rig-resources 0.2.0

Reusable skills, tools, behavior patterns, and resource adapters for rig-compose agents.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

# rig-resources Roadmap

This roadmap is the crate-local operating plan for `rig-resources`. The cross-crate coordination summary lives in [`rig-ecosystem/docs/roadmap.md`](../rig-ecosystem/docs/roadmap.md).

## Role

`rig-resources` is the reusable implementation layer for `rig-compose` agents. It supplies concrete skills, tools, baseline stores, memory lookup contracts, behavior-pattern registries, optional graph resources, and optional security primitives without bloating the `rig-compose` kernel.

## Landed

- Baseline storage, online baseline accumulation, baseline comparison tool, and baseline comparison skill.
- Behavior-pattern registry and behavior-pattern skill.
- Canonical `memory.lookup` tool contract with `MemoryLookupStore`, `MemoryLookupHit`, and `MemoryLookupTool`.
- `MemoryPivotSkill` that calls a registered `memory.lookup` tool after confidence crosses a threshold.
- Optional `graph` feature with `GraphStore`, `InMemoryGraph`, `GraphTool`, and `GraphExpansionSkill`.
- Optional `security` feature with credential, ECS signal, exfiltration, lateral-movement, reconnaissance, and related security helpers.
- `full` feature covering graph and security together.
- Caller-side context projection helpers for behavior patterns, memory
  lookup hits, baselines, and accumulated investigation evidence
  ([src/projection.rs](src/projection.rs)).
- Shared context-provenance keys across behavior patterns, baselines, memory
  lookup hits, graph expansions, and accumulated evidence, including source
  URI, principal, scope, recorded-at time, confidence, source frame id,
  projection state, and machine-readable reasons where available.
- `ResourceTraceEnvelope` trace metadata shape
  ([src/trace.rs](src/trace.rs)), attached today to graph expansion evidence.

## Prototype Grade

- Resource lookup outputs project into `rig-compose` `ContextItem` /
  `ContextPack` helpers with stable provenance keys. Security-specific context
  projection and broader trace-envelope coverage are still incomplete.
- Graph resources cover in-memory graph expansion, but not a stable backend-neutral read API for richer graph evals.
- Security primitives are reusable skills/helpers, not a full policy engine with approvals, sandboxing, secrets, or risk workflows.
- `ResourceTraceEnvelope` is wired into graph evidence; memory, baseline,
  and security paths still emit local tool outputs without the shared
  envelope.

## Next Work

1. Add security finding projections into the `rig-compose` `ContextItem` /
  `ContextPack` vocabulary so security helpers reach prompt context without
  per-host glue.
2. Extend graph resources with fixture-backed examples for expand, centrality, sparse context, and multi-hop summaries.
3. Extend `ResourceTraceEnvelope` coverage to memory, baseline, and
   security findings with machine-readable reasons for skipped,
   suppressed, expanded, or escalated outcomes.
4. Keep graph and security feature gates clean under the four-feature CI matrix.

## Maturity Bar

- A resource result can become prompt context without custom glue or lossy metadata.
- Missing/sparse resources return typed no-op or not-applicable outcomes rather than stringly errors.
- Graph and security features remain optional and do not leak dependencies into default builds.
- Tests cover default, `security`, `graph`, and `full` feature combinations.

## Non-Goals

- Do not define new kernel traits that belong in `rig-compose`.
- Do not own concrete memory archives; persistent memory belongs in `rig-memvid` or host stores.
- Do not become the product policy/governance layer.