diff --git a/kontext/agent/v1/agent.proto b/kontext/agent/v1/agent.proto index 1970f89..a0b16c5 100644 --- a/kontext/agent/v1/agent.proto +++ b/kontext/agent/v1/agent.proto @@ -2,36 +2,30 @@ syntax = "proto3"; package kontext.agent.v1; -// AgentService is the bidirectional streaming service between the CLI sidecar -// and the Kontext backend. The sidecar maintains a persistent connection and -// streams hook events for policy evaluation and telemetry. +// AgentService handles session lifecycle and hook event streaming +// between the CLI sidecar and the Kontext backend. +// +// Authentication: the user's OIDC bearer token from `kontext login`. +// The backend verifies the JWT and derives org + user identity. +// +// Credential exchange uses the existing OAuth token exchange endpoint +// (POST /oauth2/token, RFC 8693) — not this service. service AgentService { // ProcessHookEvent streams tool call events from the CLI to the backend // and receives policy decisions in return. Bidirectional streaming keeps - // the connection open for the session lifetime — no per-hook HTTP overhead. + // the connection open for the session lifetime. rpc ProcessHookEvent(stream ProcessHookEventRequest) returns (stream ProcessHookEventResponse); // CreateSession establishes a governed agent session. Called once at the - // start of `kontext start`. Returns session context used for all subsequent - // hook evaluations. + // start of `kontext start`. rpc CreateSession(CreateSessionRequest) returns (CreateSessionResponse); // Heartbeat keeps the session alive. The sidecar sends heartbeats on an // interval; the backend marks sessions as disconnected if heartbeats stop. rpc Heartbeat(HeartbeatRequest) returns (HeartbeatResponse); - // EndSession terminates the session and revokes any ephemeral credentials. + // EndSession terminates the session. rpc EndSession(EndSessionRequest) returns (EndSessionResponse); - - // ExchangeCredential resolves a provider credential for a given user and - // provider handle. Used by the env template hydration and per-tool-call - // credential injection. - rpc ExchangeCredential(ExchangeCredentialRequest) returns (ExchangeCredentialResponse); - - // SyncPolicy streams the current policy state for the session's org/agent. - // The sidecar caches this locally for fast hook evaluation. The server - // pushes updates when policy changes. - rpc SyncPolicy(SyncPolicyRequest) returns (stream SyncPolicyResponse); } // --- Hook Events --- @@ -51,8 +45,6 @@ message ProcessHookEventResponse { Decision decision = 1; string reason = 2; string event_id = 3; - // Credential to inject for this tool call (if applicable) - CredentialInjection credential = 4; } enum Decision { @@ -62,11 +54,6 @@ enum Decision { DECISION_ASK = 3; // Prompt user for approval } -message CredentialInjection { - string provider = 1; - map env_vars = 2; // e.g., {"GITHUB_TOKEN": "gho_..."} -} - // --- Sessions --- message CreateSessionRequest { @@ -95,45 +82,3 @@ message EndSessionRequest { } message EndSessionResponse {} - -// --- Credentials --- - -message ExchangeCredentialRequest { - string provider = 1; // e.g., "github", "stripe", "postgres" - string user_id = 2; - string resource = 3; // optional: specific resource URI -} - -message ExchangeCredentialResponse { - string provider = 1; - CredentialKind kind = 2; - string access_token = 3; // for OAuth providers - string value = 4; // for API key providers - string token_type = 5; - string scope = 6; - int64 expires_in = 7; // seconds -} - -enum CredentialKind { - CREDENTIAL_KIND_UNSPECIFIED = 0; - CREDENTIAL_KIND_OAUTH = 1; - CREDENTIAL_KIND_KEY = 2; -} - -// --- Policy Sync --- - -message SyncPolicyRequest { - string session_id = 1; -} - -message SyncPolicyResponse { - // OpenFGA tuples for local evaluation - repeated PolicyTuple tuples = 1; - bool full_sync = 2; // true = replace all, false = incremental -} - -message PolicyTuple { - string user = 1; - string relation = 2; - string object = 3; -}