feat(m7.2-D): drop transitional agent.db, add admin helpers

Final slice of M7.2. Removes the transitional single-database handle that M7.2-A introduced alongside the pool, so the compliance-agent now has a single source of truth for storage: every code path obtains a tenant-scoped Database from `agent.db_pool.for_tenant_id(...)` or `for_tenant(&ctx)`. There is no shared "default" database anywhere. Changes - ComplianceAgent: `db: Database` field removed. ComplianceAgent::new now takes only `(config, db_pool)`. Verified by an earlier grep during M7.2-C that no remaining call site reads `agent.db`. - main.rs: stops constructing the legacy Database. Only the pool is built at startup. - TestServer: same — drops Database::connect/ensure_indexes, builds only the pool. cleanup() now drops every `<db_name>_*` per-tenant database (no longer touches a bare `<db_name>`). - DatabasePool::list_tenant_db_names() — lists Mongo databases matching the pool's prefix. For admin endpoints + scheduler tenant enumeration in a future M7.3 (this PR keeps SCHEDULER_TENANT_IDS env config — registry integration is a separate concern). - DatabasePool::drop_tenant(&str) — idempotent tenant offboarding. Drops the per-tenant database and evicts the in-memory `ensured` marker so a later re-provision re-runs ensure_indexes. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 6 pass including new `admin_helpers_list_and_drop_tenant_dbs` - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass M7.2 closeout state after this lands - M7.1 (auth + status) — done - M7.2-A (pool) — done - M7.2-B (handlers) — done - M7.2-C (background paths) — done - M7.2-D (legacy db removed, admin helpers) — done (this PR) - Future M7.3: scheduler pulls tenants from tenant-registry instead of SCHEDULER_TENANT_IDS env; cross-tenant admin HTTP endpoints built on list_tenant_db_names / drop_tenant. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
feat(m7.2-C): migrate background paths to per-tenant pool
2026-06-17 15:05:27 +02:00 · 2026-06-17 15:00:37 +02:00 · 2026-06-17 13:28:33 +02:00 · 2026-06-17 13:16:46 +02:00 · 2026-06-17 11:58:24 +02:00
13 changed files with 493 additions and 561 deletions
@@ -1,210 +0,0 @@
-//! Authenticated HTTP client for talking to the compliance-agent.
-//!
-//! Every dashboard server function that hits `comp-dev.meghsakha.com/api/v1/*`
-//! must go through here so the Keycloak access token from the user's
-//! session is attached as `Authorization: Bearer <token>`. Without it
-//! the agent's M7.1 `require_jwt_auth` middleware rejects with 401
-//! "Missing authorization header".
-//!
-//! When Keycloak is not configured (dev convenience), the helper
-//! returns an unauthenticated builder — matching the agent's
-//! pass-through behavior in the same state.
-//!
-//! **Token refresh**: KC access tokens are short-lived (5 min default
-//! in the certifai realm). Before attaching, we decode the JWT's `exp`
-//! claim and proactively refresh via the stored refresh_token if the
-//! access token is expired or about to expire. The session is updated
-//! with the new pair. If refresh fails, we send the (stale) token
-//! anyway — the agent's 401 will surface to the UI, which can prompt
-//! re-login.
-
-use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
-use dioxus::prelude::ServerFnError;
-use dioxus_fullstack::FullstackContext;
-use reqwest::Method;
-
-use super::auth::LOGGED_IN_USER_SESS_KEY;
-use super::server_state::ServerState;
-use super::user_state::UserStateInner;
-
-/// Seconds before the JWT's `exp` time at which we consider it stale
-/// enough to refresh. Covers clock skew + the round-trip to the agent
-/// so the token doesn't expire mid-flight.
-const REFRESH_SKEW_SECS: i64 = 30;
-
-/// Build a `RequestBuilder` for `<agent_api_url><path>` with the
-/// session's access token attached. `path` should include a leading
-/// `/`, e.g. `"/api/v1/repositories"`.
-pub async fn agent_request(
-    method: Method,
-    path: &str,
-) -> Result<reqwest::RequestBuilder, ServerFnError> {
-    let state: ServerState = FullstackContext::extract().await?;
-    let url = format!("{}{}", state.agent_api_url, path);
-    let mut req = reqwest::Client::new().request(method, &url);
-    req = attach_token(req, &state).await?;
-    Ok(req)
-}
-
-/// Same as [`agent_request`] but for `GET`. Convenience for the common case.
-pub async fn agent_get(path: &str) -> Result<reqwest::RequestBuilder, ServerFnError> {
-    agent_request(Method::GET, path).await
-}
-
-/// Attach the session's bearer token if Keycloak is configured AND the
-/// session has a logged-in user. Refresh the token proactively if it's
-/// expired or about to expire. Persists refreshed tokens back into the
-/// session.
-async fn attach_token(
-    req: reqwest::RequestBuilder,
-    state: &ServerState,
-) -> Result<reqwest::RequestBuilder, ServerFnError> {
-    if state.keycloak.is_none() {
-        return Ok(req);
-    }
-    let session: tower_sessions::Session = FullstackContext::extract().await?;
-    let user: Option<UserStateInner> = session
-        .get(LOGGED_IN_USER_SESS_KEY)
-        .await
-        .map_err(|e| ServerFnError::new(format!("session read failed: {e}")))?;
-    let Some(mut user) = user else {
-        return Ok(req);
-    };
-
-    if token_needs_refresh(&user.access_token) {
-        tracing::debug!("Access token expired or near-expiring; refreshing");
-        match refresh_tokens(state, &user.refresh_token).await {
-            Ok((new_access, new_refresh)) => {
-                user.access_token = new_access;
-                if let Some(rt) = new_refresh {
-                    user.refresh_token = rt;
-                }
-                if let Err(e) = session.insert(LOGGED_IN_USER_SESS_KEY, &user).await {
-                    tracing::warn!("Failed to persist refreshed tokens: {e}");
-                }
-            }
-            Err(e) => {
-                tracing::warn!("Token refresh failed: {e}; sending current token anyway");
-                // Fall through — the agent will 401 and the UI will
-                // prompt re-login. Better than failing the request at
-                // the dashboard layer with no helpful UX cue.
-            }
-        }
-    }
-
-    Ok(req.bearer_auth(user.access_token))
-}
-
-/// Decode the JWT's payload (no signature verification — the agent
-/// does that) and check the `exp` claim. Treats malformed tokens as
-/// expired so the refresh path runs.
-fn token_needs_refresh(jwt: &str) -> bool {
-    let Some(payload_b64) = jwt.split('.').nth(1) else {
-        return true;
-    };
-    let Ok(bytes) = URL_SAFE_NO_PAD.decode(payload_b64) else {
-        return true;
-    };
-    #[derive(serde::Deserialize)]
-    struct ExpClaim {
-        exp: i64,
-    }
-    let Ok(claims) = serde_json::from_slice::<ExpClaim>(&bytes) else {
-        return true;
-    };
-    let now = chrono::Utc::now().timestamp();
-    claims.exp - REFRESH_SKEW_SECS <= now
-}
-
-/// Exchange a refresh_token for a new access_token. Returns the new
-/// access_token and (optionally) the new refresh_token KC issued.
-/// KC may rotate refresh_tokens on use; we honor whatever it sends.
-async fn refresh_tokens(
-    state: &ServerState,
-    refresh_token: &str,
-) -> Result<(String, Option<String>), String> {
-    let kc = state
-        .keycloak
-        .ok_or_else(|| "Keycloak not configured".to_string())?;
-    if refresh_token.is_empty() {
-        return Err("no refresh_token in session".to_string());
-    }
-
-    #[derive(serde::Deserialize)]
-    struct TokenResp {
-        access_token: String,
-        refresh_token: Option<String>,
-    }
-
-    let resp = reqwest::Client::new()
-        .post(kc.token_endpoint())
-        .form(&[
-            ("grant_type", "refresh_token"),
-            ("client_id", kc.client_id.as_str()),
-            ("refresh_token", refresh_token),
-        ])
-        .send()
-        .await
-        .map_err(|e| format!("refresh request failed: {e}"))?;
-
-    if !resp.status().is_success() {
-        let status = resp.status();
-        let body = resp.text().await.unwrap_or_default();
-        return Err(format!("refresh rejected ({status}): {body}"));
-    }
-
-    let r: TokenResp = resp
-        .json()
-        .await
-        .map_err(|e| format!("refresh response parse failed: {e}"))?;
-    Ok((r.access_token, r.refresh_token))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use base64::Engine;
-
-    /// Build a JWT-shaped string (header.payload.sig) with the given
-    /// payload. Signature is bogus — we never verify it locally.
-    fn make_jwt(payload: &serde_json::Value) -> String {
-        let payload_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_vec(payload).unwrap());
-        format!("hdr.{payload_b64}.sig")
-    }
-
-    #[test]
-    fn token_needs_refresh_true_when_expired() {
-        let exp = chrono::Utc::now().timestamp() - 60;
-        let jwt = make_jwt(&serde_json::json!({ "exp": exp }));
-        assert!(token_needs_refresh(&jwt));
-    }
-
-    #[test]
-    fn token_needs_refresh_true_within_skew_window() {
-        // 10 seconds left; less than the 30s skew → must refresh.
-        let exp = chrono::Utc::now().timestamp() + 10;
-        let jwt = make_jwt(&serde_json::json!({ "exp": exp }));
-        assert!(token_needs_refresh(&jwt));
-    }
-
-    #[test]
-    fn token_needs_refresh_false_with_plenty_of_life() {
-        let exp = chrono::Utc::now().timestamp() + 600;
-        let jwt = make_jwt(&serde_json::json!({ "exp": exp }));
-        assert!(!token_needs_refresh(&jwt));
-    }
-
-    #[test]
-    fn token_needs_refresh_true_on_malformed_jwt() {
-        assert!(token_needs_refresh(""));
-        assert!(token_needs_refresh("not.a.jwt"));
-        assert!(token_needs_refresh("only-one-segment"));
-        assert!(token_needs_refresh("hdr.not-base64!.sig"));
-    }
-
-    #[test]
-    fn token_needs_refresh_true_when_exp_missing() {
-        let jwt = make_jwt(&serde_json::json!({ "sub": "abc" }));
-        assert!(token_needs_refresh(&jwt));
-    }
-}
@@ -61,21 +61,23 @@ pub async fn send_chat_message(
    message: String,
    history: Vec<ChatHistoryMessage>,
 ) -> Result<ChatApiResponse, ServerFnError> {
-    // Chat uses a longer timeout because the LLM round-trip can be slow;
-    // agent_request doesn't expose a per-call timeout so we layer one on.
-    let resp = super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/chat/{repo_id}"),
-    )
-    .await?
-    .timeout(std::time::Duration::from_secs(120))
-    .json(&serde_json::json!({
-        "message": message,
-        "history": history,
-    }))
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(format!("Request failed: {e}")))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/chat/{repo_id}", state.agent_api_url);
+    let client = reqwest::Client::builder()
+        .timeout(std::time::Duration::from_secs(120))
+        .build()
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let resp = client
+        .post(&url)
+        .json(&serde_json::json!({
+            "message": message,
+            "history": history,
+        }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(format!("Request failed: {e}")))?;

    let text = resp
        .text()
@@ -89,14 +91,19 @@ pub async fn send_chat_message(

 #[server]
 pub async fn trigger_embedding_build(repo_id: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/chat/{repo_id}/build-embeddings"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!(
+        "{}/api/v1/chat/{repo_id}/build-embeddings",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    Ok(())
 }

@@ -104,9 +111,11 @@ pub async fn trigger_embedding_build(repo_id: String) -> Result<(), ServerFnErro
 pub async fn fetch_embedding_status(
    repo_id: String,
 ) -> Result<EmbeddingStatusResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/chat/{repo_id}/status"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/chat/{repo_id}/status", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: EmbeddingStatusResponse = resp
@@ -26,9 +26,10 @@ pub struct DastFindingDetailResponse {

 #[server]
 pub async fn fetch_dast_targets() -> Result<DastTargetsResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/dast/targets")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/dast/targets", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: DastTargetsResponse = resp
@@ -40,9 +41,10 @@ pub async fn fetch_dast_targets() -> Result<DastTargetsResponse, ServerFnError>

 #[server]
 pub async fn fetch_dast_scan_runs() -> Result<DastScanRunsResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/dast/scan-runs")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/dast/scan-runs", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: DastScanRunsResponse = resp
@@ -54,9 +56,10 @@ pub async fn fetch_dast_scan_runs() -> Result<DastScanRunsResponse, ServerFnErro

 #[server]
 pub async fn fetch_dast_findings() -> Result<DastFindingsResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/dast/findings")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/dast/findings", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: DastFindingsResponse = resp
@@ -70,9 +73,10 @@ pub async fn fetch_dast_findings() -> Result<DastFindingsResponse, ServerFnError
 pub async fn fetch_dast_finding_detail(
    id: String,
 ) -> Result<DastFindingDetailResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/dast/findings/{id}"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/dast/findings/{id}", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: DastFindingDetailResponse = resp
@@ -84,8 +88,12 @@ pub async fn fetch_dast_finding_detail(

 #[server]
 pub async fn add_dast_target(name: String, base_url: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/dast/targets")
-        .await?
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/dast/targets", state.agent_api_url);
+    let client = reqwest::Client::new();
+    client
+        .post(&url)
        .json(&serde_json::json!({
            "name": name,
            "base_url": base_url,
@@ -98,13 +106,17 @@ pub async fn add_dast_target(name: String, base_url: String) -> Result<(), Serve

 #[server]
 pub async fn trigger_dast_scan(target_id: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/dast/targets/{target_id}/scan"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/dast/targets/{target_id}/scan",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    Ok(())
 }
@@ -24,35 +24,39 @@ pub struct FindingsQuery {

 #[server]
 pub async fn fetch_findings(query: FindingsQuery) -> Result<FindingsListResponse, ServerFnError> {
-    let mut path = format!("/api/v1/findings?page={}&limit=20", query.page);
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let mut url = format!(
+        "{}/api/v1/findings?page={}&limit=20",
+        state.agent_api_url, query.page
+    );
    if !query.severity.is_empty() {
-        path.push_str(&format!("&severity={}", query.severity));
+        url.push_str(&format!("&severity={}", query.severity));
    }
    if !query.scan_type.is_empty() {
-        path.push_str(&format!("&scan_type={}", query.scan_type));
+        url.push_str(&format!("&scan_type={}", query.scan_type));
    }
    if !query.status.is_empty() {
-        path.push_str(&format!("&status={}", query.status));
+        url.push_str(&format!("&status={}", query.status));
    }
    if !query.repo_id.is_empty() {
-        path.push_str(&format!("&repo_id={}", query.repo_id));
+        url.push_str(&format!("&repo_id={}", query.repo_id));
    }
    if !query.q.is_empty() {
-        path.push_str(&format!(
+        url.push_str(&format!(
            "&q={}",
            url::form_urlencoded::byte_serialize(query.q.as_bytes()).collect::<String>()
        ));
    }
    if !query.sort_by.is_empty() {
-        path.push_str(&format!("&sort_by={}", query.sort_by));
+        url.push_str(&format!("&sort_by={}", query.sort_by));
    }
    if !query.sort_order.is_empty() {
-        path.push_str(&format!("&sort_order={}", query.sort_order));
+        url.push_str(&format!("&sort_order={}", query.sort_order));
    }

-    let resp = super::agent_client::agent_get(&path)
-        .await?
-        .send()
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: FindingsListResponse = resp
@@ -64,9 +68,11 @@ pub async fn fetch_findings(query: FindingsQuery) -> Result<FindingsListResponse

 #[server]
 pub async fn fetch_finding_detail(id: String) -> Result<Finding, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/findings/{id}"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/findings/{id}", state.agent_api_url);
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: serde_json::Value = resp
@@ -80,15 +86,18 @@ pub async fn fetch_finding_detail(id: String) -> Result<Finding, ServerFnError>

 #[server]
 pub async fn update_finding_status(id: String, status: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::PATCH,
-        &format!("/api/v1/findings/{id}/status"),
-    )
-    .await?
-    .json(&serde_json::json!({ "status": status }))
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/findings/{id}/status", state.agent_api_url);
+
+    let client = reqwest::Client::new();
+    client
+        .patch(&url)
+        .json(&serde_json::json!({ "status": status }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
+
    Ok(())
 }

@@ -97,25 +106,34 @@ pub async fn bulk_update_finding_status(
    ids: Vec<String>,
    status: String,
 ) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(reqwest::Method::PATCH, "/api/v1/findings/bulk-status")
-        .await?
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/findings/bulk-status", state.agent_api_url);
+
+    let client = reqwest::Client::new();
+    client
+        .patch(&url)
        .json(&serde_json::json!({ "ids": ids, "status": status }))
        .send()
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
+
    Ok(())
 }

 #[server]
 pub async fn update_finding_feedback(id: String, feedback: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::PATCH,
-        &format!("/api/v1/findings/{id}/feedback"),
-    )
-    .await?
-    .json(&serde_json::json!({ "feedback": feedback }))
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/findings/{id}/feedback", state.agent_api_url);
+
+    let client = reqwest::Client::new();
+    client
+        .patch(&url)
+        .json(&serde_json::json!({ "feedback": feedback }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
+
    Ok(())
 }
@@ -50,9 +50,10 @@ pub struct SearchResponse {

 #[server]
 pub async fn fetch_graph(repo_id: String) -> Result<GraphDataResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/graph/{repo_id}", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: GraphDataResponse = resp
@@ -67,12 +68,15 @@ pub async fn fetch_impact(
    repo_id: String,
    finding_id: String,
 ) -> Result<ImpactResponse, ServerFnError> {
-    let resp =
-        super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}/impact/{finding_id}"))
-            .await?
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/graph/{repo_id}/impact/{finding_id}",
+        state.agent_api_url
+    );
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: ImpactResponse = resp
        .json()
        .await
@@ -82,9 +86,10 @@ pub async fn fetch_impact(

 #[server]
 pub async fn fetch_communities(repo_id: String) -> Result<CommunitiesResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}/communities"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/graph/{repo_id}/communities", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: CommunitiesResponse = resp
@@ -99,13 +104,15 @@ pub async fn fetch_file_content(
    repo_id: String,
    file_path: String,
 ) -> Result<FileContentResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!(
-        "/api/v1/graph/{repo_id}/file-content?path={file_path}"
-    ))
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/graph/{repo_id}/file-content?path={file_path}",
+        state.agent_api_url
+    );
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: FileContentResponse = resp
        .json()
        .await
@@ -115,13 +122,15 @@ pub async fn fetch_file_content(

 #[server]
 pub async fn search_nodes(repo_id: String, query: String) -> Result<SearchResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!(
-        "/api/v1/graph/{repo_id}/search?q={query}&limit=50"
-    ))
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/graph/{repo_id}/search?q={query}&limit=50",
+        state.agent_api_url
+    );
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: SearchResponse = resp
        .json()
        .await
@@ -131,13 +140,14 @@ pub async fn search_nodes(repo_id: String, query: String) -> Result<SearchRespon

 #[server]
 pub async fn trigger_graph_build(repo_id: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/graph/{repo_id}/build"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/graph/{repo_id}/build", state.agent_api_url);
+    let client = reqwest::Client::new();
+    client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    Ok(())
 }
@@ -12,9 +12,11 @@ pub struct IssuesListResponse {

 #[server]
 pub async fn fetch_issues(page: u64) -> Result<IssuesListResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/issues?page={page}&limit=20"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/issues?page={page}&limit=20", state.agent_api_url);
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: IssuesListResponse = resp
@@ -18,8 +18,6 @@ pub mod stats;

 // Server-only modules
 #[cfg(feature = "server")]
-mod agent_client;
-#[cfg(feature = "server")]
 mod auth;
 #[cfg(feature = "server")]
 mod auth_middleware;
@@ -32,9 +32,11 @@ pub struct NotificationCountResponse {

 #[server]
 pub async fn fetch_notification_count() -> Result<u64, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/notifications/count")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/notifications/count", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: NotificationCountResponse = resp
@@ -46,9 +48,11 @@ pub async fn fetch_notification_count() -> Result<u64, ServerFnError> {

 #[server]
 pub async fn fetch_notifications() -> Result<NotificationListResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/notifications?limit=20")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/notifications?limit=20", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: NotificationListResponse = resp
@@ -60,8 +64,12 @@ pub async fn fetch_notifications() -> Result<NotificationListResponse, ServerFnE

 #[server]
 pub async fn mark_all_notifications_read() -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/notifications/read-all")
-        .await?
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/notifications/read-all", state.agent_api_url);
+    reqwest::Client::new()
+        .post(&url)
        .send()
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
@@ -70,13 +78,14 @@ pub async fn mark_all_notifications_read() -> Result<(), ServerFnError> {

 #[server]
 pub async fn dismiss_notification(id: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::PATCH,
-        &format!("/api/v1/notifications/{id}/dismiss"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/notifications/{id}/dismiss", state.agent_api_url);
+    reqwest::Client::new()
+        .patch(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    Ok(())
 }
@@ -32,10 +32,12 @@ pub struct AttackChainResponse {

 #[server]
 pub async fn fetch_pentest_sessions() -> Result<PentestSessionsResponse, ServerFnError> {
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
    // Fetch sessions
-    let resp = super::agent_client::agent_get("/api/v1/pentest/sessions")
-        .await?
-        .send()
+    let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let mut body: PentestSessionsResponse = resp
@@ -44,32 +46,31 @@ pub async fn fetch_pentest_sessions() -> Result<PentestSessionsResponse, ServerF
        .map_err(|e| ServerFnError::new(e.to_string()))?;

    // Fetch DAST targets to resolve target names
-    if let Ok(tresp_builder) = super::agent_client::agent_get("/api/v1/dast/targets").await {
-        if let Ok(tresp) = tresp_builder.send().await {
-            if let Ok(tbody) = tresp.json::<serde_json::Value>().await {
-                let targets = tbody.get("data").and_then(|v| v.as_array());
-                if let Some(targets) = targets {
-                    // Build target_id -> name lookup
-                    let target_map: std::collections::HashMap<String, String> = targets
-                        .iter()
-                        .filter_map(|t| {
-                            let id = t.get("_id")?.get("$oid")?.as_str()?.to_string();
-                            let name = t.get("name")?.as_str()?.to_string();
-                            Some((id, name))
-                        })
-                        .collect();
+    let targets_url = format!("{}/api/v1/dast/targets", state.agent_api_url);
+    if let Ok(tresp) = reqwest::get(&targets_url).await {
+        if let Ok(tbody) = tresp.json::<serde_json::Value>().await {
+            let targets = tbody.get("data").and_then(|v| v.as_array());
+            if let Some(targets) = targets {
+                // Build target_id -> name lookup
+                let target_map: std::collections::HashMap<String, String> = targets
+                    .iter()
+                    .filter_map(|t| {
+                        let id = t.get("_id")?.get("$oid")?.as_str()?.to_string();
+                        let name = t.get("name")?.as_str()?.to_string();
+                        Some((id, name))
+                    })
+                    .collect();

-                    // Enrich sessions with target_name
-                    for session in body.data.iter_mut() {
-                        if let Some(tid) = session.get("target_id").and_then(|v| v.as_str()) {
-                            if let Some(name) = target_map.get(tid) {
-                                session.as_object_mut().map(|obj| {
-                                    obj.insert(
-                                        "target_name".to_string(),
-                                        serde_json::Value::String(name.clone()),
-                                    )
-                                });
-                            }
+                // Enrich sessions with target_name
+                for session in body.data.iter_mut() {
+                    if let Some(tid) = session.get("target_id").and_then(|v| v.as_str()) {
+                        if let Some(name) = target_map.get(tid) {
+                            session.as_object_mut().map(|obj| {
+                                obj.insert(
+                                    "target_name".to_string(),
+                                    serde_json::Value::String(name.clone()),
+                                )
+                            });
                        }
                    }
                }
@@ -82,9 +83,10 @@ pub async fn fetch_pentest_sessions() -> Result<PentestSessionsResponse, ServerF

 #[server]
 pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{id}"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/pentest/sessions/{id}", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let mut body: PentestSessionResponse = resp
@@ -94,27 +96,26 @@ pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse,

    // Resolve target name from targets list
    if let Some(tid) = body.data.get("target_id").and_then(|v| v.as_str()) {
-        if let Ok(tresp_builder) = super::agent_client::agent_get("/api/v1/dast/targets").await {
-            if let Ok(tresp) = tresp_builder.send().await {
-                if let Ok(tbody) = tresp.json::<serde_json::Value>().await {
-                    if let Some(targets) = tbody.get("data").and_then(|v| v.as_array()) {
-                        for t in targets {
-                            let t_id = t
-                                .get("_id")
-                                .and_then(|v| v.get("$oid"))
-                                .and_then(|v| v.as_str())
-                                .unwrap_or("");
-                            if t_id == tid {
-                                if let Some(name) = t.get("name").and_then(|v| v.as_str()) {
-                                    body.data.as_object_mut().map(|obj| {
-                                        obj.insert(
-                                            "target_name".to_string(),
-                                            serde_json::Value::String(name.to_string()),
-                                        )
-                                    });
-                                }
-                                break;
+        let targets_url = format!("{}/api/v1/dast/targets", state.agent_api_url);
+        if let Ok(tresp) = reqwest::get(&targets_url).await {
+            if let Ok(tbody) = tresp.json::<serde_json::Value>().await {
+                if let Some(targets) = tbody.get("data").and_then(|v| v.as_array()) {
+                    for t in targets {
+                        let t_id = t
+                            .get("_id")
+                            .and_then(|v| v.get("$oid"))
+                            .and_then(|v| v.as_str())
+                            .unwrap_or("");
+                        if t_id == tid {
+                            if let Some(name) = t.get("name").and_then(|v| v.as_str()) {
+                                body.data.as_object_mut().map(|obj| {
+                                    obj.insert(
+                                        "target_name".to_string(),
+                                        serde_json::Value::String(name.to_string()),
+                                    )
+                                });
                            }
+                            break;
                        }
                    }
                }
@@ -129,12 +130,15 @@ pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse,
 pub async fn fetch_pentest_messages(
    session_id: String,
 ) -> Result<PentestMessagesResponse, ServerFnError> {
-    let resp =
-        super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{session_id}/messages"))
-            .await?
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/messages",
+        state.agent_api_url
+    );
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: PentestMessagesResponse = resp
        .json()
        .await
@@ -144,9 +148,10 @@ pub async fn fetch_pentest_messages(

 #[server]
 pub async fn fetch_pentest_stats() -> Result<PentestStatsResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/pentest/stats")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/pentest/stats", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: PentestStatsResponse = resp
@@ -158,13 +163,15 @@ pub async fn fetch_pentest_stats() -> Result<PentestStatsResponse, ServerFnError

 #[server]
 pub async fn fetch_attack_chain(session_id: String) -> Result<AttackChainResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!(
-        "/api/v1/pentest/sessions/{session_id}/attack-chain"
-    ))
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/attack-chain",
+        state.agent_api_url
+    );
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: AttackChainResponse = resp
        .json()
        .await
@@ -178,17 +185,20 @@ pub async fn create_pentest_session(
    strategy: String,
    message: String,
 ) -> Result<PentestSessionResponse, ServerFnError> {
-    let resp =
-        super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/pentest/sessions")
-            .await?
-            .json(&serde_json::json!({
-                "target_id": target_id,
-                "strategy": strategy,
-                "message": message,
-            }))
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url);
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
+        .json(&serde_json::json!({
+            "target_id": target_id,
+            "strategy": strategy,
+            "message": message,
+        }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: PentestSessionResponse = resp
        .json()
        .await
@@ -201,15 +211,18 @@ pub async fn create_pentest_session(
 pub async fn create_pentest_session_wizard(
    config_json: String,
 ) -> Result<PentestSessionResponse, ServerFnError> {
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url);
    let config: serde_json::Value =
        serde_json::from_str(&config_json).map_err(|e| ServerFnError::new(e.to_string()))?;
-    let resp =
-        super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/pentest/sessions")
-            .await?
-            .json(&serde_json::json!({ "config": config }))
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
+        .json(&serde_json::json!({ "config": config }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    if !resp.status().is_success() {
        let text = resp.text().await.unwrap_or_default();
        return Err(ServerFnError::new(format!(
@@ -226,6 +239,8 @@ pub async fn create_pentest_session_wizard(
 /// Look up a tracked repository by its git URL
 #[server]
 pub async fn lookup_repo_by_url(url: String) -> Result<serde_json::Value, ServerFnError> {
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
    let encoded_url: String = url
        .bytes()
        .flat_map(|b| {
@@ -236,12 +251,13 @@ pub async fn lookup_repo_by_url(url: String) -> Result<serde_json::Value, Server
            }
        })
        .collect();
-    let resp =
-        super::agent_client::agent_get(&format!("/api/v1/pentest/lookup-repo?url={encoded_url}"))
-            .await?
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let api_url = format!(
+        "{}/api/v1/pentest/lookup-repo?url={}",
+        state.agent_api_url, encoded_url
+    );
+    let resp = reqwest::get(&api_url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: serde_json::Value = resp
        .json()
        .await
@@ -254,17 +270,21 @@ pub async fn send_pentest_message(
    session_id: String,
    message: String,
 ) -> Result<PentestMessagesResponse, ServerFnError> {
-    let resp = super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/pentest/sessions/{session_id}/chat"),
-    )
-    .await?
-    .json(&serde_json::json!({
-        "message": message,
-    }))
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/chat",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
+        .json(&serde_json::json!({
+            "message": message,
+        }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: PentestMessagesResponse = resp
        .json()
        .await
@@ -274,27 +294,35 @@ pub async fn send_pentest_message(

 #[server]
 pub async fn stop_pentest_session(session_id: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/pentest/sessions/{session_id}/stop"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/stop",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    Ok(())
 }

 #[server]
 pub async fn pause_pentest_session(session_id: String) -> Result<(), ServerFnError> {
-    let resp = super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/pentest/sessions/{session_id}/pause"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/pause",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    if !resp.status().is_success() {
        let text = resp.text().await.unwrap_or_default();
        return Err(ServerFnError::new(format!("Pause failed: {text}")));
@@ -304,14 +332,18 @@ pub async fn pause_pentest_session(session_id: String) -> Result<(), ServerFnErr

 #[server]
 pub async fn resume_pentest_session(session_id: String) -> Result<(), ServerFnError> {
-    let resp = super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/pentest/sessions/{session_id}/resume"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/resume",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    if !resp.status().is_success() {
        let text = resp.text().await.unwrap_or_default();
        return Err(ServerFnError::new(format!("Resume failed: {text}")));
@@ -323,12 +355,15 @@ pub async fn resume_pentest_session(session_id: String) -> Result<(), ServerFnEr
 pub async fn fetch_pentest_findings(
    session_id: String,
 ) -> Result<DastFindingsResponse, ServerFnError> {
-    let resp =
-        super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{session_id}/findings"))
-            .await?
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/findings",
+        state.agent_api_url
+    );
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: DastFindingsResponse = resp
        .json()
        .await
@@ -350,19 +385,23 @@ pub async fn export_pentest_report(
    requester_name: String,
    requester_email: String,
 ) -> Result<ExportReportResponse, ServerFnError> {
-    let resp = super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/pentest/sessions/{session_id}/export"),
-    )
-    .await?
-    .json(&serde_json::json!({
-        "password": password,
-        "requester_name": requester_name,
-        "requester_email": requester_email,
-    }))
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/pentest/sessions/{session_id}/export",
+        state.agent_api_url
+    );
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
+        .json(&serde_json::json!({
+            "password": password,
+            "requester_name": requester_name,
+            "requester_email": requester_email,
+        }))
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    if !resp.status().is_success() {
        let text = resp.text().await.unwrap_or_default();
        return Err(ServerFnError::new(format!("Export failed: {text}")));
@@ -12,10 +12,14 @@ pub struct RepositoryListResponse {

 #[server]
 pub async fn fetch_repositories(page: u64) -> Result<RepositoryListResponse, ServerFnError> {
-    let path = format!("/api/v1/repositories?page={page}&limit=20");
-    let resp = super::agent_client::agent_get(&path)
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/repositories?page={page}&limit=20",
+        state.agent_api_url
+    );
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: RepositoryListResponse = resp
@@ -37,6 +41,10 @@ pub async fn add_repository(
    tracker_repo: Option<String>,
    tracker_token: Option<String>,
 ) -> Result<(), ServerFnError> {
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/repositories", state.agent_api_url);
+
    let mut body = serde_json::json!({
        "name": name,
        "git_url": git_url,
@@ -61,8 +69,9 @@ pub async fn add_repository(
        body["tracker_token"] = serde_json::Value::String(tk);
    }

-    let resp = super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/repositories")
-        .await?
+    let client = reqwest::Client::new();
+    let resp = client
+        .post(&url)
        .json(&body)
        .send()
        .await
@@ -91,6 +100,10 @@ pub async fn update_repository(
    tracker_token: Option<String>,
    scan_schedule: Option<String>,
 ) -> Result<(), ServerFnError> {
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/repositories/{repo_id}", state.agent_api_url);
+
    let mut body = serde_json::Map::new();
    if let Some(v) = name.filter(|s| !s.is_empty()) {
        body.insert("name".into(), serde_json::Value::String(v));
@@ -120,15 +133,13 @@ pub async fn update_repository(
        body.insert("scan_schedule".into(), serde_json::Value::String(v));
    }

-    let resp = super::agent_client::agent_request(
-        reqwest::Method::PATCH,
-        &format!("/api/v1/repositories/{repo_id}"),
-    )
-    .await?
-    .json(&body)
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let client = reqwest::Client::new();
+    let resp = client
+        .patch(&url)
+        .json(&body)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;

    if !resp.status().is_success() {
        let text = resp.text().await.unwrap_or_default();
@@ -142,9 +153,11 @@ pub async fn update_repository(

 #[server]
 pub async fn fetch_ssh_public_key() -> Result<String, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/settings/ssh-public-key")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/settings/ssh-public-key", state.agent_api_url);
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;

@@ -166,14 +179,16 @@ pub async fn fetch_ssh_public_key() -> Result<String, ServerFnError> {

 #[server]
 pub async fn delete_repository(repo_id: String) -> Result<(), ServerFnError> {
-    let resp = super::agent_client::agent_request(
-        reqwest::Method::DELETE,
-        &format!("/api/v1/repositories/{repo_id}"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/repositories/{repo_id}", state.agent_api_url);
+
+    let client = reqwest::Client::new();
+    let resp = client
+        .delete(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;

    if !resp.status().is_success() {
        let body = resp.text().await.unwrap_or_default();
@@ -187,14 +202,16 @@ pub async fn delete_repository(repo_id: String) -> Result<(), ServerFnError> {

 #[server]
 pub async fn trigger_repo_scan(repo_id: String) -> Result<(), ServerFnError> {
-    super::agent_client::agent_request(
-        reqwest::Method::POST,
-        &format!("/api/v1/repositories/{repo_id}/scan"),
-    )
-    .await?
-    .send()
-    .await
-    .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/repositories/{repo_id}/scan", state.agent_api_url);
+
+    let client = reqwest::Client::new();
+    client
+        .post(&url)
+        .send()
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;

    Ok(())
 }
@@ -207,12 +224,16 @@ pub struct WebhookConfigResponse {

 #[server]
 pub async fn fetch_webhook_config(repo_id: String) -> Result<WebhookConfigResponse, ServerFnError> {
-    let resp =
-        super::agent_client::agent_get(&format!("/api/v1/repositories/{repo_id}/webhook-config"))
-            .await?
-            .send()
-            .await
-            .map_err(|e| ServerFnError::new(e.to_string()))?;
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/repositories/{repo_id}/webhook-config",
+        state.agent_api_url
+    );
+
+    let resp = reqwest::get(&url)
+        .await
+        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: WebhookConfigResponse = resp
        .json()
        .await
@@ -223,9 +244,11 @@ pub async fn fetch_webhook_config(repo_id: String) -> Result<WebhookConfigRespon
 /// Check if a repository has any running scans
 #[server]
 pub async fn check_repo_scanning(repo_id: String) -> Result<bool, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/scan-runs?page=1&limit=1")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/scan-runs?page=1&limit=1", state.agent_api_url);
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: serde_json::Value = resp
@@ -87,9 +87,11 @@ pub struct SbomFiltersResponse {

 #[server]
 pub async fn fetch_sbom_filters() -> Result<SbomFiltersResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/sbom/filters")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!("{}/api/v1/sbom/filters", state.agent_api_url);
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let text = resp
@@ -110,6 +112,9 @@ pub async fn fetch_sbom_filtered(
    license: Option<String>,
    page: u64,
 ) -> Result<SbomListResponse, ServerFnError> {
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
    let mut params = vec![format!("page={page}"), "limit=50".to_string()];
    if let Some(r) = &repo_id {
        if !r.is_empty() {
@@ -135,10 +140,9 @@ pub async fn fetch_sbom_filtered(
        }
    }

-    let path = format!("/api/v1/sbom?{}", params.join("&"));
-    let resp = super::agent_client::agent_get(&path)
-        .await?
-        .send()
+    let url = format!("{}/api/v1/sbom?{}", state.agent_api_url, params.join("&"));
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let text = resp
@@ -152,10 +156,15 @@ pub async fn fetch_sbom_filtered(

 #[server]
 pub async fn fetch_sbom_export(repo_id: String, format: String) -> Result<String, ServerFnError> {
-    let path = format!("/api/v1/sbom/export?repo_id={repo_id}&format={format}");
-    let resp = super::agent_client::agent_get(&path)
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!(
+        "{}/api/v1/sbom/export?repo_id={}&format={}",
+        state.agent_api_url, repo_id, format
+    );
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let text = resp
@@ -169,16 +178,17 @@ pub async fn fetch_sbom_export(repo_id: String, format: String) -> Result<String
 pub async fn fetch_license_summary(
    repo_id: Option<String>,
 ) -> Result<LicenseSummaryResponse, ServerFnError> {
-    let mut path = "/api/v1/sbom/licenses".to_string();
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let mut url = format!("{}/api/v1/sbom/licenses", state.agent_api_url);
    if let Some(r) = &repo_id {
        if !r.is_empty() {
-            path = format!("{path}?repo_id={r}");
+            url = format!("{url}?repo_id={r}");
        }
    }

-    let resp = super::agent_client::agent_get(&path)
-        .await?
-        .send()
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let text = resp
@@ -195,10 +205,15 @@ pub async fn fetch_sbom_diff(
    repo_a: String,
    repo_b: String,
 ) -> Result<SbomDiffResponse, ServerFnError> {
-    let path = format!("/api/v1/sbom/diff?repo_a={repo_a}&repo_b={repo_b}");
-    let resp = super::agent_client::agent_get(&path)
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+
+    let url = format!(
+        "{}/api/v1/sbom/diff?repo_a={}&repo_b={}",
+        state.agent_api_url, repo_a, repo_b
+    );
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let text = resp
@@ -12,9 +12,14 @@ pub struct ScansListResponse {

 #[server]
 pub async fn fetch_scan_runs(page: u64) -> Result<ScansListResponse, ServerFnError> {
-    let resp = super::agent_client::agent_get(&format!("/api/v1/scan-runs?page={page}&limit=20"))
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!(
+        "{}/api/v1/scan-runs?page={page}&limit=20",
+        state.agent_api_url
+    );
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: ScansListResponse = resp
@@ -16,9 +16,11 @@ pub struct OverviewStats {

 #[server]
 pub async fn fetch_overview_stats() -> Result<OverviewStats, ServerFnError> {
-    let resp = super::agent_client::agent_get("/api/v1/stats/overview")
-        .await?
-        .send()
+    let state: super::server_state::ServerState =
+        dioxus_fullstack::FullstackContext::extract().await?;
+    let url = format!("{}/api/v1/stats/overview", state.agent_api_url);
+
+    let resp = reqwest::get(&url)
        .await
        .map_err(|e| ServerFnError::new(e.to_string()))?;
    let body: serde_json::Value = resp
Author	SHA1	Message	Date
Sharang Parnerkar	08c4ec4cff	feat(m7.2-D): drop transitional agent.db, add admin helpers CI / Check (pull_request) Successful in 9m27s Details CI / Detect Changes (pull_request) Has been skipped Details CI / Deploy Agent (pull_request) Has been skipped Details CI / Deploy Dashboard (pull_request) Has been skipped Details CI / Deploy Docs (pull_request) Has been skipped Details CI / Deploy MCP (pull_request) Has been skipped Details Final slice of M7.2. Removes the transitional single-database handle that M7.2-A introduced alongside the pool, so the compliance-agent now has a single source of truth for storage: every code path obtains a tenant-scoped Database from `agent.db_pool.for_tenant_id(...)` or `for_tenant(&ctx)`. There is no shared "default" database anywhere. Changes - ComplianceAgent: `db: Database` field removed. ComplianceAgent::new now takes only `(config, db_pool)`. Verified by an earlier grep during M7.2-C that no remaining call site reads `agent.db`. - main.rs: stops constructing the legacy Database. Only the pool is built at startup. - TestServer: same — drops Database::connect/ensure_indexes, builds only the pool. cleanup() now drops every `<db_name>_*` per-tenant database (no longer touches a bare `<db_name>`). - DatabasePool::list_tenant_db_names() — lists Mongo databases matching the pool's prefix. For admin endpoints + scheduler tenant enumeration in a future M7.3 (this PR keeps SCHEDULER_TENANT_IDS env config — registry integration is a separate concern). - DatabasePool::drop_tenant(&str) — idempotent tenant offboarding. Drops the per-tenant database and evicts the in-memory `ensured` marker so a later re-provision re-runs ensure_indexes. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 6 pass including new `admin_helpers_list_and_drop_tenant_dbs` - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass M7.2 closeout state after this lands - M7.1 (auth + status) — done - M7.2-A (pool) — done - M7.2-B (handlers) — done - M7.2-C (background paths) — done - M7.2-D (legacy db removed, admin helpers) — done (this PR) - Future M7.3: scheduler pulls tenants from tenant-registry instead of SCHEDULER_TENANT_IDS env; cross-tenant admin HTTP endpoints built on list_tenant_db_names / drop_tenant. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-17 15:05:27 +02:00
Sharang Parnerkar	0f6dd1135e	feat(m7.2-C): migrate background paths to per-tenant pool CI / Check (pull_request) Successful in 10m33s Details CI / Detect Changes (pull_request) Has been skipped Details CI / Deploy Agent (pull_request) Has been skipped Details CI / Deploy Dashboard (pull_request) Has been skipped Details CI / Deploy Docs (pull_request) Has been skipped Details CI / Deploy MCP (pull_request) Has been skipped Details Closes the loop on M7.2 isolation for paths that don't have a JWT context: scheduler, webhooks, and the agent's `run_scan` / `run_pr_review` helpers all now take a `tenant_id` at the boundary and resolve to a tenant-scoped `Database` via `db_pool.for_tenant_id(...)`. Internal orchestrators (PipelineOrchestrator, PentestOrchestrator) and pipeline helpers were already DB-agnostic — they take `db: Database` at construction and don't care which tenant it points to. Changes - DatabasePool::for_tenant_id(&str) — same as for_tenant but accepts a bare tenant_id. Background paths don't have a full TenantContext. for_tenant is now a thin wrapper that delegates. - agent.run_scan(tenant_id, repo_id, trigger) — pulls the tenant database before constructing the PipelineOrchestrator. Was: run_scan(repo_id, trigger) reading agent.db. - agent.run_pr_review(tenant_id, repo_id, ...) — same shape. - Webhook routes change: /webhook/{tenant_id}/{platform}/{repo_id}. Tenant is part of the URL path because webhooks arrive without a JWT — they're authenticated via per-repo HMAC, not the tenant gate. The dashboard surfaces the full per-tenant URL when the repo is registered. All three handlers (gitea, github, gitlab) updated. - scheduler.rs — iterates tenants from $SCHEDULER_TENANT_IDS (comma-separated env), or DEV_TENANT_ID's `dev` default. Both scan_all_repos and monitor_cves now run once per configured tenant. M7.2-D will replace this static config with a pull from the tenant-registry. - api/handlers/repos.rs::trigger_scan now passes tenant.0.tenant_id. What's unchanged because it didn't need to change - PipelineOrchestrator, PentestOrchestrator: take `db: Database` at construction — they're tenant-DB-agnostic by design. The caller picks the tenant DB. - pipeline/{dedup,graph_build,issue_creation,sbom/mod}.rs, pentest/{context,report/html/*}.rs, trackers/jira.rs, llm/triage.rs: take `&Database` or `&mongodb::Database` as args, transitively tenant-scoped via the caller. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 5 pass - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass What's left (PR-D) - Drop the transitional agent.db field — no remaining call sites (verified by `grep -rn "agent\.db\b" compliance-agent/src`). - main.rs / TestServer stop building the legacy Database; only the pool remains. - Add cross-tenant admin helpers (list tenants, drop tenant DB) on the pool for offboarding flows. - Pull tenants from the tenant-registry instead of an env var. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-17 15:00:37 +02:00
Sharang Parnerkar	cdfbb62f9d	feat(m7.2-B): migrate API handlers to per-tenant database pool CI / Check (pull_request) Successful in 8m9s Details CI / Detect Changes (pull_request) Has been skipped Details CI / Deploy Agent (pull_request) Has been skipped Details CI / Deploy Dashboard (pull_request) Has been skipped Details CI / Deploy Docs (pull_request) Has been skipped Details CI / Deploy MCP (pull_request) Has been skipped Details Builds on PR M7.2-A. Every HTTP handler in compliance-agent/src/api/ now takes a TenantCtx extractor and pulls a tenant-scoped Database from agent.db_pool.for_tenant(&ctx). The query bodies are unchanged — `db.findings().find(doc! {...})` reads from the tenant's own physical database, so the filter doc cannot leak data across tenants because the wrong tenant's data is literally on a different db handle. Changes - New `dto::tenant_db(&agent, &tenant) -> Result<Database, StatusCode>` helper. Every migrated handler calls it at the top of the body instead of `let db = &agent.db;`. 500 on the rare pool failure; 4xx auth failures are already handled by the M7.1 status gate. - New `api::server::inject_dev_tenant` middleware mounted only when Keycloak is NOT configured. Synthesizes a TenantContext with tenant_id = $DEV_TENANT_ID (default `dev`) so `cargo run` against a bare Mongo + no KC still serves the API. Logged loudly as "DO NOT use in any environment with real customer data". - Test harness: TestServer mounts inject_dev_tenant so existing E2E tests reach handlers; cleanup() now drops every <db_name>_* per-tenant database, not just the legacy <db_name>. Files migrated (handler count, all pass `cargo build`): - chat.rs (3) — also rewires RagPipeline + EmbeddingStore to the tenant DB's inner() so vector search is per-tenant - dast.rs (5) - findings.rs (5) - graph.rs (7) — also rewires GraphStore inside trigger_build's spawn to the tenant DB - health.rs (1) — stats_overview migrated; public /health stays un-scoped - issues.rs (1) - notifications.rs (5) - pentest_handlers/session.rs (12) — both wizard + legacy paths, plus pause/resume/stop/get_attack_chain/get_messages/ get_session_findings/lookup_repo. PentestOrchestrator now gets the tenant DB clone in its spawn. - pentest_handlers/export.rs (1) — fans out across sessions, attack_chain_nodes, dast_findings, findings, sbom_entries, graph_nodes from a single tenant_db acquisition - pentest_handlers/stats.rs (1) - pentest_handlers/stream.rs (1) — SSE handler verifies session via the tenant DB before subscribing - repos.rs (6) - sbom.rs (5) - scans.rs (1) help_chat.rs has no DB queries and was skipped. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 5 pass (driver-level isolation still holds post-handler migration) - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass What's not yet migrated (PR-C / PR-D) - scheduler.rs (6 sites), pipeline/orchestrator.rs (14), pentest/orchestrator.rs (13), webhooks (gitea/github/gitlab), trackers/jira.rs, pipeline/dedup.rs etc. — background paths without a JWT-derived tenant context. - agent.db is still in the ComplianceAgent struct as a transitional handle for those paths. PR-D removes it once PR-C migrates the background paths. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-17 13:28:33 +02:00
Sharang Parnerkar	003835764e	fixup(m7.2-A): validate db_prefix at connect, bump hash to 16 bytes CI / Check (pull_request) Successful in 8m29s Details CI / Detect Changes (pull_request) Has been skipped Details CI / Deploy Agent (pull_request) Has been skipped Details CI / Deploy Dashboard (pull_request) Has been skipped Details CI / Deploy Docs (pull_request) Has been skipped Details CI / Deploy MCP (pull_request) Has been skipped Details Addresses review feedback on the hash-fallback path. The original `debug_assert!(hashed.len() <= MAX_DB_NAME_LEN)` was a runtime hack that vanished in release builds. With an 8-byte hash truncation (~2^32 birthday-collision resistance), two tenant_ids hashing to the same suffix would silently share a database — no panic, no rollback, just cross-tenant data leak. Not acceptable for a regulated-industry product. Changes: - Bump hash truncation 8 → 16 bytes (32 hex chars). 2^64 birthday resistance — collision-impossible at our scale. - Add MAX_PREFIX_LEN (= 30) and validate db_prefix.len() at `DatabasePool::connect`. The runtime hash-fallback arithmetic is now provably within Mongo's 63-byte cap; drop the debug_assert!. - New test `connect_rejects_overlong_db_prefix` exercises the inclusive bound (30 passes, 31 fails). - Existing hash-fallback test now asserts a 32-char hex suffix + basic distinctness for two different inputs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-17 13:16:46 +02:00
Sharang Parnerkar	e3aabe7d18	feat(m7.2-A): introduce per-tenant DatabasePool CI / Check (pull_request) Successful in 8m40s Details CI / Detect Changes (pull_request) Has been skipped Details CI / Deploy Agent (pull_request) Has been skipped Details CI / Deploy Dashboard (pull_request) Has been skipped Details CI / Deploy Docs (pull_request) Has been skipped Details CI / Deploy MCP (pull_request) Has been skipped Details First slice of the M7.2 tenant-isolation work. Adds a `DatabasePool` that hands out per-tenant `Database` handles physically scoped to `<prefix>_<tenant_id>` Mongo databases. Isolation is at the driver, not at "we hope we filter" — a handle for tenant A literally cannot see tenant B's documents because it's connected to a different db. What's in this PR - DatabasePool::connect — pings the cluster, prepares per-tenant lazy handles. - DatabasePool::for_tenant(&TenantContext) — returns a Database scoped to that tenant. ensure_indexes runs once per tenant per process via a DashMap-backed marker; failure rolls the marker back so the next request retries. - tenant_db_name — `<prefix>_<sanitized_tenant_id>` if it fits in Mongo's 63-byte db-name cap, else `<prefix>_<sha256-16hex>` fallback. - Sanitizer rewrites the Mongo-disallowed chars (`/ \ . " $ <space> NUL`) so any future tenant_id shape works. - ComplianceAgent gains a `db_pool: DatabasePool` field next to the existing `db: Database`. Handlers / pipelines / webhooks still use `db` — they migrate to `db_pool.for_tenant(&ctx)` in M7.2-B/C and `db` goes away in M7.2-D. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 4 pass against live mongo on 27017: * pool_isolates_tenants_at_driver_level — writes for acme + globex, reads through each tenant's handle; each sees exactly its own data with no filter doc anywhere. * for_tenant_is_idempotent_index_creation — second + third call for the same tenant do not error. * tenant_db_name_sanitizes_unsafe_characters * tenant_db_name_falls_back_to_hash_when_too_long — 100-byte tenant_id collapses to a stable 8-byte hex suffix. Why per-tenant DB vs `tenant_id` field + filter - Driver-level isolation; impossible to forget the filter on one of the 184 query call-sites in compliance-agent. - Handlers don't change shape at migration — `agent.db.findings()` becomes `db.findings()` after pulling `db` from `agent.db_pool.for_tenant(&ctx)`. - GDPR delete = `db.dropDatabase()`. - On-prem deploy = the same code path, with one tenant. - Trade-off accepted: index storage duplicated per tenant; Mongo's ~thousand-db ceiling is way above the 10s-100s tenants we're targeting. Caveats - Existing `agent.db` continues to point at the single legacy db. Handlers / pipelines that use it are unscoped until M7.2-B/C migrate them. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-17 11:58:24 +02:00