Skip to main content

zeph_agent_context/
state.rs

1// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
2// SPDX-License-Identifier: MIT OR Apache-2.0
3
4//! Borrow-lens view types used by [`crate::service::ContextService`].
5//!
6//! Each view holds `&`/`&mut` references to the exact sub-fields that the context
7//! service needs. By accepting lenses instead of `&mut Agent<C>`, this crate avoids
8//! depending on `zeph-core` while still letting the call site in `zeph-core` construct
9//! them from disjoint field projections.
10//!
11//! Views are constructed at the call site in `zeph-core` using one literal struct
12//! expression. The borrow checker proves disjointness at that level without additional
13//! helper methods — each `&mut` resolves to a unique field path under `Agent<C>`.
14
15use parking_lot::RwLock;
16use std::borrow::Cow;
17use std::collections::HashSet;
18use std::future::Future;
19use std::path::PathBuf;
20use std::pin::Pin;
21use std::sync::Arc;
22use zeph_common::PlannedToolHint;
23use zeph_common::SecurityEventCategory;
24use zeph_common::task_supervisor::{BlockingHandle, TaskSupervisor};
25use zeph_config::FidelityConfig;
26use zeph_config::{
27    ContextStrategy, DocumentConfig, GraphConfig, PersonaConfig, ReasoningConfig, TrajectoryConfig,
28    TreeConfig,
29};
30use zeph_context::input::CorrectionConfig;
31use zeph_context::manager::ContextManager;
32use zeph_context::summarization::SummarizationDeps;
33use zeph_context::typed_page::TypedPagesState;
34use zeph_llm::any::AnyProvider;
35use zeph_llm::provider::Message;
36use zeph_memory::semantic::SemanticMemory;
37use zeph_memory::{ConversationId, TokenCounter};
38use zeph_sanitizer::ContentSanitizer;
39use zeph_sanitizer::quarantine::QuarantinedSummarizer;
40use zeph_skills::proactive::ProactiveExplorer;
41use zeph_skills::registry::SkillRegistry;
42
43use crate::compaction::{SubgoalExtractionResult, SubgoalRegistry};
44
45/// Borrow-lens over the agent's conversation window fields.
46///
47/// Holds `&mut` references to every message-list field that the context service
48/// needs to read or write. Constructed by the `zeph-core` shim from disjoint
49/// sub-fields of `Agent<C>::msg`.
50pub struct MessageWindowView<'a> {
51    /// Full message history. The context service reads and filters this list.
52    pub messages: &'a mut Vec<Message>,
53    /// `SQLite` row ID of the most recently persisted message.
54    pub last_persisted_message_id: &'a mut Option<i64>,
55    /// `SQLite` row IDs to be soft-deleted after context assembly completes.
56    pub deferred_db_hide_ids: &'a mut Vec<i64>,
57    /// Deferred summary strings to be appended after context assembly completes.
58    pub deferred_db_summaries: &'a mut Vec<String>,
59    /// Running token count for the current prompt window — updated after every
60    /// message-list mutation to keep provider call budgets accurate.
61    /// Maps to `Agent<C>::runtime.providers.cached_prompt_tokens`.
62    pub cached_prompt_tokens: &'a mut u64,
63    /// Shared token counter — cheap `Arc` clone from `Agent<C>::runtime.metrics.token_counter`.
64    pub token_counter: Arc<TokenCounter>,
65    /// Tool IDs that completed successfully in the current session.
66    /// Maps to `Agent<C>::services.tool_state.completed_tool_ids`.
67    /// Cleared by `clear_history` together with the message list.
68    pub completed_tool_ids: &'a mut HashSet<String>,
69}
70
71/// Accumulated metric deltas for one context-assembly pass.
72///
73/// Holds owned counters that the service increments during `prepare_context`.
74/// After the call returns, the `zeph-core` shim applies these deltas to the agent's
75/// metrics snapshot via `update_metrics`. Using owned values (not references) avoids
76/// borrowing into `MetricsSnapshot`, which lives behind a watch channel.
77#[derive(Debug, Default)]
78pub struct MetricsCounters {
79    /// Sanitizer checks performed during this pass.
80    pub sanitizer_runs: u64,
81    /// Injection flags raised during this pass.
82    pub sanitizer_injection_flags: u64,
83    /// Truncations applied during this pass.
84    pub sanitizer_truncations: u64,
85    /// Quarantine invocations during this pass.
86    pub quarantine_invocations: u64,
87    /// Quarantine failures during this pass.
88    pub quarantine_failures: u64,
89}
90
91/// Abstract sink for security events raised during context assembly.
92///
93/// Implemented in `zeph-core` by a stack-local adapter that appends to
94/// `Agent<C>::runtime.metrics.security_events`. Using a trait keeps this crate
95/// free of `zeph-core` internal types.
96pub trait SecurityEventSink: Send {
97    /// Record a security event.
98    fn push(&mut self, category: SecurityEventCategory, source: &'static str, detail: String);
99}
100
101/// Borrow-lens over all fields needed for `prepare_context` and `Agent<C>::rebuild_system_prompt`.
102///
103/// Every field maps to a single sub-field of `Agent<C>` and uses a type from a
104/// lower-level crate (`zeph-memory`, `zeph-skills`, `zeph-context`, `zeph-sanitizer`,
105/// `zeph-config`, `zeph-common`, `zeph-llm`). No `zeph-core`-internal `*State`
106/// aggregator ever crosses this boundary.
107///
108/// Constructed by the `zeph-core` shim using one literal struct expression. The
109/// borrow checker verifies disjointness because no two `&mut` paths share a prefix.
110pub struct ContextAssemblyView<'a> {
111    // ── Memory (one mut field; the rest are read-only clones/copies) ─────────────────
112    /// `services.memory.persistence.memory` — `Arc` clone is cheap.
113    pub memory: Option<Arc<SemanticMemory>>,
114    /// `services.memory.persistence.conversation_id`.
115    pub conversation_id: Option<ConversationId>,
116    /// `services.memory.persistence.recall_limit`.
117    pub recall_limit: usize,
118    /// `services.memory.persistence.cross_session_score_threshold`.
119    pub cross_session_score_threshold: f32,
120    /// `services.memory.persistence.context_format` — determines recall entry formatting.
121    pub context_format: zeph_config::ContextFormat,
122    /// `services.memory.persistence.last_recall_confidence` — written by apply path.
123    pub last_recall_confidence: &'a mut Option<f32>,
124
125    /// `services.memory.compaction.context_strategy` (Copy enum).
126    pub context_strategy: ContextStrategy,
127    /// `services.memory.compaction.crossover_turn_threshold`.
128    pub crossover_turn_threshold: u32,
129    /// `services.memory.compaction.cached_session_digest` — cloned into assembler input.
130    ///
131    /// The `usize` is the token count of the digest (used by `ContextMemoryView`).
132    pub cached_session_digest: Option<(String, usize)>,
133    /// `services.memory.compaction.digest_config.enabled`.
134    pub digest_enabled: bool,
135
136    /// `services.memory.extraction.graph_config` — cloned (small, `Clone`).
137    pub graph_config: GraphConfig,
138    /// `services.memory.extraction.document_config` — cloned.
139    pub document_config: DocumentConfig,
140    /// `services.memory.extraction.persona_config` — cloned.
141    pub persona_config: PersonaConfig,
142    /// `services.memory.extraction.trajectory_config` — cloned.
143    pub trajectory_config: TrajectoryConfig,
144    /// `services.memory.extraction.reasoning_config` — cloned.
145    pub reasoning_config: ReasoningConfig,
146    /// `services.memory.extraction.memcot_config` — cloned.
147    pub memcot_config: zeph_config::MemCotConfig,
148    /// Current `MemCoT` semantic state buffer. `Some` when the accumulator has a non-empty state.
149    ///
150    /// Snapshot taken at context-assembly time; used to prefix graph recall queries.
151    pub memcot_state: Option<String>,
152    /// `services.memory.subsystems.tree_config` — cloned.
153    pub tree_config: TreeConfig,
154
155    // ── Skill ─────────────────────────────────────────────────────────────────────────
156    /// `services.skill.last_skills_prompt` — written by `Agent<C>::rebuild_system_prompt`.
157    pub last_skills_prompt: &'a mut String,
158    /// `services.skill.active_skill_names` — written by `Agent<C>::rebuild_system_prompt`.
159    pub active_skill_names: &'a mut Vec<String>,
160    /// `services.skill.registry` — `Arc` clone enables concurrent read access.
161    pub skill_registry: Arc<RwLock<SkillRegistry>>,
162    /// `services.skill.skill_paths` — read during proactive reload.
163    pub skill_paths: &'a [PathBuf],
164
165    // ── Index (feature-gated) ─────────────────────────────────────────────────────────
166    /// Built at the shim by `IndexState::as_index_access()`. The lifetime reflects
167    /// the borrow back into `services.index`.
168    ///
169    /// Only populated when the `index` feature is enabled.
170    #[cfg(feature = "index")]
171    pub index: Option<&'a dyn zeph_context::input::IndexAccess>,
172
173    // ── Learning / sidequest / proactive ──────────────────────────────────────────────
174    /// Built at the shim from `services.learning_engine.config` — the engine itself
175    /// never crosses the crate boundary.
176    pub correction_config: Option<CorrectionConfig>,
177    /// `services.sidequest.turn_counter`.
178    pub sidequest_turn_counter: u64,
179    /// `services.proactive_explorer` — `Arc` clone for async use without borrowing self.
180    pub proactive_explorer: Option<Arc<ProactiveExplorer>>,
181
182    // ── Security ──────────────────────────────────────────────────────────────────────
183    /// `services.security.sanitizer` — borrowed from `SecurityState`; not Arc-wrapped in `zeph-core`.
184    pub sanitizer: &'a ContentSanitizer,
185    /// `services.security.quarantine_summarizer` — borrowed from `SecurityState`.
186    pub quarantine_summarizer: Option<&'a QuarantinedSummarizer>,
187
188    // ── Context manager ───────────────────────────────────────────────────────────────
189    /// `self.context_manager` — mutably borrowed for token recompute hooks.
190    pub context_manager: &'a mut ContextManager,
191
192    // ── Runtime / metrics ─────────────────────────────────────────────────────────────
193    /// `runtime.metrics.token_counter` — `Arc` clone is cheap.
194    pub token_counter: Arc<zeph_memory::TokenCounter>,
195    /// Accumulated metric deltas — incremented during the pass, applied to the metrics
196    /// snapshot by the `zeph-core` shim after `prepare_context` returns.
197    pub metrics: MetricsCounters,
198    /// Abstract sink for security events raised during context assembly.
199    pub security_events: &'a mut dyn SecurityEventSink,
200    /// `runtime.providers.cached_prompt_tokens` — read for compression-spectrum ratio.
201    pub cached_prompt_tokens: u64,
202
203    // ── Config flags ──────────────────────────────────────────────────────────────────
204    /// `runtime.config.redact_credentials`.
205    pub redact_credentials: bool,
206    /// `runtime.config.channel_skills` — per-channel skill filter for system prompt rebuild.
207    pub channel_skills: &'a [String],
208
209    // ── Credential scrubber ───────────────────────────────────────────────────────────
210    /// Function pointer for scrubbing credentials from message content.
211    ///
212    /// Passed as a function pointer so `zeph-agent-context` does not need to depend on
213    /// `zeph-core::redact`. The shim in `zeph-core` sets this to `crate::redact::scrub_content`.
214    /// When `redact_credentials = false` the service does not call this function.
215    pub scrub: fn(&str) -> Cow<'_, str>,
216
217    // ── MemFlow tiered retrieval (#3712) ──────────────────────────────────────────────
218    /// `MemFlow` tiered retrieval configuration (`[memory.tiered_retrieval]`).
219    ///
220    /// When `enabled = true`, `inject_semantic_recall` dispatches to [`zeph_memory::recall_tiered`]
221    /// instead of the flat `fetch_semantic_recall_raw` path.
222    pub tiered_retrieval_config: zeph_config::memory::TieredRetrievalConfig,
223    /// Optional provider for LLM-backed intent classification in tiered retrieval.
224    ///
225    /// Resolved from `tiered_retrieval.classifier_provider` at agent construction.
226    /// `None` means the `HeuristicRouter` is used (no LLM call).
227    pub tiered_retrieval_classifier: Option<Arc<zeph_llm::any::AnyProvider>>,
228    /// Optional provider for evidence quality validation and tier escalation.
229    ///
230    /// Resolved from `tiered_retrieval.validator_provider` at agent construction.
231    /// `None` means validation is skipped (evidence accepted as-is).
232    pub tiered_retrieval_validator: Option<Arc<zeph_llm::any::AnyProvider>>,
233
234    // ── CAM: Context-Adaptive Memory (#4547) ─────────────────────────────────
235    /// Fidelity scoring configuration resolved from `[memory.fidelity]`.
236    ///
237    /// `None` when fidelity scoring is not configured (treated as `enabled = false`).
238    /// `Some(&cfg)` with `cfg.enabled = false` is also a no-op (early-return inside scorer).
239    pub fidelity_config: Option<&'a FidelityConfig>,
240    /// LLM provider used for query and per-message embeddings when
241    /// `fidelity_config.semantic_scoring_provider` is set. Resolved at construction time.
242    /// `None` → keyword overlap fallback is used.
243    pub fidelity_semantic_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
244    /// LLM provider used for `Compressed` rendering when `fidelity_config.compress_provider`
245    /// is set. Resolved by the agent from `[[llm.providers]]` at construction time.
246    /// `None` → truncation fallback is used.
247    pub fidelity_compress_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
248    /// Lookahead tool hints derived from the orchestration DAG.
249    ///
250    /// Empty slice when no DAG lookahead is available (PAACE deferred to P2). The scorer
251    /// simply zeroes the plan signal when the slice is empty.
252    pub planned_next_tools: &'a [PlannedToolHint],
253    /// TUI status channel for spinner updates during fidelity scoring.
254    ///
255    /// Mirrors the channel wired in `ContextSummarizationView::status_tx`. `None` in
256    /// non-TUI modes; the service skips sending when the sender is absent.
257    pub status_tx: Option<tokio::sync::mpsc::UnboundedSender<String>>,
258    /// Background task supervisor for registering `JoinHandle`s produced during context
259    /// assembly (e.g. `mark_reasoning_used` in `fetch_reasoning_strategies`).
260    ///
261    /// Handles drained from `PreparedContext::background_tasks` are wrapped and
262    /// registered here so they remain tracked and abortable instead of being silently
263    /// dropped when `PreparedContext` goes out of scope.
264    pub task_supervisor: Arc<TaskSupervisor>,
265}
266
267/// Values produced by [`crate::service::ContextService::prepare_context`] that must be applied by the caller.
268///
269/// `ContextService` cannot inject code context directly because `inject_code_context` touches
270/// the system prompt (position-0 message), which involves subsystems beyond the context-window
271/// boundary. Instead, the service returns the code-context body and the caller applies it.
272#[derive(Debug, Default)]
273pub struct ContextDelta {
274    /// Sanitized code-context body to inject into the system prompt by the `Agent<C>` shim.
275    ///
276    /// `None` when no code context was fetched or the fetch returned empty.
277    pub code_context: Option<String>,
278}
279
280/// Borrow-lens over all fields needed for compaction and summarization operations.
281///
282/// Every field maps to a specific sub-field of `Agent<C>` and uses a type from a
283/// crate below `zeph-core` in the dependency graph. Constructed in `zeph-core` using
284/// one literal struct expression; the borrow checker verifies disjointness.
285///
286/// The view covers: message history mutation, deferred summary queues, context-manager
287/// compaction state, provider handles for LLM calls, memory persistence for flushing,
288/// subgoal registry for context-compression strategies, and background task handles for
289/// non-blocking goal/subgoal extraction.
290pub struct ContextSummarizationView<'a> {
291    // ── Message window ────────────────────────────────────────────────────────
292    /// Full conversation history. Mutated by pruning, compaction, and deferred summary
293    /// application.
294    pub messages: &'a mut Vec<Message>,
295    /// `SQLite` row IDs to be soft-deleted after deferred summaries are applied.
296    pub deferred_db_hide_ids: &'a mut Vec<i64>,
297    /// Summary strings paired with the hide IDs above — flushed to `SQLite` as a batch.
298    pub deferred_db_summaries: &'a mut Vec<String>,
299    /// Running token count for the current prompt window. Updated after every mutation
300    /// that changes message content.
301    pub cached_prompt_tokens: &'a mut u64,
302
303    // ── Context manager ───────────────────────────────────────────────────────
304    /// Full context manager — contains compaction state, thresholds, strategy config.
305    pub context_manager: &'a mut ContextManager,
306
307    // ── Runtime ───────────────────────────────────────────────────────────────
308    /// Whether server-side compaction is currently active (skip client compaction when
309    /// true, unless context has grown past the safety fallback threshold).
310    pub server_compaction_active: bool,
311    /// Token counter used for budget calculations and prompt recomputation.
312    pub token_counter: Arc<TokenCounter>,
313    /// Pre-built summarization deps (provider + timeout + `token_counter` + callbacks).
314    /// Built by the `zeph-core` shim from `build_summarization_deps()` before constructing
315    /// the view, so the view does not need to hold a raw `DebugDumper` reference.
316    pub summarization_deps: SummarizationDeps,
317    /// Background task supervisor for spawning non-blocking goal/subgoal extractions.
318    pub task_supervisor: Arc<TaskSupervisor>,
319
320    // ── Memory persistence ────────────────────────────────────────────────────
321    /// Semantic memory store — used to flush deferred summaries and store session digests.
322    pub memory: Option<Arc<SemanticMemory>>,
323    /// Conversation ID for all SQLite/Qdrant persistence calls.
324    pub conversation_id: Option<ConversationId>,
325    /// Maximum unsummarized tool-call pairs before forced deferred summarization kicks in.
326    pub tool_call_cutoff: usize,
327
328    // ── Context-compression (SubgoalRegistry + task handles) ─────────────────
329    /// In-memory registry of all subgoals in the current session.
330    pub subgoal_registry: &'a mut SubgoalRegistry,
331    /// Handle to the background task-goal extraction spawned last turn.
332    pub pending_task_goal: &'a mut Option<BlockingHandle<Option<String>>>,
333    /// Handle to the background subgoal extraction spawned last turn.
334    pub pending_subgoal: &'a mut Option<BlockingHandle<Option<SubgoalExtractionResult>>>,
335    /// Cached task goal for `TaskAware`/`MIG` pruning. `None` before first extraction.
336    pub current_task_goal: &'a mut Option<String>,
337    /// Hash of the last user message when `current_task_goal` was populated.
338    /// Used to detect when a new extraction is needed.
339    pub task_goal_user_msg_hash: &'a mut Option<u64>,
340    /// Hash of the last user message when subgoal extraction was scheduled.
341    pub subgoal_user_msg_hash: &'a mut Option<u64>,
342    /// TUI / channel status sender for spinner messages. `None` when TUI is disabled.
343    pub status_tx: Option<tokio::sync::mpsc::UnboundedSender<String>>,
344
345    // ── Credential scrubber ───────────────────────────────────────────────────
346    /// Function pointer for scrubbing credentials from summary text.
347    ///
348    /// Set to `crate::redact::scrub_content` by the `zeph-core` shim when
349    /// `redact_credentials = true`, or to a no-op identity function otherwise.
350    pub scrub: fn(&str) -> Cow<'_, str>,
351
352    // ── Compaction callbacks (populated by zeph-core shim) ────────────────────
353    /// Compression guidelines text loaded from `SQLite` by the `zeph-core` shim.
354    ///
355    /// `None` when the feature is disabled or the caller does not load guidelines.
356    /// The service passes the contained string (or `""`) to `summarize_with_llm`. Closes #3528.
357    ///
358    /// Set via [`ContextSummarizationView::with_compression_guidelines`]. Both the reactive
359    /// (`compact_context`) and proactive (`maybe_proactive_compress`) paths populate this field.
360    pub compression_guidelines: Option<String>,
361
362    /// Optional probe-validation callback. When `Some`, the service invokes it after LLM
363    /// summarization and before draining/reinsert. See [`CompactionProbeCallback`] for the
364    /// full implementor contract.
365    pub probe: Option<&'a mut dyn CompactionProbeCallback>,
366
367    /// Optional pre-summary archive hook (Memex #2432). The service calls `archive(to_compact)`
368    /// BEFORE summarization and appends the returned reference list as a postfix AFTER the
369    /// LLM call so the LLM cannot destroy the `[archived:UUID]` markers.
370    pub archive: Option<&'a dyn ToolOutputArchive>,
371
372    /// Optional persistence completion callback. The service calls `after_compaction` once
373    /// the in-memory drain+reinsert is finalized. The optional Qdrant future returned by the
374    /// callback is bubbled back through [`CompactionOutcome::Compacted::qdrant_future`].
375    pub persistence: Option<&'a dyn CompactionPersistence>,
376
377    /// Metrics sink for compaction-related counter increments. Used for
378    /// `compaction_hard_count`, `tool_output_prunes`, and the four probe-outcome counters.
379    /// Closes #3527.
380    pub metrics: Option<&'a dyn MetricsCallback>,
381
382    /// Shared typed-page state for invariant-aware compaction (#3630).
383    ///
384    /// `None` when `[memory.compression.typed_pages] enabled = false`.
385    /// Populated by `CompactionAdapters::populate` in `zeph-core`.
386    pub typed_pages: Option<Arc<TypedPagesState>>,
387
388    // ── CAM: proactive regrade (AgeMem, #4547) ────────────────────────────────
389    /// Fidelity scoring config for proactive regrade in `maybe_compact`.
390    ///
391    /// `None` → proactive regrade is skipped (scoring disabled or config absent).
392    pub fidelity_config: Option<FidelityConfig>,
393    /// LLM provider used for query and per-message embeddings during proactive regrade.
394    /// `None` → keyword overlap fallback is used.
395    pub fidelity_semantic_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
396    /// LLM provider used for `Compressed` rendering during proactive regrade.
397    /// `None` → truncation fallback is used.
398    pub fidelity_compress_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
399    /// Most recent user query — passed to the scorer as the semantic signal source.
400    ///
401    /// Empty string when no query is available (`AgeMem` degrades gracefully to
402    /// temporal + importance signals only).
403    pub current_query: String,
404}
405
406impl ContextSummarizationView<'_> {
407    /// Set the compression guidelines text.
408    ///
409    /// Call this on the view returned by `Agent::summarization_view()` before passing it to
410    /// `ContextService::compact_context`. Using a builder method keeps construction uniform
411    /// and avoids direct field mutation.
412    #[must_use]
413    pub fn with_compression_guidelines(mut self, guidelines: Option<String>) -> Self {
414        self.compression_guidelines = guidelines;
415        self
416    }
417}
418
419/// Bundle of LLM provider handles needed for async context operations.
420///
421/// Each handle is an `Arc`-backed clone, suitable for moving into spawned tasks
422/// or passing across async boundaries.
423pub struct ProviderHandles {
424    /// Primary LLM provider used for completions.
425    pub primary: AnyProvider,
426    /// Dedicated embedding provider.
427    pub embedding: AnyProvider,
428    /// Provider for skill disambiguation classification calls.
429    ///
430    /// Falls back to `primary` when the `[skills] disambiguate_provider` config field is empty.
431    pub disambiguate: AnyProvider,
432    /// Provider used for deferred tool-pair summarization (context compaction).
433    ///
434    /// Falls back to `primary` when the `[memory] compaction_provider` config field is empty.
435    pub compaction: AnyProvider,
436}
437
438/// Abstract status sink for emitting short progress strings to the channel.
439///
440/// Implemented in `zeph-core` by a stack-local adapter wrapping `Channel::send_status`.
441/// Using a trait keeps this crate free of the `Channel` trait from `zeph-core`.
442pub trait StatusSink: Send + Sync {
443    /// Send a short status string to the active channel.
444    fn send_status(&self, msg: &str) -> impl Future<Output = ()> + Send + '_;
445}
446
447/// Abstract gate for applying a skill trust level to the tool executor.
448///
449/// Implemented in `zeph-core` by a thin adapter over `Arc<dyn ErasedToolExecutor>`.
450/// Using a trait keeps this crate free of the tool executor abstraction.
451pub trait TrustGate: Send + Sync {
452    /// Apply the given trust level to the underlying tool executor.
453    fn set_effective_trust(&self, level: zeph_common::SkillTrustLevel);
454}
455
456/// Boxed `'static` future for the off-thread Qdrant session-summary write.
457///
458/// Returned from [`CompactionPersistence::after_compaction`] and bubbled back through
459/// [`CompactionOutcome::Compacted`] / [`CompactionOutcome::CompactedWithPersistError`].
460/// The caller (shim in `zeph-core`) dispatches this through `BackgroundSupervisor::spawn_summarization`.
461/// The future must return `bool` (`false` = success, `true` = error) to match the supervisor API.
462pub type QdrantPersistFuture = Pin<Box<dyn Future<Output = bool> + Send + 'static>>;
463
464/// Return type from `compact_context()` that distinguishes between successful compaction,
465/// probe rejection, and no-op.
466///
467/// Gives `maybe_compact()` enough information to handle probe rejection without triggering
468/// the `Exhausted` state — which would only be correct if summarization itself is stuck.
469#[must_use]
470#[non_exhaustive]
471pub enum CompactionOutcome {
472    /// Messages were drained and replaced with a summary. `SQLite` persistence succeeded.
473    ///
474    /// `qdrant_future` is an optional `'static` future for the off-thread Qdrant write;
475    /// the shim must dispatch it through `BackgroundSupervisor::spawn_summarization` and
476    /// must not await it inline.
477    Compacted {
478        /// Optional Qdrant write future to dispatch via the supervisor.
479        qdrant_future: Option<QdrantPersistFuture>,
480    },
481    /// Messages were drained and replaced with a summary, but synchronous `SQLite` persistence
482    /// reported failure. The in-memory state is correct; only persistence failed.
483    CompactedWithPersistError {
484        /// Optional Qdrant write future to dispatch via the supervisor.
485        qdrant_future: Option<QdrantPersistFuture>,
486    },
487    /// Probe rejected the summary — original messages are preserved.
488    /// Caller must NOT check `freed_tokens` or transition to `Exhausted`.
489    ProbeRejected,
490    /// No compaction was performed (too few messages, empty `to_compact`, etc.).
491    NoChange,
492}
493
494impl PartialEq for CompactionOutcome {
495    fn eq(&self, other: &Self) -> bool {
496        // Compare variants only; qdrant_future is not comparable (it is a dyn Future).
497        matches!(
498            (self, other),
499            (Self::Compacted { .. }, Self::Compacted { .. })
500                | (
501                    Self::CompactedWithPersistError { .. },
502                    Self::CompactedWithPersistError { .. }
503                )
504                | (Self::ProbeRejected, Self::ProbeRejected)
505                | (Self::NoChange, Self::NoChange)
506        )
507    }
508}
509
510impl std::fmt::Debug for CompactionOutcome {
511    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
512        match self {
513            Self::Compacted { qdrant_future } => f
514                .debug_struct("Compacted")
515                .field("qdrant_future", &qdrant_future.as_ref().map(|_| "<future>"))
516                .finish(),
517            Self::CompactedWithPersistError { qdrant_future } => f
518                .debug_struct("CompactedWithPersistError")
519                .field("qdrant_future", &qdrant_future.as_ref().map(|_| "<future>"))
520                .finish(),
521            Self::ProbeRejected => write!(f, "ProbeRejected"),
522            Self::NoChange => write!(f, "NoChange"),
523        }
524    }
525}
526
527impl CompactionOutcome {
528    /// Remove and return the Qdrant persistence future embedded in `Compacted` or
529    /// `CompactedWithPersistError` variants. Returns `None` for `ProbeRejected` / `NoChange`.
530    ///
531    /// The shim calls this immediately after the service returns and dispatches the
532    /// future through `BackgroundSupervisor::spawn_summarization`.
533    pub fn qdrant_future_take(&mut self) -> Option<QdrantPersistFuture> {
534        match self {
535            Self::Compacted { qdrant_future }
536            | Self::CompactedWithPersistError { qdrant_future } => qdrant_future.take(),
537            _ => None,
538        }
539    }
540
541    /// Returns `true` when compaction succeeded (either variant of `Compacted`).
542    #[must_use]
543    pub fn is_compacted(&self) -> bool {
544        matches!(
545            self,
546            Self::Compacted { .. } | Self::CompactedWithPersistError { .. }
547        )
548    }
549}
550
551/// Verdict returned by a [`CompactionProbeCallback`] after evaluating a candidate summary.
552///
553/// The implementor — not the service — is responsible for routing the verdict-specific data
554/// (score, `category_scores`, thresholds) through [`MetricsCallback`] and for calling
555/// `dump_compaction_probe` before returning.
556#[derive(Debug, Clone, Copy, PartialEq, Eq)]
557#[non_exhaustive]
558pub enum ProbeOutcome {
559    /// Probe accepted the summary; pipeline continues normally.
560    Pass,
561    /// Probe soft-rejected; pipeline continues but the summary is flagged as borderline.
562    SoftFail,
563    /// Probe hard-rejected; service must abort and return [`CompactionOutcome::ProbeRejected`].
564    HardFail,
565}
566
567/// Probe-validation callback invoked by `ContextService::compact_context` after the LLM
568/// produces a candidate summary.
569///
570/// # Contract (mandatory)
571///
572/// Implementations MUST, before returning:
573/// 1. Call `dump_compaction_probe(result)` if a debug dumper is configured.
574/// 2. Update verdict-specific metric counters via the appropriate
575///    `MetricsCallback::record_compaction_probe_*` method. The score, `category_scores`,
576///    threshold, and `hard_fail_threshold` travel through the metrics adapter and are not
577///    part of the `ProbeOutcome` payload.
578/// 3. On internal validation error (`validate_compaction` returns `Err`), call
579///    `MetricsCallback::record_compaction_probe_error()` and return `ProbeOutcome::Pass`.
580///    An error must not abort compaction.
581///
582/// The service treats the returned `ProbeOutcome` exclusively as routing:
583/// `HardFail` → abort with `ProbeRejected`; `Pass | SoftFail` → continue.
584pub trait CompactionProbeCallback: Send {
585    /// Validate the candidate `summary` produced from `to_compact` messages.
586    fn validate<'a>(
587        &'a mut self,
588        to_compact: &'a [Message],
589        summary: &'a str,
590    ) -> Pin<Box<dyn Future<Output = ProbeOutcome> + Send + 'a>>;
591}
592
593/// Pre-summary tool-output archiving hook (Memex #2432).
594///
595/// The service calls `archive(to_compact)` BEFORE summarization. The returned reference
596/// strings are appended as a postfix AFTER the LLM summary to prevent the LLM from
597/// destroying the `[archived:UUID]` markers.
598pub trait ToolOutputArchive: Send + Sync {
599    /// Archive tool output bodies from `to_compact` and return reference strings.
600    ///
601    /// Returns an empty `Vec` when archiving is disabled or no bodies are archived.
602    fn archive<'a>(
603        &'a self,
604        to_compact: &'a [Message],
605    ) -> Pin<Box<dyn Future<Output = Vec<String>> + Send + 'a>>;
606}
607
608/// Persistence completion hook invoked after the in-memory drain/reinsert is finalized.
609///
610/// Returns:
611/// - `persist_failed`: whether the synchronous `SQLite` persistence step failed.
612/// - `qdrant_future`: optional `'static` future for the off-thread Qdrant write, bubbled
613///   back to the caller via [`CompactionOutcome::Compacted::qdrant_future`].
614pub trait CompactionPersistence: Send + Sync {
615    /// Persist the compaction result and return the Qdrant write future.
616    fn after_compaction<'a>(
617        &'a self,
618        compacted_count: usize,
619        summary_content: &'a str,
620        summary: &'a str,
621    ) -> Pin<Box<dyn Future<Output = (bool, Option<QdrantPersistFuture>)> + Send + 'a>>;
622}
623
624/// Metrics-counter sink for `ContextService` increments.
625///
626/// Implemented in `zeph-core` by an adapter wrapping `Arc<MetricsCollector>`. Keeps
627/// `zeph-agent-context` free of `zeph-core` internal metrics types. Closes #3527.
628///
629/// All four `record_compaction_probe_*` methods are called from inside the
630/// [`CompactionProbeCallback`] implementation — not from the service itself — per the
631/// probe-callback contract.
632pub trait MetricsCallback: Send + Sync {
633    /// Record that a hard-compaction event occurred.
634    ///
635    /// `turns_since_last` is `None` on the first hard compaction of the session.
636    fn record_hard_compaction(&self, turns_since_last: Option<u32>);
637
638    /// Record that tool outputs were pruned.
639    ///
640    /// `count` is the number of tool-output bodies pruned in this pass.
641    fn record_tool_output_prune(&self, count: usize);
642
643    /// Record a probe pass verdict with full score data.
644    fn record_compaction_probe_pass(
645        &self,
646        score: f32,
647        category_scores: Vec<zeph_memory::CategoryScore>,
648        threshold: f32,
649        hard_fail_threshold: f32,
650    );
651
652    /// Record a probe soft-fail verdict with full score data.
653    fn record_compaction_probe_soft_fail(
654        &self,
655        score: f32,
656        category_scores: Vec<zeph_memory::CategoryScore>,
657        threshold: f32,
658        hard_fail_threshold: f32,
659    );
660
661    /// Record a probe hard-fail verdict with full score data.
662    fn record_compaction_probe_hard_fail(
663        &self,
664        score: f32,
665        category_scores: Vec<zeph_memory::CategoryScore>,
666        threshold: f32,
667        hard_fail_threshold: f32,
668    );
669
670    /// Record that the probe returned an error (non-fatal; compaction proceeded).
671    fn record_compaction_probe_error(&self);
672}