implementations§

Source§

impl RequestValidator

Source

pub fn validate_create(req: &CreateMemory) -> Result<(), ValidationError>

Full CreateMemory request validation (HTTP POST /api/v1/memories, MCP memory_store, CLI store). Delegates to the free-function validate_create to preserve the existing field order and error wording.

§Errors

Returns the first per-field failure as a ValidationError.

Source

pub fn validate_update(req: &UpdateMemory) -> Result<(), ValidationError>

Full UpdateMemory request validation (HTTP PUT /api/v1/memories/{id}, MCP memory_update, CLI update). Validates only the fields that are Some(_) per the UpdateMemory partial-update contract.

§Errors

Returns the first per-field failure as a ValidationError.

Source

pub fn validate_memory(req: &Memory) -> Result<(), ValidationError>

Full Memory validation (import / federation receive / admin restore paths). Validates every required field on the row itself — stricter than validate_create because the import row carries timestamps, IDs, etc. that the create surface stamps server-side.

§Errors

Returns the first per-field failure as a ValidationError.

Link creation triple validation. Matches the legacy validate_link free function exactly.

§Errors

Returns the first per-field failure as a ValidationError.

Source

pub fn validate_consolidate( ids: &[String], title: &str, summary: &str, namespace: &str, ) -> Result<(), ValidationError>

Memory-consolidation request validation. Mirrors validate_consolidate exactly.

§Errors

Returns the first per-field failure as a ValidationError.

Source

pub fn validate_id(id: &str) -> Result<(), ValidationError>

Single-field id validation, surfaced through the facade for consistency with the other entry points. Used by GET/DELETE handlers that don’t have a richer DTO.

§Errors

Returns ValidationError tagged with field = "id".

Source

pub fn validate_namespace(ns: &str) -> Result<(), ValidationError>

Single-field namespace validation.

§Errors

Returns ValidationError tagged with field = "namespace".

Source

pub fn validate_agent_id(agent_id: &str) -> Result<(), ValidationError>

Wire-side agent_id validation (rejects shape violations AND the reserved internal sentinel set per issue #977).

§Errors

Returns ValidationError tagged with field = "agent_id".

Source

pub fn validate_id_and_namespace( id: &str, ns: &str, ) -> Result<(), ValidationError>

Two-of-a-kind bundle: validate an id AND a namespace in one call. Saves a ? per surface site where both come off the same request body (the dominant duplication pattern observed in the pre-#966 handler/MCP audit — validate_id and validate_namespace co-occur on >20 sites).

§Errors

Returns the first failure (id-first, then namespace).

Source

pub fn validate_owner_write( id: &str, ns: &str, agent_id: &str, ) -> Result<(), ValidationError>

Three-of-a-kind bundle: validate id + namespace + agent_id together. Pre-#966 this was the canonical “ownership-checked write path” preamble; the facade lets new handlers express the intent as one call.

§Errors

Returns the first failure in declaration order.

Source

pub fn validate_confidence_and_priority( confidence: f64, priority: i32, ) -> Result<(), ValidationError>

Confidence (0.0..=1.0) + priority (1..=10) cross-field bundle. Mirrors the inline pair inside validate_create; surfaced here so callers that synthesize a custom DTO (e.g. the bulk_create postgres handler) get the same numeric gates without re-implementing them.

§Errors

Returns the first failure (confidence-first, then priority).

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more