refactor(agent): split api_server/response_actions.rs into execute/, rollback/, ... (#343)

Convert the single 2,838-line response_actions module into a directory
of focused sub-modules, all under 600 lines, matching the Phase 2 plan
in the swarm architecture synthesis:

  response_actions/
    mod.rs                  re-exports + glob from parent scope
    validate.rs             actor identity, ttl, reason validation
    dispatch.rs             execute_edr_response_action switch
    failure.rs              sanitize, redact, record-failure
    persistence.rs          ledger append, receipt emit, transition IDs
    network_extension.rs    NE egress policy reload coordination
    egress_match.rs         egress target normalize + active-match lookup
    broker_revocation.rs    broker capability + integration secret revoke
    process_signal.rs       signal target validation + unix kill helpers
    execute/                per-action live execution
      collect_evidence.rs
      restrict_egress.rs
      quarantine_file.rs
      disable_persistence.rs
      revoke_grant.rs
      suspend_process_tree.rs
    rollback/               per-action rollback + TTL expiration
      restrict_egress.rs
      quarantine_file.rs
      disable_persistence.rs
      suspend_process_tree.rs
      expiration.rs

The pub(crate) surface is unchanged: api_server.rs continues to do
`pub(crate) use response_actions::*;`, and mod.rs aggregates each
sub-module the same way. External callers (api_server.rs, edr/handlers,
api_server tests, policy_history, receipts, policy_delta) build without
modification. Existing tests pass; the response_actions unit test for
validate_response_action_actor continues to resolve through the same
glob path.

Path-bounded persistence checks are imported from the
clawdstrike-fs-policy-paths crate extracted in Phase 1.

Co-authored-by: bb-connor <bb-connor@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bb-connor

apps/agent/src-tauri/src/api_server/response_actions.rs

@@ -0,0 +1,95 @@
+//! Live response action dispatch.
+//!
+//! Provides the entry-point switch over `EndpointDecisionAction` that routes
+//! each supported live action to its `execute::*` implementation, plus the
+//! `supported_*` predicates used by handlers to reject unsupported actions.
+
+use super::*;
+
+pub(crate) fn supported_edr_simulation_action(action: &EndpointDecisionAction) -> bool {
+    matches!(
+        action,
+        EndpointDecisionAction::Block
+            | EndpointDecisionAction::RestrictEgress
+            | EndpointDecisionAction::SuspendProcessTree
+            | EndpointDecisionAction::TerminateProcessTree
+            | EndpointDecisionAction::QuarantineFile
+            | EndpointDecisionAction::RevokeGrant
+            | EndpointDecisionAction::DisablePersistence
+    )
+}
+
+pub(crate) fn supported_edr_response_action(action: &EndpointDecisionAction) -> bool {
+    matches!(
+        action,
+        EndpointDecisionAction::RestrictEgress
+            | EndpointDecisionAction::SuspendProcessTree
+            | EndpointDecisionAction::TerminateProcessTree
+            | EndpointDecisionAction::QuarantineFile
+            | EndpointDecisionAction::RevokeGrant
+            | EndpointDecisionAction::DisablePersistence
+            | EndpointDecisionAction::CollectEvidence
+    )
+}
+
+pub(crate) fn default_response_action_reason(
+    action: &EndpointDecisionAction,
+    dry_run: bool,
+) -> &'static str {
+    if dry_run {
+        return "endpoint response dry run";
+    }
+    match action {
+        EndpointDecisionAction::CollectEvidence => "collect endpoint evidence",
+        EndpointDecisionAction::RestrictEgress => "restrict endpoint egress",
+        EndpointDecisionAction::QuarantineFile => "quarantine endpoint file",
+        EndpointDecisionAction::DisablePersistence => "disable endpoint persistence item",
+        EndpointDecisionAction::RevokeGrant => "revoke local endpoint grant",
+        EndpointDecisionAction::SuspendProcessTree => "suspend endpoint process tree",
+        EndpointDecisionAction::TerminateProcessTree => "terminate endpoint process tree",
+        _ => "execute endpoint response",
+    }
+}
+
+pub(crate) async fn execute_edr_response_action(
+    state: &AgentApiState,
+    plan: &EndpointResponsePlan,
+    graph: &CausalGraph,
+    actor: EndpointDecisionActor,
+) -> Result<
+    (
+        EndpointResponseExecutionReport,
+        StoredEndpointEvidenceBundle,
+        SignedReceipt,
+        SignedReceipt,
+    ),
+    (StatusCode, String),
+> {
+    match plan.action {
+        EndpointDecisionAction::CollectEvidence => {
+            execute_collect_evidence_response(state, plan, graph, actor).await
+        }
+        EndpointDecisionAction::RestrictEgress => {
+            execute_restrict_egress_response(state, plan, graph, actor).await
+        }
+        EndpointDecisionAction::QuarantineFile => {
+            execute_quarantine_file_response(state, plan, graph, actor).await
+        }
+        EndpointDecisionAction::DisablePersistence => {
+            execute_disable_persistence_response(state, plan, graph, actor).await
+        }
+        EndpointDecisionAction::RevokeGrant => {
+            execute_revoke_grant_response(state, plan, graph, actor).await
+        }
+        EndpointDecisionAction::SuspendProcessTree => {
+            execute_suspend_process_tree_response(state, plan, graph, actor).await
+        }
+        _ => Err((
+            StatusCode::BAD_REQUEST,
+            format!(
+                "unsupported endpoint response action for live executor: {}",
+                plan.action.as_str()
+            ),
+        )),
+    }
+}

apps/agent/src-tauri/src/api_server/response_actions/broker_revocation.rs

@@ -0,0 +1,194 @@
+//! Egress target normalization and active-restriction matching.
+//!
+//! Normalizes `host:port` targets into a canonical form, validates that they
+//! are non-local and non-private before being installed as restrictions, and
+//! looks up the active restriction (if any) for a policy check input so the
+//! engine can fail it closed at the policy layer.
+
+use super::*;
+
+pub(crate) async fn active_egress_restriction_for_policy_check(
+    state: &AgentApiState,
+    input: &PolicyCheckInput,
+) -> Option<EndpointEgressRestriction> {
+    let target = normalize_egress_policy_target(&input.action_type, &input.target)?;
+    let ledger = state.edr_egress_restriction_ledger.lock().await;
+    ledger.active_match(&target, chrono::Utc::now())
+}
+
+pub(crate) fn policy_output_for_active_egress_restriction(
+    restriction: &EndpointEgressRestriction,
+) -> PolicyCheckOutput {
+    PolicyCheckOutput {
+        allowed: false,
+        guard: Some("edr_restrict_egress".to_string()),
+        severity: Some("high".to_string()),
+        message: Some(format!(
+            "Egress to {} denied by active EDR response execution {}",
+            restriction.target, restriction.execution_id
+        )),
+        details: Some(serde_json::json!({
+            "reason": "active_edr_egress_restriction",
+            "target": restriction.target.clone(),
+            "executionId": restriction.execution_id.clone(),
+            "actionId": restriction.action_id.clone(),
+            "rollbackRef": restriction.rollback_ref.clone(),
+            "graphSliceId": restriction.graph_slice_id.clone(),
+            "expiresAt": restriction.expires_at,
+        })),
+    }
+}
+
+pub(crate) fn restrict_egress_targets(
+    plan: &EndpointResponsePlan,
+    graph: &CausalGraph,
+) -> Result<Vec<String>> {
+    let root = graph
+        .nodes
+        .get(&plan.root_node_id)
+        .ok_or_else(|| anyhow::anyhow!("root node not found: {}", plan.root_node_id))?;
+    let root_target = if root.kind == CausalNodeKind::Network {
+        Some(egress_target_from_node(root)?)
+    } else {
+        None
+    };
+
+    let mut targets = graph
+        .nodes
+        .values()
+        .filter(|node| node.kind == CausalNodeKind::Network)
+        .map(egress_target_from_node)
+        .collect::<Result<Vec<_>>>()?;
+    targets.sort();
+    targets.dedup();
+    if targets.is_empty() {
+        return Err(anyhow::anyhow!(
+            "restrict_egress requires at least one network node in the graph slice"
+        ));
+    }
+    if let Some(root_target) = root_target {
+        targets.retain(|target| target != &root_target);
+        targets.insert(0, root_target);
+    }
+    Ok(targets)
+}
+
+fn egress_target_from_node(node: &clawdstrike_policy_event::edr::CausalNode) -> Result<String> {
+    normalize_egress_target(node.label.as_str())
+        .with_context(|| format!("normalize network node target {}", node.label))
+}
+
+fn normalize_egress_policy_target(action_type: &str, target: &str) -> Option<String> {
+    let action = action_type.trim().to_ascii_lowercase();
+    if action != "egress" && action != "network" {
+        return None;
+    }
+    let target = target.trim();
+    let lower = target.to_ascii_lowercase();
+    let target = if lower.starts_with("http://")
+        || lower.starts_with("https://")
+        || lower.starts_with("ws://")
+        || lower.starts_with("wss://")
+    {
+        let url = reqwest::Url::parse(target).ok()?;
+        let host = url.host_str()?;
+        let port = url.port_or_known_default()?;
+        if host.contains(':') {
+            format!("[{host}]:{port}")
+        } else {
+            format!("{host}:{port}")
+        }
+    } else {
+        target.to_string()
+    };
+    normalize_egress_target(target.as_str()).ok()
+}
+
+pub(crate) fn normalize_egress_target(target: &str) -> Result<String> {
+    let target = target.trim();
+    if target.is_empty() {
+        return Err(anyhow::anyhow!("egress target must not be empty"));
+    }
+    if target.len() > 512 {
+        return Err(anyhow::anyhow!("egress target must be at most 512 bytes"));
+    }
+    if target
+        .chars()
+        .any(|ch| ch.is_ascii_whitespace() || matches!(ch, '*' | ',' | '/'))
+    {
+        return Err(anyhow::anyhow!(
+            "egress target must be a literal host:port without wildcards or paths"
+        ));
+    }
+    let (host, port) = split_egress_host_port(target)?;
+    let port: u16 = port
+        .parse()
+        .with_context(|| format!("parse egress target port {port}"))?;
+    if port == 0 {
+        return Err(anyhow::anyhow!("egress target port must be non-zero"));
+    }
+    let normalized_host = host.trim_matches(['[', ']']).to_ascii_lowercase();
+    if normalized_host.is_empty() {
+        return Err(anyhow::anyhow!("egress target host must not be empty"));
+    }
+    if matches!(
+        normalized_host.as_str(),
+        "localhost" | "localhost.localdomain"
+    ) {
+        return Err(anyhow::anyhow!("refusing to restrict local host egress"));
+    }
+    if let Ok(ip) = normalized_host.parse::<IpAddr>() {
+        validate_egress_restriction_ip(ip)?;
+    }
+    if normalized_host.contains(':') {
+        Ok(format!("[{normalized_host}]:{port}"))
+    } else {
+        Ok(format!("{normalized_host}:{port}"))
+    }
+}
+
+fn split_egress_host_port(target: &str) -> Result<(&str, &str)> {
+    if let Some(rest) = target.strip_prefix('[') {
+        let (host, port) = rest
+            .split_once("]:")
+            .ok_or_else(|| anyhow::anyhow!("bracketed egress target must be [host]:port"))?;
+        return Ok((host, port));
+    }
+    target
+        .rsplit_once(':')
+        .ok_or_else(|| anyhow::anyhow!("egress target must include a port"))
+}
+
+fn validate_egress_restriction_ip(ip: IpAddr) -> Result<()> {
+    let blocked = match ip {
+        IpAddr::V4(ip) => {
+            ip.is_loopback()
+                || ip.is_private()
+                || ip.is_link_local()
+                || ip.is_broadcast()
+                || ip.is_documentation()
+                || ip.is_unspecified()
+        }
+        IpAddr::V6(ip) => {
+            ip.is_loopback()
+                || ip.is_unspecified()
+                || ipv6_is_unique_local(&ip)
+                || ipv6_is_unicast_link_local(&ip)
+                || ip.is_multicast()
+        }
+    };
+    if blocked {
+        return Err(anyhow::anyhow!(
+            "refusing to restrict local, private, link-local, multicast, or documentation egress target {ip}"
+        ));
+    }
+    Ok(())
+}
+
+fn ipv6_is_unique_local(ip: &std::net::Ipv6Addr) -> bool {
+    (ip.segments()[0] & 0xfe00) == 0xfc00
+}
+
+fn ipv6_is_unicast_link_local(ip: &std::net::Ipv6Addr) -> bool {
+    (ip.segments()[0] & 0xffc0) == 0xfe80
+}

apps/agent/src-tauri/src/api_server/response_actions/dispatch.rs

@@ -0,0 +1,22 @@
+//! Execute the `collect_evidence` response action.
+
+use super::super::*;
+
+pub(crate) async fn execute_collect_evidence_response(
+    state: &AgentApiState,
+    plan: &EndpointResponsePlan,
+    graph: &CausalGraph,
+    actor: EndpointDecisionActor,
+) -> Result<
+    (
+        EndpointResponseExecutionReport,
+        StoredEndpointEvidenceBundle,
+        SignedReceipt,
+        SignedReceipt,
+    ),
+    (StatusCode, String),
+> {
+    let execution =
+        EndpointResponseExecutionReport::collect_evidence(plan, graph).map_err(internal_error)?;
+    persist_edr_response_execution(state, execution, graph, actor).await
+}