zeph_agent_context/state.rs
1// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
2// SPDX-License-Identifier: MIT OR Apache-2.0
3
4//! Borrow-lens view types used by [`crate::service::ContextService`].
5//!
6//! Each view holds `&`/`&mut` references to the exact sub-fields that the context
7//! service needs. By accepting lenses instead of `&mut Agent<C>`, this crate avoids
8//! depending on `zeph-core` while still letting the call site in `zeph-core` construct
9//! them from disjoint field projections.
10//!
11//! Views are constructed at the call site in `zeph-core` using one literal struct
12//! expression. The borrow checker proves disjointness at that level without additional
13//! helper methods — each `&mut` resolves to a unique field path under `Agent<C>`.
14
15use parking_lot::RwLock;
16use std::borrow::Cow;
17use std::collections::HashSet;
18use std::future::Future;
19use std::path::PathBuf;
20use std::pin::Pin;
21use std::sync::Arc;
22use zeph_common::PlannedToolHint;
23use zeph_common::SecurityEventCategory;
24use zeph_common::task_supervisor::{BlockingHandle, TaskSupervisor};
25use zeph_config::FidelityConfig;
26use zeph_config::{
27 ContextStrategy, DocumentConfig, GraphConfig, PersonaConfig, ReasoningConfig, TrajectoryConfig,
28 TreeConfig,
29};
30use zeph_context::input::CorrectionConfig;
31use zeph_context::manager::ContextManager;
32use zeph_context::summarization::SummarizationDeps;
33use zeph_context::typed_page::TypedPagesState;
34use zeph_llm::any::AnyProvider;
35use zeph_llm::provider::Message;
36use zeph_memory::semantic::SemanticMemory;
37use zeph_memory::{ConversationId, TokenCounter};
38use zeph_sanitizer::ContentSanitizer;
39use zeph_sanitizer::quarantine::QuarantinedSummarizer;
40use zeph_skills::proactive::ProactiveExplorer;
41use zeph_skills::registry::SkillRegistry;
42
43use crate::compaction::{SubgoalExtractionResult, SubgoalRegistry};
44
45/// Borrow-lens over the agent's conversation window fields.
46///
47/// Holds `&mut` references to every message-list field that the context service
48/// needs to read or write. Constructed by the `zeph-core` shim from disjoint
49/// sub-fields of `Agent<C>::msg`.
50pub struct MessageWindowView<'a> {
51 /// Full message history. The context service reads and filters this list.
52 pub messages: &'a mut Vec<Message>,
53 /// `SQLite` row ID of the most recently persisted message.
54 pub last_persisted_message_id: &'a mut Option<i64>,
55 /// `SQLite` row IDs to be soft-deleted after context assembly completes.
56 pub deferred_db_hide_ids: &'a mut Vec<i64>,
57 /// Deferred summary strings to be appended after context assembly completes.
58 pub deferred_db_summaries: &'a mut Vec<String>,
59 /// Running token count for the current prompt window — updated after every
60 /// message-list mutation to keep provider call budgets accurate.
61 /// Maps to `Agent<C>::runtime.providers.cached_prompt_tokens`.
62 pub cached_prompt_tokens: &'a mut u64,
63 /// Shared token counter — cheap `Arc` clone from `Agent<C>::runtime.metrics.token_counter`.
64 pub token_counter: Arc<TokenCounter>,
65 /// Tool IDs that completed successfully in the current session.
66 /// Maps to `Agent<C>::services.tool_state.completed_tool_ids`.
67 /// Cleared by `clear_history` together with the message list.
68 pub completed_tool_ids: &'a mut HashSet<String>,
69}
70
71/// Accumulated metric deltas for one context-assembly pass.
72///
73/// Holds owned counters that the service increments during `prepare_context`.
74/// After the call returns, the `zeph-core` shim applies these deltas to the agent's
75/// metrics snapshot via `update_metrics`. Using owned values (not references) avoids
76/// borrowing into `MetricsSnapshot`, which lives behind a watch channel.
77#[derive(Debug, Default)]
78pub struct MetricsCounters {
79 /// Sanitizer checks performed during this pass.
80 pub sanitizer_runs: u64,
81 /// Injection flags raised during this pass.
82 pub sanitizer_injection_flags: u64,
83 /// Truncations applied during this pass.
84 pub sanitizer_truncations: u64,
85 /// Quarantine invocations during this pass.
86 pub quarantine_invocations: u64,
87 /// Quarantine failures during this pass.
88 pub quarantine_failures: u64,
89}
90
91/// Abstract sink for security events raised during context assembly.
92///
93/// Implemented in `zeph-core` by a stack-local adapter that appends to
94/// `Agent<C>::runtime.metrics.security_events`. Using a trait keeps this crate
95/// free of `zeph-core` internal types.
96pub trait SecurityEventSink: Send {
97 /// Record a security event.
98 fn push(&mut self, category: SecurityEventCategory, source: &'static str, detail: String);
99}
100
101/// Borrow-lens over all fields needed for `prepare_context` and `Agent<C>::rebuild_system_prompt`.
102///
103/// Every field maps to a single sub-field of `Agent<C>` and uses a type from a
104/// lower-level crate (`zeph-memory`, `zeph-skills`, `zeph-context`, `zeph-sanitizer`,
105/// `zeph-config`, `zeph-common`, `zeph-llm`). No `zeph-core`-internal `*State`
106/// aggregator ever crosses this boundary.
107///
108/// Constructed by the `zeph-core` shim using one literal struct expression. The
109/// borrow checker verifies disjointness because no two `&mut` paths share a prefix.
110pub struct ContextAssemblyView<'a> {
111 // ── Memory (one mut field; the rest are read-only clones/copies) ─────────────────
112 /// `services.memory.persistence.memory` — `Arc` clone is cheap.
113 pub memory: Option<Arc<SemanticMemory>>,
114 /// `services.memory.persistence.conversation_id`.
115 pub conversation_id: Option<ConversationId>,
116 /// `services.memory.persistence.recall_limit`.
117 pub recall_limit: usize,
118 /// `services.memory.persistence.cross_session_score_threshold`.
119 pub cross_session_score_threshold: f32,
120 /// `services.memory.persistence.context_format` — determines recall entry formatting.
121 pub context_format: zeph_config::ContextFormat,
122 /// `services.memory.persistence.last_recall_confidence` — written by apply path.
123 pub last_recall_confidence: &'a mut Option<f32>,
124
125 /// `services.memory.compaction.context_strategy` (Copy enum).
126 pub context_strategy: ContextStrategy,
127 /// `services.memory.compaction.crossover_turn_threshold`.
128 pub crossover_turn_threshold: u32,
129 /// `services.memory.compaction.cached_session_digest` — cloned into assembler input.
130 ///
131 /// The `usize` is the token count of the digest (used by `ContextMemoryView`).
132 pub cached_session_digest: Option<(String, usize)>,
133 /// `services.memory.compaction.digest_config.enabled`.
134 pub digest_enabled: bool,
135
136 /// `services.memory.extraction.graph_config` — cloned (small, `Clone`).
137 pub graph_config: GraphConfig,
138 /// `services.memory.extraction.document_config` — cloned.
139 pub document_config: DocumentConfig,
140 /// `services.memory.extraction.persona_config` — cloned.
141 pub persona_config: PersonaConfig,
142 /// `services.memory.extraction.trajectory_config` — cloned.
143 pub trajectory_config: TrajectoryConfig,
144 /// `services.memory.extraction.reasoning_config` — cloned.
145 pub reasoning_config: ReasoningConfig,
146 /// `services.memory.extraction.memcot_config` — cloned.
147 pub memcot_config: zeph_config::MemCotConfig,
148 /// Current `MemCoT` semantic state buffer. `Some` when the accumulator has a non-empty state.
149 ///
150 /// Snapshot taken at context-assembly time; used to prefix graph recall queries.
151 pub memcot_state: Option<String>,
152 /// `services.memory.subsystems.tree_config` — cloned.
153 pub tree_config: TreeConfig,
154
155 // ── Skill ─────────────────────────────────────────────────────────────────────────
156 /// `services.skill.last_skills_prompt` — written by `Agent<C>::rebuild_system_prompt`.
157 pub last_skills_prompt: &'a mut String,
158 /// `services.skill.active_skill_names` — written by `Agent<C>::rebuild_system_prompt`.
159 pub active_skill_names: &'a mut Vec<String>,
160 /// `services.skill.registry` — `Arc` clone enables concurrent read access.
161 pub skill_registry: Arc<RwLock<SkillRegistry>>,
162 /// `services.skill.skill_paths` — read during proactive reload.
163 pub skill_paths: &'a [PathBuf],
164
165 // ── Index (feature-gated) ─────────────────────────────────────────────────────────
166 /// Built at the shim by `IndexState::as_index_access()`. The lifetime reflects
167 /// the borrow back into `services.index`.
168 ///
169 /// Only populated when the `index` feature is enabled.
170 #[cfg(feature = "index")]
171 pub index: Option<&'a dyn zeph_context::input::IndexAccess>,
172
173 // ── Learning / sidequest / proactive ──────────────────────────────────────────────
174 /// Built at the shim from `services.learning_engine.config` — the engine itself
175 /// never crosses the crate boundary.
176 pub correction_config: Option<CorrectionConfig>,
177 /// `services.sidequest.turn_counter`.
178 pub sidequest_turn_counter: u64,
179 /// `services.proactive_explorer` — `Arc` clone for async use without borrowing self.
180 pub proactive_explorer: Option<Arc<ProactiveExplorer>>,
181
182 // ── Security ──────────────────────────────────────────────────────────────────────
183 /// `services.security.sanitizer` — borrowed from `SecurityState`; not Arc-wrapped in `zeph-core`.
184 pub sanitizer: &'a ContentSanitizer,
185 /// `services.security.quarantine_summarizer` — borrowed from `SecurityState`.
186 pub quarantine_summarizer: Option<&'a QuarantinedSummarizer>,
187
188 // ── Context manager ───────────────────────────────────────────────────────────────
189 /// `self.context_manager` — mutably borrowed for token recompute hooks.
190 pub context_manager: &'a mut ContextManager,
191
192 // ── Runtime / metrics ─────────────────────────────────────────────────────────────
193 /// `runtime.metrics.token_counter` — `Arc` clone is cheap.
194 pub token_counter: Arc<zeph_memory::TokenCounter>,
195 /// Accumulated metric deltas — incremented during the pass, applied to the metrics
196 /// snapshot by the `zeph-core` shim after `prepare_context` returns.
197 pub metrics: MetricsCounters,
198 /// Abstract sink for security events raised during context assembly.
199 pub security_events: &'a mut dyn SecurityEventSink,
200 /// `runtime.providers.cached_prompt_tokens` — read for compression-spectrum ratio.
201 pub cached_prompt_tokens: u64,
202
203 // ── Config flags ──────────────────────────────────────────────────────────────────
204 /// `runtime.config.redact_credentials`.
205 pub redact_credentials: bool,
206 /// `runtime.config.channel_skills` — per-channel skill filter for system prompt rebuild.
207 pub channel_skills: &'a [String],
208
209 // ── Credential scrubber ───────────────────────────────────────────────────────────
210 /// Function pointer for scrubbing credentials from message content.
211 ///
212 /// Passed as a function pointer so `zeph-agent-context` does not need to depend on
213 /// `zeph-core::redact`. The shim in `zeph-core` sets this to `crate::redact::scrub_content`.
214 /// When `redact_credentials = false` the service does not call this function.
215 pub scrub: fn(&str) -> Cow<'_, str>,
216
217 // ── MemFlow tiered retrieval (#3712) ──────────────────────────────────────────────
218 /// `MemFlow` tiered retrieval configuration (`[memory.tiered_retrieval]`).
219 ///
220 /// When `enabled = true`, `inject_semantic_recall` dispatches to [`zeph_memory::recall_tiered`]
221 /// instead of the flat `fetch_semantic_recall_raw` path.
222 pub tiered_retrieval_config: zeph_config::memory::TieredRetrievalConfig,
223 /// Optional provider for LLM-backed intent classification in tiered retrieval.
224 ///
225 /// Resolved from `tiered_retrieval.classifier_provider` at agent construction.
226 /// `None` means the `HeuristicRouter` is used (no LLM call).
227 pub tiered_retrieval_classifier: Option<Arc<zeph_llm::any::AnyProvider>>,
228 /// Optional provider for evidence quality validation and tier escalation.
229 ///
230 /// Resolved from `tiered_retrieval.validator_provider` at agent construction.
231 /// `None` means validation is skipped (evidence accepted as-is).
232 pub tiered_retrieval_validator: Option<Arc<zeph_llm::any::AnyProvider>>,
233
234 // ── CAM: Context-Adaptive Memory (#4547) ─────────────────────────────────
235 /// Fidelity scoring configuration resolved from `[memory.fidelity]`.
236 ///
237 /// `None` when fidelity scoring is not configured (treated as `enabled = false`).
238 /// `Some(&cfg)` with `cfg.enabled = false` is also a no-op (early-return inside scorer).
239 pub fidelity_config: Option<&'a FidelityConfig>,
240 /// LLM provider used for query and per-message embeddings when
241 /// `fidelity_config.semantic_scoring_provider` is set. Resolved at construction time.
242 /// `None` → keyword overlap fallback is used.
243 pub fidelity_semantic_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
244 /// LLM provider used for `Compressed` rendering when `fidelity_config.compress_provider`
245 /// is set. Resolved by the agent from `[[llm.providers]]` at construction time.
246 /// `None` → truncation fallback is used.
247 pub fidelity_compress_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
248 /// Lookahead tool hints derived from the orchestration DAG.
249 ///
250 /// Empty slice when no DAG lookahead is available (PAACE deferred to P2). The scorer
251 /// simply zeroes the plan signal when the slice is empty.
252 pub planned_next_tools: &'a [PlannedToolHint],
253 /// TUI status channel for spinner updates during fidelity scoring.
254 ///
255 /// Mirrors the channel wired in `ContextSummarizationView::status_tx`. `None` in
256 /// non-TUI modes; the service skips sending when the sender is absent.
257 pub status_tx: Option<tokio::sync::mpsc::UnboundedSender<String>>,
258 /// Background task supervisor for registering `JoinHandle`s produced during context
259 /// assembly (e.g. `mark_reasoning_used` in `fetch_reasoning_strategies`).
260 ///
261 /// Handles drained from `PreparedContext::background_tasks` are wrapped and
262 /// registered here so they remain tracked and abortable instead of being silently
263 /// dropped when `PreparedContext` goes out of scope.
264 pub task_supervisor: Arc<TaskSupervisor>,
265}
266
267/// Values produced by [`crate::service::ContextService::prepare_context`] that must be applied by the caller.
268///
269/// `ContextService` cannot inject code context directly because `inject_code_context` touches
270/// the system prompt (position-0 message), which involves subsystems beyond the context-window
271/// boundary. Instead, the service returns the code-context body and the caller applies it.
272#[derive(Debug, Default)]
273pub struct ContextDelta {
274 /// Sanitized code-context body to inject into the system prompt by the `Agent<C>` shim.
275 ///
276 /// `None` when no code context was fetched or the fetch returned empty.
277 pub code_context: Option<String>,
278}
279
280/// Borrow-lens over all fields needed for compaction and summarization operations.
281///
282/// Every field maps to a specific sub-field of `Agent<C>` and uses a type from a
283/// crate below `zeph-core` in the dependency graph. Constructed in `zeph-core` using
284/// one literal struct expression; the borrow checker verifies disjointness.
285///
286/// The view covers: message history mutation, deferred summary queues, context-manager
287/// compaction state, provider handles for LLM calls, memory persistence for flushing,
288/// subgoal registry for context-compression strategies, and background task handles for
289/// non-blocking goal/subgoal extraction.
290pub struct ContextSummarizationView<'a> {
291 // ── Message window ────────────────────────────────────────────────────────
292 /// Full conversation history. Mutated by pruning, compaction, and deferred summary
293 /// application.
294 pub messages: &'a mut Vec<Message>,
295 /// `SQLite` row IDs to be soft-deleted after deferred summaries are applied.
296 pub deferred_db_hide_ids: &'a mut Vec<i64>,
297 /// Summary strings paired with the hide IDs above — flushed to `SQLite` as a batch.
298 pub deferred_db_summaries: &'a mut Vec<String>,
299 /// Running token count for the current prompt window. Updated after every mutation
300 /// that changes message content.
301 pub cached_prompt_tokens: &'a mut u64,
302
303 // ── Context manager ───────────────────────────────────────────────────────
304 /// Full context manager — contains compaction state, thresholds, strategy config.
305 pub context_manager: &'a mut ContextManager,
306
307 // ── Runtime ───────────────────────────────────────────────────────────────
308 /// Whether server-side compaction is currently active (skip client compaction when
309 /// true, unless context has grown past the safety fallback threshold).
310 pub server_compaction_active: bool,
311 /// Token counter used for budget calculations and prompt recomputation.
312 pub token_counter: Arc<TokenCounter>,
313 /// Pre-built summarization deps (provider + timeout + `token_counter` + callbacks).
314 /// Built by the `zeph-core` shim from `build_summarization_deps()` before constructing
315 /// the view, so the view does not need to hold a raw `DebugDumper` reference.
316 pub summarization_deps: SummarizationDeps,
317 /// Background task supervisor for spawning non-blocking goal/subgoal extractions.
318 pub task_supervisor: Arc<TaskSupervisor>,
319
320 // ── Memory persistence ────────────────────────────────────────────────────
321 /// Semantic memory store — used to flush deferred summaries and store session digests.
322 pub memory: Option<Arc<SemanticMemory>>,
323 /// Conversation ID for all SQLite/Qdrant persistence calls.
324 pub conversation_id: Option<ConversationId>,
325 /// Maximum unsummarized tool-call pairs before forced deferred summarization kicks in.
326 pub tool_call_cutoff: usize,
327
328 // ── Context-compression (SubgoalRegistry + task handles) ─────────────────
329 /// In-memory registry of all subgoals in the current session.
330 pub subgoal_registry: &'a mut SubgoalRegistry,
331 /// Handle to the background task-goal extraction spawned last turn.
332 pub pending_task_goal: &'a mut Option<BlockingHandle<Option<String>>>,
333 /// Handle to the background subgoal extraction spawned last turn.
334 pub pending_subgoal: &'a mut Option<BlockingHandle<Option<SubgoalExtractionResult>>>,
335 /// Cached task goal for `TaskAware`/`MIG` pruning. `None` before first extraction.
336 pub current_task_goal: &'a mut Option<String>,
337 /// Hash of the last user message when `current_task_goal` was populated.
338 /// Used to detect when a new extraction is needed.
339 pub task_goal_user_msg_hash: &'a mut Option<u64>,
340 /// Hash of the last user message when subgoal extraction was scheduled.
341 pub subgoal_user_msg_hash: &'a mut Option<u64>,
342 /// TUI / channel status sender for spinner messages. `None` when TUI is disabled.
343 pub status_tx: Option<tokio::sync::mpsc::UnboundedSender<String>>,
344
345 // ── Credential scrubber ───────────────────────────────────────────────────
346 /// Function pointer for scrubbing credentials from summary text.
347 ///
348 /// Set to `crate::redact::scrub_content` by the `zeph-core` shim when
349 /// `redact_credentials = true`, or to a no-op identity function otherwise.
350 pub scrub: fn(&str) -> Cow<'_, str>,
351
352 // ── Compaction callbacks (populated by zeph-core shim) ────────────────────
353 /// Compression guidelines text loaded from `SQLite` by the `zeph-core` shim.
354 ///
355 /// `None` when the feature is disabled or the caller does not load guidelines.
356 /// The service passes the contained string (or `""`) to `summarize_with_llm`. Closes #3528.
357 ///
358 /// Set via [`ContextSummarizationView::with_compression_guidelines`]. Both the reactive
359 /// (`compact_context`) and proactive (`maybe_proactive_compress`) paths populate this field.
360 pub compression_guidelines: Option<String>,
361
362 /// Optional probe-validation callback. When `Some`, the service invokes it after LLM
363 /// summarization and before draining/reinsert. See [`CompactionProbeCallback`] for the
364 /// full implementor contract.
365 pub probe: Option<&'a mut dyn CompactionProbeCallback>,
366
367 /// Optional pre-summary archive hook (Memex #2432). The service calls `archive(to_compact)`
368 /// BEFORE summarization and appends the returned reference list as a postfix AFTER the
369 /// LLM call so the LLM cannot destroy the `[archived:UUID]` markers.
370 pub archive: Option<&'a dyn ToolOutputArchive>,
371
372 /// Optional persistence completion callback. The service calls `after_compaction` once
373 /// the in-memory drain+reinsert is finalized. The optional Qdrant future returned by the
374 /// callback is bubbled back through [`CompactionOutcome::Compacted::qdrant_future`].
375 pub persistence: Option<&'a dyn CompactionPersistence>,
376
377 /// Metrics sink for compaction-related counter increments. Used for
378 /// `compaction_hard_count`, `tool_output_prunes`, and the four probe-outcome counters.
379 /// Closes #3527.
380 pub metrics: Option<&'a dyn MetricsCallback>,
381
382 /// Shared typed-page state for invariant-aware compaction (#3630).
383 ///
384 /// `None` when `[memory.compression.typed_pages] enabled = false`.
385 /// Populated by `CompactionAdapters::populate` in `zeph-core`.
386 pub typed_pages: Option<Arc<TypedPagesState>>,
387
388 // ── CAM: proactive regrade (AgeMem, #4547) ────────────────────────────────
389 /// Fidelity scoring config for proactive regrade in `maybe_compact`.
390 ///
391 /// `None` → proactive regrade is skipped (scoring disabled or config absent).
392 pub fidelity_config: Option<FidelityConfig>,
393 /// LLM provider used for query and per-message embeddings during proactive regrade.
394 /// `None` → keyword overlap fallback is used.
395 pub fidelity_semantic_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
396 /// LLM provider used for `Compressed` rendering during proactive regrade.
397 /// `None` → truncation fallback is used.
398 pub fidelity_compress_provider: Option<Arc<zeph_llm::any::AnyProvider>>,
399 /// Most recent user query — passed to the scorer as the semantic signal source.
400 ///
401 /// Empty string when no query is available (`AgeMem` degrades gracefully to
402 /// temporal + importance signals only).
403 pub current_query: String,
404}
405
406impl ContextSummarizationView<'_> {
407 /// Set the compression guidelines text.
408 ///
409 /// Call this on the view returned by `Agent::summarization_view()` before passing it to
410 /// `ContextService::compact_context`. Using a builder method keeps construction uniform
411 /// and avoids direct field mutation.
412 #[must_use]
413 pub fn with_compression_guidelines(mut self, guidelines: Option<String>) -> Self {
414 self.compression_guidelines = guidelines;
415 self
416 }
417}
418
419/// Bundle of LLM provider handles needed for async context operations.
420///
421/// Each handle is an `Arc`-backed clone, suitable for moving into spawned tasks
422/// or passing across async boundaries.
423pub struct ProviderHandles {
424 /// Primary LLM provider used for completions.
425 pub primary: AnyProvider,
426 /// Dedicated embedding provider.
427 pub embedding: AnyProvider,
428 /// Provider for skill disambiguation classification calls.
429 ///
430 /// Falls back to `primary` when the `[skills] disambiguate_provider` config field is empty.
431 pub disambiguate: AnyProvider,
432 /// Provider used for deferred tool-pair summarization (context compaction).
433 ///
434 /// Falls back to `primary` when the `[memory] compaction_provider` config field is empty.
435 pub compaction: AnyProvider,
436}
437
438/// Abstract status sink for emitting short progress strings to the channel.
439///
440/// Implemented in `zeph-core` by a stack-local adapter wrapping `Channel::send_status`.
441/// Using a trait keeps this crate free of the `Channel` trait from `zeph-core`.
442pub trait StatusSink: Send + Sync {
443 /// Send a short status string to the active channel.
444 fn send_status(&self, msg: &str) -> impl Future<Output = ()> + Send + '_;
445}
446
447/// Abstract gate for applying a skill trust level to the tool executor.
448///
449/// Implemented in `zeph-core` by a thin adapter over `Arc<dyn ErasedToolExecutor>`.
450/// Using a trait keeps this crate free of the tool executor abstraction.
451pub trait TrustGate: Send + Sync {
452 /// Apply the given trust level to the underlying tool executor.
453 fn set_effective_trust(&self, level: zeph_common::SkillTrustLevel);
454}
455
456/// Boxed `'static` future for the off-thread Qdrant session-summary write.
457///
458/// Returned from [`CompactionPersistence::after_compaction`] and bubbled back through
459/// [`CompactionOutcome::Compacted`] / [`CompactionOutcome::CompactedWithPersistError`].
460/// The caller (shim in `zeph-core`) dispatches this through `BackgroundSupervisor::spawn_summarization`.
461/// The future must return `bool` (`false` = success, `true` = error) to match the supervisor API.
462pub type QdrantPersistFuture = Pin<Box<dyn Future<Output = bool> + Send + 'static>>;
463
464/// Return type from `compact_context()` that distinguishes between successful compaction,
465/// probe rejection, and no-op.
466///
467/// Gives `maybe_compact()` enough information to handle probe rejection without triggering
468/// the `Exhausted` state — which would only be correct if summarization itself is stuck.
469#[must_use]
470#[non_exhaustive]
471pub enum CompactionOutcome {
472 /// Messages were drained and replaced with a summary. `SQLite` persistence succeeded.
473 ///
474 /// `qdrant_future` is an optional `'static` future for the off-thread Qdrant write;
475 /// the shim must dispatch it through `BackgroundSupervisor::spawn_summarization` and
476 /// must not await it inline.
477 Compacted {
478 /// Optional Qdrant write future to dispatch via the supervisor.
479 qdrant_future: Option<QdrantPersistFuture>,
480 },
481 /// Messages were drained and replaced with a summary, but synchronous `SQLite` persistence
482 /// reported failure. The in-memory state is correct; only persistence failed.
483 CompactedWithPersistError {
484 /// Optional Qdrant write future to dispatch via the supervisor.
485 qdrant_future: Option<QdrantPersistFuture>,
486 },
487 /// Probe rejected the summary — original messages are preserved.
488 /// Caller must NOT check `freed_tokens` or transition to `Exhausted`.
489 ProbeRejected,
490 /// No compaction was performed (too few messages, empty `to_compact`, etc.).
491 NoChange,
492}
493
494impl PartialEq for CompactionOutcome {
495 fn eq(&self, other: &Self) -> bool {
496 // Compare variants only; qdrant_future is not comparable (it is a dyn Future).
497 matches!(
498 (self, other),
499 (Self::Compacted { .. }, Self::Compacted { .. })
500 | (
501 Self::CompactedWithPersistError { .. },
502 Self::CompactedWithPersistError { .. }
503 )
504 | (Self::ProbeRejected, Self::ProbeRejected)
505 | (Self::NoChange, Self::NoChange)
506 )
507 }
508}
509
510impl std::fmt::Debug for CompactionOutcome {
511 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
512 match self {
513 Self::Compacted { qdrant_future } => f
514 .debug_struct("Compacted")
515 .field("qdrant_future", &qdrant_future.as_ref().map(|_| "<future>"))
516 .finish(),
517 Self::CompactedWithPersistError { qdrant_future } => f
518 .debug_struct("CompactedWithPersistError")
519 .field("qdrant_future", &qdrant_future.as_ref().map(|_| "<future>"))
520 .finish(),
521 Self::ProbeRejected => write!(f, "ProbeRejected"),
522 Self::NoChange => write!(f, "NoChange"),
523 }
524 }
525}
526
527impl CompactionOutcome {
528 /// Remove and return the Qdrant persistence future embedded in `Compacted` or
529 /// `CompactedWithPersistError` variants. Returns `None` for `ProbeRejected` / `NoChange`.
530 ///
531 /// The shim calls this immediately after the service returns and dispatches the
532 /// future through `BackgroundSupervisor::spawn_summarization`.
533 pub fn qdrant_future_take(&mut self) -> Option<QdrantPersistFuture> {
534 match self {
535 Self::Compacted { qdrant_future }
536 | Self::CompactedWithPersistError { qdrant_future } => qdrant_future.take(),
537 _ => None,
538 }
539 }
540
541 /// Returns `true` when compaction succeeded (either variant of `Compacted`).
542 #[must_use]
543 pub fn is_compacted(&self) -> bool {
544 matches!(
545 self,
546 Self::Compacted { .. } | Self::CompactedWithPersistError { .. }
547 )
548 }
549}
550
551/// Verdict returned by a [`CompactionProbeCallback`] after evaluating a candidate summary.
552///
553/// The implementor — not the service — is responsible for routing the verdict-specific data
554/// (score, `category_scores`, thresholds) through [`MetricsCallback`] and for calling
555/// `dump_compaction_probe` before returning.
556#[derive(Debug, Clone, Copy, PartialEq, Eq)]
557#[non_exhaustive]
558pub enum ProbeOutcome {
559 /// Probe accepted the summary; pipeline continues normally.
560 Pass,
561 /// Probe soft-rejected; pipeline continues but the summary is flagged as borderline.
562 SoftFail,
563 /// Probe hard-rejected; service must abort and return [`CompactionOutcome::ProbeRejected`].
564 HardFail,
565}
566
567/// Probe-validation callback invoked by `ContextService::compact_context` after the LLM
568/// produces a candidate summary.
569///
570/// # Contract (mandatory)
571///
572/// Implementations MUST, before returning:
573/// 1. Call `dump_compaction_probe(result)` if a debug dumper is configured.
574/// 2. Update verdict-specific metric counters via the appropriate
575/// `MetricsCallback::record_compaction_probe_*` method. The score, `category_scores`,
576/// threshold, and `hard_fail_threshold` travel through the metrics adapter and are not
577/// part of the `ProbeOutcome` payload.
578/// 3. On internal validation error (`validate_compaction` returns `Err`), call
579/// `MetricsCallback::record_compaction_probe_error()` and return `ProbeOutcome::Pass`.
580/// An error must not abort compaction.
581///
582/// The service treats the returned `ProbeOutcome` exclusively as routing:
583/// `HardFail` → abort with `ProbeRejected`; `Pass | SoftFail` → continue.
584pub trait CompactionProbeCallback: Send {
585 /// Validate the candidate `summary` produced from `to_compact` messages.
586 fn validate<'a>(
587 &'a mut self,
588 to_compact: &'a [Message],
589 summary: &'a str,
590 ) -> Pin<Box<dyn Future<Output = ProbeOutcome> + Send + 'a>>;
591}
592
593/// Pre-summary tool-output archiving hook (Memex #2432).
594///
595/// The service calls `archive(to_compact)` BEFORE summarization. The returned reference
596/// strings are appended as a postfix AFTER the LLM summary to prevent the LLM from
597/// destroying the `[archived:UUID]` markers.
598pub trait ToolOutputArchive: Send + Sync {
599 /// Archive tool output bodies from `to_compact` and return reference strings.
600 ///
601 /// Returns an empty `Vec` when archiving is disabled or no bodies are archived.
602 fn archive<'a>(
603 &'a self,
604 to_compact: &'a [Message],
605 ) -> Pin<Box<dyn Future<Output = Vec<String>> + Send + 'a>>;
606}
607
608/// Persistence completion hook invoked after the in-memory drain/reinsert is finalized.
609///
610/// Returns:
611/// - `persist_failed`: whether the synchronous `SQLite` persistence step failed.
612/// - `qdrant_future`: optional `'static` future for the off-thread Qdrant write, bubbled
613/// back to the caller via [`CompactionOutcome::Compacted::qdrant_future`].
614pub trait CompactionPersistence: Send + Sync {
615 /// Persist the compaction result and return the Qdrant write future.
616 fn after_compaction<'a>(
617 &'a self,
618 compacted_count: usize,
619 summary_content: &'a str,
620 summary: &'a str,
621 ) -> Pin<Box<dyn Future<Output = (bool, Option<QdrantPersistFuture>)> + Send + 'a>>;
622}
623
624/// Metrics-counter sink for `ContextService` increments.
625///
626/// Implemented in `zeph-core` by an adapter wrapping `Arc<MetricsCollector>`. Keeps
627/// `zeph-agent-context` free of `zeph-core` internal metrics types. Closes #3527.
628///
629/// All four `record_compaction_probe_*` methods are called from inside the
630/// [`CompactionProbeCallback`] implementation — not from the service itself — per the
631/// probe-callback contract.
632pub trait MetricsCallback: Send + Sync {
633 /// Record that a hard-compaction event occurred.
634 ///
635 /// `turns_since_last` is `None` on the first hard compaction of the session.
636 fn record_hard_compaction(&self, turns_since_last: Option<u32>);
637
638 /// Record that tool outputs were pruned.
639 ///
640 /// `count` is the number of tool-output bodies pruned in this pass.
641 fn record_tool_output_prune(&self, count: usize);
642
643 /// Record a probe pass verdict with full score data.
644 fn record_compaction_probe_pass(
645 &self,
646 score: f32,
647 category_scores: Vec<zeph_memory::CategoryScore>,
648 threshold: f32,
649 hard_fail_threshold: f32,
650 );
651
652 /// Record a probe soft-fail verdict with full score data.
653 fn record_compaction_probe_soft_fail(
654 &self,
655 score: f32,
656 category_scores: Vec<zeph_memory::CategoryScore>,
657 threshold: f32,
658 hard_fail_threshold: f32,
659 );
660
661 /// Record a probe hard-fail verdict with full score data.
662 fn record_compaction_probe_hard_fail(
663 &self,
664 score: f32,
665 category_scores: Vec<zeph_memory::CategoryScore>,
666 threshold: f32,
667 hard_fail_threshold: f32,
668 );
669
670 /// Record that the probe returned an error (non-fatal; compaction proceeded).
671 fn record_compaction_probe_error(&self);
672}