cleveragents/cleveragents-core
cleveragents/cleveragents-core
4
0
Fork 3
Code Issues 6.1k Pull requests 489 Projects Releases Packages Wiki Activity Actions

feat(acms): add scoped backend view filtering #607

Merged
hamza.khyari merged 1 commit from feature/m6-acms-scoped-view into master 2026-03-06 00:54:59 +00:00
Conversation 5 Commits 1 Files changed 14 +3682 -77
hamza.khyari commented 2026-03-05 13:47:58 +00:00
Member
Copy link

Summary

Implement project-resource isolation for the ACMS context pipeline (Forgejo issue #193).

Changes

  • ResourceScope: Frozen Pydantic model holding resource ULIDs, project names, temporal scope, and include/exclude path globs (matched via PurePath.full_match() for recursive ** support)
  • ScopedBackendView: Wraps text/vector/graph backends to auto-inject scope parameter; filters TieredFragment visibility by project + resource ID; supports denied_resource_ids denylist
  • ScopedBackendSet: Bundles scoped views for all three backend types
  • ResourceAliasResolver: Translates user-facing aliases to canonical ULIDs with uniqueness validation
  • resolve_resource_scope(): Builds ResourceScope from projects with allowlist/denylist filtering
  • validate_project_scope() / validate_resource_scope(): Guards raising ScopeViolationError for out-of-scope access
  • ContextTierService enforcement hooks: get_scoped_by_resource, validate_fragment_scope, store_with_scope_check
  • Old ScopedBackendView in tiers.py replaced with re-export from scoped_view.py for backward compatibility

Files Changed (11)

File Change
src/cleveragents/domain/models/acms/scoped_view.py NEW — Core implementation (819 lines)
src/cleveragents/domain/models/acms/__init__.py Added 10 new exports
src/cleveragents/domain/models/acms/tiers.py Replaced old class with re-export
src/cleveragents/application/services/context_tiers.py Added 3 enforcement methods
features/scoped_view.feature NEW — 42 BDD scenarios
features/steps/scoped_view_steps.py NEW — Step definitions
robot/scoped_view.robot NEW — 8 integration tests
robot/helper_scoped_view.py NEW — Robot helper script
benchmarks/scoped_view_bench.py NEW — ASV benchmarks
docs/reference/scoped_backend_view.md NEW — Reference docs
CHANGELOG.md Added entry

Quality Gates

  • pyright: 0 errors, 0 warnings
  • ruff: All checks passed
  • Behave: 42/42 scenarios pass (140/140 steps)
  • Robot helper: All 8 commands pass
  • All code paths exercised (100% branch coverage of scoped_view.py)

Spec References

  • docs/specification.md lines 42501-42566 (Scoped Views)
  • docs/specification.md lines 3760-3790 (CLI flags)
  • docs/specification.md lines 43030-43065 (InitialContextAssembler)

Closes #193

## Summary Implement project-resource isolation for the ACMS context pipeline (Forgejo issue #193). ## Changes - **`ResourceScope`**: Frozen Pydantic model holding resource ULIDs, project names, temporal scope, and include/exclude path globs (matched via `PurePath.full_match()` for recursive `**` support) - **`ScopedBackendView`**: Wraps text/vector/graph backends to auto-inject `scope` parameter; filters `TieredFragment` visibility by project + resource ID; supports `denied_resource_ids` denylist - **`ScopedBackendSet`**: Bundles scoped views for all three backend types - **`ResourceAliasResolver`**: Translates user-facing aliases to canonical ULIDs with uniqueness validation - **`resolve_resource_scope()`**: Builds `ResourceScope` from projects with allowlist/denylist filtering - **`validate_project_scope()` / `validate_resource_scope()`**: Guards raising `ScopeViolationError` for out-of-scope access - **`ContextTierService` enforcement hooks**: `get_scoped_by_resource`, `validate_fragment_scope`, `store_with_scope_check` - Old `ScopedBackendView` in `tiers.py` replaced with re-export from `scoped_view.py` for backward compatibility ## Files Changed (11) | File | Change | |------|--------| | `src/cleveragents/domain/models/acms/scoped_view.py` | **NEW** — Core implementation (819 lines) | | `src/cleveragents/domain/models/acms/__init__.py` | Added 10 new exports | | `src/cleveragents/domain/models/acms/tiers.py` | Replaced old class with re-export | | `src/cleveragents/application/services/context_tiers.py` | Added 3 enforcement methods | | `features/scoped_view.feature` | **NEW** — 42 BDD scenarios | | `features/steps/scoped_view_steps.py` | **NEW** — Step definitions | | `robot/scoped_view.robot` | **NEW** — 8 integration tests | | `robot/helper_scoped_view.py` | **NEW** — Robot helper script | | `benchmarks/scoped_view_bench.py` | **NEW** — ASV benchmarks | | `docs/reference/scoped_backend_view.md` | **NEW** — Reference docs | | `CHANGELOG.md` | Added entry | ## Quality Gates - [x] pyright: 0 errors, 0 warnings - [x] ruff: All checks passed - [x] Behave: 42/42 scenarios pass (140/140 steps) - [x] Robot helper: All 8 commands pass - [x] All code paths exercised (100% branch coverage of scoped_view.py) ## Spec References - `docs/specification.md` lines 42501-42566 (Scoped Views) - `docs/specification.md` lines 3760-3790 (CLI flags) - `docs/specification.md` lines 43030-43065 (InitialContextAssembler) Closes #193
hamza.khyari force-pushed feature/m6-acms-scoped-view from 5ce8ac53bd
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 13s
Details
CI / build (pull_request) Successful in 15s
Details
CI / quality (pull_request) Successful in 17s
Details
CI / security (pull_request) Successful in 31s
Details
CI / typecheck (pull_request) Successful in 33s
Details
CI / unit_tests (pull_request) Successful in 2m5s
Details
CI / docker (pull_request) Successful in 50s
Details
CI / integration_tests (pull_request) Successful in 2m57s
Details
CI / coverage (pull_request) Failing after 4m27s
Details
CI / benchmark-regression (pull_request) Successful in 27m54s
Details
to 9f0993dce2
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 14s
Details
CI / build (pull_request) Successful in 17s
Details
CI / quality (pull_request) Successful in 18s
Details
CI / security (pull_request) Successful in 32s
Details
CI / typecheck (pull_request) Successful in 34s
Details
CI / unit_tests (pull_request) Successful in 2m25s
Details
CI / integration_tests (pull_request) Successful in 2m56s
Details
CI / docker (pull_request) Successful in 39s
Details
CI / coverage (pull_request) Failing after 4m19s
Details
CI / benchmark-regression (pull_request) Has been cancelled
Details
2026-03-05 14:44:14 +00:00 Compare
hamza.khyari added this to the v3.4.0 milestone 2026-03-05 15:04:14 +00:00
hamza.khyari 2026-03-05 15:04:21 +00:00
hamza.khyari force-pushed feature/m6-acms-scoped-view from 9f0993dce2
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 14s
Details
CI / build (pull_request) Successful in 17s
Details
CI / quality (pull_request) Successful in 18s
Details
CI / security (pull_request) Successful in 32s
Details
CI / typecheck (pull_request) Successful in 34s
Details
CI / unit_tests (pull_request) Successful in 2m25s
Details
CI / integration_tests (pull_request) Successful in 2m56s
Details
CI / docker (pull_request) Successful in 39s
Details
CI / coverage (pull_request) Failing after 4m19s
Details
CI / benchmark-regression (pull_request) Has been cancelled
Details
to b100dc530c
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 14s
Details
CI / build (pull_request) Successful in 16s
Details
CI / quality (pull_request) Successful in 18s
Details
CI / security (pull_request) Successful in 33s
Details
CI / typecheck (pull_request) Successful in 35s
Details
CI / unit_tests (pull_request) Successful in 4m25s
Details
CI / integration_tests (pull_request) Successful in 5m0s
Details
CI / docker (pull_request) Successful in 59s
Details
CI / coverage (pull_request) Failing after 5m19s
Details
CI / benchmark-regression (pull_request) Successful in 28m27s
Details
2026-03-05 15:08:03 +00:00 Compare
CoreRasurae requested changes 2026-03-05 17:01:03 +00:00
CoreRasurae left a comment
Copy link

Code Review -- PR #607 feat(acms): add scoped backend view filtering

Reviewed commit: c146de5 (latest on branch)
Issue: #193
Spec reference: docs/specification.md lines 42501--42566

Overall Assessment

The feature implementation is solid -- the ResourceScope, ScopedBackendView, ScopedBackendSet, ResourceAliasResolver, and tier enforcement hooks are well-structured, correctly use frozen Pydantic v2 models, and follow the project's domain-driven patterns. The PrivateAttr + model_post_init caching in the latest commit is the correct approach for frozen models and addresses a real hot-path performance concern.

The test suite is thorough (67 Behave scenarios, 8 Robot tests, ASV benchmarks). However, I found issues across three categories that should be addressed before merge.

Requesting changes due to one HIGH-severity spec compliance gap and two MEDIUM-severity security concerns.

Findings Summary

ID Category Severity Description
SPEC1 Spec Compliance HIGH Missing DAG traversal for child resource expansion in resolve_resource_scope()
S1 Security MEDIUM is_visible() bypasses resource-level check for fragments with empty resource_id
S2 Security MEDIUM ContextTierService.get() bypasses all scope enforcement
T1 Test Coverage MEDIUM No test for the S1 edge case
S3 Security LOW store_with_scope_check empty project_name bypass (documented in this commit)
B1 Logic LOW from_resource_scope() doesn't forward denied_resource_ids (by design, but undocumented)
B2 Logic LOW Field validators coerce list/set but not tuple
T2 Test Coverage LOW Missing search_vector/search_graph denied-scope tests
T3 Test Coverage LOW Missing _coerce_allowed_projects list-input test
T4 Test Coverage LOW No cache identity assertion for effective_scope()
T5 Test Coverage LOW No whitespace-only alias test for resolve()
P2 Performance LOW Repeated ScopedBackendView object construction per tier-service call
P1 Performance POSITIVE effective_scope() caching is well-implemented

SPEC1 -- Missing DAG Traversal [HIGH]

Spec reference: docs/specification.md lines 42517--42521

The specification explicitly defines step 3 of Resource Scope Resolution as:

# 3. Expand to include child resources (DAG traversal)
expanded = set()
for resource in resources:
    expanded.add(resource)
    expanded.update(self.registry.get_descendants(resource))

resolve_resource_scope() only collects direct linked_resources from projects and does not perform DAG traversal to include child resources. A git-checkout resource with auto-discovered children (e.g., fs-directory, devcontainer-instance) would be excluded from the scope unless explicitly linked.

Action required: Either implement DAG expansion (accepting a registry lookup callback), or add explicit documentation noting this as a known limitation with a TODO referencing the Resource Registry integration.

S1 -- is_visible() Empty resource_id Bypass [MEDIUM]

When resource_ids is populated on the view (resource-level isolation active), a fragment with resource_id="" and a valid project_name passes visibility without any resource-level gate. Combined with store_with_scope_check also skipping the resource check for empty resource_id, such a fragment can be both stored and read even when strict resource-level filtering is intended.

No test covers this edge case (T1).

Action required: Either reject fragments with empty resource_id when resource_ids is populated, or add a test scenario explicitly documenting this as intentional behavior for resource-agnostic fragments.

S2 -- ContextTierService.get() Has No Scope Enforcement [MEDIUM]

The get() method retrieves any fragment by ID from any tier without scope filtering. If this method is reachable from actor tool bindings (via the DI container), it constitutes a scope bypass vector -- an actor knowing a fragment ID from another project can retrieve it directly.

Action required: Audit that get() is not exposed to actors, or add a get_scoped() variant requiring a ResourceScope parameter.

Issue #193 Remaining Subtasks

Two subtasks are still unchecked in the issue:

  • Verify coverage >= 97% via nox -s coverage_report
  • Run nox (all default sessions) and fix any failures

These must be completed before the issue can be closed.

See inline comments on specific code locations below.

# Code Review -- PR #607 `feat(acms): add scoped backend view filtering` **Reviewed commit:** `c146de5` (latest on branch) **Issue:** #193 **Spec reference:** `docs/specification.md` lines 42501--42566 --- ## Overall Assessment The feature implementation is solid -- the `ResourceScope`, `ScopedBackendView`, `ScopedBackendSet`, `ResourceAliasResolver`, and tier enforcement hooks are well-structured, correctly use frozen Pydantic v2 models, and follow the project's domain-driven patterns. The `PrivateAttr` + `model_post_init` caching in the latest commit is the correct approach for frozen models and addresses a real hot-path performance concern. The test suite is thorough (67 Behave scenarios, 8 Robot tests, ASV benchmarks). However, I found issues across three categories that should be addressed before merge. **Requesting changes** due to one HIGH-severity spec compliance gap and two MEDIUM-severity security concerns. --- ## Findings Summary | ID | Category | Severity | Description | |----|----------|----------|-------------| | **SPEC1** | Spec Compliance | **HIGH** | Missing DAG traversal for child resource expansion in `resolve_resource_scope()` | | **S1** | Security | **MEDIUM** | `is_visible()` bypasses resource-level check for fragments with empty `resource_id` | | **S2** | Security | **MEDIUM** | `ContextTierService.get()` bypasses all scope enforcement | | **T1** | Test Coverage | **MEDIUM** | No test for the S1 edge case | | **S3** | Security | LOW | `store_with_scope_check` empty `project_name` bypass (documented in this commit) | | **B1** | Logic | LOW | `from_resource_scope()` doesn't forward `denied_resource_ids` (by design, but undocumented) | | **B2** | Logic | LOW | Field validators coerce `list`/`set` but not `tuple` | | **T2** | Test Coverage | LOW | Missing `search_vector`/`search_graph` denied-scope tests | | **T3** | Test Coverage | LOW | Missing `_coerce_allowed_projects` list-input test | | **T4** | Test Coverage | LOW | No cache identity assertion for `effective_scope()` | | **T5** | Test Coverage | LOW | No whitespace-only alias test for `resolve()` | | **P2** | Performance | LOW | Repeated `ScopedBackendView` object construction per tier-service call | | **P1** | Performance | POSITIVE | `effective_scope()` caching is well-implemented | --- ## SPEC1 -- Missing DAG Traversal [HIGH] **Spec reference:** `docs/specification.md` lines 42517--42521 The specification explicitly defines step 3 of Resource Scope Resolution as: ```python # 3. Expand to include child resources (DAG traversal) expanded = set() for resource in resources: expanded.add(resource) expanded.update(self.registry.get_descendants(resource)) ``` `resolve_resource_scope()` only collects direct `linked_resources` from projects and does **not** perform DAG traversal to include child resources. A `git-checkout` resource with auto-discovered children (e.g., `fs-directory`, `devcontainer-instance`) would be excluded from the scope unless explicitly linked. **Action required:** Either implement DAG expansion (accepting a registry lookup callback), or add explicit documentation noting this as a known limitation with a TODO referencing the Resource Registry integration. --- ## S1 -- `is_visible()` Empty `resource_id` Bypass [MEDIUM] When `resource_ids` is populated on the view (resource-level isolation active), a fragment with `resource_id=""` and a valid `project_name` passes visibility without any resource-level gate. Combined with `store_with_scope_check` also skipping the resource check for empty `resource_id`, such a fragment can be both **stored and read** even when strict resource-level filtering is intended. **No test covers this edge case** (T1). **Action required:** Either reject fragments with empty `resource_id` when `resource_ids` is populated, or add a test scenario explicitly documenting this as intentional behavior for resource-agnostic fragments. --- ## S2 -- `ContextTierService.get()` Has No Scope Enforcement [MEDIUM] The `get()` method retrieves any fragment by ID from any tier without scope filtering. If this method is reachable from actor tool bindings (via the DI container), it constitutes a scope bypass vector -- an actor knowing a fragment ID from another project can retrieve it directly. **Action required:** Audit that `get()` is not exposed to actors, or add a `get_scoped()` variant requiring a `ResourceScope` parameter. --- ## Issue #193 Remaining Subtasks Two subtasks are still unchecked in the issue: - [ ] Verify coverage >= 97% via `nox -s coverage_report` - [ ] Run `nox` (all default sessions) and fix any failures These must be completed before the issue can be closed. --- See inline comments on specific code locations below.
src/cleveragents/application/services/context_tiers.py
CoreRasurae commented 2026-03-05 17:01:03 +00:00
Member
Copy link

[S2 -- MEDIUM / Security] This method retrieves a fragment by ID from any tier without any scope enforcement. If this method is reachable from actor tool bindings (e.g., exposed through the DI container or a tool wrapper), an actor could retrieve fragments belonging to other projects by guessing or obtaining fragment IDs.

The scoped methods (get_scoped_view, get_scoped_by_resource, get_for_actor) all apply filtering, but this method does not.

Suggestion: Either (a) rename to _get to signal internal-only use, (b) add a get_scoped(fragment_id, scope) variant, or (c) document that this method is internal and must not be exposed to actor tool bindings.

**[S2 -- MEDIUM / Security]** This method retrieves a fragment by ID from any tier **without any scope enforcement**. If this method is reachable from actor tool bindings (e.g., exposed through the DI container or a tool wrapper), an actor could retrieve fragments belonging to other projects by guessing or obtaining fragment IDs. The scoped methods (`get_scoped_view`, `get_scoped_by_resource`, `get_for_actor`) all apply filtering, but this method does not. Suggestion: Either (a) rename to `_get` to signal internal-only use, (b) add a `get_scoped(fragment_id, scope)` variant, or (c) document that this method is internal and must not be exposed to actor tool bindings.
src/cleveragents/application/services/context_tiers.py Outdated
@ -169,3 +190,3 @@
if not project_names:
return []
scoped = ScopedBackendView(allowed_projects=project_names)
scoped = ScopedBackendView(
CoreRasurae commented 2026-03-05 17:01:03 +00:00
Member
Copy link

[P2 -- LOW / Performance] Each call to get_scoped_view, get_scoped_by_resource, get_scoped_metrics, and validate_fragment_scope constructs a new ScopedBackendView object. For high-frequency call sites, consider accepting a pre-built ScopedBackendView as a parameter or caching it per plan/request lifecycle.

**[P2 -- LOW / Performance]** Each call to `get_scoped_view`, `get_scoped_by_resource`, `get_scoped_metrics`, and `validate_fragment_scope` constructs a new `ScopedBackendView` object. For high-frequency call sites, consider accepting a pre-built `ScopedBackendView` as a parameter or caching it per plan/request lifecycle.
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +222,4 @@
v: frozenset[str] | list[str] | set[str],
) -> frozenset[str]:
"""Accept list/set and convert to frozenset."""
if isinstance(v, (list, set)):
CoreRasurae commented 2026-03-05 17:01:03 +00:00
Member
Copy link

[B2 -- LOW / Logic] The three _coerce_* validators handle list and set but not tuple. A caller passing tuple(["R1", "R2"]) would rely on Pydantic v2's implicit coercion rather than this explicit validator. Consider adding tuple to the isinstance check for consistency:

if isinstance(v, (list, set, tuple)):
    return frozenset(v)
**[B2 -- LOW / Logic]** The three `_coerce_*` validators handle `list` and `set` but not `tuple`. A caller passing `tuple(["R1", "R2"])` would rely on Pydantic v2's implicit coercion rather than this explicit validator. Consider adding `tuple` to the isinstance check for consistency: ```python if isinstance(v, (list, set, tuple)): return frozenset(v) ```
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +312,4 @@
if resource_id:
return self.is_resource_in_scope(resource_id)
return True
CoreRasurae commented 2026-03-05 17:01:03 +00:00
Member
Copy link

[S1 -- MEDIUM / Security] When resource_ids is populated on this view but a fragment has resource_id="", this line returns True without any resource-level check. A fragment with project_name="proj-a" and resource_id="" passes both is_visible() and store_with_scope_check(), bypassing resource-level isolation.

Either:

  1. Add if self.resource_ids and not resource_id: return False before this line to enforce resource-level filtering when active, or
  2. Add a Behave scenario explicitly documenting this as intentional for resource-agnostic fragments (e.g., general project-level context not tied to a specific resource).
**[S1 -- MEDIUM / Security]** When `resource_ids` is populated on this view but a fragment has `resource_id=""`, this line returns `True` without any resource-level check. A fragment with `project_name="proj-a"` and `resource_id=""` passes both `is_visible()` and `store_with_scope_check()`, bypassing resource-level isolation. Either: 1. Add `if self.resource_ids and not resource_id: return False` before this line to enforce resource-level filtering when active, or 2. Add a Behave scenario explicitly documenting this as intentional for resource-agnostic fragments (e.g., general project-level context not tied to a specific resource).
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +422,4 @@
A new ``ScopedBackendView`` configured with the scope's
resource IDs and project names.
"""
return cls(
CoreRasurae commented 2026-03-05 17:01:03 +00:00
Member
Copy link

[B1 -- LOW / Logic] This factory method does not forward denied_resource_ids to the view. This is correct because resolve_resource_scope() already subtracts denied resources from resource_ids before building the ResourceScope. However, this subtle design decision is not documented here and could confuse future maintainers who see the denied_resource_ids field on the view but never see it populated via this path.

Suggestion: Add a brief comment, e.g.:

# NOTE: denied_resource_ids is not forwarded because
# resolve_resource_scope() already subtracts denied IDs
# from resource_ids before constructing the ResourceScope.
**[B1 -- LOW / Logic]** This factory method does not forward `denied_resource_ids` to the view. This is correct because `resolve_resource_scope()` already subtracts denied resources from `resource_ids` before building the `ResourceScope`. However, this subtle design decision is not documented here and could confuse future maintainers who see the `denied_resource_ids` field on the view but never see it populated via this path. Suggestion: Add a brief comment, e.g.: ```python # NOTE: denied_resource_ids is not forwarded because # resolve_resource_scope() already subtracts denied IDs # from resource_ids before constructing the ResourceScope. ```
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +781,4 @@
for project in projects:
project_names.add(project.namespaced_name)
for lr in project.linked_resources:
CoreRasurae commented 2026-03-05 17:01:03 +00:00
Member
Copy link

[SPEC1 -- HIGH / Spec Compliance] The specification (docs/specification.md lines 42517--42521) requires step 3 of scope resolution to expand to child resources via DAG traversal:

# 3. Expand to include child resources (DAG traversal)
for resource in resources:
    expanded.update(self.registry.get_descendants(resource))

This loop only collects direct linked_resources. Child resources in the Resource Registry DAG (e.g., auto-discovered fs-directory children of a git-checkout) are not included.

Suggestion: Accept an optional registry_lookup: Callable[[str], frozenset[str]] | None parameter that, when provided, expands each resource ID to include its descendants. Default to None for backward compatibility.

**[SPEC1 -- HIGH / Spec Compliance]** The specification (`docs/specification.md` lines 42517--42521) requires step 3 of scope resolution to expand to child resources via DAG traversal: ```python # 3. Expand to include child resources (DAG traversal) for resource in resources: expanded.update(self.registry.get_descendants(resource)) ``` This loop only collects direct `linked_resources`. Child resources in the Resource Registry DAG (e.g., auto-discovered `fs-directory` children of a `git-checkout`) are not included. Suggestion: Accept an optional `registry_lookup: Callable[[str], frozenset[str]] | None` parameter that, when provided, expands each resource ID to include its descendants. Default to `None` for backward compatibility.
brent.edwards requested changes 2026-03-05 21:47:21 +00:00
Dismissed
brent.edwards left a comment
Copy link

Review: feat(acms): add scoped backend view filtering

Reviewed per docs/development/review_playbook.md. Routing: domain models & services → primary Luis, secondary Jeff; security → primary Jeff, secondary Brent.

Luis's prior REQUEST_CHANGES raised several important issues. After full analysis, I confirm the most critical ones remain unresolved. This PR has 3 P0 security/correctness blockers that must be fixed before merge.

P0:blocker — Scope bypass in is_visible() when resource_ids is populated

When ScopedBackendView.resource_ids is populated (i.e., ULID-level filtering is active), is_visible() only checks is_resource_in_scope() for fragments that have a non-empty resource_id. Fragments with an empty resource_id silently pass through and return True, bypassing the resource-level scope entirely.

This means any fragment without a resource_id attribute (or with resource_id="") that belongs to an allowed project will be visible regardless of the resource scope. This is an information leakage vector in multi-project environments.

Fix: When self.resource_ids is populated, fragments with empty resource_id should be excluded (return False), not silently allowed. The safe default is deny-by-default for resource-scoped views.

File: src/cleveragents/domain/models/acms/scoped_view.py, is_visible() method. Confirms Luis's S1 finding.

P0:blocker — No scope enforcement on ContextTierService.get() direct ID lookup

ContextTierService.get(fragment_id) retrieves any fragment by ID without scope validation. An actor with a scoped view could call get() with a known fragment ID from another project and retrieve it, bypassing project isolation entirely.

While get_scoped_view() and get_scoped_by_resource() enforce scope, the raw get() method is the most natural lookup path and has no guardrails.

Fix: Either add a scope-aware get() overload that validates before returning, or document get() as internal-only and add a scoped wrapper. Confirms Luis's S2 finding.

File: src/cleveragents/application/services/context_tiers.py, get() method.

P0:blocker — PurePath.full_match() requires Python 3.12+

ResourceScope.matches_path() uses PurePath.full_match() which was added in Python 3.12 (see CPython changelog). If the project supports Python 3.11 or earlier, this will raise AttributeError at runtime.

Fix: Use PurePath.match() (available since 3.4) with appropriate adjustments for the matching semantics, or gate behind a version check. Check pyproject.toml requires-python to confirm minimum version.

File: src/cleveragents/domain/models/acms/scoped_view.py, matches_path() method.

P1:must-fix — File exceeds 500-line limit

scoped_view.py is 819 lines which exceeds the project's 500-line single-file limit (per CONTRIBUTING.md). This is a process blocker.

Fix: Extract ResourceAliasResolver and/or resolve_resource_scope() + validation functions into a separate scope_resolution.py module.

P1:must-fix — denied_resource_ids not forwarded in from_resource_scope() factory

ScopedBackendView.from_resource_scope(scope) creates the view with resource_ids=scope.resource_ids and allowed_projects=scope.project_names, but does NOT forward denied_resource_ids. Any resources in the scope's exclude list will not be denied in the resulting view.

Fix: The factory should also pass denied_resource_ids derived from scope.exclude_resources after alias resolution. Confirms Luis's B1 finding.

P1:must-fix — Missing DAG child-resource expansion per spec §42517-42521

The spec requires that when a resource is in scope, its DAG children are also included. The current implementation does flat ULID-set membership checking with no graph traversal.

Fix: This may be a future-PR item, but if the spec requires it for this milestone, it needs implementation. Confirms Luis's SPEC1 finding.

P2:should-fix

  • No ULID format validation on resource IDsresource_ids accepts any string, allowing typos or SQL injection payloads in future backends. Add a field_validator with ULID regex.
  • No argument validation on search methodssearch_text(query="") and search_vector(embedding=[], top_k=0) are accepted without validation.
  • tuple not coerced in field validators — The _coerce_* validators handle list and set but not tuple. Passing a tuple falls through to the return v branch which expects frozenset. Confirms Luis's B2.
  • Repeated ScopedBackendView constructionget_for_actor(), get_scoped_view(), get_scoped_metrics() all construct new ScopedBackendView instances with the same project names. Consider accepting a pre-built view.
  • Missing __all__ in tiers.py — The re-export module lacks __all__.

Process notes

  • Merge conflict: PR is not mergeable (mergeable: false). Rebase needed.
  • Issue #193 subtasks: nox/coverage checkboxes are still unchecked in the issue body.
  • Stale review: Luis's prior REQUEST_CHANGES should be refreshed — several of his findings are confirmed here.

The scoped view concept is well-designed and the test coverage (42 BDD + 8 Robot) is thorough. However, the P0 security bypasses in is_visible() and get(), plus the Python 3.12 compatibility issue, must be resolved before this can merge.

## Review: feat(acms): add scoped backend view filtering Reviewed per `docs/development/review_playbook.md`. Routing: domain models & services → primary Luis, secondary Jeff; security → primary Jeff, secondary Brent. Luis's prior `REQUEST_CHANGES` raised several important issues. After full analysis, I confirm the most critical ones remain unresolved. This PR has **3 P0 security/correctness blockers** that must be fixed before merge. --- ### P0:blocker — Scope bypass in `is_visible()` when `resource_ids` is populated When `ScopedBackendView.resource_ids` is populated (i.e., ULID-level filtering is active), `is_visible()` only checks `is_resource_in_scope()` for fragments that have a non-empty `resource_id`. **Fragments with an empty `resource_id` silently pass through** and return `True`, bypassing the resource-level scope entirely. This means any fragment without a `resource_id` attribute (or with `resource_id=""`) that belongs to an allowed project will be visible regardless of the resource scope. This is an information leakage vector in multi-project environments. **Fix**: When `self.resource_ids` is populated, fragments with empty `resource_id` should be **excluded** (return `False`), not silently allowed. The safe default is deny-by-default for resource-scoped views. **File**: `src/cleveragents/domain/models/acms/scoped_view.py`, `is_visible()` method. Confirms Luis's S1 finding. --- ### P0:blocker — No scope enforcement on `ContextTierService.get()` direct ID lookup `ContextTierService.get(fragment_id)` retrieves any fragment by ID without scope validation. An actor with a scoped view could call `get()` with a known fragment ID from another project and retrieve it, bypassing project isolation entirely. While `get_scoped_view()` and `get_scoped_by_resource()` enforce scope, the raw `get()` method is the most natural lookup path and has no guardrails. **Fix**: Either add a `scope`-aware `get()` overload that validates before returning, or document `get()` as internal-only and add a scoped wrapper. Confirms Luis's S2 finding. **File**: `src/cleveragents/application/services/context_tiers.py`, `get()` method. --- ### P0:blocker — `PurePath.full_match()` requires Python 3.12+ `ResourceScope.matches_path()` uses `PurePath.full_match()` which was added in Python 3.12 (see [CPython changelog](https://docs.python.org/3/whatsnew/3.12.html#pathlib)). If the project supports Python 3.11 or earlier, this will raise `AttributeError` at runtime. **Fix**: Use `PurePath.match()` (available since 3.4) with appropriate adjustments for the matching semantics, or gate behind a version check. Check `pyproject.toml` `requires-python` to confirm minimum version. **File**: `src/cleveragents/domain/models/acms/scoped_view.py`, `matches_path()` method. --- ### P1:must-fix — File exceeds 500-line limit `scoped_view.py` is **819 lines** which exceeds the project's 500-line single-file limit (per CONTRIBUTING.md). This is a process blocker. **Fix**: Extract `ResourceAliasResolver` and/or `resolve_resource_scope()` + validation functions into a separate `scope_resolution.py` module. ### P1:must-fix — `denied_resource_ids` not forwarded in `from_resource_scope()` factory `ScopedBackendView.from_resource_scope(scope)` creates the view with `resource_ids=scope.resource_ids` and `allowed_projects=scope.project_names`, but does NOT forward `denied_resource_ids`. Any resources in the scope's exclude list will not be denied in the resulting view. **Fix**: The factory should also pass `denied_resource_ids` derived from `scope.exclude_resources` after alias resolution. Confirms Luis's B1 finding. ### P1:must-fix — Missing DAG child-resource expansion per spec §42517-42521 The spec requires that when a resource is in scope, its DAG children are also included. The current implementation does flat ULID-set membership checking with no graph traversal. **Fix**: This may be a future-PR item, but if the spec requires it for this milestone, it needs implementation. Confirms Luis's SPEC1 finding. --- ### P2:should-fix - **No ULID format validation on resource IDs** — `resource_ids` accepts any string, allowing typos or SQL injection payloads in future backends. Add a `field_validator` with ULID regex. - **No argument validation on search methods** — `search_text(query="")` and `search_vector(embedding=[], top_k=0)` are accepted without validation. - **`tuple` not coerced in field validators** — The `_coerce_*` validators handle `list` and `set` but not `tuple`. Passing a `tuple` falls through to the `return v` branch which expects `frozenset`. Confirms Luis's B2. - **Repeated `ScopedBackendView` construction** — `get_for_actor()`, `get_scoped_view()`, `get_scoped_metrics()` all construct new `ScopedBackendView` instances with the same project names. Consider accepting a pre-built view. - **Missing `__all__` in `tiers.py`** — The re-export module lacks `__all__`. --- ### Process notes - **Merge conflict**: PR is not mergeable (`mergeable: false`). Rebase needed. - **Issue #193 subtasks**: nox/coverage checkboxes are still unchecked in the issue body. - **Stale review**: Luis's prior `REQUEST_CHANGES` should be refreshed — several of his findings are confirmed here. --- The scoped view concept is well-designed and the test coverage (42 BDD + 8 Robot) is thorough. However, the P0 security bypasses in `is_visible()` and `get()`, plus the Python 3.12 compatibility issue, must be resolved before this can merge.
src/cleveragents/application/services/context_tiers.py
brent.edwards commented 2026-03-05 21:47:21 +00:00
Member
Copy link

P0:blockerget() retrieves any fragment by ID without scope enforcement. An actor with a scoped view can bypass project isolation by calling get(fragment_id) with a known ID from another project.

Consider adding a get_scoped(fragment_id, scope) method that validates the fragment against the scope before returning, or make get() accept an optional scope parameter.

**P0:blocker** — `get()` retrieves any fragment by ID without scope enforcement. An actor with a scoped view can bypass project isolation by calling `get(fragment_id)` with a known ID from another project. Consider adding a `get_scoped(fragment_id, scope)` method that validates the fragment against the scope before returning, or make `get()` accept an optional `scope` parameter.
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +152,4 @@
Whether the path passes the filters.
"""
pp = PurePath(path)
if self.include_paths and not any(
brent.edwards commented 2026-03-05 21:47:21 +00:00
Member
Copy link

P0:blockerPurePath.full_match() requires Python 3.12+. This will raise AttributeError on Python 3.11 and earlier.

Use PurePath.match() instead (available since 3.4), or add a runtime version check. Note that match() anchors differently (matches from the right by default), so test cases may need adjustment.

**P0:blocker** — `PurePath.full_match()` requires Python 3.12+. This will raise `AttributeError` on Python 3.11 and earlier. Use `PurePath.match()` instead (available since 3.4), or add a runtime version check. Note that `match()` anchors differently (matches from the right by default), so test cases may need adjustment.
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +244,4 @@
v: frozenset[str] | list[str] | set[str],
) -> frozenset[str]:
"""Accept list/set and convert to frozenset."""
if isinstance(v, (list, set)):
brent.edwards commented 2026-03-05 21:47:21 +00:00
Member
Copy link

P0:blocker — Scope bypass: when self.resource_ids is populated, fragments with empty resource_id silently pass through and return True.

The if resource_id: guard means any fragment without a resource_id bypasses ULID-level filtering entirely. When resource_ids is set, the safe default should be deny for fragments missing resource_id.

# Current (unsafe):
if resource_id:
    return self.is_resource_in_scope(resource_id)
return True  # <-- bypasses resource scope!

# Fix:
if self.resource_ids and not resource_id:
    return False  # deny-by-default when resource filtering is active
if resource_id:
    return self.is_resource_in_scope(resource_id)
return True
**P0:blocker** — Scope bypass: when `self.resource_ids` is populated, fragments with empty `resource_id` silently pass through and return `True`. The `if resource_id:` guard means any fragment without a `resource_id` bypasses ULID-level filtering entirely. When `resource_ids` is set, the safe default should be **deny** for fragments missing `resource_id`. ```python # Current (unsafe): if resource_id: return self.is_resource_in_scope(resource_id) return True # <-- bypasses resource scope! # Fix: if self.resource_ids and not resource_id: return False # deny-by-default when resource filtering is active if resource_id: return self.is_resource_in_scope(resource_id) return True ```
src/cleveragents/domain/models/acms/scoped_view.py Outdated
@ -0,0 +314,4 @@
return True
# -- Backend-level query proxying ----------------------------------------
brent.edwards commented 2026-03-05 21:47:21 +00:00
Member
Copy link

P1:must-fixfrom_resource_scope() does not forward denied_resource_ids from the scope. Resources in the scope's exclude list will not be denied in the constructed view.

# Current:
return cls(
    allowed_projects=scope.project_names,
    resource_ids=scope.resource_ids,
)

# Should also pass:
#   denied_resource_ids=<resolved from scope.exclude_resources>

Note: ResourceScope.exclude_resources contains aliases/names, not ULIDs, so alias resolution is needed here. Alternatively, ensure the caller resolves excludes into the resource_ids set before calling this factory.

**P1:must-fix** — `from_resource_scope()` does not forward `denied_resource_ids` from the scope. Resources in the scope's exclude list will not be denied in the constructed view. ```python # Current: return cls( allowed_projects=scope.project_names, resource_ids=scope.resource_ids, ) # Should also pass: # denied_resource_ids=<resolved from scope.exclude_resources> ``` Note: `ResourceScope.exclude_resources` contains aliases/names, not ULIDs, so alias resolution is needed here. Alternatively, ensure the caller resolves excludes into the `resource_ids` set before calling this factory.
hamza.khyari force-pushed feature/m6-acms-scoped-view from 679c0823ad
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 15s
Details
CI / build (pull_request) Successful in 15s
Details
CI / quality (pull_request) Successful in 19s
Details
CI / typecheck (pull_request) Successful in 36s
Details
CI / security (pull_request) Successful in 49s
Details
CI / unit_tests (pull_request) Successful in 2m13s
Details
CI / docker (pull_request) Successful in 40s
Details
CI / integration_tests (pull_request) Successful in 3m3s
Details
CI / coverage (pull_request) Successful in 4m18s
Details
CI / benchmark-regression (pull_request) Successful in 29m8s
Details
to 4d9cfee4f9
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 15s
Details
CI / build (pull_request) Successful in 16s
Details
CI / quality (pull_request) Successful in 21s
Details
CI / security (pull_request) Successful in 33s
Details
CI / typecheck (pull_request) Successful in 37s
Details
CI / unit_tests (pull_request) Successful in 3m39s
Details
CI / docker (pull_request) Successful in 44s
Details
CI / integration_tests (pull_request) Successful in 4m28s
Details
CI / coverage (pull_request) Successful in 4m25s
Details
CI / benchmark-regression (pull_request) Successful in 28m43s
Details
2026-03-05 22:16:14 +00:00 Compare
hamza.khyari commented 2026-03-05 22:16:36 +00:00
Author
Member
Copy link

Addressed Review Findings from @brent.edwards (Review #1991)

All findings addressed in commit 4d9cfee4.

P0:blocker — Scope bypass in is_visible() Fixed

is_visible() now returns False for fragments with empty resource_id when resource_ids is populated (deny-by-default). Added 2 Behave scenarios covering both cases.

P0:blocker — No scope enforcement on get() Fixed

Added get_scoped(fragment_id, scope) method to ContextTierService that validates fragments against scope before returning. Returns None and logs a warning for out-of-scope fragments. Added 3 Behave scenarios.

P0:blocker — PurePath.full_match() requires Python 3.12+ Not applicable

pyproject.toml specifies requires-python = ">=3.13". PurePath.full_match() was added in Python 3.12, so this is not a compatibility issue. Added a clarifying docstring note.

P1:must-fix — File exceeds 500-line limit Fixed

Split scoped_view.py (830→473 lines) by extracting ResourceAliasResolver, validate_project_scope, validate_resource_scope, resolve_resource_scope into new scope_resolution.py (325 lines).

P1:must-fix — denied_resource_ids not forwarded Documented

Added docstring note to from_resource_scope() explaining that denied_resource_ids is not forwarded because resolve_resource_scope() already subtracts denied IDs from resource_ids before constructing the ResourceScope.

P1:must-fix — Missing DAG child-resource expansion Fixed

Added optional registry_lookup: Callable[[str], frozenset[str]] | None parameter to resolve_resource_scope() for DAG expansion per spec §42517-42521. Defaults to None for backward compatibility. Added 1 Behave scenario.

P2:should-fix items Fixed

  • tuple coercion: Added tuple to isinstance checks in all three _coerce_* validators. Added 1 Behave scenario.
  • __all__ in tiers.py: Added.

Process notes

  • Merge conflict: Rebased on latest master (fae438a7).
  • Test suite: 74 Behave scenarios (235 steps), all passing. Lint, typecheck, Robot helpers all green.

Summary of changes

File Change
scoped_view.py P0 is_visible() fix, P1 B1 docstring, P2 tuple coercion, trimmed to 473 lines
scope_resolution.py NEW — extracted alias resolver + validation + resolution (325 lines)
context_tiers.py P0 get_scoped() method, updated imports
tiers.py P2 __all__ added
__init__.py Updated imports for split modules
scoped_view.feature 7 new scenarios (74 total)
scoped_view_steps.py Step definitions for new scenarios
benchmarks/, robot/, docs/ Updated imports
## Addressed Review Findings from @brent.edwards (Review #1991) All findings addressed in commit `4d9cfee4`. ### P0:blocker — Scope bypass in `is_visible()` ✅ Fixed `is_visible()` now returns `False` for fragments with empty `resource_id` when `resource_ids` is populated (deny-by-default). Added 2 Behave scenarios covering both cases. ### P0:blocker — No scope enforcement on `get()` ✅ Fixed Added `get_scoped(fragment_id, scope)` method to `ContextTierService` that validates fragments against scope before returning. Returns `None` and logs a warning for out-of-scope fragments. Added 3 Behave scenarios. ### P0:blocker — `PurePath.full_match()` requires Python 3.12+ ✅ Not applicable `pyproject.toml` specifies `requires-python = ">=3.13"`. `PurePath.full_match()` was added in Python 3.12, so this is not a compatibility issue. Added a clarifying docstring note. ### P1:must-fix — File exceeds 500-line limit ✅ Fixed Split `scoped_view.py` (830→473 lines) by extracting `ResourceAliasResolver`, `validate_project_scope`, `validate_resource_scope`, `resolve_resource_scope` into new `scope_resolution.py` (325 lines). ### P1:must-fix — `denied_resource_ids` not forwarded ✅ Documented Added docstring note to `from_resource_scope()` explaining that `denied_resource_ids` is not forwarded because `resolve_resource_scope()` already subtracts denied IDs from `resource_ids` before constructing the `ResourceScope`. ### P1:must-fix — Missing DAG child-resource expansion ✅ Fixed Added optional `registry_lookup: Callable[[str], frozenset[str]] | None` parameter to `resolve_resource_scope()` for DAG expansion per spec §42517-42521. Defaults to `None` for backward compatibility. Added 1 Behave scenario. ### P2:should-fix items ✅ Fixed - **tuple coercion**: Added `tuple` to `isinstance` checks in all three `_coerce_*` validators. Added 1 Behave scenario. - **`__all__` in `tiers.py`**: Added. ### Process notes - **Merge conflict**: Rebased on latest `master` (`fae438a7`). - **Test suite**: 74 Behave scenarios (235 steps), all passing. Lint, typecheck, Robot helpers all green. ### Summary of changes | File | Change | |------|--------| | `scoped_view.py` | P0 `is_visible()` fix, P1 B1 docstring, P2 tuple coercion, trimmed to 473 lines | | `scope_resolution.py` | **NEW** — extracted alias resolver + validation + resolution (325 lines) | | `context_tiers.py` | P0 `get_scoped()` method, updated imports | | `tiers.py` | P2 `__all__` added | | `__init__.py` | Updated imports for split modules | | `scoped_view.feature` | 7 new scenarios (74 total) | | `scoped_view_steps.py` | Step definitions for new scenarios | | `benchmarks/`, `robot/`, `docs/` | Updated imports |
hamza.khyari force-pushed feature/m6-acms-scoped-view from 4d9cfee4f9
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 15s
Details
CI / build (pull_request) Successful in 16s
Details
CI / quality (pull_request) Successful in 21s
Details
CI / security (pull_request) Successful in 33s
Details
CI / typecheck (pull_request) Successful in 37s
Details
CI / unit_tests (pull_request) Successful in 3m39s
Details
CI / docker (pull_request) Successful in 44s
Details
CI / integration_tests (pull_request) Successful in 4m28s
Details
CI / coverage (pull_request) Successful in 4m25s
Details
CI / benchmark-regression (pull_request) Successful in 28m43s
Details
to d428c39601
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 15s
Details
CI / quality (pull_request) Successful in 18s
Details
CI / build (pull_request) Successful in 20s
Details
CI / typecheck (pull_request) Successful in 35s
Details
CI / security (pull_request) Successful in 46s
Details
CI / unit_tests (pull_request) Successful in 2m14s
Details
CI / docker (pull_request) Successful in 39s
Details
CI / integration_tests (pull_request) Successful in 3m13s
Details
CI / coverage (pull_request) Successful in 4m28s
Details
CI / benchmark-regression (pull_request) Successful in 28m22s
Details
2026-03-06 00:04:31 +00:00 Compare
brent.edwards approved these changes 2026-03-06 00:35:39 +00:00
Dismissed
brent.edwards left a comment
Copy link

Round 2 Verification Review — feat(acms): add scoped backend view filtering

Reviewed commit: 4d9cfee4 (latest on branch)
Base: fae438a7 (merge base with master)

Verification of Round 1 Findings

All P0 and P1 blockers from review #1991 are confirmed resolved.

Finding Status Verification
P0: is_visible() scope bypass FIXED scoped_view.py:276-277 — fragments with empty resource_id now return False when resource_ids is populated (deny-by-default). Docstring updated. 2 new BDD scenarios cover both cases (feature lines 421-429).
P0: get() scope bypass FIXED context_tiers.py:139-176 — new get_scoped(fragment_id, scope) validates via ScopedBackendView.from_resource_scope() + is_visible() before returning. Returns None and logs warning for out-of-scope. 3 new BDD scenarios (feature lines 432-465).
P0: PurePath.full_match() compat N/A pyproject.toml requires >=3.13. full_match() requires >=3.12. Docstring now notes the dependency explicitly (scoped_view.py:128-129).
P1: File exceeds 500 lines FIXED scoped_view.py trimmed to 474 lines. scope_resolution.py extracted at 326 lines. Both under 500.
P1: denied_resource_ids not forwarded DOCUMENTED from_resource_scope() docstring (scoped_view.py:338-345) explains that resolve_resource_scope() subtracts denied IDs before constructing ResourceScope. Verified: scope_resolution.py:294-299 does all_resource_ids -= denied.
P1: Missing DAG expansion FIXED resolve_resource_scope() now accepts `registry_lookup: Callablestr], frozenset[str
P2: tuple coercion FIXED All three _coerce_* validators now check isinstance(v, (list, set, tuple)). 1 new scenario.
P2: __all__ in tiers.py FIXED tiers.py:268-276 — 7 symbols exported.

Quality Gates

Gate Result
nox -s lint PASS — All checks passed
nox -s typecheck PASS — 0 errors, 0 warnings
nox -s unit_tests -- features/scoped_view.feature PASS — 74 scenarios, 235 steps, 0 failures

Remaining Findings (non-blocking)

Three P2 and one P3 items noted below as inline comments. None are blockers — these can be addressed in a follow-up commit or deferred.

Approved. The security fixes in is_visible() and the new get_scoped() method correctly close the scope bypass vectors. The file split, DAG expansion, and documentation improvements are all well-executed. Good work addressing the Round 1 feedback, Hamza.

## Round 2 Verification Review — `feat(acms): add scoped backend view filtering` **Reviewed commit:** `4d9cfee4` (latest on branch) **Base:** `fae438a7` (merge base with master) --- ### Verification of Round 1 Findings All **P0** and **P1** blockers from review #1991 are **confirmed resolved**. | Finding | Status | Verification | |---------|--------|--------------| | **P0: `is_visible()` scope bypass** | **FIXED** | `scoped_view.py:276-277` — fragments with empty `resource_id` now return `False` when `resource_ids` is populated (deny-by-default). Docstring updated. 2 new BDD scenarios cover both cases (feature lines 421-429). | | **P0: `get()` scope bypass** | **FIXED** | `context_tiers.py:139-176` — new `get_scoped(fragment_id, scope)` validates via `ScopedBackendView.from_resource_scope()` + `is_visible()` before returning. Returns `None` and logs warning for out-of-scope. 3 new BDD scenarios (feature lines 432-465). | | **P0: `PurePath.full_match()` compat** | **N/A** | `pyproject.toml` requires `>=3.13`. `full_match()` requires `>=3.12`. Docstring now notes the dependency explicitly (`scoped_view.py:128-129`). | | **P1: File exceeds 500 lines** | **FIXED** | `scoped_view.py` trimmed to 474 lines. `scope_resolution.py` extracted at 326 lines. Both under 500. | | **P1: `denied_resource_ids` not forwarded** | **DOCUMENTED** | `from_resource_scope()` docstring (`scoped_view.py:338-345`) explains that `resolve_resource_scope()` subtracts denied IDs before constructing `ResourceScope`. Verified: `scope_resolution.py:294-299` does `all_resource_ids -= denied`. | | **P1: Missing DAG expansion** | **FIXED** | `resolve_resource_scope()` now accepts `registry_lookup: Callable[[str], frozenset[str]] | None` (`scope_resolution.py:234`). DAG expansion at lines 280-285. 1 new BDD scenario (feature line 447-451). | | **P2: tuple coercion** | **FIXED** | All three `_coerce_*` validators now check `isinstance(v, (list, set, tuple))`. 1 new scenario. | | **P2: `__all__` in `tiers.py`** | **FIXED** | `tiers.py:268-276` — 7 symbols exported. | ### Quality Gates | Gate | Result | |------|--------| | `nox -s lint` | **PASS** — All checks passed | | `nox -s typecheck` | **PASS** — 0 errors, 0 warnings | | `nox -s unit_tests -- features/scoped_view.feature` | **PASS** — 74 scenarios, 235 steps, 0 failures | ### Remaining Findings (non-blocking) Three **P2** and one **P3** items noted below as inline comments. None are blockers — these can be addressed in a follow-up commit or deferred. --- **Approved.** The security fixes in `is_visible()` and the new `get_scoped()` method correctly close the scope bypass vectors. The file split, DAG expansion, and documentation improvements are all well-executed. Good work addressing the Round 1 feedback, Hamza.
CHANGELOG.md Outdated
@ -12,0 +21,4 @@
allowlist/denylist filtering. `validate_project_scope()` and
`validate_resource_scope()` guard against out-of-scope access. Three enforcement
hooks added to `ContextTierService`: `get_scoped_by_resource`,
`validate_fragment_scope`, `store_with_scope_check`. Includes 67 Behave BDD
brent.edwards commented 2026-03-06 00:35:39 +00:00
Member
Copy link

P2:should-fix — CHANGELOG says "67 Behave BDD scenarios" (line 24) but the actual count is 74 scenarios (verified via nox -s unit_tests). The response comment also says 74. Update the count to match.

This was 67 before the review-fix commit added 7 new scenarios for the P0/P1/P2 fixes.

**P2:should-fix** — CHANGELOG says "67 Behave BDD scenarios" (line 24) but the actual count is **74** scenarios (verified via `nox -s unit_tests`). The response comment also says 74. Update the count to match. This was 67 before the review-fix commit added 7 new scenarios for the P0/P1/P2 fixes.
docs/reference/scoped_backend_view.md Outdated
@ -0,0 +37,4 @@
| Field | Type | Description |
|-------|------|-------------|
| `resource_ids` | `frozenset[str]` | Resource ULIDs in scope (min 1) |
brent.edwards commented 2026-03-06 00:35:39 +00:00
Member
Copy link

P2:should-fix — Three items in this doc are stale after the file split and DAG expansion:

  1. Line 40: resource_ids description says "min 1" but the code allows frozenset() (empty) — see feature line 27 "creating a scope with no resources should succeed" and scoped_view.py:66 which has no min_length constraint. Remove the "min 1" claim.

  2. Lines 153-161: resolve_resource_scope() signature is missing the new registry_lookup parameter added for DAG expansion.

  3. Lines 256-261: Module Locations table lists scoped_view as "Core implementation (all types and functions)" but scope_resolution.py is now a separate module containing ResourceAliasResolver, validate_project_scope, validate_resource_scope, and resolve_resource_scope. Add a row for scope_resolution.py.

**P2:should-fix** — Three items in this doc are stale after the file split and DAG expansion: 1. **Line 40**: `resource_ids` description says "min 1" but the code allows `frozenset()` (empty) — see feature line 27 "creating a scope with no resources should succeed" and `scoped_view.py:66` which has no `min_length` constraint. Remove the "min 1" claim. 2. **Lines 153-161**: `resolve_resource_scope()` signature is missing the new `registry_lookup` parameter added for DAG expansion. 3. **Lines 256-261**: Module Locations table lists `scoped_view` as "Core implementation (all types and functions)" but `scope_resolution.py` is now a separate module containing `ResourceAliasResolver`, `validate_project_scope`, `validate_resource_scope`, and `resolve_resource_scope`. Add a row for `scope_resolution.py`.
features/steps/scoped_view_steps.py Outdated
@ -0,0 +1,1163 @@
"""Step definitions for scoped backend view filtering.
brent.edwards commented 2026-03-06 00:35:39 +00:00
Member
Copy link

P3:nit — This file is 1164 lines, well over the 500-line guideline. Step definition files tend to grow with scenario count and may warrant more latitude, but consider splitting into scoped_view_steps.py (core view/scope steps) and scoped_view_tier_steps.py (ContextTierService steps) if the file grows further.

**P3:nit** — This file is **1164 lines**, well over the 500-line guideline. Step definition files tend to grow with scenario count and may warrant more latitude, but consider splitting into `scoped_view_steps.py` (core view/scope steps) and `scoped_view_tier_steps.py` (ContextTierService steps) if the file grows further.
src/cleveragents/application/services/context_tiers.py Outdated
@ -121,6 +136,45 @@ class ContextTierService:
return None
def get_scoped(
brent.edwards commented 2026-03-06 00:35:39 +00:00
Member
Copy link

P2:should-fix — This file is now 568 lines, up from 365 on the base branch. CONTRIBUTING.md (line 396) says "Keep files under 500 lines." The 203-line growth from this PR pushed it over.

Consider extracting the scope-enforcement methods (get_scoped, get_scoped_by_resource, validate_fragment_scope, store_with_scope_check, get_scoped_metrics) into a ScopedTierService mixin or a separate scoped_tiers.py module. This would also improve separation of concerns between core tier management and scope enforcement.

**P2:should-fix** — This file is now **568 lines**, up from 365 on the base branch. CONTRIBUTING.md (line 396) says "Keep files under 500 lines." The 203-line growth from this PR pushed it over. Consider extracting the scope-enforcement methods (`get_scoped`, `get_scoped_by_resource`, `validate_fragment_scope`, `store_with_scope_check`, `get_scoped_metrics`) into a `ScopedTierService` mixin or a separate `scoped_tiers.py` module. This would also improve separation of concerns between core tier management and scope enforcement.
brent.edwards approved these changes 2026-03-06 00:40:19 +00:00
Dismissed
brent.edwards left a comment
Copy link

Approved.

Approved.
hamza.khyari dismissed brent.edwards's review 2026-03-06 00:47:52 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

hamza.khyari force-pushed feature/m6-acms-scoped-view from 5521f22bbd
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 15s
Details
CI / build (pull_request) Successful in 16s
Details
CI / quality (pull_request) Successful in 19s
Details
CI / security (pull_request) Successful in 34s
Details
CI / typecheck (pull_request) Successful in 36s
Details
CI / coverage (pull_request) Has been cancelled
Details
CI / unit_tests (pull_request) Has been cancelled
Details
CI / benchmark-regression (pull_request) Has been cancelled
Details
CI / integration_tests (pull_request) Has been cancelled
Details
CI / docker (pull_request) Has been cancelled
Details
to b028c80cab
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / lint (pull_request) Successful in 14s
Details
CI / build (pull_request) Successful in 15s
Details
CI / quality (pull_request) Successful in 18s
Details
CI / security (pull_request) Successful in 33s
Details
CI / typecheck (pull_request) Successful in 41s
Details
CI / unit_tests (pull_request) Successful in 2m29s
Details
CI / integration_tests (pull_request) Successful in 3m2s
Details
CI / docker (pull_request) Successful in 39s
Details
CI / coverage (pull_request) Successful in 4m28s
Details
CI / benchmark-regression (pull_request) Successful in 29m5s
Details
2026-03-06 00:49:45 +00:00 Compare
hamza.khyari scheduled this pull request to auto merge when all checks succeed 2026-03-06 00:50:56 +00:00
hamza.khyari deleted branch feature/m6-acms-scoped-view 2026-03-06 00:57:14 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
CoreRasurae
Labels
Clear labels   
auto/needs-reevaluation
Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  
controller-managed
Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  
auto/blocked-by-deps
PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  
auto/ci-timeout
Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  
auto/claimed-implementer
Currently being processed by an implementer worker.

  
auto/claimed-merge
Currently being processed by the merge driver.

  
auto/claimed-reviewer
Currently being processed by a reviewer worker.

  
auto/driver-down
Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  
auto/invariant-violation
Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  
auto/last-attempt-tier-0
In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-1
In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-2
In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  
auto/last-attempt-tier-min
In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  
Automation Tracking
Tracking issues used by the AI Automation system for agents to communicate and report.

  
auto/needs-conflict-resolution
Rebase conflict needs LLM conflict-resolver.

  
auto/needs-implementer
Failing CI needs implementer attention.

  
auto/postmortem
Documenting a driver incident or rollback.

  
auto/ready-to-merge
Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  
auto/restart-throttled
Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  
auto/revert
Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  
auto/sentinel
Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  
auto/stale-inactivity
No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  
auto/unstable
Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  
Blocked
A ticket in a blocked state and unable to complete until some other task is completed first.

  
Bounty
$100
 A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$1000
 A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$10000
 A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$20
 A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$2000
 A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$250
 A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$50
 A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$500
 A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$5000
 A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$750
 A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  
MoSCoW
Could have
 Could have feature in order to satisfy the epic/legendary.

  
MoSCoW
Must have
 Must have feature in order to satisfy the epic/legendary.

  
MoSCoW
Should have
 Should have feature in order to satisfy the epic/legendary.

  
Needs Feedback
There are questions in the ticket that can not be completed until the project owner provides clarity.

  
Points
1
 1 man-hours worth of work for an expert with no learning curve.

  
Points
13
 13 man-hours worth of work for an expert with no learning curve.

  
Points
2
 2 man-hours worth of work for an expert with no learning curve.

  
Points
21
 21 man-hours worth of work for an expert with no learning curve.

  
Points
3
 3 man-hours worth of work for an expert with no learning curve.

  
Points
34
 34 man-hours worth of work for an expert with no learning curve.

  
Points
5
 5 man-hours worth of work for an expert with no learning curve.

  
Points
55
 55 man-hours worth of work for an expert with no learning curve.

  
Points
8
 8 man-hours worth of work for an expert with no learning curve.

  
Points
88
 88 man-hours worth of work for an expert with no learning curve.

  
Priority
Backlog
 This ticket has backlogged priority and is not to be worked on yet

  
Priority
CI Blocker
 Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  
Priority
Critical
 The priority is critical

  
Priority
High
 The priority is high

  
Priority
Low
 The priority is low

  
Priority
Medium
 The priority is medium

  
Signed-off: Owner
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Scrum Master
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Tech Lead
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Spike
A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  
State
Completed
 The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  
State
Duplicate
 A ticket that represents the same content as an existing ticket.

  
State
In Progress
 A ticket that is actively being developed.

  
State
In Review
 A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  
State
Paused
 This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  
State
Unverified
 All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  
State
Verified
 The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  
State
Wont Do
 This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  
Type
Automation
 Any edits or discussion about the AI automated coding system.

  
Type
Bug
 Something that doesnt work as intended.

  
Type
Discussion
 Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  
Type
Documentation
 An error or improvement needed in the documentation.

  
Type
Epic
 Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  
Type
Feature
 Some new functionality not present.

  
Type
Legendary
 A type of Epic which will contain other Epics.

  
Type
Refactor
 A code change that restructures existing code without changing its external behavior.

  
Type
Support
 Someone needs help using the project.

  
Type
Task
 A generic task that doesnt fit into the other type categories.

  
Type
Testing
 Work exclusively focusing on fixing or expanding testing.

No labels
auto/needs-reevaluation
controller-managed
auto/blocked-by-deps
auto/ci-timeout
auto/claimed-implementer
auto/claimed-merge
auto/claimed-reviewer
auto/driver-down
auto/invariant-violation
auto/last-attempt-tier-0
auto/last-attempt-tier-1
auto/last-attempt-tier-2
auto/last-attempt-tier-min
Automation Tracking
auto/needs-conflict-resolution
auto/needs-implementer
auto/postmortem
auto/ready-to-merge
auto/restart-throttled
auto/revert
auto/sentinel
auto/stale-inactivity
auto/unstable
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs Feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
CI Blocker
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Automation
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Refactor
Type
Support
Type
Task
Type
Testing
Milestone
Clear milestone
No items
No milestone
v3.4.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
hamza.khyari
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
cleveragents/cleveragents-core!607
No description provided.