ironflow_core/provider.rs
1//! Provider trait and configuration types for agent invocations.
2//!
3//! The [`AgentProvider`] trait is the primary extension point in ironflow: implement it
4//! to plug in any AI backend (local model, HTTP API, mock, etc.) without changing
5//! your workflow code.
6//!
7//! Built-in implementations:
8//!
9//! * [`ClaudeCodeProvider`](crate::providers::claude::ClaudeCodeProvider) - local `claude` CLI.
10//! * `SshProvider` - remote via SSH (requires `transport-ssh` feature).
11//! * `DockerProvider` - Docker container (requires `transport-docker` feature).
12//! * `K8sEphemeralProvider` - ephemeral K8s pod (requires `transport-k8s` feature).
13//! * `K8sPersistentProvider` - persistent K8s pod (requires `transport-k8s` feature).
14//! * [`RecordReplayProvider`](crate::providers::record_replay::RecordReplayProvider) -
15//! records and replays fixtures for deterministic testing.
16
17use std::collections::BTreeMap;
18use std::fmt;
19use std::future::Future;
20use std::marker::PhantomData;
21use std::pin::Pin;
22use std::sync::Arc;
23
24use schemars::JsonSchema;
25use serde::{Deserialize, Serialize};
26use serde_json::Value;
27
28use crate::error::AgentError;
29use crate::operations::agent::{Model, PermissionMode};
30
31/// Boxed future returned by [`AgentProvider::invoke`].
32pub type InvokeFuture<'a> =
33 Pin<Box<dyn Future<Output = Result<AgentOutput, AgentError>> + Send + 'a>>;
34
35// ── Typestate markers ──────────────────────────────────────────────
36
37/// Marker: no tools have been added via the builder.
38#[derive(Debug, Clone, Copy)]
39pub struct NoTools;
40
41/// Marker: at least one tool has been added via [`AgentConfig::allow_tool`].
42#[derive(Debug, Clone, Copy)]
43pub struct WithTools;
44
45/// Marker: no JSON schema has been set via the builder.
46#[derive(Debug, Clone, Copy)]
47pub struct NoSchema;
48
49/// Marker: a JSON schema has been set via [`AgentConfig::output`] or
50/// [`AgentConfig::output_schema_raw`].
51#[derive(Debug, Clone, Copy)]
52pub struct WithSchema;
53
54// ── AgentInput ─────────────────────────────────────────────────────
55
56/// Declarative external input fetched into the agent's filesystem before invocation.
57///
58/// Each input is a URL that the provider must download and materialize at
59/// `mount_path` so the agent can read it via the `Read` tool.
60///
61/// Provider behavior:
62///
63/// * [`ClaudeCodeProvider`](crate::providers::claude::ClaudeCodeProvider) (local) -
64/// downloads via reqwest into a per-invocation temp directory and rewrites
65/// `mount_path` to the resolved local path.
66/// * `K8sEphemeralProvider` - injects a `curlimages/curl` initContainer that
67/// downloads each URL into a shared `emptyDir`, mounted on the main container
68/// at the parent directory of `mount_path`.
69///
70/// The `mount_path` must be an absolute path. Intermediate directories are
71/// created automatically.
72#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
73pub struct AgentInput {
74 /// Source URL to download (HTTP/HTTPS, including signed S3/R2 URLs).
75 pub url: String,
76
77 /// Absolute filesystem path where the file must be available inside the
78 /// agent's filesystem.
79 pub mount_path: String,
80}
81
82impl AgentInput {
83 /// Create a new input descriptor.
84 pub fn new(url: &str, mount_path: &str) -> Self {
85 Self {
86 url: url.to_string(),
87 mount_path: mount_path.to_string(),
88 }
89 }
90}
91
92// ── AgentConfig ────────────────────────────────────────────────────
93
94/// Serializable configuration passed to an [`AgentProvider`] for a single invocation.
95///
96/// Built by [`Agent::run`](crate::operations::agent::Agent::run) from the builder state.
97/// Provider implementations translate these fields into whatever format the underlying
98/// backend expects.
99///
100/// # Typestate: tools vs structured output
101///
102/// Claude CLI has a [known bug](https://github.com/anthropics/claude-code/issues/18536)
103/// where combining `--json-schema` with `--allowedTools` always returns
104/// `structured_output: null`. To prevent this at compile time, [`allow_tool`](Self::allow_tool)
105/// and [`output`](Self::output) / [`output_schema_raw`](Self::output_schema_raw) are mutually
106/// exclusive: using one removes the other from the available API.
107///
108/// ```
109/// use ironflow_core::provider::AgentConfig;
110///
111/// // OK: tools only
112/// let _ = AgentConfig::new("search").allow_tool("WebSearch");
113///
114/// // OK: structured output only
115/// let _ = AgentConfig::new("classify").output_schema_raw(r#"{"type":"object"}"#);
116/// ```
117///
118/// ```compile_fail
119/// use ironflow_core::provider::AgentConfig;
120/// // COMPILE ERROR: cannot add tools after setting structured output
121/// let _ = AgentConfig::new("x").output_schema_raw("{}").allow_tool("Read");
122/// ```
123///
124/// ```compile_fail
125/// use ironflow_core::provider::AgentConfig;
126/// // COMPILE ERROR: cannot set structured output after adding tools
127/// let _ = AgentConfig::new("x").allow_tool("Read").output_schema_raw("{}");
128/// ```
129///
130/// **Workaround**: split the work into two steps -- one agent with tools to
131/// gather data, then a second agent with `.output::<T>()` to structure the result.
132#[derive(Debug, Clone, Serialize, Deserialize)]
133#[serde(bound(serialize = "", deserialize = ""))]
134#[non_exhaustive]
135pub struct AgentConfig<Tools = NoTools, Schema = NoSchema> {
136 /// Optional system prompt that sets the agent's persona or constraints.
137 pub system_prompt: Option<String>,
138
139 /// The user prompt - the main instruction to the agent.
140 pub prompt: String,
141
142 /// Which model to use for this invocation.
143 ///
144 /// Accepts any string. Use [`Model`] constants for well-known Claude models
145 /// (e.g. `Model::SONNET`), or pass a custom identifier for other providers.
146 #[serde(default = "default_model")]
147 pub model: String,
148
149 /// Allowlist of tool names the agent may invoke (empty = provider default).
150 #[serde(default)]
151 pub allowed_tools: Vec<String>,
152
153 /// Denylist of tool names the agent MUST NOT invoke.
154 ///
155 /// Maps to `--disallowedTools` on the Claude CLI. Unlike
156 /// [`allowed_tools`](Self::allowed_tools), this does **not** activate any
157 /// tools; it only filters out tools that would otherwise be loaded by
158 /// default. As such, it is safe to combine with structured output
159 /// ([`output`](Self::output)) without triggering the Claude CLI bug that
160 /// affects `--json-schema` + `--allowedTools`.
161 #[serde(default)]
162 pub disallowed_tools: Vec<String>,
163
164 /// Maximum number of agentic turns before the provider should stop.
165 pub max_turns: Option<u32>,
166
167 /// Maximum spend in USD for this single invocation.
168 pub max_budget_usd: Option<f64>,
169
170 /// Working directory for the agent process.
171 pub working_dir: Option<String>,
172
173 /// Path to an MCP server configuration file.
174 pub mcp_config: Option<String>,
175
176 /// When `true`, pass `--strict-mcp-config` to the Claude CLI so it only
177 /// loads MCP servers from [`mcp_config`](Self::mcp_config) and ignores
178 /// any global/user MCP configuration (e.g. `~/.claude.json`).
179 ///
180 /// Useful to prevent global MCP servers from leaking tools into steps
181 /// that request `structured_output`, which triggers the Claude CLI bug
182 /// where `--json-schema` combined with any active tool returns
183 /// `structured_output: null`. See
184 /// <https://github.com/anthropics/claude-code/issues/18536>.
185 ///
186 /// Combine with `mcp_config` set to a file containing
187 /// `{"mcpServers":{}}` to disable every MCP server for the invocation.
188 #[serde(default)]
189 pub strict_mcp_config: bool,
190
191 /// When `true`, pass `--bare` to Claude CLI. Bare mode disables:
192 /// - auto-memory (automatic creation of `~/.claude/.../memory/*.md` files)
193 /// - `CLAUDE.md` auto-discovery (no global/project `CLAUDE.md` loaded)
194 /// - hooks, LSP, plugin sync, attribution, background prefetches
195 ///
196 /// Recommended for orchestrator agents that should not have any implicit
197 /// side effects on the user's filesystem or inherit user-level context.
198 ///
199 /// # Authentication requirement
200 ///
201 /// `--bare` is **only compatible with an Anthropic API key**
202 /// (`ANTHROPIC_API_KEY` environment variable). It does **not** work with
203 /// OAuth authentication (`claude /login` / keychain-stored credentials),
204 /// because bare mode disables keychain reads.
205 #[serde(default)]
206 pub bare: bool,
207
208 /// Permission mode controlling how the agent handles tool-use approvals.
209 #[serde(default)]
210 pub permission_mode: PermissionMode,
211
212 /// Optional JSON Schema string. When set, the provider should request
213 /// structured (typed) output from the model.
214 #[serde(alias = "output_schema")]
215 pub json_schema: Option<String>,
216
217 /// Optional session ID to resume a previous conversation.
218 ///
219 /// When set, the provider should continue the conversation from the
220 /// specified session rather than starting a new one.
221 pub resume_session_id: Option<String>,
222
223 /// Enable verbose/debug mode to capture the full conversation trace.
224 ///
225 /// When `true`, the provider uses streaming output (`stream-json`) to
226 /// record every assistant message and tool call. The resulting
227 /// [`AgentOutput::debug_messages`] field will contain the conversation
228 /// trace for inspection.
229 #[serde(default)]
230 pub verbose: bool,
231
232 /// Custom labels applied to the pod (K8s providers only).
233 ///
234 /// Non-K8s providers ignore this field. Labels are merged with the
235 /// provider-level pod labels and the hardcoded ironflow labels. In case
236 /// of conflict, hardcoded labels always win, then invocation-level labels,
237 /// then provider-level defaults.
238 #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
239 pub pod_labels: BTreeMap<String, String>,
240
241 /// External inputs to materialize on the agent's filesystem before invocation.
242 ///
243 /// See [`AgentInput`] for the semantics. The provider is responsible for
244 /// fetching each URL and placing it at `mount_path` before the agent runs.
245 /// Add inputs with [`AgentConfig::input_file`].
246 #[serde(default, skip_serializing_if = "Vec::is_empty")]
247 pub inputs: Vec<AgentInput>,
248
249 /// Zero-sized typestate marker (not serialized).
250 #[serde(skip)]
251 pub(crate) _marker: PhantomData<(Tools, Schema)>,
252}
253
254fn default_model() -> String {
255 Model::SONNET.to_string()
256}
257
258// ── Constructor (base type only) ───────────────────────────────────
259
260impl AgentConfig {
261 /// Create an `AgentConfig` with required fields and defaults for the rest.
262 pub fn new(prompt: &str) -> Self {
263 Self {
264 system_prompt: None,
265 prompt: prompt.to_string(),
266 model: Model::SONNET.to_string(),
267 allowed_tools: Vec::new(),
268 disallowed_tools: Vec::new(),
269 max_turns: None,
270 max_budget_usd: None,
271 working_dir: None,
272 mcp_config: None,
273 strict_mcp_config: false,
274 bare: false,
275 permission_mode: PermissionMode::Default,
276 json_schema: None,
277 resume_session_id: None,
278 verbose: false,
279 pod_labels: BTreeMap::new(),
280 inputs: Vec::new(),
281 _marker: PhantomData,
282 }
283 }
284}
285
286// ── Methods available on ALL typestate variants ────────────────────
287
288impl<Tools, Schema> AgentConfig<Tools, Schema> {
289 /// Set the system prompt.
290 pub fn system_prompt(mut self, prompt: &str) -> Self {
291 self.system_prompt = Some(prompt.to_string());
292 self
293 }
294
295 /// Set the model name.
296 pub fn model(mut self, model: &str) -> Self {
297 self.model = model.to_string();
298 self
299 }
300
301 /// Set the maximum budget in USD.
302 pub fn max_budget_usd(mut self, budget: f64) -> Self {
303 self.max_budget_usd = Some(budget);
304 self
305 }
306
307 /// Set the maximum number of turns.
308 pub fn max_turns(mut self, turns: u32) -> Self {
309 self.max_turns = Some(turns);
310 self
311 }
312
313 /// Set the working directory.
314 pub fn working_dir(mut self, dir: &str) -> Self {
315 self.working_dir = Some(dir.to_string());
316 self
317 }
318
319 /// Set the permission mode.
320 pub fn permission_mode(mut self, mode: PermissionMode) -> Self {
321 self.permission_mode = mode;
322 self
323 }
324
325 /// Enable verbose/debug mode.
326 pub fn verbose(mut self, enabled: bool) -> Self {
327 self.verbose = enabled;
328 self
329 }
330
331 /// Set the MCP server configuration file path.
332 pub fn mcp_config(mut self, config: &str) -> Self {
333 self.mcp_config = Some(config.to_string());
334 self
335 }
336
337 /// Enable strict MCP config mode.
338 ///
339 /// When `true`, the Claude CLI is invoked with `--strict-mcp-config`,
340 /// which disables loading of any MCP server defined outside the
341 /// [`mcp_config`](Self::mcp_config) file (the global `~/.claude.json`
342 /// and user-level configs are ignored).
343 ///
344 /// This is the recommended way to prevent global MCP servers from
345 /// silently injecting tools into a structured-output step and
346 /// triggering the Claude CLI bug that returns `structured_output: null`
347 /// whenever any tool is active. See
348 /// <https://github.com/anthropics/claude-code/issues/18536>.
349 ///
350 /// # Examples
351 ///
352 /// ```
353 /// use ironflow_core::provider::AgentConfig;
354 /// use schemars::JsonSchema;
355 ///
356 /// #[derive(serde::Deserialize, JsonSchema)]
357 /// struct Out { ok: bool }
358 ///
359 /// // Isolate the step from any global MCP server so structured output works.
360 /// let config = AgentConfig::new("classify this")
361 /// .strict_mcp_config(true)
362 /// .mcp_config(r#"{"mcpServers":{}}"#)
363 /// .output::<Out>();
364 /// ```
365 pub fn strict_mcp_config(mut self, strict: bool) -> Self {
366 self.strict_mcp_config = strict;
367 self
368 }
369
370 /// Enable bare mode (minimal Claude Code environment, see `--bare`).
371 ///
372 /// When `true`, the Claude CLI is invoked with `--bare`, which disables:
373 /// - auto-memory (no automatic `~/.claude/.../memory/*.md` file creation)
374 /// - `CLAUDE.md` auto-discovery (neither global nor project-level)
375 /// - hooks, LSP, plugin sync, attribution, background prefetches,
376 /// keychain reads
377 ///
378 /// Sets `CLAUDE_CODE_SIMPLE=1` in the child process.
379 ///
380 /// Recommended for orchestrator steps that should not have any implicit
381 /// side effects on the user's filesystem or inherit user-level context
382 /// (email, preferences, etc.).
383 ///
384 /// # Authentication requirement
385 ///
386 /// `--bare` is **only compatible with an Anthropic API key**
387 /// (`ANTHROPIC_API_KEY` environment variable). It does **not** work with
388 /// OAuth authentication (`claude /login` / keychain-stored credentials),
389 /// because bare mode disables keychain reads. Invoking a bare agent on an
390 /// OAuth-only host will fail with an authentication error.
391 ///
392 /// # Examples
393 ///
394 /// ```
395 /// use ironflow_core::provider::AgentConfig;
396 ///
397 /// let config = AgentConfig::new("classify this")
398 /// .bare(true);
399 /// ```
400 pub fn bare(mut self, enabled: bool) -> Self {
401 self.bare = enabled;
402 self
403 }
404
405 /// Replace the entire disallowed-tools list.
406 ///
407 /// Maps to `--disallowedTools` on the Claude CLI. This method is available
408 /// on **every** typestate variant (including
409 /// [`AgentConfig<NoTools, WithSchema>`]) because, unlike
410 /// [`allow_tool`](AgentConfig::allow_tool), `disallowed_tools` does not
411 /// activate any tool -- it only filters out tools that would otherwise be
412 /// loaded by default.
413 ///
414 /// As such, it is safe to combine with structured output:
415 ///
416 /// # Examples
417 ///
418 /// ```
419 /// use ironflow_core::provider::AgentConfig;
420 /// use schemars::JsonSchema;
421 ///
422 /// #[derive(serde::Deserialize, JsonSchema)]
423 /// struct Out { ok: bool }
424 ///
425 /// let config = AgentConfig::new("classify this")
426 /// .disallowed_tools(["Write", "Edit"])
427 /// .output::<Out>();
428 /// ```
429 pub fn disallowed_tools<I, S>(mut self, tools: I) -> Self
430 where
431 I: IntoIterator<Item = S>,
432 S: Into<String>,
433 {
434 self.disallowed_tools = tools.into_iter().map(Into::into).collect();
435 self
436 }
437
438 /// Add a single custom pod label (K8s providers only).
439 ///
440 /// Can be called multiple times. Non-K8s providers ignore this field.
441 ///
442 /// # Examples
443 ///
444 /// ```
445 /// use ironflow_core::provider::AgentConfig;
446 ///
447 /// let config = AgentConfig::new("analyze")
448 /// .pod_label("ironflow.io/network-profile", "grafana-only")
449 /// .pod_label("team", "observability");
450 /// ```
451 pub fn pod_label(mut self, key: &str, value: &str) -> Self {
452 self.pod_labels.insert(key.to_string(), value.to_string());
453 self
454 }
455
456 /// Replace the entire custom pod labels map (K8s providers only).
457 ///
458 /// Non-K8s providers ignore this field.
459 ///
460 /// # Examples
461 ///
462 /// ```
463 /// use std::collections::BTreeMap;
464 /// use ironflow_core::provider::AgentConfig;
465 ///
466 /// let mut labels = BTreeMap::new();
467 /// labels.insert("env".to_string(), "staging".to_string());
468 /// let config = AgentConfig::new("deploy").pod_labels(labels);
469 /// ```
470 pub fn pod_labels(mut self, labels: BTreeMap<String, String>) -> Self {
471 self.pod_labels = labels;
472 self
473 }
474
475 /// Set a session ID to resume a previous conversation.
476 pub fn resume(mut self, session_id: &str) -> Self {
477 self.resume_session_id = Some(session_id.to_string());
478 self
479 }
480
481 /// Declare an external input that the provider must materialize on the
482 /// agent's filesystem before invocation.
483 ///
484 /// `url` is fetched (HTTP/HTTPS) and written to `mount_path` (absolute
485 /// path) inside the agent's runtime. Each provider materializes inputs
486 /// in its own way:
487 ///
488 /// * Local provider: downloads to a temp dir on the host.
489 /// * K8s providers: spawn a `curlimages/curl` initContainer that downloads
490 /// into a shared `emptyDir` mounted on the main container.
491 ///
492 /// Can be called multiple times to declare several inputs.
493 ///
494 /// # Examples
495 ///
496 /// ```
497 /// use ironflow_core::provider::AgentConfig;
498 ///
499 /// let config = AgentConfig::new("Read /work/dossier.pdf and summarize")
500 /// .allow_tool("Read")
501 /// .input_file("https://r2.example.com/dossier.pdf", "/work/dossier.pdf");
502 /// ```
503 pub fn input_file(mut self, url: &str, mount_path: &str) -> Self {
504 self.inputs.push(AgentInput::new(url, mount_path));
505 self
506 }
507
508 /// Convert to a different typestate by moving all fields.
509 ///
510 /// Safe because the marker is a zero-sized [`PhantomData`] -- no
511 /// runtime data changes.
512 fn change_state<T2, S2>(self) -> AgentConfig<T2, S2> {
513 AgentConfig {
514 system_prompt: self.system_prompt,
515 prompt: self.prompt,
516 model: self.model,
517 allowed_tools: self.allowed_tools,
518 disallowed_tools: self.disallowed_tools,
519 max_turns: self.max_turns,
520 max_budget_usd: self.max_budget_usd,
521 working_dir: self.working_dir,
522 mcp_config: self.mcp_config,
523 strict_mcp_config: self.strict_mcp_config,
524 bare: self.bare,
525 permission_mode: self.permission_mode,
526 json_schema: self.json_schema,
527 resume_session_id: self.resume_session_id,
528 verbose: self.verbose,
529 pod_labels: self.pod_labels,
530 inputs: self.inputs,
531 _marker: PhantomData,
532 }
533 }
534}
535
536// ── allow_tool: only when no schema is set ─────────────────────────
537
538impl<Tools> AgentConfig<Tools, NoSchema> {
539 /// Add an allowed tool.
540 ///
541 /// Can be called multiple times to allow several tools. Returns an
542 /// [`AgentConfig<WithTools, NoSchema>`], which **cannot** call
543 /// [`output`](AgentConfig::output) or [`output_schema_raw`](AgentConfig::output_schema_raw).
544 ///
545 /// This restriction exists because Claude CLI has a
546 /// [known bug](https://github.com/anthropics/claude-code/issues/18536)
547 /// where `--json-schema` combined with `--allowedTools` always returns
548 /// `structured_output: null`.
549 ///
550 /// **Workaround**: use two sequential agent steps -- one with tools to
551 /// gather data, then one with `.output::<T>()` to structure the result.
552 ///
553 /// # Examples
554 ///
555 /// ```
556 /// use ironflow_core::provider::AgentConfig;
557 ///
558 /// let config = AgentConfig::new("search the web")
559 /// .allow_tool("WebSearch")
560 /// .allow_tool("WebFetch");
561 /// ```
562 ///
563 /// ```compile_fail
564 /// use ironflow_core::provider::AgentConfig;
565 /// // ERROR: cannot set structured output after adding tools
566 /// let _ = AgentConfig::new("x")
567 /// .allow_tool("Read")
568 /// .output_schema_raw(r#"{"type":"object"}"#);
569 /// ```
570 pub fn allow_tool(mut self, tool: &str) -> AgentConfig<WithTools, NoSchema> {
571 self.allowed_tools.push(tool.to_string());
572 self.change_state()
573 }
574}
575
576// ── output: only when no tools are set ─────────────────────────────
577
578impl<Schema> AgentConfig<NoTools, Schema> {
579 /// Set structured output from a Rust type implementing [`JsonSchema`].
580 ///
581 /// The schema is serialized once at build time. When set, the provider
582 /// will request typed output conforming to this schema.
583 ///
584 /// **Important:** structured output requires `max_turns >= 2`.
585 ///
586 /// Returns an [`AgentConfig<NoTools, WithSchema>`], which **cannot**
587 /// call [`allow_tool`](AgentConfig::allow_tool).
588 ///
589 /// This restriction exists because Claude CLI has a
590 /// [known bug](https://github.com/anthropics/claude-code/issues/18536)
591 /// where `--json-schema` combined with `--allowedTools` always returns
592 /// `structured_output: null`.
593 ///
594 /// **Workaround**: use two sequential agent steps -- one with tools to
595 /// gather data, then one with `.output::<T>()` to structure the result.
596 ///
597 /// # Known limitations of Claude CLI structured output
598 ///
599 /// The Claude CLI does not guarantee strict schema conformance for
600 /// structured output. The following upstream bugs affect the behavior:
601 ///
602 /// - **Schema flattening** ([anthropics/claude-agent-sdk-python#502]):
603 /// a schema like `{"type":"object","properties":{"items":{"type":"array",...}}}`
604 /// may return a bare array instead of the wrapper object. The CLI
605 /// non-deterministically flattens schemas with a single array field.
606 /// - **Non-deterministic wrapping** ([anthropics/claude-agent-sdk-python#374]):
607 /// the same prompt can produce differently wrapped output across runs.
608 /// - **No conformance guarantee** ([anthropics/claude-code#9058]):
609 /// the CLI does not validate output against the provided JSON schema.
610 ///
611 /// Because of these bugs, ironflow's provider layer applies multiple
612 /// fallback strategies when extracting the structured value (see
613 /// [`extract_structured_value`](crate::providers::claude::common::extract_structured_value)).
614 ///
615 /// [anthropics/claude-agent-sdk-python#502]: https://github.com/anthropics/claude-agent-sdk-python/issues/502
616 /// [anthropics/claude-agent-sdk-python#374]: https://github.com/anthropics/claude-agent-sdk-python/issues/374
617 /// [anthropics/claude-code#9058]: https://github.com/anthropics/claude-code/issues/9058
618 ///
619 /// # Examples
620 ///
621 /// ```
622 /// use ironflow_core::provider::AgentConfig;
623 /// use schemars::JsonSchema;
624 ///
625 /// #[derive(serde::Deserialize, JsonSchema)]
626 /// struct Labels { labels: Vec<String> }
627 ///
628 /// let config = AgentConfig::new("classify this text")
629 /// .output::<Labels>();
630 /// ```
631 ///
632 /// ```compile_fail
633 /// use ironflow_core::provider::AgentConfig;
634 /// use schemars::JsonSchema;
635 /// #[derive(serde::Deserialize, JsonSchema)]
636 /// struct Out { x: i32 }
637 /// // ERROR: cannot add tools after setting structured output
638 /// let _ = AgentConfig::new("x").output::<Out>().allow_tool("Read");
639 /// ```
640 /// # Panics
641 ///
642 /// Panics if the schema generated by `schemars` cannot be serialized
643 /// to JSON. This indicates a bug in the type's `JsonSchema` derive,
644 /// not a recoverable runtime error.
645 pub fn output<T: JsonSchema>(mut self) -> AgentConfig<NoTools, WithSchema> {
646 let schema = schemars::schema_for!(T);
647 let serialized = serde_json::to_string(&schema).unwrap_or_else(|e| {
648 panic!(
649 "failed to serialize JSON schema for {}: {e}",
650 std::any::type_name::<T>()
651 )
652 });
653 self.json_schema = Some(serialized);
654 self.change_state()
655 }
656
657 /// Set structured output from a pre-serialized JSON Schema string.
658 ///
659 /// Returns an [`AgentConfig<NoTools, WithSchema>`], which **cannot**
660 /// call [`allow_tool`](AgentConfig::allow_tool). See [`output`](Self::output)
661 /// for the rationale and workaround.
662 pub fn output_schema_raw(mut self, schema: &str) -> AgentConfig<NoTools, WithSchema> {
663 self.json_schema = Some(schema.to_string());
664 self.change_state()
665 }
666}
667
668// ── From conversions to base type ──────────────────────────────────
669
670impl From<AgentConfig<WithTools, NoSchema>> for AgentConfig {
671 fn from(config: AgentConfig<WithTools, NoSchema>) -> Self {
672 config.change_state()
673 }
674}
675
676impl From<AgentConfig<NoTools, WithSchema>> for AgentConfig {
677 fn from(config: AgentConfig<NoTools, WithSchema>) -> Self {
678 config.change_state()
679 }
680}
681
682// ── AgentOutput ────────────────────────────────────────────────────
683
684/// Raw output returned by an [`AgentProvider`] after a successful invocation.
685///
686/// Carries the agent's response value together with usage and billing metadata.
687#[derive(Clone, Debug, Serialize, Deserialize)]
688#[non_exhaustive]
689pub struct AgentOutput {
690 /// The agent's response. A plain [`Value::String`] for text mode, or an
691 /// arbitrary JSON value when a JSON schema was requested.
692 pub value: Value,
693
694 /// Provider-assigned session identifier, useful for resuming conversations.
695 pub session_id: Option<String>,
696
697 /// Total cost in USD for this invocation, if reported by the provider.
698 pub cost_usd: Option<f64>,
699
700 /// Number of input tokens consumed, if reported.
701 pub input_tokens: Option<u64>,
702
703 /// Number of output tokens generated, if reported.
704 pub output_tokens: Option<u64>,
705
706 /// The concrete model identifier used (e.g. `"claude-sonnet-4-20250514"`).
707 pub model: Option<String>,
708
709 /// Wall-clock duration of the invocation in milliseconds.
710 pub duration_ms: u64,
711
712 /// Conversation trace captured when [`AgentConfig::verbose`] is `true`.
713 ///
714 /// Contains every assistant message and tool call made during the
715 /// invocation, in chronological order. `None` when verbose mode is off.
716 pub debug_messages: Option<Vec<DebugMessage>>,
717}
718
719/// A single assistant turn captured during a verbose invocation.
720///
721/// Each `DebugMessage` represents one assistant response, which may contain
722/// free-form text, tool calls, or both.
723///
724/// # Examples
725///
726/// ```no_run
727/// use ironflow_core::prelude::*;
728///
729/// # async fn example() -> Result<(), OperationError> {
730/// let provider = ClaudeCodeProvider::new();
731/// let result = Agent::new()
732/// .prompt("List files in src/")
733/// .verbose()
734/// .run(&provider)
735/// .await?;
736///
737/// if let Some(messages) = result.debug_messages() {
738/// for msg in messages {
739/// println!("{msg}");
740/// }
741/// }
742/// # Ok(())
743/// # }
744/// ```
745#[derive(Debug, Clone, Serialize, Deserialize)]
746#[non_exhaustive]
747pub struct DebugMessage {
748 /// Free-form text produced by the assistant in this turn, if any.
749 pub text: Option<String>,
750
751 /// Extended thinking blocks produced by the model in this turn.
752 ///
753 /// Available only when the model emits `thinking` content blocks
754 /// (Opus 4.7 adaptive thinking, Claude 3.7+ extended thinking, etc.).
755 /// The blocks are joined in arrival order.
756 #[serde(default, skip_serializing_if = "Option::is_none")]
757 pub thinking: Option<String>,
758
759 /// `true` when the model emitted a `thinking` content block but the
760 /// text was redacted (only a signature is provided).
761 ///
762 /// Opus 4.7 adaptive thinking and the `display: "omitted"` setting both
763 /// produce signature-only thinking blocks: the model proves it reasoned
764 /// without exposing the chain of thought. The UI should still show a
765 /// badge so the user knows thinking happened.
766 #[serde(default, skip_serializing_if = "std::ops::Not::not")]
767 pub thinking_redacted: bool,
768
769 /// Tool calls made by the assistant in this turn.
770 pub tool_calls: Vec<DebugToolCall>,
771
772 /// Tool results received from the user/runtime for the preceding tool calls.
773 ///
774 /// In the Claude stream-json format, tool results come as `"type":"user"`
775 /// messages whose content is a list of `tool_result` blocks. We attach
776 /// them to the turn that emitted the matching `tool_use` so the timeline
777 /// stays compact.
778 #[serde(default, skip_serializing_if = "Vec::is_empty")]
779 pub tool_results: Vec<DebugToolResult>,
780
781 /// The model's stop reason for this turn (e.g. `"end_turn"`, `"tool_use"`).
782 pub stop_reason: Option<String>,
783
784 /// Input tokens consumed by this turn, if reported.
785 #[serde(default, skip_serializing_if = "Option::is_none")]
786 pub input_tokens: Option<u64>,
787
788 /// Output tokens generated by this turn, if reported.
789 #[serde(default, skip_serializing_if = "Option::is_none")]
790 pub output_tokens: Option<u64>,
791}
792
793impl fmt::Display for DebugMessage {
794 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
795 if let Some(ref thinking) = self.thinking {
796 writeln!(f, "[thinking] {thinking}")?;
797 } else if self.thinking_redacted {
798 writeln!(f, "[thinking redacted]")?;
799 }
800 if let Some(ref text) = self.text {
801 writeln!(f, "[assistant] {text}")?;
802 }
803 for tc in &self.tool_calls {
804 write!(f, "{tc}")?;
805 }
806 for tr in &self.tool_results {
807 write!(f, "{tr}")?;
808 }
809 Ok(())
810 }
811}
812
813/// A single tool call captured during a verbose invocation.
814///
815/// Records the tool name and its input arguments as a raw JSON value.
816#[derive(Debug, Clone, Serialize, Deserialize)]
817#[non_exhaustive]
818pub struct DebugToolCall {
819 /// Stable identifier assigned by the model (`tool_use_id`).
820 ///
821 /// Used to correlate a call with its subsequent [`DebugToolResult`].
822 #[serde(default, skip_serializing_if = "Option::is_none")]
823 pub id: Option<String>,
824
825 /// Name of the tool invoked (e.g. `"Read"`, `"Bash"`, `"Grep"`).
826 pub name: String,
827
828 /// Input arguments passed to the tool, as raw JSON.
829 pub input: Value,
830}
831
832impl fmt::Display for DebugToolCall {
833 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
834 writeln!(f, " [tool_use] {} -> {}", self.name, self.input)
835 }
836}
837
838/// A tool result returned to the model after a tool call.
839///
840/// Carries the tool output (any JSON value: string, object, array) and
841/// an error flag if the tool failed.
842#[derive(Debug, Clone, Serialize, Deserialize)]
843#[non_exhaustive]
844pub struct DebugToolResult {
845 /// The `tool_use_id` this result answers, matching [`DebugToolCall::id`].
846 #[serde(default, skip_serializing_if = "Option::is_none")]
847 pub tool_use_id: Option<String>,
848
849 /// Raw content returned by the tool.
850 pub content: Value,
851
852 /// Whether the tool reported an error.
853 #[serde(default)]
854 pub is_error: bool,
855}
856
857impl fmt::Display for DebugToolResult {
858 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
859 let kind = if self.is_error {
860 "tool_error"
861 } else {
862 "tool_result"
863 };
864 writeln!(f, " [{kind}] {}", self.content)
865 }
866}
867
868impl AgentOutput {
869 /// Create an `AgentOutput` with the given value and sensible defaults.
870 pub fn new(value: Value) -> Self {
871 Self {
872 value,
873 session_id: None,
874 cost_usd: None,
875 input_tokens: None,
876 output_tokens: None,
877 model: None,
878 duration_ms: 0,
879 debug_messages: None,
880 }
881 }
882}
883
884// ── Log sink ──────────────────────────────────────────────────────
885
886/// Sink for streaming log lines from provider invocations in real time.
887///
888/// Providers that support live log streaming (e.g. K8s ephemeral) call
889/// [`log`](LogSink::log) for each output line as it is produced, enabling
890/// downstream consumers (SSE endpoints, log pushers) to display progress
891/// before the invocation completes.
892///
893/// This trait lives in `ironflow-core` so providers can emit logs without
894/// depending on higher-level crates.
895///
896/// # Examples
897///
898/// ```
899/// use std::sync::{Arc, Mutex};
900/// use ironflow_core::provider::LogSink;
901///
902/// struct VecSink(Mutex<Vec<(String, String)>>);
903///
904/// impl LogSink for VecSink {
905/// fn log(&self, stream: &str, line: &str) {
906/// self.0.lock().unwrap().push((stream.to_string(), line.to_string()));
907/// }
908/// }
909///
910/// let sink = Arc::new(VecSink(Mutex::new(Vec::new())));
911/// sink.log("stdout", "hello world");
912/// assert_eq!(sink.0.lock().unwrap().len(), 1);
913/// ```
914pub trait LogSink: Send + Sync {
915 /// Emit a single log line on the given stream.
916 ///
917 /// `stream` is one of `"stdout"`, `"stderr"`, or `"system"`.
918 /// Implementations should silently drop lines if the receiver is closed.
919 fn log(&self, stream: &str, line: &str);
920}
921
922// ── Provider trait ─────────────────────────────────────────────────
923
924/// Trait for AI agent backends.
925///
926/// Implement this trait to provide a custom AI backend for [`Agent`](crate::operations::agent::Agent).
927/// The only required method is [`invoke`](AgentProvider::invoke), which takes an
928/// [`AgentConfig`] and returns an [`AgentOutput`] (or an [`AgentError`]).
929///
930/// # Examples
931///
932/// ```no_run
933/// use ironflow_core::provider::{AgentConfig, AgentOutput, AgentProvider, InvokeFuture};
934///
935/// struct MyProvider;
936///
937/// impl AgentProvider for MyProvider {
938/// fn invoke<'a>(&'a self, config: &'a AgentConfig) -> InvokeFuture<'a> {
939/// Box::pin(async move {
940/// // Call your custom backend here...
941/// todo!()
942/// })
943/// }
944/// }
945/// ```
946pub trait AgentProvider: Send + Sync {
947 /// Execute a single agent invocation with the given configuration.
948 ///
949 /// # Errors
950 ///
951 /// Returns [`AgentError`] if the underlying backend process fails,
952 /// times out, or produces output that does not match the requested schema.
953 fn invoke<'a>(&'a self, config: &'a AgentConfig) -> InvokeFuture<'a>;
954
955 /// Execute an agent invocation with real-time log streaming.
956 ///
957 /// Providers that support live output streaming should override this
958 /// method to pipe each output line to the [`LogSink`] as it arrives.
959 /// The default implementation ignores the sink and delegates to
960 /// [`invoke`](AgentProvider::invoke).
961 ///
962 /// # Errors
963 ///
964 /// Returns [`AgentError`] if the underlying backend process fails,
965 /// times out, or produces output that does not match the requested schema.
966 fn invoke_with_logs<'a>(
967 &'a self,
968 config: &'a AgentConfig,
969 log_sink: Arc<dyn LogSink>,
970 ) -> InvokeFuture<'a> {
971 let _ = log_sink;
972 self.invoke(config)
973 }
974}
975
976#[cfg(test)]
977mod tests {
978 use super::*;
979 use serde_json::json;
980
981 fn full_config() -> AgentConfig {
982 AgentConfig {
983 system_prompt: Some("you are helpful".to_string()),
984 prompt: "do stuff".to_string(),
985 model: Model::OPUS.to_string(),
986 allowed_tools: vec!["Read".to_string(), "Write".to_string()],
987 disallowed_tools: vec!["Bash".to_string()],
988 max_turns: Some(10),
989 max_budget_usd: Some(2.5),
990 working_dir: Some("/tmp".to_string()),
991 mcp_config: Some("{}".to_string()),
992 strict_mcp_config: true,
993 bare: true,
994 permission_mode: PermissionMode::Auto,
995 json_schema: Some(r#"{"type":"object"}"#.to_string()),
996 resume_session_id: None,
997 verbose: false,
998 pod_labels: BTreeMap::new(),
999 inputs: Vec::new(),
1000 _marker: PhantomData,
1001 }
1002 }
1003
1004 #[test]
1005 fn agent_config_serialize_deserialize_roundtrip() {
1006 let config = full_config();
1007 let json = serde_json::to_string(&config).unwrap();
1008 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1009
1010 assert_eq!(back.system_prompt, Some("you are helpful".to_string()));
1011 assert_eq!(back.prompt, "do stuff");
1012 assert_eq!(back.allowed_tools, vec!["Read", "Write"]);
1013 assert_eq!(back.max_turns, Some(10));
1014 assert_eq!(back.max_budget_usd, Some(2.5));
1015 assert_eq!(back.working_dir, Some("/tmp".to_string()));
1016 assert_eq!(back.mcp_config, Some("{}".to_string()));
1017 assert_eq!(back.json_schema, Some(r#"{"type":"object"}"#.to_string()));
1018 }
1019
1020 #[test]
1021 fn agent_config_with_all_optional_fields_none() {
1022 let config: AgentConfig = AgentConfig {
1023 system_prompt: None,
1024 prompt: "hello".to_string(),
1025 model: Model::HAIKU.to_string(),
1026 allowed_tools: vec![],
1027 disallowed_tools: vec![],
1028 max_turns: None,
1029 max_budget_usd: None,
1030 working_dir: None,
1031 mcp_config: None,
1032 strict_mcp_config: false,
1033 bare: false,
1034 permission_mode: PermissionMode::Default,
1035 json_schema: None,
1036 resume_session_id: None,
1037 verbose: false,
1038 pod_labels: BTreeMap::new(),
1039 inputs: Vec::new(),
1040 _marker: PhantomData,
1041 };
1042 let json = serde_json::to_string(&config).unwrap();
1043 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1044
1045 assert_eq!(back.system_prompt, None);
1046 assert_eq!(back.prompt, "hello");
1047 assert!(back.allowed_tools.is_empty());
1048 assert_eq!(back.max_turns, None);
1049 assert_eq!(back.max_budget_usd, None);
1050 assert_eq!(back.working_dir, None);
1051 assert_eq!(back.mcp_config, None);
1052 assert_eq!(back.json_schema, None);
1053 }
1054
1055 #[test]
1056 fn agent_output_serialize_deserialize_roundtrip() {
1057 let output = AgentOutput {
1058 value: json!({"key": "value"}),
1059 session_id: Some("sess-abc".to_string()),
1060 cost_usd: Some(0.01),
1061 input_tokens: Some(500),
1062 output_tokens: Some(200),
1063 model: Some("claude-sonnet".to_string()),
1064 duration_ms: 3000,
1065 debug_messages: None,
1066 };
1067 let json = serde_json::to_string(&output).unwrap();
1068 let back: AgentOutput = serde_json::from_str(&json).unwrap();
1069
1070 assert_eq!(back.value, json!({"key": "value"}));
1071 assert_eq!(back.session_id, Some("sess-abc".to_string()));
1072 assert_eq!(back.cost_usd, Some(0.01));
1073 assert_eq!(back.input_tokens, Some(500));
1074 assert_eq!(back.output_tokens, Some(200));
1075 assert_eq!(back.model, Some("claude-sonnet".to_string()));
1076 assert_eq!(back.duration_ms, 3000);
1077 }
1078
1079 #[test]
1080 fn agent_config_new_has_correct_defaults() {
1081 let config = AgentConfig::new("test prompt");
1082 assert_eq!(config.prompt, "test prompt");
1083 assert_eq!(config.system_prompt, None);
1084 assert_eq!(config.model, Model::SONNET);
1085 assert!(config.allowed_tools.is_empty());
1086 assert_eq!(config.max_turns, None);
1087 assert_eq!(config.max_budget_usd, None);
1088 assert_eq!(config.working_dir, None);
1089 assert_eq!(config.mcp_config, None);
1090 assert!(matches!(config.permission_mode, PermissionMode::Default));
1091 assert_eq!(config.json_schema, None);
1092 assert_eq!(config.resume_session_id, None);
1093 assert!(!config.verbose);
1094 }
1095
1096 #[test]
1097 fn agent_output_new_has_correct_defaults() {
1098 let output = AgentOutput::new(json!("test"));
1099 assert_eq!(output.value, json!("test"));
1100 assert_eq!(output.session_id, None);
1101 assert_eq!(output.cost_usd, None);
1102 assert_eq!(output.input_tokens, None);
1103 assert_eq!(output.output_tokens, None);
1104 assert_eq!(output.model, None);
1105 assert_eq!(output.duration_ms, 0);
1106 assert!(output.debug_messages.is_none());
1107 }
1108
1109 #[test]
1110 fn agent_config_resume_session_roundtrip() {
1111 let mut config = AgentConfig::new("test");
1112 config.resume_session_id = Some("sess-xyz".to_string());
1113 let json = serde_json::to_string(&config).unwrap();
1114 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1115 assert_eq!(back.resume_session_id, Some("sess-xyz".to_string()));
1116 }
1117
1118 #[test]
1119 fn agent_output_debug_does_not_panic() {
1120 let output = AgentOutput {
1121 value: json!(null),
1122 session_id: None,
1123 cost_usd: None,
1124 input_tokens: None,
1125 output_tokens: None,
1126 model: None,
1127 duration_ms: 0,
1128 debug_messages: None,
1129 };
1130 let debug_str = format!("{:?}", output);
1131 assert!(!debug_str.is_empty());
1132 }
1133
1134 #[test]
1135 fn allow_tool_transitions_to_with_tools() {
1136 let config = AgentConfig::new("test").allow_tool("Read");
1137 assert_eq!(config.allowed_tools, vec!["Read"]);
1138
1139 // Can add more tools
1140 let config = config.allow_tool("Write");
1141 assert_eq!(config.allowed_tools, vec!["Read", "Write"]);
1142 }
1143
1144 #[test]
1145 fn output_schema_raw_transitions_to_with_schema() {
1146 let config = AgentConfig::new("test").output_schema_raw(r#"{"type":"object"}"#);
1147 assert_eq!(config.json_schema.as_deref(), Some(r#"{"type":"object"}"#));
1148 }
1149
1150 #[test]
1151 fn with_tools_converts_to_base_type() {
1152 let typed = AgentConfig::new("test").allow_tool("Read");
1153 let base: AgentConfig = typed.into();
1154 assert_eq!(base.allowed_tools, vec!["Read"]);
1155 }
1156
1157 #[test]
1158 fn with_schema_converts_to_base_type() {
1159 let typed = AgentConfig::new("test").output_schema_raw(r#"{"type":"object"}"#);
1160 let base: AgentConfig = typed.into();
1161 assert_eq!(base.json_schema.as_deref(), Some(r#"{"type":"object"}"#));
1162 }
1163
1164 #[test]
1165 fn serde_roundtrip_ignores_marker() {
1166 let config = AgentConfig::new("test").allow_tool("Read");
1167 let json = serde_json::to_string(&config).unwrap();
1168 assert!(!json.contains("marker"));
1169
1170 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1171 assert_eq!(back.allowed_tools, vec!["Read"]);
1172 }
1173
1174 #[test]
1175 fn bare_defaults_to_false() {
1176 let config = AgentConfig::new("hello");
1177 assert!(!config.bare, "bare must default to false");
1178 }
1179
1180 #[test]
1181 fn bare_builder_sets_flag() {
1182 let config = AgentConfig::new("hello").bare(true);
1183 assert!(config.bare, "bare(true) must enable the flag");
1184
1185 let config = config.bare(false);
1186 assert!(!config.bare, "bare(false) must disable the flag");
1187 }
1188
1189 #[test]
1190 fn bare_serde_default_when_missing() {
1191 let raw = r#"{"prompt":"hello","model":"sonnet"}"#;
1192 let config: AgentConfig = serde_json::from_str(raw).unwrap();
1193 assert!(
1194 !config.bare,
1195 "bare must default to false when absent from serialized payload"
1196 );
1197 }
1198
1199 #[test]
1200 fn bare_serde_roundtrip() {
1201 let mut config = AgentConfig::new("hello");
1202 config.bare = true;
1203 let json = serde_json::to_string(&config).unwrap();
1204 assert!(
1205 json.contains("\"bare\":true"),
1206 "serialized form must contain bare:true, got: {json}"
1207 );
1208
1209 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1210 assert!(back.bare, "bare must survive a serde roundtrip");
1211 }
1212
1213 #[test]
1214 fn disallowed_tools_defaults_to_empty() {
1215 let config = AgentConfig::new("hello");
1216 assert!(
1217 config.disallowed_tools.is_empty(),
1218 "disallowed_tools must default to empty"
1219 );
1220 }
1221
1222 #[test]
1223 fn disallowed_tools_builder_replaces_list() {
1224 let config = AgentConfig::new("hello").disallowed_tools(["Write", "Edit"]);
1225 assert_eq!(config.disallowed_tools, vec!["Write", "Edit"]);
1226
1227 // Subsequent call fully replaces the list.
1228 let config = config.disallowed_tools(["Bash"]);
1229 assert_eq!(config.disallowed_tools, vec!["Bash"]);
1230
1231 // Empty input clears the list.
1232 let config = config.disallowed_tools(std::iter::empty::<String>());
1233 assert!(config.disallowed_tools.is_empty());
1234 }
1235
1236 #[test]
1237 fn disallowed_tools_compatible_with_output() {
1238 #[derive(serde::Deserialize, JsonSchema)]
1239 #[allow(dead_code)]
1240 struct Out {
1241 ok: bool,
1242 }
1243
1244 // Typestate compile check: .disallowed_tools(...) must be callable
1245 // before AND after .output::<T>() because it lives on
1246 // impl<Tools, Schema>, not impl<Tools, NoSchema>.
1247 let before: AgentConfig<NoTools, WithSchema> = AgentConfig::new("classify")
1248 .disallowed_tools(["Write", "Edit"])
1249 .output::<Out>();
1250 assert_eq!(before.disallowed_tools, vec!["Write", "Edit"]);
1251 assert!(before.json_schema.is_some());
1252
1253 let after: AgentConfig<NoTools, WithSchema> = AgentConfig::new("classify")
1254 .output::<Out>()
1255 .disallowed_tools(["Write"]);
1256 assert_eq!(after.disallowed_tools, vec!["Write"]);
1257 assert!(after.json_schema.is_some());
1258 }
1259
1260 #[test]
1261 fn disallowed_tools_serde_default_when_missing() {
1262 let raw = r#"{"prompt":"hello","model":"sonnet"}"#;
1263 let config: AgentConfig = serde_json::from_str(raw).unwrap();
1264 assert!(
1265 config.disallowed_tools.is_empty(),
1266 "disallowed_tools must default to empty when absent from serialized payload"
1267 );
1268 }
1269
1270 #[test]
1271 fn disallowed_tools_serde_roundtrip() {
1272 let config = AgentConfig::new("hello").disallowed_tools(["Write", "Edit"]);
1273 let json = serde_json::to_string(&config).unwrap();
1274 assert!(
1275 json.contains("\"disallowed_tools\":[\"Write\",\"Edit\"]"),
1276 "serialized form must contain the disallowed_tools array, got: {json}"
1277 );
1278
1279 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1280 assert_eq!(back.disallowed_tools, vec!["Write", "Edit"]);
1281 }
1282
1283 #[test]
1284 fn pod_labels_defaults_to_empty() {
1285 let config = AgentConfig::new("test");
1286 assert!(config.pod_labels.is_empty());
1287 }
1288
1289 #[test]
1290 fn pod_label_builder_adds_entry() {
1291 let config = AgentConfig::new("test").pod_label("k", "v");
1292 assert_eq!(config.pod_labels.len(), 1);
1293 assert_eq!(config.pod_labels["k"], "v");
1294 }
1295
1296 #[test]
1297 fn pod_labels_builder_replaces_map() {
1298 let config = AgentConfig::new("test").pod_label("old", "value");
1299 let mut new_map = BTreeMap::new();
1300 new_map.insert("new".to_string(), "value".to_string());
1301 let config = config.pod_labels(new_map);
1302 assert_eq!(config.pod_labels.len(), 1);
1303 assert_eq!(config.pod_labels["new"], "value");
1304 assert!(!config.pod_labels.contains_key("old"));
1305 }
1306
1307 #[test]
1308 fn pod_labels_serde_default_when_missing() {
1309 let raw = r#"{"prompt":"hello","model":"sonnet"}"#;
1310 let config: AgentConfig = serde_json::from_str(raw).unwrap();
1311 assert!(
1312 config.pod_labels.is_empty(),
1313 "pod_labels must default to empty when absent from serialized payload"
1314 );
1315 }
1316
1317 #[test]
1318 fn pod_labels_serde_skip_when_empty() {
1319 let config = AgentConfig::new("hello");
1320 let json = serde_json::to_string(&config).unwrap();
1321 assert!(
1322 !json.contains("pod_labels"),
1323 "empty pod_labels must be skipped during serialization, got: {json}"
1324 );
1325 }
1326
1327 #[test]
1328 fn pod_labels_serde_roundtrip() {
1329 let config = AgentConfig::new("hello")
1330 .pod_label("ironflow.io/network-profile", "grafana-only")
1331 .pod_label("team", "observability");
1332 let json = serde_json::to_string(&config).unwrap();
1333 assert!(
1334 json.contains("pod_labels"),
1335 "non-empty pod_labels must be present in serialized form, got: {json}"
1336 );
1337
1338 let back: AgentConfig = serde_json::from_str(&json).unwrap();
1339 assert_eq!(back.pod_labels.len(), 2);
1340 assert_eq!(
1341 back.pod_labels["ironflow.io/network-profile"],
1342 "grafana-only"
1343 );
1344 assert_eq!(back.pod_labels["team"], "observability");
1345 }
1346
1347 // ── LogSink tests ─────────────────────────────────────────────
1348
1349 use crate::test_support::VecSink;
1350
1351 #[test]
1352 fn log_sink_collects_lines() {
1353 let sink = VecSink::new();
1354 sink.log("stdout", "line 1");
1355 sink.log("stderr", "err!");
1356 sink.log("system", "done");
1357
1358 let lines = sink.0.lock().unwrap();
1359 assert_eq!(lines.len(), 3);
1360 assert_eq!(lines[0], ("stdout".to_string(), "line 1".to_string()));
1361 assert_eq!(lines[1], ("stderr".to_string(), "err!".to_string()));
1362 assert_eq!(lines[2], ("system".to_string(), "done".to_string()));
1363 }
1364
1365 #[test]
1366 fn log_sink_arc_is_clone_and_send() {
1367 let sink: Arc<dyn LogSink> = VecSink::new();
1368 let cloned = sink.clone();
1369 sink.log("stdout", "from original");
1370 cloned.log("stdout", "from clone");
1371 }
1372
1373 // ── invoke_with_logs default impl ─────────────────────────────
1374
1375 struct FixedProvider {
1376 output: AgentOutput,
1377 }
1378
1379 impl AgentProvider for FixedProvider {
1380 fn invoke<'a>(&'a self, _config: &'a AgentConfig) -> InvokeFuture<'a> {
1381 Box::pin(async {
1382 Ok(AgentOutput {
1383 value: self.output.value.clone(),
1384 session_id: self.output.session_id.clone(),
1385 cost_usd: self.output.cost_usd,
1386 input_tokens: self.output.input_tokens,
1387 output_tokens: self.output.output_tokens,
1388 model: self.output.model.clone(),
1389 duration_ms: self.output.duration_ms,
1390 debug_messages: None,
1391 })
1392 })
1393 }
1394 }
1395
1396 #[tokio::test]
1397 async fn invoke_with_logs_default_delegates_to_invoke() {
1398 let provider = FixedProvider {
1399 output: AgentOutput::new(json!("ok")),
1400 };
1401 let config = AgentConfig::new("test");
1402 let sink: Arc<dyn LogSink> = VecSink::new();
1403
1404 let result = provider.invoke_with_logs(&config, sink.clone()).await;
1405 assert!(result.is_ok());
1406 assert_eq!(result.unwrap().value, json!("ok"));
1407 }
1408
1409 #[tokio::test]
1410 async fn invoke_with_logs_default_ignores_sink() {
1411 let provider = FixedProvider {
1412 output: AgentOutput::new(json!("ok")),
1413 };
1414 let config = AgentConfig::new("test");
1415 let sink = VecSink::new();
1416
1417 let _ = provider
1418 .invoke_with_logs(&config, sink.clone() as Arc<dyn LogSink>)
1419 .await;
1420
1421 let lines = sink.0.lock().unwrap();
1422 assert!(lines.is_empty(), "default impl should not emit any logs");
1423 }
1424}