18 Commits

Author	SHA1	Message	Date
Jesús Pérez	e5e2244e04	feat(security): add SSRF protection and prompt injection scanning ... - Add security module (ssrf.rs, prompt_injection.rs) to vapora-backend - Block RFC 1918, link-local, cloud metadata URLs before channel registration - Scan 60+ injection patterns on RLM (load/query/analyze) and task endpoints - Fix channel SSRF: filter-before-register instead of warn-and-proceed - Add sanitize() to load_document (was missing, only analyze_document had it) - Return 400 Bad Request (not 500) for all security rejections - Add 11 integration tests via Surreal::init() — no external deps required - Document in ADR-0038, CHANGELOG, and docs/adrs/README.md	2026-02-26 18:20:07 +00:00
Jesús Pérez	765841b18f	feat(capabilities): add vapora-capabilities crate with in-process executor dispatch ... - New vapora-capabilities crate: CapabilitySpec, Capability trait, CapabilityRegistry (parking_lot RwLock), CapabilityLoader (TOML overrides), 3 built-ins (code-reviewer, doc-generator, pr-monitor), 22 tests - Move AgentDefinition to vapora-shared to break capabilities↔agents circular dep - Wire system_prompt into AgentExecutor via LLMRouter.complete_with_budget - AgentCoordinator: in-process task dispatch via DashMap<String, Sender<TaskAssignment>> - server.rs: bootstrap CapabilityRegistry + LLMRouter from env, spawn executors per capability - Landing page: 620 tests, 21 crates, Capability Packages feature box - docs: capability-packages feature guide, ADR-0037, CHANGELOG, SUMMARY EOF	2026-02-26 16:43:28 +00:00
Jesús Pérez	27a290b369	feat(kg,channels): hybrid search + agent-inactive notifications ... - KG: HNSW + BM25 + RRF(k=60) hybrid search via SurrealDB 3 native indexes - Fix schema bug: kg_executions missing agent_role/provider/cost_cents (silent empty reads) - channels: on_agent_inactive hook (AgentStatus::Inactive → Message::error) - migration 012: adds missing fields + HNSW + BM25 indexes - docs: ADR-0036, update ADR-0035 + notification-channels feature doc	2026-02-26 15:32:44 +00:00
Jesús Pérez	027b8f2836	feat(channels): webhook notification channels with built-in secret resolution ... Add vapora-channels crate with trait-based Slack/Discord/Telegram webhook delivery. ${VAR}/${VAR:-default} interpolation is mandatory inside ChannelRegistry::from_config — callers cannot bypass secret resolution. Fire-and-forget dispatch via tokio::spawn in both vapora-workflow-engine (four lifecycle events) and vapora-backend (task Done, proposal approve/reject). New REST endpoints: GET /channels, POST /channels/:name/test. dispatch_notifications extracted as pub(crate) fn for inline testability; 5 handler tests + 6 workflow engine tests + 7 secret resolution unit tests. Closes: vapora-channels bootstrap, notification gap in workflow/backend layer ADR: docs/adrs/0035-notification-channels.md	2026-02-26 14:49:34 +00:00
Jesús Pérez	bb55c80d2b	feat(workflow-engine): autonomous scheduling with timezone and distributed lock ... Add cron-based autonomous workflow firing with two hardening layers: - Timezone-aware scheduling via chrono-tz: ScheduledWorkflow.timezone (IANA identifier), compute_next_fire_at/after_tz, validate_timezone; DST-safe, UTC fallback when absent; validated at config load and REST API - Distributed fire-lock via SurrealDB conditional UPDATE (locked_by/locked_at fields, 120 s TTL); WorkflowScheduler gains instance_id (UUID) as lock owner; prevents double-fires across multi-instance deployments without extra infra - ScheduleStore: try_acquire_fire_lock, release_fire_lock (own-instance guard), full CRUD (load_one/all, full_upsert, patch, delete, load_runs) - REST: 7 endpoints (GET/PUT/PATCH/DELETE schedules, runs history, manual fire) with timezone field in all request/response types - Migrations 010 (schedule tables) + 011 (timezone + lock columns) - Tests: 48 passing (was 26); ADR-0034; changelog; feature docs updated	2026-02-26 11:34:44 +00:00
Jesús Pérez	b9e2cee9f7	feat(workflow-engine): add saga, persistence, auth, and NATS-integrated orchestrator hardening ... Key changes driving this: new saga.rs, persistence.rs, auth.rs in workflow-engine; SurrealDB migration 009_workflow_state.surql; backend services refactored; frontend dist built; ADR-0033 documenting the hardening decision.	2026-02-22 21:44:42 +00:00
Jesús Pérez	868c6e04fa	chore: docs guides	2026-02-17 23:15:12 +00:00
Jesús Pérez	0b78d97fd7	chore: update adrs	2026-02-17 13:18:12 +00:00
Jesús Pérez	df829421d8	chore: udate docs, add architecture diagrams	2026-02-16 05:12:22 +00:00
Jesús Pérez	b6a4d77421	feat: add Leptos UI library and modularize MCP server	2026-02-14 20:10:55 +00:00
Jesús Pérez	2227e89122	chore: update files to compliant with layout_conventions	2026-01-24 02:22:48 +00:00
Jesús Pérez	7b60982444	chore: remove absolute paths from docs and scripts	2026-01-24 02:15:31 +00:00
Jesús Pérez	cc55b97678	chore: update README and CHANGELOG with workflow orchestrator features	2026-01-24 02:07:45 +00:00
Jesús Pérez	a601c1a093	chore: add ValidationPipeline	2026-01-14 21:12:49 +00:00
Jesús Pérez	7110ffeea2	chore: extend doc: adr, tutorials, operations, etc	2026-01-12 03:32:47 +00:00
Jesús Pérez	4cbbf3f864	chore: add setup md files	2026-01-12 03:17:04 +00:00
Jesús Pérez	d86f051955	fix: End-of-file and trailing-whitespace pre-commit compliance ... Resolve pre-commit hook formatting failures for multiple files: **Files Fixed:** - .woodpecker/Dockerfile — Add missing final newline - .woodpecker/Dockerfile.cross — Add missing final newline - justfiles/ci.just — Remove trailing whitespace from recipe definitions - docs/setup/tracking-setup.md — Add missing final newline - crates/vapora-backend/src/api/provider_metrics.rs — Add missing final newline **Hooks Passing:** ✅ end-of-file-fixer — Files now have proper final newlines ✅ trailing-whitespace — Removed all trailing spaces ✅ mixed-line-ending — Line endings normalized These changes ensure the pre-commit framework can properly validate file formatting without blocking commits on infrastructure issues.	2026-01-11 21:42:00 +00:00
Jesús Pérez	d14150da75	feat: Phase 5.3 - Multi-Agent Learning Infrastructure ... Implement intelligent agent learning from Knowledge Graph execution history with per-task-type expertise tracking, recency bias, and learning curves. ## Phase 5.3 Implementation ### Learning Infrastructure (✅ Complete) - LearningProfileService with per-task-type expertise metrics - TaskTypeExpertise model tracking success_rate, confidence, learning curves - Recency bias weighting: recent 7 days weighted 3x higher (exponential decay) - Confidence scoring prevents overfitting: min(1.0, executions / 20) - Learning curves computed from daily execution windows ### Agent Scoring Service (✅ Complete) - Unified AgentScore combining SwarmCoordinator + learning profiles - Scoring formula: 0.3*base + 0.5*expertise + 0.2*confidence - Rank agents by combined score for intelligent assignment - Support for recency-biased scoring (recent_success_rate) - Methods: rank_agents, select_best, rank_agents_with_recency ### KG Integration (✅ Complete) - KGPersistence::get_executions_for_task_type() - query by agent + task type - KGPersistence::get_agent_executions() - all executions for agent - Coordinator::load_learning_profile_from_kg() - core KG→Learning integration - Coordinator::load_all_learning_profiles() - batch load for multiple agents - Convert PersistedExecution → ExecutionData for learning calculations ### Agent Assignment Integration (✅ Complete) - AgentCoordinator uses learning profiles for task assignment - extract_task_type() infers task type from title/description - assign_task() scores candidates using AgentScoringService - Fallback to load-based selection if no learning data available - Learning profiles stored in coordinator.learning_profiles RwLock ### Profile Adapter Enhancements (✅ Complete) - create_learning_profile() - initialize empty profiles - add_task_type_expertise() - set task-type expertise - update_profile_with_learning() - update swarm profiles from learning ## Files Modified ### vapora-knowledge-graph/src/persistence.rs (+30 lines) - get_executions_for_task_type(agent_id, task_type, limit) - get_agent_executions(agent_id, limit) ### vapora-agents/src/coordinator.rs (+100 lines) - load_learning_profile_from_kg() - core KG integration method - load_all_learning_profiles() - batch loading for agents - assign_task() already uses learning-based scoring via AgentScoringService ### Existing Complete Implementation - vapora-knowledge-graph/src/learning.rs - calculation functions - vapora-agents/src/learning_profile.rs - data structures and expertise - vapora-agents/src/scoring.rs - unified scoring service - vapora-agents/src/profile_adapter.rs - adapter methods ## Tests Passing - learning_profile: 7 tests ✅ - scoring: 5 tests ✅ - profile_adapter: 6 tests ✅ - coordinator: learning-specific tests ✅ ## Data Flow 1. Task arrives → AgentCoordinator::assign_task() 2. Extract task_type from description 3. Query KG for task-type executions (load_learning_profile_from_kg) 4. Calculate expertise with recency bias 5. Score candidates (SwarmCoordinator + learning) 6. Assign to top-scored agent 7. Execution result → KG → Update learning profiles ## Key Design Decisions ✅ Recency bias: 7-day half-life with 3x weight for recent performance ✅ Confidence scoring: min(1.0, total_executions / 20) prevents overfitting ✅ Hierarchical scoring: 30% base load, 50% expertise, 20% confidence ✅ KG query limit: 100 recent executions per task-type for performance ✅ Async loading: load_learning_profile_from_kg supports concurrent loads ## Next: Phase 5.4 - Cost Optimization Ready to implement budget enforcement and cost-aware provider selection.	2026-01-11 13:03:53 +00:00