1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
//! Core artifact types and trait, gated behind the `artifact-store` feature.
use std::collections::HashMap;
use std::pin::Pin;
use bytes::Bytes;
use chrono::{DateTime, Utc};
use futures::Stream;
// ─── Error ──────────────────────────────────────────────────────────────────
/// Errors from artifact operations.
#[derive(Debug, thiserror::Error)]
pub enum ArtifactError {
#[error("invalid artifact name '{name}': {reason}")]
InvalidName { name: String, reason: String },
#[error("invalid session id '{session_id}': {reason}")]
InvalidSessionId { session_id: String, reason: String },
#[error("resolved artifact path escapes the artifact root")]
PathOutsideRoot,
#[error("artifact storage error: {0}")]
Storage(#[from] Box<dyn std::error::Error + Send + Sync>),
#[error("artifact store not configured")]
NotConfigured,
}
// ─── Types ──────────────────────────────────────────────────────────────────
/// Content payload for an artifact save operation.
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct ArtifactData {
pub content: Vec<u8>,
pub content_type: String,
#[serde(default)]
pub metadata: HashMap<String, String>,
}
/// Record describing a specific saved version.
#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub struct ArtifactVersion {
pub name: String,
pub version: u32,
pub created_at: DateTime<Utc>,
pub size: usize,
pub content_type: String,
}
/// Summary metadata for an artifact (used in list results).
#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub struct ArtifactMeta {
pub name: String,
pub latest_version: u32,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub content_type: String,
}
// ─── Trait ───────────────────────────────────────────────────────────────────
/// Pluggable storage backend for session-attached versioned artifacts.
///
/// All methods are scoped by session ID. Implementations must be safe for
/// concurrent use from multiple tools within the same agent.
pub trait ArtifactStore: Send + Sync {
/// Save content as a new version of the named artifact.
///
/// Returns the version record on success. Version numbers are
/// monotonically increasing per artifact per session, starting at 1.
fn save(
&self,
session_id: &str,
name: &str,
data: ArtifactData,
) -> impl std::future::Future<Output = Result<ArtifactVersion, ArtifactError>> + Send;
/// Load the latest version of the named artifact.
///
/// Returns `None` if the artifact does not exist.
fn load(
&self,
session_id: &str,
name: &str,
) -> impl std::future::Future<
Output = Result<Option<(ArtifactData, ArtifactVersion)>, ArtifactError>,
> + Send;
/// Load a specific version of the named artifact.
///
/// Returns `None` if the artifact or version does not exist.
fn load_version(
&self,
session_id: &str,
name: &str,
version: u32,
) -> impl std::future::Future<
Output = Result<Option<(ArtifactData, ArtifactVersion)>, ArtifactError>,
> + Send;
/// List metadata for all artifacts in a session.
///
/// Returns an empty vec if the session has no artifacts.
fn list(
&self,
session_id: &str,
) -> impl std::future::Future<Output = Result<Vec<ArtifactMeta>, ArtifactError>> + Send;
/// Delete all versions of the named artifact.
///
/// Succeeds silently if the artifact does not exist (idempotent).
fn delete(
&self,
session_id: &str,
name: &str,
) -> impl std::future::Future<Output = Result<(), ArtifactError>> + Send;
}
/// A boxed byte stream used by [`StreamingArtifactStore`].
pub type ArtifactByteStream = Pin<Box<dyn Stream<Item = Result<Bytes, ArtifactError>> + Send>>;
/// Extension trait for artifact stores that support streaming I/O.
///
/// This allows saving and loading artifact content as byte streams, which is
/// useful for large artifacts that should not be buffered entirely in memory.
pub trait StreamingArtifactStore: ArtifactStore {
/// Save content from a byte stream as a new version.
fn save_stream(
&self,
session_id: &str,
name: &str,
content_type: String,
metadata: HashMap<String, String>,
stream: ArtifactByteStream,
) -> impl std::future::Future<Output = Result<ArtifactVersion, ArtifactError>> + Send;
/// Load an artifact version as a byte stream.
///
/// If `version` is `None`, loads the latest version.
fn load_stream(
&self,
session_id: &str,
name: &str,
version: Option<u32>,
) -> impl std::future::Future<Output = Result<Option<ArtifactByteStream>, ArtifactError>> + Send;
}
/// Validate an artifact name. Returns `Ok(())` if valid.
///
/// Allowed characters: alphanumeric, hyphens, underscores, dots, forward slashes.
/// Must not be empty, start/end with `/`, contain `//`, or contain path traversal (`..`).
pub fn validate_artifact_name(name: &str) -> Result<(), ArtifactError> {
if name.is_empty() {
return Err(ArtifactError::InvalidName {
name: name.to_string(),
reason: "name must not be empty".to_string(),
});
}
if name.starts_with('/') {
return Err(ArtifactError::InvalidName {
name: name.to_string(),
reason: "name must not start with '/'".to_string(),
});
}
if name.ends_with('/') {
return Err(ArtifactError::InvalidName {
name: name.to_string(),
reason: "name must not end with '/'".to_string(),
});
}
if name.contains("//") {
return Err(ArtifactError::InvalidName {
name: name.to_string(),
reason: "name must not contain consecutive slashes".to_string(),
});
}
if name.contains("../") || name.contains("/..") || name == ".." {
return Err(ArtifactError::InvalidName {
name: name.to_string(),
reason: "name must not contain path traversal".to_string(),
});
}
let valid = name
.chars()
.all(|c| c.is_ascii_alphanumeric() || c == '-' || c == '_' || c == '.' || c == '/');
if !valid {
return Err(ArtifactError::InvalidName {
name: name.to_string(),
reason: "name contains invalid characters (allowed: alphanumeric, -, _, ., /)"
.to_string(),
});
}
Ok(())
}
/// Validate a session ID for use in filesystem-backed artifact stores.
///
/// Session IDs are embedded directly in filesystem paths, so they must not
/// contain characters that can alter path resolution. This rejects:
///
/// - Empty strings
/// - Path separators (`/` and `\`)
/// - Path traversal sequences (any occurrence of `..`)
/// - Null bytes and ASCII control characters
/// - Windows drive prefixes (e.g. `C:`) — by virtue of the `:` control filter
/// - Leading/trailing whitespace
///
/// The rules match the stricter-than-default filter used by
/// `swink-agent-memory`'s `JsonlSessionStore`, extended to also reject
/// other ASCII control characters.
pub fn validate_session_id(session_id: &str) -> Result<(), ArtifactError> {
if session_id.is_empty() {
return Err(ArtifactError::InvalidSessionId {
session_id: session_id.to_string(),
reason: "session id must not be empty".to_string(),
});
}
if session_id.trim() != session_id {
return Err(ArtifactError::InvalidSessionId {
session_id: session_id.to_string(),
reason: "session id must not contain leading or trailing whitespace".to_string(),
});
}
if session_id.contains('/') || session_id.contains('\\') {
return Err(ArtifactError::InvalidSessionId {
session_id: session_id.to_string(),
reason: "session id must not contain path separators".to_string(),
});
}
if session_id.contains("..") {
return Err(ArtifactError::InvalidSessionId {
session_id: session_id.to_string(),
reason: "session id must not contain path traversal".to_string(),
});
}
if session_id
.chars()
.any(|c| c == '\0' || c.is_ascii_control())
{
return Err(ArtifactError::InvalidSessionId {
session_id: session_id.to_string(),
reason: "session id must not contain control characters".to_string(),
});
}
// Reject anything that would be interpreted as an absolute path on either
// platform (Unix starts with `/`, Windows drive prefixes like `C:\`).
// Path separators and control chars above cover `\` and `\0`; the only
// remaining absolute-path shape is a single-letter drive prefix such as
// `C:` — reject any occurrence of `:` to be safe.
if session_id.contains(':') {
return Err(ArtifactError::InvalidSessionId {
session_id: session_id.to_string(),
reason: "session id must not contain ':'".to_string(),
});
}
Ok(())
}