crtx-session 0.1.0

Session-close pipeline: ingest, reflect, and commit memories to pending_mcp_commit.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508

//! `cortex-session` — session-close pipeline extracted from `cortex-cli`.
#![warn(missing_docs)]
//!
//! ## Why this crate exists
//!
//! `cortex-mcp` cannot depend on `cortex-cli` (that would be circular:
//! `cortex-cli` will depend on `cortex-mcp` for the `Serve` subcommand).
//! This crate exposes [`close_from_bytes`] so both `cortex-cli` and
//! `cortex-mcp` can run the session-close pipeline.
//!
//! ## Pipeline
//!
//! 1. **Parse** — parse `raw` as session events JSON (envelope `{"events":[...]}`
//!    or bare array `[...]` or single object).
//! 2. **Ingest** — append non-duplicate events to the JSONL ledger at
//!    `event_log`. User-sourced events are refused (no attestor available in
//!    the library context; operator must call CLI `cortex ingest` for those).
//! 3. **Extract trace** — extract the first `trace_id` from the parsed events.
//!    If none, returns `CloseOutcome { pending_commit: 0, no_candidates: true }`.
//! 4. **Reflect** — run `cortex_reflect::reflect()` over the trace via a
//!    `ReplayAdapter` built from `fixtures_dir` (see [`close_from_bytes`]).
//! 5. **Tag as pending** — for each reflected candidate, set lifecycle state
//!    to `pending_mcp_commit` (ADR 0047). The caller (MCP server) promotes to
//!    `active` on `cortex_session_commit`; the CLI wrapper calls
//!    [`MemoryRepo::set_active`] itself after receiving the `CloseOutcome`.
//! 6. **Pre-compute embeddings** — BLAKE3 stub embeddings via
//!    [`LocalStubEmbedder`], written to the store so semantic search is
//!    immediately warm after promotion.
//! 7. **Return `CloseOutcome`** — `pending_commit` is the count of memories
//!    in `pending_mcp_commit` state; callers decide whether to promote them.

use std::fmt;
use std::path::PathBuf;

use chrono::Utc;
use cortex_core::{
    compose_policy_outcomes, Event, EventSource, PolicyContribution, PolicyOutcome, TraceId,
};
use cortex_ledger::{
    JsonlError, JsonlLog, APPEND_ATTESTATION_REQUIRED_RULE_ID,
    APPEND_EVENT_SOURCE_TIER_GATE_RULE_ID, APPEND_RUNTIME_MODE_RULE_ID,
};
use cortex_reflect::ReflectionReportStatus;
use cortex_retrieval::{EmbedRecord, Embedder, LocalStubEmbedder, STUB_BACKEND_ID};
use cortex_store::repo::{EmbeddingRepo, EventRepo, MemoryRepo};
use cortex_store::Pool;

/// Outcome returned from [`close_from_bytes`].
#[derive(Debug, Default)]
pub struct CloseOutcome {
    /// Number of events ingested to the JSONL ledger.
    pub ingested: usize,
    /// Number of memory candidates produced by reflection.
    pub reflected: usize,
    /// Number of memories written with `pending_mcp_commit` lifecycle state
    /// (ADR 0047). Callers promote these to `active` via
    /// `cortex_session_commit` (MCP path) or directly via
    /// `MemoryRepo::set_active` (CLI path).
    pub pending_commit: usize,
    /// Stable receipt identifier for this close operation (trace_id or a
    /// synthetic marker when no trace was present).
    pub receipt_id: String,
}

/// Errors raised by the session-close pipeline.
#[derive(Debug)]
pub enum SessionError {
    /// Ingest step failed (parse error or ledger I/O).
    Ingest(String),
    /// Reflection step failed.
    Reflect(String),
    /// Store operation failed.
    Store(cortex_store::StoreError),
    /// I/O error outside of the ledger path.
    Io(std::io::Error),
}

impl fmt::Display for SessionError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::Ingest(msg) => write!(f, "session ingest failed: {msg}"),
            Self::Reflect(msg) => write!(f, "session reflect failed: {msg}"),
            Self::Store(err) => write!(f, "session store error: {err}"),
            Self::Io(err) => write!(f, "session io error: {err}"),
        }
    }
}

impl std::error::Error for SessionError {
    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
        match self {
            Self::Store(err) => Some(err),
            Self::Io(err) => Some(err),
            _ => None,
        }
    }
}

impl From<cortex_store::StoreError> for SessionError {
    fn from(err: cortex_store::StoreError) -> Self {
        Self::Store(err)
    }
}

impl From<std::io::Error> for SessionError {
    fn from(err: std::io::Error) -> Self {
        Self::Io(err)
    }
}

impl From<JsonlError> for SessionError {
    fn from(err: JsonlError) -> Self {
        Self::Ingest(err.to_string())
    }
}

/// Run the full session-close pipeline.
///
/// # Arguments
///
/// - `raw` — raw bytes of the session events JSON file.
/// - `pool` — open SQLite connection pool with all migrations applied.
/// - `event_log` — path to the JSONL ledger file. Created if absent.
/// - `fixtures_dir` — directory containing `INDEX.toml` and replay fixtures
///   for `cortex_reflect::reflect()`. Must be supplied even if reflection is
///   expected to produce no candidates (the adapter must initialise).
///
/// # Lifecycle state
///
/// Reflected candidates are placed in `pending_mcp_commit` status, NOT
/// `active`. MCP callers leave them there until `cortex_session_commit` is
/// called with the operator's confirmation token. CLI callers may call
/// `MemoryRepo::set_active` on each `memory_id` in `CloseOutcome` directly
/// after this function returns, since the CLI close is operator-initiated and
/// synchronous (ADR 0047 §2 Alternatives).
pub fn close_from_bytes(
    raw: &[u8],
    pool: &Pool,
    event_log: PathBuf,
    fixtures_dir: &std::path::Path,
) -> Result<CloseOutcome, SessionError> {
    // ─── Step 1: parse events ────────────────────────────────────────────────
    let events = parse_events(raw).map_err(SessionError::Ingest)?;

    // Extract trace_id before ingest (needed for reflect step).
    let trace_id = extract_trace_id(&events);

    // ─── Step 2: ingest events to JSONL ledger + SQLite events table ─────────
    // Dual-write: append to JSONL first (existing path), then to the SQLite
    // `events` table so `verify_memory_proof_closure` can find the source events
    // and session-close memories are not quarantined in search results.
    let ingested = ingest_events(&events, &event_log, pool)?;

    let trace_id_for_reflect = match trace_id {
        Some(tid) => tid,
        None => {
            tracing::debug!("session-close: no trace_id in events; no candidates proposed");
            return Ok(CloseOutcome {
                ingested,
                reflected: 0,
                pending_commit: 0,
                receipt_id: "no_trace_id".to_string(),
            });
        }
    };

    // ─── Step 3: reflect ─────────────────────────────────────────────────────
    let reflect_report =
        run_reflect(trace_id_for_reflect, fixtures_dir, pool).map_err(SessionError::Reflect)?;

    if reflect_report.status == ReflectionReportStatus::Quarantined {
        tracing::debug!("session-close: reflection quarantined; no candidates proposed");
        return Ok(CloseOutcome {
            ingested,
            reflected: 0,
            pending_commit: 0,
            receipt_id: trace_id_for_reflect.to_string(),
        });
    }

    let candidate_ids: Vec<cortex_core::MemoryId> = reflect_report
        .persisted_memory_candidates
        .iter()
        .map(|c| c.id)
        .collect();
    let reflected = candidate_ids.len();

    if reflected == 0 {
        tracing::debug!("session-close: no candidates proposed");
        return Ok(CloseOutcome {
            ingested,
            reflected: 0,
            pending_commit: 0,
            receipt_id: trace_id_for_reflect.to_string(),
        });
    }

    // ─── Step 4: tag candidates as pending_mcp_commit (ADR 0047) ─────────────
    // `reflect()` already called `MemoryRepo::insert_candidate` for each
    // candidate (see `persist_memory_candidates` in orchestrate.rs). The
    // candidates are already in the store as `candidate`; we transition them
    // to `pending_mcp_commit` here instead of `active`.
    let repo = MemoryRepo::new(pool);
    let now = Utc::now();
    let mut pending_ids = Vec::new();

    for memory_id in &candidate_ids {
        match repo.set_pending_mcp_commit(memory_id, now) {
            Ok(()) => {
                pending_ids.push(*memory_id);
            }
            Err(err) => {
                let err_str = err.to_string();
                // If already in pending_mcp_commit, treat as idempotent.
                if err_str.contains("not a candidate") {
                    tracing::debug!(
                        memory_id = %memory_id,
                        "session-close: memory not a candidate (already transitioned); treating as pending"
                    );
                    pending_ids.push(*memory_id);
                } else {
                    tracing::warn!(
                        memory_id = %memory_id,
                        error = %err_str,
                        "session-close: failed to set pending_mcp_commit for memory"
                    );
                }
            }
        }
    }

    // ─── Step 5: pre-compute embeddings ──────────────────────────────────────
    let embed_repo = EmbeddingRepo::new(pool);
    let embedder = LocalStubEmbedder::new();

    for memory_id in &pending_ids {
        let memory = match repo.get_by_id(memory_id) {
            Ok(Some(m)) => m,
            Ok(None) => {
                tracing::warn!(memory_id = %memory_id, "session-close: memory not found for embedding");
                continue;
            }
            Err(err) => {
                tracing::warn!(memory_id = %memory_id, error = %err, "session-close: failed to read memory for embedding");
                continue;
            }
        };

        let tags: Vec<String> = memory
            .domains_json
            .as_array()
            .map(|arr| {
                arr.iter()
                    .filter_map(|v| v.as_str().map(ToString::to_string))
                    .collect()
            })
            .unwrap_or_default();

        let vec = match embedder.embed(&memory.claim, &tags) {
            Ok(v) => v,
            Err(err) => {
                tracing::warn!(memory_id = %memory_id, error = %err, "session-close: embed failed");
                continue;
            }
        };

        let record = match EmbedRecord::new(*memory_id, STUB_BACKEND_ID, vec, now) {
            Ok(r) => r,
            Err(err) => {
                tracing::warn!(memory_id = %memory_id, error = %err, "session-close: failed to build embed record");
                continue;
            }
        };

        if let Err(err) = embed_repo.write(&record) {
            tracing::warn!(memory_id = %memory_id, error = %err, "session-close: failed to write embedding");
        }
    }

    Ok(CloseOutcome {
        ingested,
        reflected,
        pending_commit: pending_ids.len(),
        receipt_id: trace_id_for_reflect.to_string(),
    })
}

/// Parse raw bytes as session events JSON.
///
/// Accepts three shapes:
/// 1. `{"events": [Event, ...]}` — explicit envelope.
/// 2. `[Event, ...]` — bare array.
/// 3. `{...}` — single event object.
fn parse_events(raw: &[u8]) -> Result<Vec<Event>, String> {
    let value: serde_json::Value =
        serde_json::from_slice(raw).map_err(|err| format!("invalid JSON: {err}"))?;

    let events: Vec<serde_json::Value> = match &value {
        serde_json::Value::Object(map) => {
            if let Some(events_field) = map.get("events") {
                events_field
                    .as_array()
                    .ok_or_else(|| "events field is not an array".to_string())?
                    .to_owned()
            } else {
                vec![value.clone()]
            }
        }
        serde_json::Value::Array(arr) => arr.to_owned(),
        _ => return Err("unexpected JSON shape: must be object or array".to_string()),
    };

    let mut parsed = Vec::with_capacity(events.len());
    for (i, ev) in events.iter().enumerate() {
        let event: Event = serde_json::from_value(ev.clone())
            .map_err(|err| format!("event[{i}] failed to deserialize: {err}"))?;
        parsed.push(event);
    }
    Ok(parsed)
}

/// Extract the first `trace_id` from a parsed event list.
fn extract_trace_id(events: &[Event]) -> Option<TraceId> {
    events.iter().find_map(|ev| ev.trace_id)
}

/// Append events to the JSONL ledger and the SQLite `events` table, skipping
/// duplicates.
///
/// Refuses `EventSource::User` events — the library has no attestor; operator
/// must use `cortex ingest --user-attestation` for those.
///
/// The dual-write to SQLite ensures that `verify_memory_proof_closure` can
/// find source events for session-close memories so they are not quarantined
/// in `cortex memory search`. `EventRepo::append` uses `INSERT OR IGNORE` so
/// re-running is idempotent.
fn ingest_events(
    events: &[Event],
    event_log: &std::path::Path,
    pool: &Pool,
) -> Result<usize, SessionError> {
    // Refuse User-sourced events: no attestor available in the library context.
    for event in events {
        if matches!(event.source, EventSource::User) {
            return Err(SessionError::Ingest(format!(
                "EventSource::User event {} cannot be ingested without operator attestation; \
                 use `cortex ingest --user-attestation` for user-sourced events",
                event.id,
            )));
        }
    }

    // Ensure parent directory exists.
    if let Some(parent) = event_log.parent() {
        if !parent.as_os_str().is_empty() {
            std::fs::create_dir_all(parent)?;
        }
    }

    let mut log = JsonlLog::open(event_log)?;

    // Collect existing event hashes for deduplication. We read the log and
    // compare event ids by reading the existing lines. JsonlLog doesn't
    // expose an iterator, but the ingest path in cortex-cli collects ids
    // from the JSONL lines. We scan the file directly here.
    let existing_ids = collect_existing_event_ids(event_log)?;

    let event_repo = EventRepo::new(pool);
    let mut appended = 0usize;
    for event in events {
        if existing_ids.contains(&event.id) {
            // Also ensure the SQLite row exists for pre-existing JSONL events
            // (idempotent — INSERT OR IGNORE).
            event_repo.append(event).map_err(SessionError::Store)?;
            continue;
        }

        // Compose the minimal policy for a non-user, non-signed append.
        // All three required contributors must be present (ADR 0026).
        let policy = session_append_policy(&event.source);
        log.append(event.clone(), &policy)?;

        // Dual-write to SQLite so proof-closure verification succeeds.
        event_repo.append(event).map_err(SessionError::Store)?;

        appended += 1;
    }

    Ok(appended)
}

/// Collect event ids that already exist in the JSONL log file.
fn collect_existing_event_ids(
    path: &std::path::Path,
) -> Result<std::collections::HashSet<cortex_core::EventId>, SessionError> {
    use std::io::BufRead;

    if !path.exists() {
        return Ok(std::collections::HashSet::new());
    }

    let file = std::fs::File::open(path)?;
    let reader = std::io::BufReader::new(file);
    let mut ids = std::collections::HashSet::new();

    for line in reader.lines() {
        let line = line?;
        if line.trim().is_empty() {
            continue;
        }
        // Each line is a SignedRow JSON — we only need the event.id field.
        if let Ok(value) = serde_json::from_str::<serde_json::Value>(&line) {
            if let Some(id_str) = value
                .get("event")
                .and_then(|e| e.get("id"))
                .and_then(|v| v.as_str())
            {
                if let Ok(event_id) = id_str.parse::<cortex_core::EventId>() {
                    ids.insert(event_id);
                }
            }
        }
    }

    Ok(ids)
}

/// Compose the ADR 0026 policy decision for a non-user session append.
///
/// Non-user events do not require attestation, so the attestation contributor
/// is `Warn` (honest no-attestation floor). The tier gate is `Allow` for
/// non-user sources. Runtime mode is `Warn` (local-development unsigned ledger
/// path).
fn session_append_policy(source: &EventSource) -> cortex_core::PolicyDecision {
    // Tier gate: `ingest_events` already refuses `EventSource::User` before
    // calling this function, so all remaining sources are at least `Observed`.
    // Classify the source string for the policy record without importing the
    // `event_source_trust_tier` helper from `cortex-cli` (that would be a
    // circular dependency). ManualCorrection without an attestor is also
    // refused upstream; every source that reaches here passes the floor.
    let (tier_outcome, tier_reason): (PolicyOutcome, &str) = match source {
        EventSource::User | EventSource::ManualCorrection => {
            // Should be unreachable — ingest_events refuses these — but fail
            // closed defensively rather than panic.
            (
                PolicyOutcome::Reject,
                "event source User/ManualCorrection requires operator attestation; refused by ingest_events",
            )
        }
        EventSource::ChildAgent { .. }
        | EventSource::Tool { .. }
        | EventSource::Runtime
        | EventSource::ExternalOutcome => (
            PolicyOutcome::Allow,
            "event source meets ingest floor of Observed or above",
        ),
    };
    let tier_contribution = PolicyContribution::new(
        APPEND_EVENT_SOURCE_TIER_GATE_RULE_ID,
        tier_outcome,
        tier_reason,
    )
    .expect("static session append tier contribution is valid");

    // Attestation: no User events reach this path, so Warn (honest floor).
    let attestation_contribution = PolicyContribution::new(
        APPEND_ATTESTATION_REQUIRED_RULE_ID,
        PolicyOutcome::Warn,
        "session-close ingest: no User events in batch; operator attestation not required",
    )
    .expect("static session append attestation contribution is valid");

    // Runtime mode: local-development / unsigned-ledger path.
    let runtime_mode_contribution = PolicyContribution::new(
        APPEND_RUNTIME_MODE_RULE_ID,
        PolicyOutcome::Warn,
        "session-close ingest: unsigned append (local-development ledger path)",
    )
    .expect("static session append runtime mode contribution is valid");

    compose_policy_outcomes(
        vec![
            tier_contribution,
            attestation_contribution,
            runtime_mode_contribution,
        ],
        None,
    )
}

/// Run the `cortex_reflect::reflect` pipeline.
fn run_reflect(
    trace_id: TraceId,
    fixtures_dir: &std::path::Path,
    pool: &Pool,
) -> Result<cortex_reflect::ReflectionReport, String> {
    use cortex_llm::ReplayAdapter;

    let adapter = ReplayAdapter::new(fixtures_dir).map_err(|err| format!("{err}"))?;

    let rt = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()
        .map_err(|err| format!("failed to create tokio runtime: {err}"))?;

    rt.block_on(cortex_reflect::reflect(trace_id, &adapter, pool))
        .map_err(|err| format!("{err}"))
}