arbiter-session 0.0.48

Task session management with budget and tool whitelisting for Arbiter
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188

//! Unified session store enum dispatching to either in-memory or storage-backed.

use crate::error::SessionError;
use crate::model::{SessionId, TaskSession};
use crate::storage_store::StorageBackedSessionStore;
use crate::store::{CreateSessionRequest, SessionStore};

/// A session store that dispatches to either in-memory or storage-backed.
#[derive(Clone)]
pub enum AnySessionStore {
    InMemory(SessionStore),
    StorageBacked(StorageBackedSessionStore),
}

impl AnySessionStore {
    /// Create a new task session and return it.
    pub async fn create(&self, req: CreateSessionRequest) -> TaskSession {
        match self {
            AnySessionStore::InMemory(s) => s.create(req).await,
            AnySessionStore::StorageBacked(s) => s.create(req).await,
        }
    }

    /// Atomically check per-agent session cap and create if under the limit.
    pub async fn create_if_under_cap(
        &self,
        req: CreateSessionRequest,
        max_sessions: u64,
    ) -> Result<TaskSession, crate::error::SessionError> {
        match self {
            AnySessionStore::InMemory(s) => s.create_if_under_cap(req, max_sessions).await,
            AnySessionStore::StorageBacked(s) => s.create_if_under_cap(req, max_sessions).await,
        }
    }

    /// Record a tool call against the session.
    pub async fn use_session(
        &self,
        session_id: SessionId,
        tool_name: &str,
        requesting_agent_id: Option<uuid::Uuid>,
    ) -> Result<TaskSession, SessionError> {
        match self {
            AnySessionStore::InMemory(s) => {
                s.use_session(session_id, tool_name, requesting_agent_id)
                    .await
            }
            AnySessionStore::StorageBacked(s) => {
                s.use_session(session_id, tool_name, requesting_agent_id)
                    .await
            }
        }
    }

    /// Atomically validate and record a batch of tool calls against the session.
    ///
    /// Validates ALL tools and budget atomically under a single
    /// lock acquisition. No budget is consumed unless every tool in the batch
    /// passes validation.
    pub async fn use_session_batch(
        &self,
        session_id: SessionId,
        tool_names: &[&str],
        requesting_agent_id: Option<uuid::Uuid>,
    ) -> Result<TaskSession, SessionError> {
        match self {
            AnySessionStore::InMemory(s) => {
                s.use_session_batch(session_id, tool_names, requesting_agent_id)
                    .await
            }
            AnySessionStore::StorageBacked(s) => {
                s.use_session_batch(session_id, tool_names, requesting_agent_id)
                    .await
            }
        }
    }

    /// Close a session.
    pub async fn close(&self, session_id: SessionId) -> Result<TaskSession, SessionError> {
        match self {
            AnySessionStore::InMemory(s) => s.close(session_id).await,
            AnySessionStore::StorageBacked(s) => s.close(session_id).await,
        }
    }

    /// Get a session by ID.
    pub async fn get(&self, session_id: SessionId) -> Result<TaskSession, SessionError> {
        match self {
            AnySessionStore::InMemory(s) => s.get(session_id).await,
            AnySessionStore::StorageBacked(s) => s.get(session_id).await,
        }
    }

    /// List all sessions.
    pub async fn list_all(&self) -> Vec<TaskSession> {
        match self {
            AnySessionStore::InMemory(s) => s.list_all().await,
            AnySessionStore::StorageBacked(s) => s.list_all().await,
        }
    }

    /// Count the number of active sessions for a given agent.
    ///
    /// P0: Used to enforce per-agent concurrent session caps.
    pub async fn count_active_for_agent(&self, agent_id: uuid::Uuid) -> u64 {
        match self {
            AnySessionStore::InMemory(s) => s.count_active_for_agent(agent_id).await,
            AnySessionStore::StorageBacked(s) => s.count_active_for_agent(agent_id).await,
        }
    }

    /// Close all active sessions belonging to a specific agent.
    ///
    /// Called during agent deactivation.
    pub async fn close_sessions_for_agent(&self, agent_id: uuid::Uuid) -> usize {
        match self {
            AnySessionStore::InMemory(s) => s.close_sessions_for_agent(agent_id).await,
            AnySessionStore::StorageBacked(s) => s.close_sessions_for_agent(agent_id).await,
        }
    }

    /// Remove expired sessions. Returns the number removed.
    pub async fn cleanup_expired(&self) -> usize {
        match self {
            AnySessionStore::InMemory(s) => s.cleanup_expired().await,
            AnySessionStore::StorageBacked(s) => s.cleanup_expired().await,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::model::DataSensitivity;

    #[tokio::test]
    async fn any_store_in_memory_dispatch() {
        let store = AnySessionStore::InMemory(SessionStore::new());

        let req = CreateSessionRequest {
            agent_id: uuid::Uuid::new_v4(),
            delegation_chain_snapshot: vec![],
            declared_intent: "test intent".into(),
            authorized_tools: vec!["read_file".into()],
            authorized_credentials: vec![],
            time_limit: chrono::Duration::hours(1),
            call_budget: 10,
            rate_limit_per_minute: None,
            rate_limit_window_secs: 60,
            data_sensitivity_ceiling: DataSensitivity::Internal,
        };

        // Create.
        let session = store.create(req).await;
        assert_eq!(session.calls_made, 0);
        assert!(session.is_active());

        // Use.
        let updated = store
            .use_session(session.session_id, "read_file", None)
            .await
            .unwrap();
        assert_eq!(updated.calls_made, 1);

        // Get.
        let fetched = store.get(session.session_id).await.unwrap();
        assert_eq!(fetched.calls_made, 1);
        assert_eq!(fetched.declared_intent, "test intent");

        // List.
        let all = store.list_all().await;
        assert_eq!(all.len(), 1);

        // Count active for agent.
        let count = store.count_active_for_agent(session.agent_id).await;
        assert_eq!(count, 1);

        // Close.
        let closed = store.close(session.session_id).await.unwrap();
        assert_eq!(closed.status, crate::model::SessionStatus::Closed);

        // Use after close should fail.
        let err = store
            .use_session(session.session_id, "read_file", None)
            .await;
        assert!(matches!(err, Err(SessionError::AlreadyClosed(_))));
    }
}