From e3aabe7d18c1e36334d7df1203b4083f9a848555 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Wed, 17 Jun 2026 11:58:24 +0200 Subject: [PATCH 1/6] feat(m7.2-A): introduce per-tenant DatabasePool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit First slice of the M7.2 tenant-isolation work. Adds a `DatabasePool` that hands out per-tenant `Database` handles physically scoped to `_` Mongo databases. Isolation is at the driver, not at "we hope we filter" — a handle for tenant A literally cannot see tenant B's documents because it's connected to a different db. What's in this PR - DatabasePool::connect — pings the cluster, prepares per-tenant lazy handles. - DatabasePool::for_tenant(&TenantContext) — returns a Database scoped to that tenant. ensure_indexes runs once per tenant per process via a DashMap-backed marker; failure rolls the marker back so the next request retries. - tenant_db_name — `_` if it fits in Mongo's 63-byte db-name cap, else `_` fallback. - Sanitizer rewrites the Mongo-disallowed chars (`/ \ . " $ NUL`) so any future tenant_id shape works. - ComplianceAgent gains a `db_pool: DatabasePool` field next to the existing `db: Database`. Handlers / pipelines / webhooks still use `db` — they migrate to `db_pool.for_tenant(&ctx)` in M7.2-B/C and `db` goes away in M7.2-D. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 4 pass against live mongo on 27017: * pool_isolates_tenants_at_driver_level — writes for acme + globex, reads through each tenant's handle; each sees exactly its own data with no filter doc anywhere. * for_tenant_is_idempotent_index_creation — second + third call for the same tenant do not error. * tenant_db_name_sanitizes_unsafe_characters * tenant_db_name_falls_back_to_hash_when_too_long — 100-byte tenant_id collapses to a stable 8-byte hex suffix. Why per-tenant DB vs `tenant_id` field + filter - Driver-level isolation; impossible to forget the filter on one of the 184 query call-sites in compliance-agent. - Handlers don't change shape at migration — `agent.db.findings()` becomes `db.findings()` after pulling `db` from `agent.db_pool.for_tenant(&ctx)`. - GDPR delete = `db.dropDatabase()`. - On-prem deploy = the same code path, with one tenant. - Trade-off accepted: index storage duplicated per tenant; Mongo's ~thousand-db ceiling is way above the 10s-100s tenants we're targeting. Caveats - Existing `agent.db` continues to point at the single legacy db. Handlers / pipelines that use it are unscoped until M7.2-B/C migrate them. Co-Authored-By: Claude Opus 4.7 --- compliance-agent/src/agent.rs | 11 +- compliance-agent/src/database.rs | 120 +++++++++++++ compliance-agent/src/main.rs | 8 +- compliance-agent/tests/common/mod.rs | 8 +- compliance-agent/tests/tenant_isolation.rs | 198 +++++++++++++++++++++ 5 files changed, 340 insertions(+), 5 deletions(-) create mode 100644 compliance-agent/tests/tenant_isolation.rs diff --git a/compliance-agent/src/agent.rs b/compliance-agent/src/agent.rs index 61e73e6..bc66705 100644 --- a/compliance-agent/src/agent.rs +++ b/compliance-agent/src/agent.rs @@ -6,7 +6,7 @@ use tokio::sync::{broadcast, watch, Semaphore}; use compliance_core::models::pentest::PentestEvent; use compliance_core::AgentConfig; -use crate::database::Database; +use crate::database::{Database, DatabasePool}; use crate::llm::LlmClient; use crate::pipeline::orchestrator::PipelineOrchestrator; @@ -16,7 +16,13 @@ const DEFAULT_MAX_CONCURRENT_SESSIONS: usize = 5; #[derive(Clone)] pub struct ComplianceAgent { pub config: AgentConfig, + /// Transitional single-database handle. Used by handlers that have + /// not yet been migrated to `db_pool.for_tenant(&ctx)` (M7.2-B/C). + /// Will be removed once every call site is tenant-scoped (M7.2-D). pub db: Database, + /// Per-tenant Mongo broker introduced in M7.2-A. Handlers should + /// prefer this and obtain a tenant-scoped [`Database`] from it. + pub db_pool: DatabasePool, pub llm: Arc, pub http: reqwest::Client, /// Per-session broadcast senders for SSE streaming. @@ -28,7 +34,7 @@ pub struct ComplianceAgent { } impl ComplianceAgent { - pub fn new(config: AgentConfig, db: Database) -> Self { + pub fn new(config: AgentConfig, db: Database, db_pool: DatabasePool) -> Self { let llm = Arc::new(LlmClient::new( config.litellm_url.clone(), config.litellm_api_key.clone(), @@ -43,6 +49,7 @@ impl ComplianceAgent { Self { config, db, + db_pool, llm, http, session_streams: Arc::new(DashMap::new()), diff --git a/compliance-agent/src/database.rs b/compliance-agent/src/database.rs index 80d3b04..6fc6f9c 100644 --- a/compliance-agent/src/database.rs +++ b/compliance-agent/src/database.rs @@ -1,11 +1,125 @@ +use std::sync::Arc; + +use dashmap::DashMap; use mongodb::bson::doc; use mongodb::options::IndexOptions; use mongodb::{Client, Collection, IndexModel}; +use sha2::{Digest, Sha256}; use compliance_core::models::*; +use compliance_core::TenantContext; use crate::error::AgentError; +/// Mongo enforces a 63-byte cap on database names (older clusters: 64 +/// on Linux, 63 on Windows; we target the conservative limit). +const MAX_DB_NAME_LEN: usize = 63; + +/// Per-tenant Mongo connection broker (M7.2 isolation model). +/// +/// Holds one [`Client`] and hands out [`Database`] handles physically +/// scoped to `_`. The driver is the isolation +/// boundary — a handle for tenant A cannot see tenant B's documents +/// because it is connected to a different database, not because of an +/// application-level filter. +/// +/// Index creation runs idempotently the first time each tenant is seen +/// in the process's lifetime. Mongo's `createIndex` is itself idempotent +/// by index name; the in-memory `ensured` set just skips the round-trip. +#[derive(Clone, Debug)] +pub struct DatabasePool { + client: Client, + db_prefix: String, + ensured: Arc>, +} + +impl DatabasePool { + /// Connect to the cluster and prepare to hand out tenant databases + /// named `_`. + pub async fn connect(uri: &str, db_prefix: &str) -> Result { + let client = Client::with_uri_str(uri).await?; + client + .database("admin") + .run_command(doc! { "ping": 1 }) + .await?; + tracing::info!( + "MongoDB cluster reachable; per-tenant pool ready (db prefix '{db_prefix}')" + ); + Ok(Self { + client, + db_prefix: db_prefix.to_string(), + ensured: Arc::new(DashMap::new()), + }) + } + + /// Return a [`Database`] scoped to this tenant. Ensures indexes on + /// first call per tenant (per process). Cheap on the hot path — + /// subsequent calls skip the round-trip. + pub async fn for_tenant(&self, ctx: &TenantContext) -> Result { + let db_name = self.tenant_db_name(&ctx.tenant_id); + let db = Database::from_database(self.client.database(&db_name)); + // `DashMap::insert` returns the previous value; `None` means we + // were the first writer for this tenant_id and own the + // index-ensure work. + if self.ensured.insert(ctx.tenant_id.clone(), ()).is_none() { + if let Err(e) = db.ensure_indexes().await { + // Roll the marker back so the next request retries. + self.ensured.remove(&ctx.tenant_id); + return Err(e); + } + tracing::debug!( + tenant_id = %ctx.tenant_id, + db_name = %db_name, + "Indexes ensured for tenant database" + ); + } + Ok(db) + } + + /// Compute the Mongo database name for a tenant. Public for tests + /// and tenant offboarding (`pool.client().database(name).drop()`). + /// + /// Format: `_` if it fits in 63 chars, + /// otherwise `_`. The hash + /// fallback is collision-resistant in practice (2^64 keyspace) + /// while keeping the name bounded. + pub fn tenant_db_name(&self, tenant_id: &str) -> String { + let sanitized = sanitize_tenant_id(tenant_id); + let natural = format!("{}_{}", self.db_prefix, sanitized); + if natural.len() <= MAX_DB_NAME_LEN { + natural + } else { + let mut hasher = Sha256::new(); + hasher.update(tenant_id.as_bytes()); + let digest = hasher.finalize(); + // 16 hex chars = 8 bytes = 64-bit truncation. + let suffix = hex::encode(&digest[..8]); + let hashed = format!("{}_{}", self.db_prefix, suffix); + debug_assert!(hashed.len() <= MAX_DB_NAME_LEN); + hashed + } + } + + /// Raw client handle. Reserved for cross-tenant admin flows that + /// must opt in explicitly (tenant listing, drop-on-offboard). + pub fn client(&self) -> &Client { + &self.client + } +} + +/// Mongo database names disallow `/`, `\`, `.`, `"`, `$`, ` `, and NUL. +/// breakpilot-dev tenant_ids are UUIDs so this is belt-and-braces, but +/// it lets the pool tolerate any future tenant_id shape without surprise. +fn sanitize_tenant_id(tenant_id: &str) -> String { + tenant_id + .chars() + .map(|c| match c { + '/' | '\\' | '.' | '"' | '$' | ' ' | '\0' => '_', + c => c, + }) + .collect() +} + #[derive(Clone, Debug)] pub struct Database { inner: mongodb::Database, @@ -20,6 +134,12 @@ impl Database { Ok(Self { inner: db }) } + /// Wrap an already-resolved Mongo database. Used by [`DatabasePool`] + /// to hand out tenant-scoped handles without a fresh client per tenant. + pub(crate) fn from_database(inner: mongodb::Database) -> Self { + Self { inner } + } + pub async fn ensure_indexes(&self) -> Result<(), AgentError> { // repositories: unique git_url self.repositories() diff --git a/compliance-agent/src/main.rs b/compliance-agent/src/main.rs index 64e862f..1270b22 100644 --- a/compliance-agent/src/main.rs +++ b/compliance-agent/src/main.rs @@ -28,7 +28,13 @@ async fn main() -> Result<(), Box> { let db = database::Database::connect(&config.mongodb_uri, &config.mongodb_database).await?; db.ensure_indexes().await?; - let agent = agent::ComplianceAgent::new(config.clone(), db.clone()); + // M7.2-A: per-tenant pool. Uses `mongodb_database` as the db-name + // prefix so tenant databases land as `_` next to + // the legacy single-tenant database. + let db_pool = + database::DatabasePool::connect(&config.mongodb_uri, &config.mongodb_database).await?; + + let agent = agent::ComplianceAgent::new(config.clone(), db.clone(), db_pool); tracing::info!("Starting scheduler..."); let scheduler_agent = agent.clone(); diff --git a/compliance-agent/tests/common/mod.rs b/compliance-agent/tests/common/mod.rs index 1cbe46f..756ef34 100644 --- a/compliance-agent/tests/common/mod.rs +++ b/compliance-agent/tests/common/mod.rs @@ -7,7 +7,7 @@ use std::sync::Arc; use compliance_agent::agent::ComplianceAgent; use compliance_agent::api; -use compliance_agent::database::Database; +use compliance_agent::database::{Database, DatabasePool}; use compliance_core::AgentConfig; use secrecy::SecretString; @@ -33,6 +33,10 @@ impl TestServer { .expect("Failed to connect to MongoDB — is it running?"); db.ensure_indexes().await.expect("Failed to create indexes"); + let db_pool = DatabasePool::connect(&mongodb_uri, &db_name) + .await + .expect("Failed to build DatabasePool"); + let config = AgentConfig { mongodb_uri: mongodb_uri.clone(), mongodb_database: db_name.clone(), @@ -69,7 +73,7 @@ impl TestServer { pentest_imap_password: None, }; - let agent = ComplianceAgent::new(config, db); + let agent = ComplianceAgent::new(config, db, db_pool); // Build the router with the agent extension let app = api::routes::build_router() diff --git a/compliance-agent/tests/tenant_isolation.rs b/compliance-agent/tests/tenant_isolation.rs new file mode 100644 index 0000000..1c23f94 --- /dev/null +++ b/compliance-agent/tests/tenant_isolation.rs @@ -0,0 +1,198 @@ +//! M7.2-A — `DatabasePool` isolation proof. +//! +//! Two `TenantContext`s, two databases, one client. Insert on A, query +//! on B → empty. Insert on B, query on A → only A's docs. Proves that +//! the per-tenant database split actually isolates at the driver level +//! and not at "we hope we filter." +//! +//! Requires MongoDB. Set `TEST_MONGODB_URI` to override the default +//! `mongodb://root:example@localhost:27017/?authSource=admin`. + +#![allow(clippy::expect_used, clippy::unwrap_used)] + +use compliance_agent::database::DatabasePool; +use compliance_core::models::TrackedRepository; +use compliance_core::{OrgRole, TenantContext, TenantStatus}; +use mongodb::bson::doc; + +fn ctx(tenant_id: &str, slug: &str) -> TenantContext { + TenantContext { + tenant_id: tenant_id.to_string(), + tenant_slug: slug.to_string(), + org_roles: vec![OrgRole::ItAdmin], + products: vec!["compliance-scanner".to_string()], + plan: "starter".to_string(), + status: TenantStatus::Active, + user_id: "u-1".to_string(), + user_name: None, + } +} + +fn fixture_repo(name: &str, git_url: &str) -> TrackedRepository { + TrackedRepository { + id: None, + name: name.to_string(), + git_url: git_url.to_string(), + default_branch: "main".to_string(), + local_path: None, + scan_schedule: None, + webhook_enabled: false, + webhook_secret: None, + tracker_type: None, + tracker_owner: None, + tracker_repo: None, + tracker_token: None, + auth_token: None, + auth_username: None, + last_scanned_commit: None, + findings_count: 0, + created_at: chrono::Utc::now(), + updated_at: chrono::Utc::now(), + } +} + +#[tokio::test] +async fn pool_isolates_tenants_at_driver_level() { + let uri = std::env::var("TEST_MONGODB_URI") + .unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into()); + // Unique per run so parallel test invocations don't collide. Kept + // short because Mongo caps db names at 63 bytes (prefix + tenant_id). + let prefix = format!("m72a_{}", short_id()); + + let pool = DatabasePool::connect(&uri, &prefix) + .await + .expect("Failed to connect to MongoDB — is it running?"); + + let acme = ctx("00000000-0000-0000-0000-00000000acme", "acme"); + let globex = ctx("00000000-0000-0000-0000-0000globex000", "globex"); + + let acme_db = pool.for_tenant(&acme).await.expect("acme db"); + let globex_db = pool.for_tenant(&globex).await.expect("globex db"); + + // Write distinct repos into each tenant's database. + acme_db + .repositories() + .insert_one(fixture_repo("acme-app", "git@example.com:acme/app.git")) + .await + .expect("insert acme"); + globex_db + .repositories() + .insert_one(fixture_repo( + "globex-platform", + "git@example.com:globex/platform.git", + )) + .await + .expect("insert globex"); + + // The point of the whole exercise: acme can ONLY see acme's repo + // and globex can ONLY see globex's, with no filter doc anywhere + // because the isolation is at the database handle, not in the query. + let acme_seen = collect(&acme_db).await; + let globex_seen = collect(&globex_db).await; + + assert_eq!(acme_seen.len(), 1, "acme should see exactly its own repo"); + assert_eq!(acme_seen[0].name, "acme-app"); + assert_eq!( + globex_seen.len(), + 1, + "globex should see exactly its own repo" + ); + assert_eq!(globex_seen[0].name, "globex-platform"); + + // Sanity: the two databases really are different by name. + let acme_db_name = pool.tenant_db_name(&acme.tenant_id); + let globex_db_name = pool.tenant_db_name(&globex.tenant_id); + assert_ne!(acme_db_name, globex_db_name); + assert!(acme_db_name.starts_with(&prefix)); + + // Cleanup — drop both per-tenant databases. + pool.client() + .database(&acme_db_name) + .drop() + .await + .expect("drop acme"); + pool.client() + .database(&globex_db_name) + .drop() + .await + .expect("drop globex"); +} + +#[tokio::test] +async fn for_tenant_is_idempotent_index_creation() { + let uri = std::env::var("TEST_MONGODB_URI") + .unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into()); + let prefix = format!("m72a_{}", short_id()); + let pool = DatabasePool::connect(&uri, &prefix).await.expect("connect"); + + let acme = ctx("00000000-0000-0000-0000-00000000acme", "acme"); + + // Second call must not fail (ensure_indexes already ran, in-memory + // marker is set, Mongo's createIndex is idempotent by name anyway). + let _ = pool.for_tenant(&acme).await.expect("first call"); + let _ = pool.for_tenant(&acme).await.expect("second call"); + let _ = pool.for_tenant(&acme).await.expect("third call"); + + // Cleanup + let db_name = pool.tenant_db_name(&acme.tenant_id); + pool.client().database(&db_name).drop().await.expect("drop"); +} + +#[tokio::test] +async fn tenant_db_name_sanitizes_unsafe_characters() { + let uri = std::env::var("TEST_MONGODB_URI") + .unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into()); + let pool = DatabasePool::connect(&uri, "m72a_sanitize") + .await + .expect("connect"); + + // Mongo db names cannot contain `/ \ . " $ NUL`. The pool + // must rewrite these without exploding on connect. + let funky = "te/n.a\\nt$id\" with spaces"; + let name = pool.tenant_db_name(funky); + for c in ['/', '\\', '.', '"', '$', ' '] { + assert!( + !name.contains(c), + "sanitized db name still contains {c:?}: {name}" + ); + } +} + +#[tokio::test] +async fn tenant_db_name_falls_back_to_hash_when_too_long() { + let uri = std::env::var("TEST_MONGODB_URI") + .unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into()); + let pool = DatabasePool::connect(&uri, "m72a_long") + .await + .expect("connect"); + + // 100-byte tenant_id would overflow the 63-byte db-name cap with + // any reasonable prefix. The pool must hash it down. + let huge = "x".repeat(100); + let name = pool.tenant_db_name(&huge); + assert!(name.len() <= 63, "hashed name should fit: {name}"); + assert!(name.starts_with("m72a_long_")); + + // Stable: same input → same output. + assert_eq!(name, pool.tenant_db_name(&huge)); +} + +/// Short UUID slug for keeping test prefixes well under Mongo's 63-byte +/// db-name cap. +fn short_id() -> String { + uuid::Uuid::new_v4().simple().to_string()[..8].to_string() +} + +/// Drain a `repositories` find cursor on the given tenant database. +async fn collect(db: &compliance_agent::database::Database) -> Vec { + let mut cursor = db + .repositories() + .find(doc! {}) + .await + .expect("find repositories"); + let mut out = Vec::new(); + while cursor.advance().await.expect("advance") { + out.push(cursor.deserialize_current().expect("deserialize")); + } + out +} -- 2.52.0 From 003835764e298fbb66616fdc4df2efc8ee835d7f Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Wed, 17 Jun 2026 13:16:46 +0200 Subject: [PATCH 2/6] fixup(m7.2-A): validate db_prefix at connect, bump hash to 16 bytes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addresses review feedback on the hash-fallback path. The original `debug_assert!(hashed.len() <= MAX_DB_NAME_LEN)` was a runtime hack that vanished in release builds. With an 8-byte hash truncation (~2^32 birthday-collision resistance), two tenant_ids hashing to the same suffix would silently share a database — no panic, no rollback, just cross-tenant data leak. Not acceptable for a regulated-industry product. Changes: - Bump hash truncation 8 → 16 bytes (32 hex chars). 2^64 birthday resistance — collision-impossible at our scale. - Add MAX_PREFIX_LEN (= 30) and validate db_prefix.len() at `DatabasePool::connect`. The runtime hash-fallback arithmetic is now provably within Mongo's 63-byte cap; drop the debug_assert!. - New test `connect_rejects_overlong_db_prefix` exercises the inclusive bound (30 passes, 31 fails). - Existing hash-fallback test now asserts a 32-char hex suffix + basic distinctness for two different inputs. Co-Authored-By: Claude Opus 4.7 --- compliance-agent/src/database.rs | 44 +++++++++++++++++----- compliance-agent/tests/tenant_isolation.rs | 36 ++++++++++++++++++ 2 files changed, 71 insertions(+), 9 deletions(-) diff --git a/compliance-agent/src/database.rs b/compliance-agent/src/database.rs index 6fc6f9c..0d5e4f6 100644 --- a/compliance-agent/src/database.rs +++ b/compliance-agent/src/database.rs @@ -15,6 +15,16 @@ use crate::error::AgentError; /// on Linux, 63 on Windows; we target the conservative limit). const MAX_DB_NAME_LEN: usize = 63; +/// Hex length of the SHA-256 truncation used for the hash fallback +/// tenant DB name (16 bytes → 32 hex chars). 16 bytes gives ~2^64 +/// birthday-collision resistance — at our 10s-100s tenant scale this +/// is effectively impossible to hit. +const HASH_HEX_LEN: usize = 32; + +/// Largest `db_prefix` that still guarantees the hash-fallback name +/// fits in the 63-byte cap: `prefix + "_" + 32 hex chars`. +const MAX_PREFIX_LEN: usize = MAX_DB_NAME_LEN - 1 - HASH_HEX_LEN; + /// Per-tenant Mongo connection broker (M7.2 isolation model). /// /// Holds one [`Client`] and hands out [`Database`] handles physically @@ -36,7 +46,19 @@ pub struct DatabasePool { impl DatabasePool { /// Connect to the cluster and prepare to hand out tenant databases /// named `_`. + /// + /// Validates `db_prefix.len() <= MAX_PREFIX_LEN` so the + /// hash-fallback path is provably within Mongo's 63-byte db-name + /// cap. Refuses to construct a pool that could ever produce an + /// over-long name. pub async fn connect(uri: &str, db_prefix: &str) -> Result { + if db_prefix.len() > MAX_PREFIX_LEN { + return Err(AgentError::Other(format!( + "db_prefix '{db_prefix}' is {} chars; max is {MAX_PREFIX_LEN} so the \ + hash-fallback tenant DB name fits Mongo's {MAX_DB_NAME_LEN}-byte cap", + db_prefix.len() + ))); + } let client = Client::with_uri_str(uri).await?; client .database("admin") @@ -79,10 +101,17 @@ impl DatabasePool { /// Compute the Mongo database name for a tenant. Public for tests /// and tenant offboarding (`pool.client().database(name).drop()`). /// - /// Format: `_` if it fits in 63 chars, - /// otherwise `_`. The hash - /// fallback is collision-resistant in practice (2^64 keyspace) - /// while keeping the name bounded. + /// Format: `_` if it fits the 63-byte + /// cap, else `_`. The + /// `db_prefix` length invariant established at [`Self::connect`] + /// guarantees the hash-fallback name always fits — no runtime + /// assertion needed. + /// + /// Collision resistance: the hash fallback is a 16-byte SHA-256 + /// truncation, which gives ~2^64 birthday-collision resistance. At + /// our 10s–100s tenant scale the probability of two tenant_ids + /// colliding is effectively zero. (8-byte truncation would have + /// been ~2^32 — too close for comfort on a regulated product.) pub fn tenant_db_name(&self, tenant_id: &str) -> String { let sanitized = sanitize_tenant_id(tenant_id); let natural = format!("{}_{}", self.db_prefix, sanitized); @@ -92,11 +121,8 @@ impl DatabasePool { let mut hasher = Sha256::new(); hasher.update(tenant_id.as_bytes()); let digest = hasher.finalize(); - // 16 hex chars = 8 bytes = 64-bit truncation. - let suffix = hex::encode(&digest[..8]); - let hashed = format!("{}_{}", self.db_prefix, suffix); - debug_assert!(hashed.len() <= MAX_DB_NAME_LEN); - hashed + let suffix = hex::encode(&digest[..HASH_HEX_LEN / 2]); + format!("{}_{}", self.db_prefix, suffix) } } diff --git a/compliance-agent/tests/tenant_isolation.rs b/compliance-agent/tests/tenant_isolation.rs index 1c23f94..a12b57d 100644 --- a/compliance-agent/tests/tenant_isolation.rs +++ b/compliance-agent/tests/tenant_isolation.rs @@ -172,9 +172,45 @@ async fn tenant_db_name_falls_back_to_hash_when_too_long() { let name = pool.tenant_db_name(&huge); assert!(name.len() <= 63, "hashed name should fit: {name}"); assert!(name.starts_with("m72a_long_")); + // The hash suffix is 32 hex chars (16-byte SHA-256 truncation). + let suffix = name.trim_start_matches("m72a_long_"); + assert_eq!( + suffix.len(), + 32, + "expected 32-hex suffix (16-byte hash), got {suffix:?}" + ); + assert!(suffix.chars().all(|c| c.is_ascii_hexdigit())); // Stable: same input → same output. assert_eq!(name, pool.tenant_db_name(&huge)); + + // Different inputs → different outputs (collision check on a tiny + // sample — full birthday-resistance is a proof not a test). + let huge2 = "y".repeat(100); + assert_ne!(pool.tenant_db_name(&huge), pool.tenant_db_name(&huge2)); +} + +#[tokio::test] +async fn connect_rejects_overlong_db_prefix() { + let uri = std::env::var("TEST_MONGODB_URI") + .unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into()); + + // MAX_PREFIX_LEN is 30 (= 63 - 1 - 32). A 31-char prefix MUST be + // rejected at construction so the hash-fallback path can never + // produce an over-long db name at runtime. + let too_long = "a".repeat(31); + let err = DatabasePool::connect(&uri, &too_long).await.unwrap_err(); + let msg = format!("{err}"); + assert!( + msg.contains("max is 30") || msg.contains(&too_long), + "error should explain the cap: {msg}" + ); + + // Exactly 30 chars is the inclusive bound — must succeed. + let just_right = "a".repeat(30); + let _ = DatabasePool::connect(&uri, &just_right) + .await + .expect("30-char prefix should be accepted"); } /// Short UUID slug for keeping test prefixes well under Mongo's 63-byte -- 2.52.0 From cdfbb62f9d499e6fda2ff1a43061b1639552f2d6 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Wed, 17 Jun 2026 13:28:33 +0200 Subject: [PATCH 3/6] feat(m7.2-B): migrate API handlers to per-tenant database pool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Builds on PR M7.2-A. Every HTTP handler in compliance-agent/src/api/ now takes a TenantCtx extractor and pulls a tenant-scoped Database from agent.db_pool.for_tenant(&ctx). The query bodies are unchanged — `db.findings().find(doc! {...})` reads from the tenant's own physical database, so the filter doc cannot leak data across tenants because the wrong tenant's data is literally on a different db handle. Changes - New `dto::tenant_db(&agent, &tenant) -> Result` helper. Every migrated handler calls it at the top of the body instead of `let db = &agent.db;`. 500 on the rare pool failure; 4xx auth failures are already handled by the M7.1 status gate. - New `api::server::inject_dev_tenant` middleware mounted only when Keycloak is NOT configured. Synthesizes a TenantContext with tenant_id = $DEV_TENANT_ID (default `dev`) so `cargo run` against a bare Mongo + no KC still serves the API. Logged loudly as "DO NOT use in any environment with real customer data". - Test harness: TestServer mounts inject_dev_tenant so existing E2E tests reach handlers; cleanup() now drops every _* per-tenant database, not just the legacy . Files migrated (handler count, all pass `cargo build`): - chat.rs (3) — also rewires RagPipeline + EmbeddingStore to the tenant DB's inner() so vector search is per-tenant - dast.rs (5) - findings.rs (5) - graph.rs (7) — also rewires GraphStore inside trigger_build's spawn to the tenant DB - health.rs (1) — stats_overview migrated; public /health stays un-scoped - issues.rs (1) - notifications.rs (5) - pentest_handlers/session.rs (12) — both wizard + legacy paths, plus pause/resume/stop/get_attack_chain/get_messages/ get_session_findings/lookup_repo. PentestOrchestrator now gets the tenant DB clone in its spawn. - pentest_handlers/export.rs (1) — fans out across sessions, attack_chain_nodes, dast_findings, findings, sbom_entries, graph_nodes from a single tenant_db acquisition - pentest_handlers/stats.rs (1) - pentest_handlers/stream.rs (1) — SSE handler verifies session via the tenant DB before subscribing - repos.rs (6) - sbom.rs (5) - scans.rs (1) help_chat.rs has no DB queries and was skipped. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 5 pass (driver-level isolation still holds post-handler migration) - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass What's not yet migrated (PR-C / PR-D) - scheduler.rs (6 sites), pipeline/orchestrator.rs (14), pentest/orchestrator.rs (13), webhooks (gitea/github/gitlab), trackers/jira.rs, pipeline/dedup.rs etc. — background paths without a JWT-derived tenant context. - agent.db is still in the ComplianceAgent struct as a transitional handle for those paths. PR-D removes it once PR-C migrates the background paths. Co-Authored-By: Claude Opus 4.7 --- compliance-agent/src/api/handlers/chat.rs | 56 +++++---- compliance-agent/src/api/handlers/dast.rs | 31 +++-- compliance-agent/src/api/handlers/dto.rs | 21 ++++ compliance-agent/src/api/handlers/findings.rs | 27 ++-- compliance-agent/src/api/handlers/graph.rs | 34 +++-- compliance-agent/src/api/handlers/health.rs | 9 +- compliance-agent/src/api/handlers/issues.rs | 5 +- .../src/api/handlers/notifications.rs | 31 +++-- .../api/handlers/pentest_handlers/export.rs | 29 ++--- .../api/handlers/pentest_handlers/session.rs | 117 ++++++++++-------- .../api/handlers/pentest_handlers/stats.rs | 7 +- .../api/handlers/pentest_handlers/stream.rs | 17 ++- compliance-agent/src/api/handlers/repos.rs | 38 +++--- compliance-agent/src/api/handlers/sbom.rs | 21 +++- compliance-agent/src/api/handlers/scans.rs | 5 +- compliance-agent/src/api/server.rs | 45 ++++++- compliance-agent/tests/common/mod.rs | 18 ++- 17 files changed, 334 insertions(+), 177 deletions(-) diff --git a/compliance-agent/src/api/handlers/chat.rs b/compliance-agent/src/api/handlers/chat.rs index 2f82d13..9583ed8 100644 --- a/compliance-agent/src/api/handlers/chat.rs +++ b/compliance-agent/src/api/handlers/chat.rs @@ -7,11 +7,13 @@ use mongodb::bson::doc; use compliance_core::models::chat::{ChatRequest, ChatResponse, SourceReference}; use compliance_core::models::embedding::EmbeddingBuildRun; +use compliance_core::tenant_ctx::TenantCtx; use compliance_graph::graph::embedding_store::EmbeddingStore; use crate::agent::ComplianceAgent; use crate::rag::pipeline::RagPipeline; +use super::dto::tenant_db; use super::ApiResponse; type AgentExt = Extension>; @@ -20,10 +22,12 @@ type AgentExt = Extension>; #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn chat( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, Json(req): Json, ) -> Result>, StatusCode> { - let pipeline = RagPipeline::new(agent.llm.clone(), agent.db.inner()); + let db = tenant_db(&agent, &tenant).await?; + let pipeline = RagPipeline::new(agent.llm.clone(), db.inner()); // Step 1: Embed the user's message let query_vectors = agent @@ -133,12 +137,15 @@ pub async fn chat( #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn build_embeddings( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, ) -> Result, StatusCode> { + // Resolve the tenant DB up front so we can move it into the spawn; + // the JWT/dev context isn't available inside detached tasks. + let db = tenant_db(&agent, &tenant).await?; let agent_clone = (*agent).clone(); tokio::spawn(async move { - let repo = match agent_clone - .db + let repo = match db .repositories() .find_one(doc! { "_id": mongodb::bson::oid::ObjectId::parse_str(&repo_id).ok() }) .await @@ -151,8 +158,7 @@ pub async fn build_embeddings( }; // Get latest graph build - let build = match agent_clone - .db + let build = match db .graph_builds() .find_one(doc! { "repo_id": &repo_id }) .sort(doc! { "started_at": -1 }) @@ -171,26 +177,22 @@ pub async fn build_embeddings( .unwrap_or_else(|| "unknown".to_string()); // Get nodes - let nodes: Vec = match agent_clone - .db - .graph_nodes() - .find(doc! { "repo_id": &repo_id }) - .await - { - Ok(cursor) => { - use futures_util::StreamExt; - let mut items = Vec::new(); - let mut cursor = cursor; - while let Some(Ok(item)) = cursor.next().await { - items.push(item); + let nodes: Vec = + match db.graph_nodes().find(doc! { "repo_id": &repo_id }).await { + Ok(cursor) => { + use futures_util::StreamExt; + let mut items = Vec::new(); + let mut cursor = cursor; + while let Some(Ok(item)) = cursor.next().await { + items.push(item); + } + items } - items - } - Err(e) => { - tracing::error!("[{repo_id}] Failed to fetch nodes: {e}"); - return; - } - }; + Err(e) => { + tracing::error!("[{repo_id}] Failed to fetch nodes: {e}"); + return; + } + }; let creds = crate::pipeline::git::RepoCredentials { ssh_key_path: Some(agent_clone.config.ssh_key_path.clone()), @@ -207,7 +209,7 @@ pub async fn build_embeddings( } }; - let pipeline = RagPipeline::new(agent_clone.llm.clone(), agent_clone.db.inner()); + let pipeline = RagPipeline::new(agent_clone.llm.clone(), db.inner()); match pipeline .build_embeddings(&repo_id, &repo_path, &graph_build_id, &nodes) .await @@ -234,9 +236,11 @@ pub async fn build_embeddings( #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn embedding_status( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, ) -> Result>>, StatusCode> { - let store = EmbeddingStore::new(agent.db.inner()); + let db = tenant_db(&agent, &tenant).await?; + let store = EmbeddingStore::new(db.inner()); let build = store.get_latest_build(&repo_id).await.map_err(|e| { tracing::error!("Failed to get embedding status: {e}"); StatusCode::INTERNAL_SERVER_ERROR diff --git a/compliance-agent/src/api/handlers/dast.rs b/compliance-agent/src/api/handlers/dast.rs index fc74113..ecd9fff 100644 --- a/compliance-agent/src/api/handlers/dast.rs +++ b/compliance-agent/src/api/handlers/dast.rs @@ -7,9 +7,11 @@ use mongodb::bson::doc; use serde::Deserialize; use compliance_core::models::dast::{DastFinding, DastScanRun, DastTarget, DastTargetType}; +use compliance_core::tenant_ctx::TenantCtx; use crate::agent::ComplianceAgent; +use super::dto::tenant_db; use super::{collect_cursor_async, ApiResponse, PaginationParams}; type AgentExt = Extension>; @@ -45,9 +47,11 @@ fn default_rate_limit() -> u32 { #[tracing::instrument(skip_all)] pub async fn list_targets( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db .dast_targets() @@ -80,6 +84,7 @@ pub async fn list_targets( #[tracing::instrument(skip_all)] pub async fn add_target( Extension(agent): AgentExt, + tenant: TenantCtx, Json(req): Json, ) -> Result>, StatusCode> { let mut target = DastTarget::new(req.name, req.base_url, req.target_type); @@ -89,9 +94,8 @@ pub async fn add_target( target.rate_limit = req.rate_limit; target.allow_destructive = req.allow_destructive; - agent - .db - .dast_targets() + let db = tenant_db(&agent, &tenant).await?; + db.dast_targets() .insert_one(&target) .await .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; @@ -107,19 +111,19 @@ pub async fn add_target( #[tracing::instrument(skip_all, fields(target_id = %id))] pub async fn trigger_scan( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - let target = agent - .db + let target = db .dast_targets() .find_one(doc! { "_id": oid }) .await .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)? .ok_or(StatusCode::NOT_FOUND)?; - let db = agent.db.clone(); tokio::spawn(async move { let orchestrator = compliance_dast::DastOrchestrator::new(100); match orchestrator.run_scan(&target, Vec::new()).await { @@ -147,9 +151,11 @@ pub async fn trigger_scan( #[tracing::instrument(skip_all)] pub async fn list_scan_runs( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db .dast_scan_runs() @@ -183,9 +189,11 @@ pub async fn list_scan_runs( #[tracing::instrument(skip_all)] pub async fn list_findings( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db .dast_findings() @@ -219,12 +227,13 @@ pub async fn list_findings( #[tracing::instrument(skip_all, fields(finding_id = %id))] pub async fn get_finding( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - let finding = agent - .db + let finding = db .dast_findings() .find_one(doc! { "_id": oid }) .await diff --git a/compliance-agent/src/api/handlers/dto.rs b/compliance-agent/src/api/handlers/dto.rs index b6c0992..a4a0ef4 100644 --- a/compliance-agent/src/api/handlers/dto.rs +++ b/compliance-agent/src/api/handlers/dto.rs @@ -180,6 +180,27 @@ pub struct SbomVersionDiff { pub(crate) type AgentExt = axum::extract::Extension>; pub(crate) type ApiResult = Result>, axum::http::StatusCode>; +/// Resolve a tenant-scoped [`Database`] from the request's +/// [`TenantContext`] (inserted by the M7.1 JWT middleware, or by the +/// dev fallback in unsecured environments). The pool ensures the +/// tenant's indexes idempotently. +/// +/// Returns 500 on the rare path where Mongo refuses the database +/// handle — the M7.1 auth/status middleware already rejects every +/// other failure mode with 4xx before we get here. +pub(crate) async fn tenant_db( + agent: &crate::agent::ComplianceAgent, + tenant: &compliance_core::tenant_ctx::TenantCtx, +) -> Result { + agent.db_pool.for_tenant(&tenant.0).await.map_err(|e| { + tracing::error!( + tenant_id = %tenant.0.tenant_id, + "Failed to acquire tenant database: {e}" + ); + axum::http::StatusCode::INTERNAL_SERVER_ERROR + }) +} + pub(crate) async fn collect_cursor_async( mut cursor: mongodb::Cursor, ) -> Vec { diff --git a/compliance-agent/src/api/handlers/findings.rs b/compliance-agent/src/api/handlers/findings.rs index d20a5e9..a8af6b8 100644 --- a/compliance-agent/src/api/handlers/findings.rs +++ b/compliance-agent/src/api/handlers/findings.rs @@ -5,13 +5,16 @@ use mongodb::bson::doc; use super::dto::*; use compliance_core::models::Finding; +use compliance_core::tenant_ctx::TenantCtx; #[tracing::instrument(skip_all, fields(repo_id = ?filter.repo_id, severity = ?filter.severity, scan_type = ?filter.scan_type))] pub async fn list_findings( Extension(agent): AgentExt, + tenant: TenantCtx, Query(filter): Query, ) -> ApiResult> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let mut query = doc! {}; if let Some(repo_id) = &filter.repo_id { query.insert("repo_id", repo_id); @@ -81,11 +84,12 @@ pub async fn list_findings( #[tracing::instrument(skip_all, fields(finding_id = %id))] pub async fn get_finding( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; - let finding = agent - .db + let db = tenant_db(&agent, &tenant).await?; + let finding = db .findings() .find_one(doc! { "_id": oid }) .await @@ -102,14 +106,14 @@ pub async fn get_finding( #[tracing::instrument(skip_all, fields(finding_id = %id))] pub async fn update_finding_status( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Json(req): Json, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - agent - .db - .findings() + db.findings() .update_one( doc! { "_id": oid }, doc! { "$set": { "status": &req.status, "updated_at": mongodb::bson::DateTime::now() } }, @@ -123,6 +127,7 @@ pub async fn update_finding_status( #[tracing::instrument(skip_all)] pub async fn bulk_update_finding_status( Extension(agent): AgentExt, + tenant: TenantCtx, Json(req): Json, ) -> Result, StatusCode> { let oids: Vec = req @@ -135,8 +140,8 @@ pub async fn bulk_update_finding_status( return Err(StatusCode::BAD_REQUEST); } - let result = agent - .db + let db = tenant_db(&agent, &tenant).await?; + let result = db .findings() .update_many( doc! { "_id": { "$in": oids } }, @@ -153,14 +158,14 @@ pub async fn bulk_update_finding_status( #[tracing::instrument(skip_all)] pub async fn update_finding_feedback( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Json(req): Json, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - agent - .db - .findings() + db.findings() .update_one( doc! { "_id": oid }, doc! { "$set": { "developer_feedback": &req.feedback, "updated_at": mongodb::bson::DateTime::now() } }, diff --git a/compliance-agent/src/api/handlers/graph.rs b/compliance-agent/src/api/handlers/graph.rs index 43a79b9..8c10c9c 100644 --- a/compliance-agent/src/api/handlers/graph.rs +++ b/compliance-agent/src/api/handlers/graph.rs @@ -7,9 +7,11 @@ use mongodb::bson::doc; use serde::{Deserialize, Serialize}; use compliance_core::models::graph::{CodeEdge, CodeNode, GraphBuildRun, ImpactAnalysis}; +use compliance_core::tenant_ctx::TenantCtx; use crate::agent::ComplianceAgent; +use super::dto::tenant_db; use super::{collect_cursor_async, ApiResponse}; type AgentExt = Extension>; @@ -36,9 +38,11 @@ fn default_search_limit() -> usize { #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn get_graph( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, ) -> Result>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; // Get latest build let build: Option = db @@ -98,9 +102,11 @@ pub async fn get_graph( #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn get_nodes( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let filter = doc! { "repo_id": &repo_id }; let nodes: Vec = match db.graph_nodes().find(filter).await { @@ -123,9 +129,11 @@ pub async fn get_nodes( #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn get_communities( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let filter = doc! { "repo_id": &repo_id }; let nodes: Vec = match db.graph_nodes().find(filter).await { @@ -176,9 +184,11 @@ pub struct CommunityInfo { #[tracing::instrument(skip_all, fields(repo_id = %repo_id, finding_id = %finding_id))] pub async fn get_impact( Extension(agent): AgentExt, + tenant: TenantCtx, Path((repo_id, finding_id)): Path<(String, String)>, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let filter = doc! { "repo_id": &repo_id, "finding_id": &finding_id }; let impact = db @@ -198,10 +208,12 @@ pub async fn get_impact( #[tracing::instrument(skip_all, fields(repo_id = %repo_id, query = %params.q))] pub async fn search_symbols( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, Query(params): Query, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; // Simple text search on qualified_name and name fields let filter = doc! { @@ -234,10 +246,12 @@ pub async fn search_symbols( #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn get_file_content( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, Query(params): Query, ) -> Result>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; // Look up the repository to get repo name let repo = db @@ -296,12 +310,13 @@ pub struct FileContent { #[tracing::instrument(skip_all, fields(repo_id = %repo_id))] pub async fn trigger_build( Extension(agent): AgentExt, + tenant: TenantCtx, Path(repo_id): Path, ) -> Result, StatusCode> { + let db = tenant_db(&agent, &tenant).await?; let agent_clone = (*agent).clone(); tokio::spawn(async move { - let repo = match agent_clone - .db + let repo = match db .repositories() .find_one(doc! { "_id": mongodb::bson::oid::ObjectId::parse_str(&repo_id).ok() }) .await @@ -333,8 +348,7 @@ pub async fn trigger_build( match engine.build_graph(&repo_path, &repo_id, &graph_build_id) { Ok((code_graph, build_run)) => { - let store = - compliance_graph::graph::persistence::GraphStore::new(agent_clone.db.inner()); + let store = compliance_graph::graph::persistence::GraphStore::new(db.inner()); let _ = store.delete_repo_graph(&repo_id).await; let _ = store .store_graph(&build_run, &code_graph.nodes, &code_graph.edges) diff --git a/compliance-agent/src/api/handlers/health.rs b/compliance-agent/src/api/handlers/health.rs index 264ae10..ef3b030 100644 --- a/compliance-agent/src/api/handlers/health.rs +++ b/compliance-agent/src/api/handlers/health.rs @@ -3,6 +3,7 @@ use mongodb::bson::doc; use super::dto::*; use compliance_core::models::ScanRun; +use compliance_core::tenant_ctx::TenantCtx; #[tracing::instrument(skip_all)] pub async fn health() -> Json { @@ -10,8 +11,12 @@ pub async fn health() -> Json { } #[tracing::instrument(skip_all)] -pub async fn stats_overview(axum::extract::Extension(agent): AgentExt) -> ApiResult { - let db = &agent.db; +pub async fn stats_overview( + axum::extract::Extension(agent): AgentExt, + tenant: TenantCtx, +) -> ApiResult { + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let total_repositories = db .repositories() diff --git a/compliance-agent/src/api/handlers/issues.rs b/compliance-agent/src/api/handlers/issues.rs index d808445..2896b77 100644 --- a/compliance-agent/src/api/handlers/issues.rs +++ b/compliance-agent/src/api/handlers/issues.rs @@ -4,13 +4,16 @@ use mongodb::bson::doc; use super::dto::*; use compliance_core::models::TrackerIssue; +use compliance_core::tenant_ctx::TenantCtx; #[tracing::instrument(skip_all)] pub async fn list_issues( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> ApiResult> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db .tracker_issues() diff --git a/compliance-agent/src/api/handlers/notifications.rs b/compliance-agent/src/api/handlers/notifications.rs index 2f82b8c..97d5f43 100644 --- a/compliance-agent/src/api/handlers/notifications.rs +++ b/compliance-agent/src/api/handlers/notifications.rs @@ -5,15 +5,18 @@ use mongodb::bson::doc; use serde::Deserialize; use compliance_core::models::notification::CveNotification; +use compliance_core::tenant_ctx::TenantCtx; -use super::dto::{AgentExt, ApiResponse}; +use super::dto::{tenant_db, AgentExt, ApiResponse}; /// GET /api/v1/notifications — List CVE notifications (newest first) #[tracing::instrument(skip_all)] pub async fn list_notifications( Extension(agent): AgentExt, + tenant: TenantCtx, axum::extract::Query(params): axum::extract::Query, ) -> Result>>, StatusCode> { + let db = tenant_db(&agent, &tenant).await?; let mut filter = doc! {}; // Filter by status (default: show new + read, exclude dismissed) @@ -41,15 +44,13 @@ pub async fn list_notifications( let limit = params.limit.unwrap_or(50).min(200); let skip = (page - 1) * limit as u64; - let total = agent - .db + let total = db .cve_notifications() .count_documents(filter.clone()) .await .unwrap_or(0); - let notifications: Vec = match agent - .db + let notifications: Vec = match db .cve_notifications() .find(filter) .sort(doc! { "created_at": -1 }) @@ -83,9 +84,10 @@ pub async fn list_notifications( #[tracing::instrument(skip_all)] pub async fn notification_count( Extension(agent): AgentExt, + tenant: TenantCtx, ) -> Result, StatusCode> { - let count = agent - .db + let db = tenant_db(&agent, &tenant).await?; + let count = db .cve_notifications() .count_documents(doc! { "status": "new" }) .await @@ -98,12 +100,13 @@ pub async fn notification_count( #[tracing::instrument(skip_all, fields(id = %id))] pub async fn mark_read( Extension(agent): AgentExt, + tenant: TenantCtx, axum::extract::Path(id): axum::extract::Path, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - let result = agent - .db + let result = db .cve_notifications() .update_one( doc! { "_id": oid }, @@ -125,12 +128,13 @@ pub async fn mark_read( #[tracing::instrument(skip_all, fields(id = %id))] pub async fn dismiss_notification( Extension(agent): AgentExt, + tenant: TenantCtx, axum::extract::Path(id): axum::extract::Path, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - let result = agent - .db + let result = db .cve_notifications() .update_one( doc! { "_id": oid }, @@ -149,9 +153,10 @@ pub async fn dismiss_notification( #[tracing::instrument(skip_all)] pub async fn mark_all_read( Extension(agent): AgentExt, + tenant: TenantCtx, ) -> Result, StatusCode> { - let result = agent - .db + let db = tenant_db(&agent, &tenant).await?; + let result = db .cve_notifications() .update_many( doc! { "status": "new" }, diff --git a/compliance-agent/src/api/handlers/pentest_handlers/export.rs b/compliance-agent/src/api/handlers/pentest_handlers/export.rs index bad7ac3..60f75f0 100644 --- a/compliance-agent/src/api/handlers/pentest_handlers/export.rs +++ b/compliance-agent/src/api/handlers/pentest_handlers/export.rs @@ -13,10 +13,11 @@ use compliance_core::models::dast::DastFinding; use compliance_core::models::finding::Finding; use compliance_core::models::pentest::*; use compliance_core::models::sbom::SbomEntry; +use compliance_core::tenant_ctx::TenantCtx; use crate::agent::ComplianceAgent; -use super::super::dto::collect_cursor_async; +use super::super::dto::{collect_cursor_async, tenant_db}; type AgentExt = Extension>; @@ -35,11 +36,15 @@ pub struct ExportBody { #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn export_session_report( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Json(body): Json, ) -> Result { let oid = mongodb::bson::oid::ObjectId::parse_str(&id) .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid session ID".to_string()))?; + let db = tenant_db(&agent, &tenant) + .await + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; if body.password.len() < 8 { return Err(( @@ -49,8 +54,7 @@ pub async fn export_session_report( } // Fetch session - let session = agent - .db + let session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -64,9 +68,7 @@ pub async fn export_session_report( // Resolve target name let target = if let Ok(tid) = mongodb::bson::oid::ObjectId::parse_str(&session.target_id) { - agent - .db - .dast_targets() + db.dast_targets() .find_one(doc! { "_id": tid }) .await .ok() @@ -84,8 +86,7 @@ pub async fn export_session_report( .unwrap_or_default(); // Fetch attack chain nodes - let nodes: Vec = match agent - .db + let nodes: Vec = match db .attack_chain_nodes() .find(doc! { "session_id": &id }) .sort(doc! { "started_at": 1 }) @@ -96,8 +97,7 @@ pub async fn export_session_report( }; // Fetch DAST findings for this session, then deduplicate - let raw_findings: Vec = match agent - .db + let raw_findings: Vec = match db .dast_findings() .find(doc! { "session_id": &id }) .sort(doc! { "severity": -1, "created_at": -1 }) @@ -122,8 +122,7 @@ pub async fn export_session_report( .or_else(|| target.as_ref().and_then(|t| t.repo_id.clone())); let (sast_findings, sbom_entries, code_context) = if let Some(ref rid) = repo_id { - let sast: Vec = match agent - .db + let sast: Vec = match db .findings() .find(doc! { "repo_id": rid, @@ -143,8 +142,7 @@ pub async fn export_session_report( Err(_) => Vec::new(), }; - let sbom: Vec = match agent - .db + let sbom: Vec = match db .sbom_entries() .find(doc! { "repo_id": rid, @@ -164,8 +162,7 @@ pub async fn export_session_report( }; // Build code context from graph nodes - let code_ctx: Vec = match agent - .db + let code_ctx: Vec = match db .graph_nodes() .find(doc! { "repo_id": rid, "is_entry_point": true }) .limit(50) diff --git a/compliance-agent/src/api/handlers/pentest_handlers/session.rs b/compliance-agent/src/api/handlers/pentest_handlers/session.rs index 351ec01..91c8c58 100644 --- a/compliance-agent/src/api/handlers/pentest_handlers/session.rs +++ b/compliance-agent/src/api/handlers/pentest_handlers/session.rs @@ -7,11 +7,12 @@ use mongodb::bson::doc; use serde::Deserialize; use compliance_core::models::pentest::*; +use compliance_core::tenant_ctx::TenantCtx; use crate::agent::ComplianceAgent; use crate::pentest::PentestOrchestrator; -use super::super::dto::{collect_cursor_async, ApiResponse, PaginationParams}; +use super::super::dto::{collect_cursor_async, tenant_db, ApiResponse, PaginationParams}; type AgentExt = Extension>; @@ -43,6 +44,7 @@ pub struct LookupRepoQuery { #[tracing::instrument(skip_all)] pub async fn create_session( Extension(agent): AgentExt, + tenant: TenantCtx, Json(req): Json, ) -> Result>, (StatusCode, String)> { // Try to acquire a concurrency permit @@ -57,6 +59,10 @@ pub async fn create_session( ) })?; + let db = tenant_db(&agent, &tenant) + .await + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; + if let Some(ref config) = req.config { // ── Wizard path ────────────────────────────────────────────── if !config.disclaimer_accepted { @@ -67,8 +73,7 @@ pub async fn create_session( } // Look up or auto-create DastTarget by app_url - let target = match agent - .db + let target = match db .dast_targets() .find_one(doc! { "base_url": &config.app_url }) .await @@ -87,7 +92,7 @@ pub async fn create_session( } t.allow_destructive = config.allow_destructive; t.excluded_paths = config.scope_exclusions.clone(); - let res = agent.db.dast_targets().insert_one(&t).await.map_err(|e| { + let res = db.dast_targets().insert_one(&t).await.map_err(|e| { ( StatusCode::INTERNAL_SERVER_ERROR, format!("Failed to create target: {e}"), @@ -110,8 +115,7 @@ pub async fn create_session( // Resolve repo_id from git_repo_url if provided if let Some(ref git_url) = config.git_repo_url { - if let Ok(Some(repo)) = agent - .db + if let Ok(Some(repo)) = db .repositories() .find_one(doc! { "git_url": git_url }) .await @@ -120,8 +124,7 @@ pub async fn create_session( } } - let insert_result = agent - .db + let insert_result = db .pentest_sessions() .insert_one(&session) .await @@ -212,8 +215,7 @@ pub async fn create_session( // Persist encrypted credentials to DB if session_for_task.config.is_some() { if let Some(sid) = session.id { - let _ = agent - .db + let _ = db .pentest_sessions() .update_one( doc! { "_id": sid }, @@ -245,12 +247,13 @@ pub async fn create_session( }); let llm = agent.llm.clone(); - let db = agent.db.clone(); + let db_for_orchestrator = db.clone(); let session_clone = session.clone(); let target_clone = target.clone(); let agent_ref = agent.clone(); tokio::spawn(async move { - let orchestrator = PentestOrchestrator::new(llm, db, event_tx, Some(pause_rx)); + let orchestrator = + PentestOrchestrator::new(llm, db_for_orchestrator, event_tx, Some(pause_rx)); orchestrator .run_session_guarded(&session_clone, &target_clone, &initial_message) .await; @@ -292,8 +295,7 @@ pub async fn create_session( ) })?; - let target = agent - .db + let target = db .dast_targets() .find_one(doc! { "_id": oid }) .await @@ -310,8 +312,7 @@ pub async fn create_session( let mut session = PentestSession::new(target_id, strategy); session.repo_id = target.repo_id.clone(); - let insert_result = agent - .db + let insert_result = db .pentest_sessions() .insert_one(&session) .await @@ -338,12 +339,13 @@ pub async fn create_session( }); let llm = agent.llm.clone(); - let db = agent.db.clone(); + let db_for_orchestrator = db.clone(); let session_clone = session.clone(); let target_clone = target.clone(); let agent_ref = agent.clone(); tokio::spawn(async move { - let orchestrator = PentestOrchestrator::new(llm, db, event_tx, Some(pause_rx)); + let orchestrator = + PentestOrchestrator::new(llm, db_for_orchestrator, event_tx, Some(pause_rx)); orchestrator .run_session_guarded(&session_clone, &target_clone, &initial_message) .await; @@ -373,10 +375,11 @@ fn parse_strategy(s: &str) -> PentestStrategy { #[tracing::instrument(skip_all)] pub async fn lookup_repo( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> Result>, StatusCode> { - let repo = agent - .db + let db = tenant_db(&agent, &tenant).await?; + let repo = db .repositories() .find_one(doc! { "git_url": ¶ms.url }) .await @@ -402,9 +405,11 @@ pub async fn lookup_repo( #[tracing::instrument(skip_all)] pub async fn list_sessions( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> Result>>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db .pentest_sessions() @@ -438,12 +443,13 @@ pub async fn list_sessions( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn get_session( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - let mut session = agent - .db + let mut session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -471,15 +477,18 @@ pub async fn get_session( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn send_message( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Json(req): Json, ) -> Result>, (StatusCode, String)> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id) .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid session ID".to_string()))?; + let db = tenant_db(&agent, &tenant) + .await + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; // Verify session exists and is running - let session = agent - .db + let session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -506,8 +515,7 @@ pub async fn send_message( ) })?; - let target = agent - .db + let target = db .dast_targets() .find_one(doc! { "_id": target_oid }) .await @@ -527,13 +535,13 @@ pub async fn send_message( // Store user message let session_id = id.clone(); let user_msg = PentestMessage::user(session_id.clone(), req.message.clone()); - let _ = agent.db.pentest_messages().insert_one(&user_msg).await; + let _ = db.pentest_messages().insert_one(&user_msg).await; let response_msg = user_msg.clone(); // Spawn orchestrator to continue the session let llm = agent.llm.clone(); - let db = agent.db.clone(); + let db_for_orchestrator = db.clone(); let message = req.message.clone(); // Use existing broadcast sender if available, otherwise create a new one @@ -548,7 +556,7 @@ pub async fn send_message( .unwrap_or_else(|| agent.register_session_stream(&session_id)); tokio::spawn(async move { - let orchestrator = PentestOrchestrator::new(llm, db, event_tx, None); + let orchestrator = PentestOrchestrator::new(llm, db_for_orchestrator, event_tx, None); orchestrator .run_session_guarded(&session, &target, &message) .await; @@ -565,13 +573,16 @@ pub async fn send_message( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn stop_session( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>, (StatusCode, String)> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id) .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid session ID".to_string()))?; + let db = tenant_db(&agent, &tenant) + .await + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; - let session = agent - .db + let session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -590,9 +601,7 @@ pub async fn stop_session( )); } - agent - .db - .pentest_sessions() + db.pentest_sessions() .update_one( doc! { "_id": oid }, doc! { "$set": { @@ -612,8 +621,7 @@ pub async fn stop_session( // Clean up session resources agent.cleanup_session(&id); - let updated = agent - .db + let updated = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -641,13 +649,16 @@ pub async fn stop_session( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn pause_session( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>, (StatusCode, String)> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id) .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid session ID".to_string()))?; + let db = tenant_db(&agent, &tenant) + .await + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; - let session = agent - .db + let session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -684,13 +695,16 @@ pub async fn pause_session( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn resume_session( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>, (StatusCode, String)> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id) .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid session ID".to_string()))?; + let db = tenant_db(&agent, &tenant) + .await + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; - let session = agent - .db + let session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -727,12 +741,13 @@ pub async fn resume_session( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn get_attack_chain( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>>, StatusCode> { let _oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; - let nodes = match agent - .db + let nodes = match db .attack_chain_nodes() .find(doc! { "session_id": &id }) .sort(doc! { "started_at": 1 }) @@ -757,21 +772,21 @@ pub async fn get_attack_chain( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn get_messages( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Query(params): Query, ) -> Result>>, StatusCode> { let _oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; let skip = (params.page.saturating_sub(1)) * params.limit as u64; - let total = agent - .db + let total = db .pentest_messages() .count_documents(doc! { "session_id": &id }) .await .unwrap_or(0); - let messages = match agent - .db + let messages = match db .pentest_messages() .find(doc! { "session_id": &id }) .sort(doc! { "created_at": 1 }) @@ -797,21 +812,21 @@ pub async fn get_messages( #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn get_session_findings( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Query(params): Query, ) -> Result>>, StatusCode> { let _oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; let skip = (params.page.saturating_sub(1)) * params.limit as u64; - let total = agent - .db + let total = db .dast_findings() .count_documents(doc! { "session_id": &id }) .await .unwrap_or(0); - let findings = match agent - .db + let findings = match db .dast_findings() .find(doc! { "session_id": &id }) .sort(doc! { "created_at": -1 }) diff --git a/compliance-agent/src/api/handlers/pentest_handlers/stats.rs b/compliance-agent/src/api/handlers/pentest_handlers/stats.rs index 6333408..d849627 100644 --- a/compliance-agent/src/api/handlers/pentest_handlers/stats.rs +++ b/compliance-agent/src/api/handlers/pentest_handlers/stats.rs @@ -6,10 +6,11 @@ use axum::Json; use mongodb::bson::doc; use compliance_core::models::pentest::*; +use compliance_core::tenant_ctx::TenantCtx; use crate::agent::ComplianceAgent; -use super::super::dto::{collect_cursor_async, ApiResponse}; +use super::super::dto::{collect_cursor_async, tenant_db, ApiResponse}; type AgentExt = Extension>; @@ -17,8 +18,10 @@ type AgentExt = Extension>; #[tracing::instrument(skip_all)] pub async fn pentest_stats( Extension(agent): AgentExt, + tenant: TenantCtx, ) -> Result>, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let running_sessions = db .pentest_sessions() diff --git a/compliance-agent/src/api/handlers/pentest_handlers/stream.rs b/compliance-agent/src/api/handlers/pentest_handlers/stream.rs index 015c288..6080470 100644 --- a/compliance-agent/src/api/handlers/pentest_handlers/stream.rs +++ b/compliance-agent/src/api/handlers/pentest_handlers/stream.rs @@ -11,10 +11,11 @@ use tokio_stream::wrappers::BroadcastStream; use tokio_stream::StreamExt; use compliance_core::models::pentest::*; +use compliance_core::tenant_ctx::TenantCtx; use crate::agent::ComplianceAgent; -use super::super::dto::collect_cursor_async; +use super::super::dto::{collect_cursor_async, tenant_db}; type AgentExt = Extension>; @@ -25,13 +26,14 @@ type AgentExt = Extension>; #[tracing::instrument(skip_all, fields(session_id = %id))] pub async fn session_stream( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result>>, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; // Verify session exists - let _session = agent - .db + let _session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await @@ -43,8 +45,7 @@ pub async fn session_stream( let mut initial_events: Vec> = Vec::new(); // Fetch recent messages for this session - let messages: Vec = match agent - .db + let messages: Vec = match db .pentest_messages() .find(doc! { "session_id": &id }) .sort(doc! { "created_at": 1 }) @@ -56,8 +57,7 @@ pub async fn session_stream( }; // Fetch recent attack chain nodes - let nodes: Vec = match agent - .db + let nodes: Vec = match db .attack_chain_nodes() .find(doc! { "session_id": &id }) .sort(doc! { "started_at": 1 }) @@ -94,8 +94,7 @@ pub async fn session_stream( } // Add current session status event - let session = agent - .db + let session = db .pentest_sessions() .find_one(doc! { "_id": oid }) .await diff --git a/compliance-agent/src/api/handlers/repos.rs b/compliance-agent/src/api/handlers/repos.rs index 891bcd5..f4b2397 100644 --- a/compliance-agent/src/api/handlers/repos.rs +++ b/compliance-agent/src/api/handlers/repos.rs @@ -5,13 +5,16 @@ use mongodb::bson::doc; use super::dto::*; use compliance_core::models::*; +use compliance_core::tenant_ctx::TenantCtx; #[tracing::instrument(skip_all)] pub async fn list_repositories( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> ApiResult> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db .repositories() @@ -43,6 +46,7 @@ pub async fn list_repositories( #[tracing::instrument(skip_all)] pub async fn add_repository( Extension(agent): AgentExt, + tenant: TenantCtx, Json(req): Json, ) -> Result>, (StatusCode, String)> { // Validate repository access before saving @@ -69,17 +73,15 @@ pub async fn add_repository( repo.tracker_token = req.tracker_token; repo.scan_schedule = req.scan_schedule; - agent - .db - .repositories() - .insert_one(&repo) + let db = tenant_db(&agent, &tenant) .await - .map_err(|_| { - ( - StatusCode::CONFLICT, - "Repository already exists".to_string(), - ) - })?; + .map_err(|s| (s, "failed to acquire tenant database".to_string()))?; + db.repositories().insert_one(&repo).await.map_err(|_| { + ( + StatusCode::CONFLICT, + "Repository already exists".to_string(), + ) + })?; Ok(Json(ApiResponse { data: repo, @@ -91,10 +93,12 @@ pub async fn add_repository( #[tracing::instrument(skip_all, fields(repo_id = %id))] pub async fn update_repository( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, Json(req): Json, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; + let db = tenant_db(&agent, &tenant).await?; let mut set_doc = doc! { "updated_at": mongodb::bson::DateTime::now() }; @@ -126,8 +130,7 @@ pub async fn update_repository( set_doc.insert("scan_schedule", schedule); } - let result = agent - .db + let result = db .repositories() .update_one(doc! { "_id": oid }, doc! { "$set": set_doc }) .await @@ -170,11 +173,12 @@ pub async fn trigger_scan( /// Return the webhook secret for a repository (used by dashboard to display it) pub async fn get_webhook_config( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; - let repo = agent - .db + let db = tenant_db(&agent, &tenant).await?; + let repo = db .repositories() .find_one(doc! { "_id": oid }) .await @@ -196,10 +200,12 @@ pub async fn get_webhook_config( #[tracing::instrument(skip_all, fields(repo_id = %id))] pub async fn delete_repository( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result, StatusCode> { let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?; - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; // Delete the repository let result = db diff --git a/compliance-agent/src/api/handlers/sbom.rs b/compliance-agent/src/api/handlers/sbom.rs index e9ec8ff..dbafe84 100644 --- a/compliance-agent/src/api/handlers/sbom.rs +++ b/compliance-agent/src/api/handlers/sbom.rs @@ -6,6 +6,7 @@ use mongodb::bson::doc; use super::dto::*; use compliance_core::models::SbomEntry; +use compliance_core::tenant_ctx::TenantCtx; const COPYLEFT_LICENSES: &[&str] = &[ "GPL-2.0", @@ -29,8 +30,10 @@ const COPYLEFT_LICENSES: &[&str] = &[ #[tracing::instrument(skip_all)] pub async fn sbom_filters( Extension(agent): AgentExt, + tenant: TenantCtx, ) -> Result, StatusCode> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let managers: Vec = db .sbom_entries() @@ -61,9 +64,11 @@ pub async fn sbom_filters( #[tracing::instrument(skip_all, fields(repo_id = ?filter.repo_id, package_manager = ?filter.package_manager))] pub async fn list_sbom( Extension(agent): AgentExt, + tenant: TenantCtx, Query(filter): Query, ) -> ApiResult> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let mut query = doc! {}; if let Some(repo_id) = &filter.repo_id { @@ -120,9 +125,11 @@ pub async fn list_sbom( #[tracing::instrument(skip_all)] pub async fn export_sbom( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> Result { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let entries: Vec = match db .sbom_entries() .find(doc! { "repo_id": ¶ms.repo_id }) @@ -236,9 +243,11 @@ pub async fn export_sbom( #[tracing::instrument(skip_all)] pub async fn license_summary( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> ApiResult> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let mut query = doc! {}; if let Some(repo_id) = ¶ms.repo_id { query.insert("repo_id", repo_id); @@ -285,9 +294,11 @@ pub async fn license_summary( #[tracing::instrument(skip_all)] pub async fn sbom_diff( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> ApiResult { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let entries_a: Vec = match db .sbom_entries() diff --git a/compliance-agent/src/api/handlers/scans.rs b/compliance-agent/src/api/handlers/scans.rs index ec16468..79553dd 100644 --- a/compliance-agent/src/api/handlers/scans.rs +++ b/compliance-agent/src/api/handlers/scans.rs @@ -4,13 +4,16 @@ use mongodb::bson::doc; use super::dto::*; use compliance_core::models::ScanRun; +use compliance_core::tenant_ctx::TenantCtx; #[tracing::instrument(skip_all)] pub async fn list_scan_runs( Extension(agent): AgentExt, + tenant: TenantCtx, Query(params): Query, ) -> ApiResult> { - let db = &agent.db; + let db = tenant_db(&agent, &tenant).await?; + let db = &db; let skip = (params.page.saturating_sub(1)) * params.limit as u64; let total = db.scan_runs().count_documents(doc! {}).await.unwrap_or(0); diff --git a/compliance-agent/src/api/server.rs b/compliance-agent/src/api/server.rs index 8b65894..e8a3f82 100644 --- a/compliance-agent/src/api/server.rs +++ b/compliance-agent/src/api/server.rs @@ -1,6 +1,9 @@ use std::sync::Arc; +use axum::extract::Request; use axum::http::HeaderValue; +use axum::middleware::Next; +use axum::response::Response; use axum::{middleware, Extension}; use tokio::sync::RwLock; use tower_http::cors::CorsLayer; @@ -8,11 +11,44 @@ use tower_http::set_header::SetResponseHeaderLayer; use tower_http::trace::TraceLayer; use compliance_core::auth::{require_jwt_auth, require_tenant_status, JwksState}; +use compliance_core::{TenantContext, TenantStatus}; use crate::agent::ComplianceAgent; use crate::api::routes; use crate::error::AgentError; +/// Synthetic tenant id used when Keycloak isn't configured (local dev, +/// `cargo run` against a bare Mongo). Lets the handler stack stay +/// uniformly tenant-scoped without the operator having to spin up KC +/// just to poke at the API. Override via `DEV_TENANT_ID`. +const DEFAULT_DEV_TENANT_ID: &str = "dev"; + +/// Inject a synthetic [`TenantContext`] for any request that lacks one. +/// Only mounted when Keycloak is NOT configured; with KC, the real +/// `require_jwt_auth` middleware owns this and we never reach here +/// without a context. +/// +/// Public so the integration-test harness can mount it without +/// duplicating the synthetic-context shape. +pub async fn inject_dev_tenant(mut request: Request, next: Next) -> Response { + if request.extensions().get::().is_none() { + let tenant_id = + std::env::var("DEV_TENANT_ID").unwrap_or_else(|_| DEFAULT_DEV_TENANT_ID.to_string()); + let ctx = TenantContext { + tenant_slug: tenant_id.clone(), + tenant_id, + org_roles: vec![], + products: vec![], + plan: "dev".to_string(), + status: TenantStatus::Active, + user_id: "dev-user".to_string(), + user_name: None, + }; + request.extensions_mut().insert(ctx); + } + next.run(request).await +} + pub async fn start_api_server(agent: ComplianceAgent, port: u16) -> Result<(), AgentError> { let mut app = routes::build_router() .layer(Extension(Arc::new(agent.clone()))) @@ -53,7 +89,14 @@ pub async fn start_api_server(agent: ComplianceAgent, port: u16) -> Result<(), A .layer(middleware::from_fn(require_jwt_auth)) .layer(Extension(jwks_state)); } else { - tracing::warn!("Keycloak not configured - API endpoints are unprotected"); + let tenant_id = + std::env::var("DEV_TENANT_ID").unwrap_or_else(|_| DEFAULT_DEV_TENANT_ID.to_string()); + tracing::warn!( + tenant_id = %tenant_id, + "Keycloak not configured — running unauthenticated against the dev tenant. \ + DO NOT use in any environment with real customer data." + ); + app = app.layer(middleware::from_fn(inject_dev_tenant)); } let addr = format!("0.0.0.0:{port}"); diff --git a/compliance-agent/tests/common/mod.rs b/compliance-agent/tests/common/mod.rs index 756ef34..cd1d307 100644 --- a/compliance-agent/tests/common/mod.rs +++ b/compliance-agent/tests/common/mod.rs @@ -75,9 +75,13 @@ impl TestServer { let agent = ComplianceAgent::new(config, db, db_pool); - // Build the router with the agent extension + // Build the router with the agent extension. After M7.2-B every + // handler takes a TenantCtx extractor; without KC in the test + // harness, the dev-tenant injector mounts a synthetic context so + // tests run end-to-end against `_dev`. let app = api::routes::build_router() .layer(axum::extract::Extension(Arc::new(agent))) + .layer(axum::middleware::from_fn(api::server::inject_dev_tenant)) .layer(tower_http::cors::CorsLayer::permissive()); // Bind to port 0 to get a random available port @@ -160,10 +164,20 @@ impl TestServer { &self.db_name } - /// Drop the test database on cleanup + /// Drop the test database on cleanup. Post-M7.2-B the actual data + /// lives in `_` per-tenant databases; list those + /// off the cluster and drop them too. pub async fn cleanup(&self) { if let Ok(client) = mongodb::Client::with_uri_str(&self.mongodb_uri).await { client.database(&self.db_name).drop().await.ok(); + if let Ok(names) = client.list_database_names().await { + let prefix = format!("{}_", self.db_name); + for name in names { + if name.starts_with(&prefix) { + client.database(&name).drop().await.ok(); + } + } + } } } } -- 2.52.0 From 0f6dd1135e2b04b825602235d43930f453e83f07 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Wed, 17 Jun 2026 15:00:37 +0200 Subject: [PATCH 4/6] feat(m7.2-C): migrate background paths to per-tenant pool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes the loop on M7.2 isolation for paths that don't have a JWT context: scheduler, webhooks, and the agent's `run_scan` / `run_pr_review` helpers all now take a `tenant_id` at the boundary and resolve to a tenant-scoped `Database` via `db_pool.for_tenant_id(...)`. Internal orchestrators (PipelineOrchestrator, PentestOrchestrator) and pipeline helpers were already DB-agnostic — they take `db: Database` at construction and don't care which tenant it points to. Changes - DatabasePool::for_tenant_id(&str) — same as for_tenant but accepts a bare tenant_id. Background paths don't have a full TenantContext. for_tenant is now a thin wrapper that delegates. - agent.run_scan(tenant_id, repo_id, trigger) — pulls the tenant database before constructing the PipelineOrchestrator. Was: run_scan(repo_id, trigger) reading agent.db. - agent.run_pr_review(tenant_id, repo_id, ...) — same shape. - Webhook routes change: /webhook/{tenant_id}/{platform}/{repo_id}. Tenant is part of the URL path because webhooks arrive without a JWT — they're authenticated via per-repo HMAC, not the tenant gate. The dashboard surfaces the full per-tenant URL when the repo is registered. All three handlers (gitea, github, gitlab) updated. - scheduler.rs — iterates tenants from $SCHEDULER_TENANT_IDS (comma-separated env), or DEV_TENANT_ID's `dev` default. Both scan_all_repos and monitor_cves now run once per configured tenant. M7.2-D will replace this static config with a pull from the tenant-registry. - api/handlers/repos.rs::trigger_scan now passes tenant.0.tenant_id. What's unchanged because it didn't need to change - PipelineOrchestrator, PentestOrchestrator: take `db: Database` at construction — they're tenant-DB-agnostic by design. The caller picks the tenant DB. - pipeline/{dedup,graph_build,issue_creation,sbom/mod}.rs, pentest/{context,report/html/*}.rs, trackers/jira.rs, llm/triage.rs: take `&Database` or `&mongodb::Database` as args, transitively tenant-scoped via the caller. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 5 pass - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass What's left (PR-D) - Drop the transitional agent.db field — no remaining call sites (verified by `grep -rn "agent\.db\b" compliance-agent/src`). - main.rs / TestServer stop building the legacy Database; only the pool remains. - Add cross-tenant admin helpers (list tenants, drop tenant DB) on the pool for offboarding flows. - Pull tenants from the tenant-registry instead of an env var. Co-Authored-By: Claude Opus 4.7 --- compliance-agent/src/agent.rs | 23 ++--- compliance-agent/src/api/handlers/repos.rs | 7 +- compliance-agent/src/database.rs | 17 +++- compliance-agent/src/scheduler.rs | 99 +++++++++++++++++----- compliance-agent/src/webhooks/gitea.rs | 32 +++++-- compliance-agent/src/webhooks/github.rs | 32 +++++-- compliance-agent/src/webhooks/gitlab.rs | 32 +++++-- compliance-agent/src/webhooks/server.rs | 12 ++- 8 files changed, 182 insertions(+), 72 deletions(-) diff --git a/compliance-agent/src/agent.rs b/compliance-agent/src/agent.rs index bc66705..6ce21f1 100644 --- a/compliance-agent/src/agent.rs +++ b/compliance-agent/src/agent.rs @@ -60,28 +60,27 @@ impl ComplianceAgent { pub async fn run_scan( &self, + tenant_id: &str, repo_id: &str, trigger: compliance_core::models::ScanTrigger, ) -> Result<(), crate::error::AgentError> { - let orchestrator = PipelineOrchestrator::new( - self.config.clone(), - self.db.clone(), - self.llm.clone(), - self.http.clone(), - ); + let db = self.db_pool.for_tenant_id(tenant_id).await?; + let orchestrator = + PipelineOrchestrator::new(self.config.clone(), db, self.llm.clone(), self.http.clone()); orchestrator.run(repo_id, trigger).await } /// Run a PR review: scan the diff and post review comments. pub async fn run_pr_review( &self, + tenant_id: &str, repo_id: &str, pr_number: u64, base_sha: &str, head_sha: &str, ) -> Result<(), crate::error::AgentError> { - let repo = self - .db + let db = self.db_pool.for_tenant_id(tenant_id).await?; + let repo = db .repositories() .find_one(mongodb::bson::doc! { "_id": mongodb::bson::oid::ObjectId::parse_str(repo_id) @@ -92,12 +91,8 @@ impl ComplianceAgent { crate::error::AgentError::Other(format!("Repository {repo_id} not found")) })?; - let orchestrator = PipelineOrchestrator::new( - self.config.clone(), - self.db.clone(), - self.llm.clone(), - self.http.clone(), - ); + let orchestrator = + PipelineOrchestrator::new(self.config.clone(), db, self.llm.clone(), self.http.clone()); orchestrator .run_pr_review(&repo, repo_id, pr_number, base_sha, head_sha) .await diff --git a/compliance-agent/src/api/handlers/repos.rs b/compliance-agent/src/api/handlers/repos.rs index f4b2397..5c58167 100644 --- a/compliance-agent/src/api/handlers/repos.rs +++ b/compliance-agent/src/api/handlers/repos.rs @@ -158,11 +158,16 @@ pub async fn get_ssh_public_key( #[tracing::instrument(skip_all, fields(repo_id = %id))] pub async fn trigger_scan( Extension(agent): AgentExt, + tenant: TenantCtx, Path(id): Path, ) -> Result, StatusCode> { let agent_clone = (*agent).clone(); + let tenant_id = tenant.0.tenant_id.clone(); tokio::spawn(async move { - if let Err(e) = agent_clone.run_scan(&id, ScanTrigger::Manual).await { + if let Err(e) = agent_clone + .run_scan(&tenant_id, &id, ScanTrigger::Manual) + .await + { tracing::error!("Manual scan failed for {id}: {e}"); } }); diff --git a/compliance-agent/src/database.rs b/compliance-agent/src/database.rs index 0d5e4f6..11d17fa 100644 --- a/compliance-agent/src/database.rs +++ b/compliance-agent/src/database.rs @@ -78,19 +78,28 @@ impl DatabasePool { /// first call per tenant (per process). Cheap on the hot path — /// subsequent calls skip the round-trip. pub async fn for_tenant(&self, ctx: &TenantContext) -> Result { - let db_name = self.tenant_db_name(&ctx.tenant_id); + self.for_tenant_id(&ctx.tenant_id).await + } + + /// Like [`Self::for_tenant`] but accepts a bare tenant_id. + /// For background paths (scheduler, webhooks, pipeline orchestrators) + /// that don't have a full [`TenantContext`] but know which tenant + /// they're operating on (typically resolved from a URL path, a job + /// argument, or the registry). + pub async fn for_tenant_id(&self, tenant_id: &str) -> Result { + let db_name = self.tenant_db_name(tenant_id); let db = Database::from_database(self.client.database(&db_name)); // `DashMap::insert` returns the previous value; `None` means we // were the first writer for this tenant_id and own the // index-ensure work. - if self.ensured.insert(ctx.tenant_id.clone(), ()).is_none() { + if self.ensured.insert(tenant_id.to_string(), ()).is_none() { if let Err(e) = db.ensure_indexes().await { // Roll the marker back so the next request retries. - self.ensured.remove(&ctx.tenant_id); + self.ensured.remove(tenant_id); return Err(e); } tracing::debug!( - tenant_id = %ctx.tenant_id, + tenant_id = %tenant_id, db_name = %db_name, "Indexes ensured for tenant database" ); diff --git a/compliance-agent/src/scheduler.rs b/compliance-agent/src/scheduler.rs index 2ce907e..81581a1 100644 --- a/compliance-agent/src/scheduler.rs +++ b/compliance-agent/src/scheduler.rs @@ -4,8 +4,14 @@ use tokio_cron_scheduler::{Job, JobScheduler}; use compliance_core::models::ScanTrigger; use crate::agent::ComplianceAgent; +use crate::database::Database; use crate::error::AgentError; +/// Default tenant the scheduler runs against when `SCHEDULER_TENANT_IDS` +/// isn't set. Matches the dev-injector default so a bare `cargo run` has +/// the scheduler scanning whatever lives in `_dev`. +const DEFAULT_SCHEDULER_TENANT_ID: &str = "dev"; + pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError> { let sched = JobScheduler::new() .await @@ -18,7 +24,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError> let agent = scan_agent.clone(); Box::pin(async move { tracing::info!("Scheduled scan triggered"); - scan_all_repos(&agent).await; + for tenant_id in scheduler_tenants() { + scan_all_repos(&agent, &tenant_id).await; + } }) }) .map_err(|e| AgentError::Scheduler(format!("Failed to create scan job: {e}")))?; @@ -34,7 +42,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError> let agent = cve_agent.clone(); Box::pin(async move { tracing::info!("CVE monitor triggered"); - monitor_cves(&agent).await; + for tenant_id in scheduler_tenants() { + monitor_cves(&agent, &tenant_id).await; + } }) }) .map_err(|e| AgentError::Scheduler(format!("Failed to create CVE monitor job: {e}")))?; @@ -48,8 +58,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError> .await .map_err(|e| AgentError::Scheduler(format!("Failed to start scheduler: {e}")))?; + let tenants = scheduler_tenants(); tracing::info!( - "Scheduler started: scans='{}', CVE monitor='{}'", + "Scheduler started: scans='{}', CVE monitor='{}', tenants={tenants:?}", agent.config.scan_schedule, agent.config.cve_monitor_schedule, ); @@ -60,13 +71,47 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError> } } -async fn scan_all_repos(agent: &ComplianceAgent) { +/// Tenants the scheduler iterates each tick. From `SCHEDULER_TENANT_IDS` +/// (comma-separated), or `DEFAULT_SCHEDULER_TENANT_ID` if unset. M7.2-D +/// will replace this with a pull from the tenant-registry. +fn scheduler_tenants() -> Vec { + std::env::var("SCHEDULER_TENANT_IDS") + .ok() + .map(|s| { + s.split(',') + .map(str::trim) + .filter(|s| !s.is_empty()) + .map(String::from) + .collect::>() + }) + .filter(|v| !v.is_empty()) + .unwrap_or_else(|| vec![DEFAULT_SCHEDULER_TENANT_ID.to_string()]) +} + +/// Resolve the per-tenant database. Logs and returns `None` on failure +/// so the loop in the caller can continue with other tenants. +async fn tenant_db(agent: &ComplianceAgent, tenant_id: &str) -> Option { + match agent.db_pool.for_tenant_id(tenant_id).await { + Ok(db) => Some(db), + Err(e) => { + tracing::error!("Scheduler: cannot open tenant database '{tenant_id}': {e}"); + None + } + } +} + +async fn scan_all_repos(agent: &ComplianceAgent, tenant_id: &str) { use futures_util::StreamExt; - let cursor = match agent.db.repositories().find(doc! {}).await { + let db = match tenant_db(agent, tenant_id).await { + Some(db) => db, + None => return, + }; + + let cursor = match db.repositories().find(doc! {}).await { Ok(c) => c, Err(e) => { - tracing::error!("Failed to list repos for scheduled scan: {e}"); + tracing::error!("Failed to list repos for tenant '{tenant_id}': {e}"); return; } }; @@ -75,33 +120,44 @@ async fn scan_all_repos(agent: &ComplianceAgent) { for repo in repos { let repo_id = repo.id.map(|id| id.to_hex()).unwrap_or_default(); - if let Err(e) = agent.run_scan(&repo_id, ScanTrigger::Scheduled).await { - tracing::error!("Scheduled scan failed for {}: {e}", repo.name); + if let Err(e) = agent + .run_scan(tenant_id, &repo_id, ScanTrigger::Scheduled) + .await + { + tracing::error!( + "Scheduled scan failed for {} (tenant '{tenant_id}'): {e}", + repo.name + ); } } } -async fn monitor_cves(agent: &ComplianceAgent) { +async fn monitor_cves(agent: &ComplianceAgent, tenant_id: &str) { use compliance_core::models::notification::{parse_severity, CveNotification}; use compliance_core::models::SbomEntry; use futures_util::StreamExt; + let db = match tenant_db(agent, tenant_id).await { + Some(db) => db, + None => return, + }; + // Fetch all SBOM entries grouped by repo - let cursor = match agent.db.sbom_entries().find(doc! {}).await { + let cursor = match db.sbom_entries().find(doc! {}).await { Ok(c) => c, Err(e) => { - tracing::error!("CVE monitor: failed to list SBOM entries: {e}"); + tracing::error!("CVE monitor: failed to list SBOM entries for '{tenant_id}': {e}"); return; } }; let entries: Vec = cursor.filter_map(|r| async { r.ok() }).collect().await; if entries.is_empty() { - tracing::debug!("CVE monitor: no SBOM entries, skipping"); + tracing::debug!("CVE monitor: no SBOM entries for tenant '{tenant_id}', skipping"); return; } tracing::info!( - "CVE monitor: checking {} dependencies for new CVEs", + "CVE monitor: checking {} dependencies for new CVEs (tenant '{tenant_id}')", entries.len() ); @@ -112,7 +168,7 @@ async fn monitor_cves(agent: &ComplianceAgent) { std::collections::HashMap::new(); for rid in &repo_ids { if let Ok(oid) = mongodb::bson::oid::ObjectId::parse_str(rid) { - if let Ok(Some(repo)) = agent.db.repositories().find_one(doc! { "_id": oid }).await { + if let Ok(Some(repo)) = db.repositories().find_one(doc! { "_id": oid }).await { repo_names.insert(rid.clone(), repo.name.clone()); } } @@ -160,8 +216,7 @@ async fn monitor_cves(agent: &ComplianceAgent) { for alert in &alerts { let filter = doc! { "cve_id": &alert.cve_id, "repo_id": &alert.repo_id }; let update = doc! { "$setOnInsert": mongodb::bson::to_bson(alert).unwrap_or_default() }; - let _ = agent - .db + let _ = db .cve_alerts() .update_one(filter, update) .upsert(true) @@ -174,8 +229,7 @@ async fn monitor_cves(agent: &ComplianceAgent) { continue; } if let Some(entry_id) = &entry.id { - let _ = agent - .db + let _ = db .sbom_entries() .update_one( doc! { "_id": entry_id }, @@ -213,8 +267,7 @@ async fn monitor_cves(agent: &ComplianceAgent) { let update = doc! { "$setOnInsert": mongodb::bson::to_bson(¬ification).unwrap_or_default() }; - match agent - .db + match db .cve_notifications() .update_one(filter, update) .upsert(true) @@ -232,8 +285,10 @@ async fn monitor_cves(agent: &ComplianceAgent) { } if new_notifications > 0 { - tracing::info!("CVE monitor: created {new_notifications} new notification(s)"); + tracing::info!( + "CVE monitor: created {new_notifications} new notification(s) for tenant '{tenant_id}'" + ); } else { - tracing::info!("CVE monitor: no new CVEs found"); + tracing::info!("CVE monitor: no new CVEs found for tenant '{tenant_id}'"); } } diff --git a/compliance-agent/src/webhooks/gitea.rs b/compliance-agent/src/webhooks/gitea.rs index ec58b2c..a77c161 100644 --- a/compliance-agent/src/webhooks/gitea.rs +++ b/compliance-agent/src/webhooks/gitea.rs @@ -14,24 +14,30 @@ type HmacSha256 = Hmac; pub async fn handle_gitea_webhook( Extension(agent): Extension>, - Path(repo_id): Path, + Path((tenant_id, repo_id)): Path<(String, String)>, headers: HeaderMap, body: Bytes, ) -> StatusCode { - // Look up the repo to get its webhook secret + // Look up the repo in the tenant's database to get its webhook secret let oid = match mongodb::bson::oid::ObjectId::parse_str(&repo_id) { Ok(oid) => oid, Err(_) => return StatusCode::NOT_FOUND, }; - let repo = match agent - .db + let db = match agent.db_pool.for_tenant_id(&tenant_id).await { + Ok(db) => db, + Err(e) => { + tracing::warn!("Gitea webhook: cannot open tenant database '{tenant_id}': {e}"); + return StatusCode::NOT_FOUND; + } + }; + let repo = match db .repositories() .find_one(mongodb::bson::doc! { "_id": oid }) .await { Ok(Some(repo)) => repo, _ => { - tracing::warn!("Gitea webhook: repo {repo_id} not found"); + tracing::warn!("Gitea webhook: repo {repo_id} not found in tenant '{tenant_id}'"); return StatusCode::NOT_FOUND; } }; @@ -66,15 +72,21 @@ pub async fn handle_gitea_webhook( "push" => { let agent_clone = (*agent).clone(); let repo_id = repo_id.clone(); + let tenant_id = tenant_id.clone(); tokio::spawn(async move { - tracing::info!("Gitea push webhook: triggering scan for {repo_id}"); - if let Err(e) = agent_clone.run_scan(&repo_id, ScanTrigger::Webhook).await { + tracing::info!( + "Gitea push webhook: triggering scan for {repo_id} in tenant {tenant_id}" + ); + if let Err(e) = agent_clone + .run_scan(&tenant_id, &repo_id, ScanTrigger::Webhook) + .await + { tracing::error!("Webhook-triggered scan failed: {e}"); } }); StatusCode::OK } - "pull_request" => handle_pull_request(agent, &repo_id, &payload).await, + "pull_request" => handle_pull_request(agent, &tenant_id, &repo_id, &payload).await, _ => { tracing::debug!("Gitea webhook: ignoring event '{event}'"); StatusCode::OK @@ -84,6 +96,7 @@ pub async fn handle_gitea_webhook( async fn handle_pull_request( agent: Arc, + tenant_id: &str, repo_id: &str, payload: &serde_json::Value, ) -> StatusCode { @@ -106,13 +119,14 @@ async fn handle_pull_request( } let repo_id = repo_id.to_string(); + let tenant_id = tenant_id.to_string(); let head_sha = head_sha.to_string(); let base_sha = base_sha.to_string(); let agent_clone = (*agent).clone(); tokio::spawn(async move { tracing::info!("Gitea PR webhook: reviewing PR #{pr_number} on {repo_id}"); if let Err(e) = agent_clone - .run_pr_review(&repo_id, pr_number, &base_sha, &head_sha) + .run_pr_review(&tenant_id, &repo_id, pr_number, &base_sha, &head_sha) .await { tracing::error!("PR review failed for #{pr_number}: {e}"); diff --git a/compliance-agent/src/webhooks/github.rs b/compliance-agent/src/webhooks/github.rs index 7273714..a9b7048 100644 --- a/compliance-agent/src/webhooks/github.rs +++ b/compliance-agent/src/webhooks/github.rs @@ -14,24 +14,30 @@ type HmacSha256 = Hmac; pub async fn handle_github_webhook( Extension(agent): Extension>, - Path(repo_id): Path, + Path((tenant_id, repo_id)): Path<(String, String)>, headers: HeaderMap, body: Bytes, ) -> StatusCode { - // Look up the repo to get its webhook secret + // Look up the repo in the tenant's database to get its webhook secret let oid = match mongodb::bson::oid::ObjectId::parse_str(&repo_id) { Ok(oid) => oid, Err(_) => return StatusCode::NOT_FOUND, }; - let repo = match agent - .db + let db = match agent.db_pool.for_tenant_id(&tenant_id).await { + Ok(db) => db, + Err(e) => { + tracing::warn!("GitHub webhook: cannot open tenant database '{tenant_id}': {e}"); + return StatusCode::NOT_FOUND; + } + }; + let repo = match db .repositories() .find_one(mongodb::bson::doc! { "_id": oid }) .await { Ok(Some(repo)) => repo, _ => { - tracing::warn!("GitHub webhook: repo {repo_id} not found"); + tracing::warn!("GitHub webhook: repo {repo_id} not found in tenant '{tenant_id}'"); return StatusCode::NOT_FOUND; } }; @@ -66,15 +72,21 @@ pub async fn handle_github_webhook( "push" => { let agent_clone = (*agent).clone(); let repo_id = repo_id.clone(); + let tenant_id = tenant_id.clone(); tokio::spawn(async move { - tracing::info!("GitHub push webhook: triggering scan for {repo_id}"); - if let Err(e) = agent_clone.run_scan(&repo_id, ScanTrigger::Webhook).await { + tracing::info!( + "GitHub push webhook: triggering scan for {repo_id} in tenant {tenant_id}" + ); + if let Err(e) = agent_clone + .run_scan(&tenant_id, &repo_id, ScanTrigger::Webhook) + .await + { tracing::error!("Webhook-triggered scan failed: {e}"); } }); StatusCode::OK } - "pull_request" => handle_pull_request(agent, &repo_id, &payload).await, + "pull_request" => handle_pull_request(agent, &tenant_id, &repo_id, &payload).await, _ => { tracing::debug!("GitHub webhook: ignoring event '{event}'"); StatusCode::OK @@ -84,6 +96,7 @@ pub async fn handle_github_webhook( async fn handle_pull_request( agent: Arc, + tenant_id: &str, repo_id: &str, payload: &serde_json::Value, ) -> StatusCode { @@ -105,13 +118,14 @@ async fn handle_pull_request( } let repo_id = repo_id.to_string(); + let tenant_id = tenant_id.to_string(); let head_sha = head_sha.to_string(); let base_sha = base_sha.to_string(); let agent_clone = (*agent).clone(); tokio::spawn(async move { tracing::info!("GitHub PR webhook: reviewing PR #{pr_number} on {repo_id}"); if let Err(e) = agent_clone - .run_pr_review(&repo_id, pr_number, &base_sha, &head_sha) + .run_pr_review(&tenant_id, &repo_id, pr_number, &base_sha, &head_sha) .await { tracing::error!("PR review failed for #{pr_number}: {e}"); diff --git a/compliance-agent/src/webhooks/gitlab.rs b/compliance-agent/src/webhooks/gitlab.rs index b0a7219..c830a28 100644 --- a/compliance-agent/src/webhooks/gitlab.rs +++ b/compliance-agent/src/webhooks/gitlab.rs @@ -10,24 +10,30 @@ use crate::agent::ComplianceAgent; pub async fn handle_gitlab_webhook( Extension(agent): Extension>, - Path(repo_id): Path, + Path((tenant_id, repo_id)): Path<(String, String)>, headers: HeaderMap, body: Bytes, ) -> StatusCode { - // Look up the repo to get its webhook secret + // Look up the repo in the tenant's database to get its webhook secret let oid = match mongodb::bson::oid::ObjectId::parse_str(&repo_id) { Ok(oid) => oid, Err(_) => return StatusCode::NOT_FOUND, }; - let repo = match agent - .db + let db = match agent.db_pool.for_tenant_id(&tenant_id).await { + Ok(db) => db, + Err(e) => { + tracing::warn!("GitLab webhook: cannot open tenant database '{tenant_id}': {e}"); + return StatusCode::NOT_FOUND; + } + }; + let repo = match db .repositories() .find_one(mongodb::bson::doc! { "_id": oid }) .await { Ok(Some(repo)) => repo, _ => { - tracing::warn!("GitLab webhook: repo {repo_id} not found"); + tracing::warn!("GitLab webhook: repo {repo_id} not found in tenant '{tenant_id}'"); return StatusCode::NOT_FOUND; } }; @@ -59,15 +65,21 @@ pub async fn handle_gitlab_webhook( "push" => { let agent_clone = (*agent).clone(); let repo_id = repo_id.clone(); + let tenant_id = tenant_id.clone(); tokio::spawn(async move { - tracing::info!("GitLab push webhook: triggering scan for {repo_id}"); - if let Err(e) = agent_clone.run_scan(&repo_id, ScanTrigger::Webhook).await { + tracing::info!( + "GitLab push webhook: triggering scan for {repo_id} in tenant {tenant_id}" + ); + if let Err(e) = agent_clone + .run_scan(&tenant_id, &repo_id, ScanTrigger::Webhook) + .await + { tracing::error!("Webhook-triggered scan failed: {e}"); } }); StatusCode::OK } - "merge_request" => handle_merge_request(agent, &repo_id, &payload).await, + "merge_request" => handle_merge_request(agent, &tenant_id, &repo_id, &payload).await, _ => { tracing::debug!("GitLab webhook: ignoring event '{event_type}'"); StatusCode::OK @@ -77,6 +89,7 @@ pub async fn handle_gitlab_webhook( async fn handle_merge_request( agent: Arc, + tenant_id: &str, repo_id: &str, payload: &serde_json::Value, ) -> StatusCode { @@ -101,13 +114,14 @@ async fn handle_merge_request( } let repo_id = repo_id.to_string(); + let tenant_id = tenant_id.to_string(); let head_sha = head_sha.to_string(); let base_sha = base_sha.to_string(); let agent_clone = (*agent).clone(); tokio::spawn(async move { tracing::info!("GitLab MR webhook: reviewing MR !{mr_iid} on {repo_id}"); if let Err(e) = agent_clone - .run_pr_review(&repo_id, mr_iid, &base_sha, &head_sha) + .run_pr_review(&tenant_id, &repo_id, mr_iid, &base_sha, &head_sha) .await { tracing::error!("MR review failed for !{mr_iid}: {e}"); diff --git a/compliance-agent/src/webhooks/server.rs b/compliance-agent/src/webhooks/server.rs index b90f860..6e30084 100644 --- a/compliance-agent/src/webhooks/server.rs +++ b/compliance-agent/src/webhooks/server.rs @@ -9,17 +9,21 @@ use crate::webhooks::{gitea, github, gitlab}; pub async fn start_webhook_server(agent: &ComplianceAgent) -> Result<(), AgentError> { let app = Router::new() - // Per-repo webhook URLs: /webhook/{platform}/{repo_id} + // Per-tenant per-repo webhook URLs: /webhook/{tenant_id}/{platform}/{repo_id} + // The tenant_id is resolved from the URL path because webhooks + // arrive without a JWT — they're authenticated via per-repo HMAC, + // not via the tenant gate. The dashboard surfaces the full URL + // including the tenant_id when the repo is registered. .route( - "/webhook/github/{repo_id}", + "/webhook/{tenant_id}/github/{repo_id}", post(github::handle_github_webhook), ) .route( - "/webhook/gitlab/{repo_id}", + "/webhook/{tenant_id}/gitlab/{repo_id}", post(gitlab::handle_gitlab_webhook), ) .route( - "/webhook/gitea/{repo_id}", + "/webhook/{tenant_id}/gitea/{repo_id}", post(gitea::handle_gitea_webhook), ) .layer(Extension(Arc::new(agent.clone()))); -- 2.52.0 From 08c4ec4cff4ceaf7d649fa51464acdb7f54ad98b Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Wed, 17 Jun 2026 15:05:27 +0200 Subject: [PATCH 5/6] feat(m7.2-D): drop transitional agent.db, add admin helpers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Final slice of M7.2. Removes the transitional single-database handle that M7.2-A introduced alongside the pool, so the compliance-agent now has a single source of truth for storage: every code path obtains a tenant-scoped Database from `agent.db_pool.for_tenant_id(...)` or `for_tenant(&ctx)`. There is no shared "default" database anywhere. Changes - ComplianceAgent: `db: Database` field removed. ComplianceAgent::new now takes only `(config, db_pool)`. Verified by an earlier grep during M7.2-C that no remaining call site reads `agent.db`. - main.rs: stops constructing the legacy Database. Only the pool is built at startup. - TestServer: same — drops Database::connect/ensure_indexes, builds only the pool. cleanup() now drops every `_*` per-tenant database (no longer touches a bare ``). - DatabasePool::list_tenant_db_names() — lists Mongo databases matching the pool's prefix. For admin endpoints + scheduler tenant enumeration in a future M7.3 (this PR keeps SCHEDULER_TENANT_IDS env config — registry integration is a separate concern). - DatabasePool::drop_tenant(&str) — idempotent tenant offboarding. Drops the per-tenant database and evicts the in-memory `ensured` marker so a later re-provision re-runs ensure_indexes. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean - cargo test -p compliance-core --lib — 7 pass - cargo test -p compliance-agent --lib — 228 pass - cargo test -p compliance-agent --test tenant_isolation — 6 pass including new `admin_helpers_list_and_drop_tenant_dbs` - cargo test -p compliance-agent --test tenant_status_middleware — 6 pass M7.2 closeout state after this lands - M7.1 (auth + status) — done - M7.2-A (pool) — done - M7.2-B (handlers) — done - M7.2-C (background paths) — done - M7.2-D (legacy db removed, admin helpers) — done (this PR) - Future M7.3: scheduler pulls tenants from tenant-registry instead of SCHEDULER_TENANT_IDS env; cross-tenant admin HTTP endpoints built on list_tenant_db_names / drop_tenant. Co-Authored-By: Claude Opus 4.7 --- compliance-agent/src/agent.rs | 14 ++--- compliance-agent/src/database.rs | 37 +++++++++++++ compliance-agent/src/main.rs | 11 ++-- compliance-agent/tests/common/mod.rs | 16 ++---- compliance-agent/tests/tenant_isolation.rs | 64 ++++++++++++++++++++++ 5 files changed, 115 insertions(+), 27 deletions(-) diff --git a/compliance-agent/src/agent.rs b/compliance-agent/src/agent.rs index 6ce21f1..5327fec 100644 --- a/compliance-agent/src/agent.rs +++ b/compliance-agent/src/agent.rs @@ -6,7 +6,7 @@ use tokio::sync::{broadcast, watch, Semaphore}; use compliance_core::models::pentest::PentestEvent; use compliance_core::AgentConfig; -use crate::database::{Database, DatabasePool}; +use crate::database::DatabasePool; use crate::llm::LlmClient; use crate::pipeline::orchestrator::PipelineOrchestrator; @@ -16,12 +16,9 @@ const DEFAULT_MAX_CONCURRENT_SESSIONS: usize = 5; #[derive(Clone)] pub struct ComplianceAgent { pub config: AgentConfig, - /// Transitional single-database handle. Used by handlers that have - /// not yet been migrated to `db_pool.for_tenant(&ctx)` (M7.2-B/C). - /// Will be removed once every call site is tenant-scoped (M7.2-D). - pub db: Database, - /// Per-tenant Mongo broker introduced in M7.2-A. Handlers should - /// prefer this and obtain a tenant-scoped [`Database`] from it. + /// Per-tenant Mongo broker. Every code path must obtain a + /// tenant-scoped [`crate::database::Database`] from this pool — + /// there is no single shared database any more. pub db_pool: DatabasePool, pub llm: Arc, pub http: reqwest::Client, @@ -34,7 +31,7 @@ pub struct ComplianceAgent { } impl ComplianceAgent { - pub fn new(config: AgentConfig, db: Database, db_pool: DatabasePool) -> Self { + pub fn new(config: AgentConfig, db_pool: DatabasePool) -> Self { let llm = Arc::new(LlmClient::new( config.litellm_url.clone(), config.litellm_api_key.clone(), @@ -48,7 +45,6 @@ impl ComplianceAgent { .unwrap_or_default(); Self { config, - db, db_pool, llm, http, diff --git a/compliance-agent/src/database.rs b/compliance-agent/src/database.rs index 11d17fa..5532b18 100644 --- a/compliance-agent/src/database.rs +++ b/compliance-agent/src/database.rs @@ -140,6 +140,43 @@ impl DatabasePool { pub fn client(&self) -> &Client { &self.client } + + /// List every Mongo database currently belonging to this pool, + /// identified by the `_` prefix. The result is the raw + /// database names — opening one for offboarding/cleanup goes + /// through [`Self::client`]. + /// + /// Note: hashed-fallback names (very long tenant_ids) lose the + /// original tenant_id at the cluster level — we know a database + /// exists for *some* tenant but not which one. In practice + /// tenant_ids are UUIDs (36 chars) and never hit the fallback, + /// so this is a theoretical concern, not an operational one. + pub async fn list_tenant_db_names(&self) -> Result, AgentError> { + let prefix = format!("{}_", self.db_prefix); + let names = self.client.list_database_names().await?; + Ok(names + .into_iter() + .filter(|n| n.starts_with(&prefix)) + .collect()) + } + + /// Drop the database for a specific tenant. Used by GDPR delete + /// and tenant offboarding. Idempotent — dropping a non-existent + /// database is a no-op at the driver level. + /// + /// Also evicts the tenant from the in-memory `ensured` set so a + /// later re-provision triggers fresh `ensure_indexes`. + pub async fn drop_tenant(&self, tenant_id: &str) -> Result<(), AgentError> { + let db_name = self.tenant_db_name(tenant_id); + self.client.database(&db_name).drop().await?; + self.ensured.remove(tenant_id); + tracing::info!( + tenant_id = %tenant_id, + db_name = %db_name, + "Dropped tenant database" + ); + Ok(()) + } } /// Mongo database names disallow `/`, `\`, `.`, `"`, `$`, ` `, and NUL. diff --git a/compliance-agent/src/main.rs b/compliance-agent/src/main.rs index 1270b22..110634f 100644 --- a/compliance-agent/src/main.rs +++ b/compliance-agent/src/main.rs @@ -25,16 +25,13 @@ async fn main() -> Result<(), Box> { } tracing::info!("Connecting to MongoDB..."); - let db = database::Database::connect(&config.mongodb_uri, &config.mongodb_database).await?; - db.ensure_indexes().await?; - - // M7.2-A: per-tenant pool. Uses `mongodb_database` as the db-name - // prefix so tenant databases land as `_` next to - // the legacy single-tenant database. + // Per-tenant pool only — the agent has no shared "default" database + // after M7.2-D. `mongodb_database` is now the db-name prefix used + // for tenant databases (`_`). let db_pool = database::DatabasePool::connect(&config.mongodb_uri, &config.mongodb_database).await?; - let agent = agent::ComplianceAgent::new(config.clone(), db.clone(), db_pool); + let agent = agent::ComplianceAgent::new(config.clone(), db_pool); tracing::info!("Starting scheduler..."); let scheduler_agent = agent.clone(); diff --git a/compliance-agent/tests/common/mod.rs b/compliance-agent/tests/common/mod.rs index cd1d307..5857203 100644 --- a/compliance-agent/tests/common/mod.rs +++ b/compliance-agent/tests/common/mod.rs @@ -7,7 +7,7 @@ use std::sync::Arc; use compliance_agent::agent::ComplianceAgent; use compliance_agent::api; -use compliance_agent::database::{Database, DatabasePool}; +use compliance_agent::database::DatabasePool; use compliance_core::AgentConfig; use secrecy::SecretString; @@ -28,11 +28,6 @@ impl TestServer { // Unique database name per test run to avoid collisions let db_name = format!("test_{}", uuid::Uuid::new_v4().simple()); - let db = Database::connect(&mongodb_uri, &db_name) - .await - .expect("Failed to connect to MongoDB — is it running?"); - db.ensure_indexes().await.expect("Failed to create indexes"); - let db_pool = DatabasePool::connect(&mongodb_uri, &db_name) .await .expect("Failed to build DatabasePool"); @@ -73,7 +68,7 @@ impl TestServer { pentest_imap_password: None, }; - let agent = ComplianceAgent::new(config, db, db_pool); + let agent = ComplianceAgent::new(config, db_pool); // Build the router with the agent extension. After M7.2-B every // handler takes a TenantCtx extractor; without KC in the test @@ -164,12 +159,11 @@ impl TestServer { &self.db_name } - /// Drop the test database on cleanup. Post-M7.2-B the actual data - /// lives in `_` per-tenant databases; list those - /// off the cluster and drop them too. + /// Drop every per-tenant database belonging to this test run. + /// Post-M7.2-D the agent never opens a `db_name` directly — + /// data lives only in `_` per-tenant databases. pub async fn cleanup(&self) { if let Ok(client) = mongodb::Client::with_uri_str(&self.mongodb_uri).await { - client.database(&self.db_name).drop().await.ok(); if let Ok(names) = client.list_database_names().await { let prefix = format!("{}_", self.db_name); for name in names { diff --git a/compliance-agent/tests/tenant_isolation.rs b/compliance-agent/tests/tenant_isolation.rs index a12b57d..c204f7b 100644 --- a/compliance-agent/tests/tenant_isolation.rs +++ b/compliance-agent/tests/tenant_isolation.rs @@ -158,6 +158,70 @@ async fn tenant_db_name_sanitizes_unsafe_characters() { } } +#[tokio::test] +async fn admin_helpers_list_and_drop_tenant_dbs() { + let uri = std::env::var("TEST_MONGODB_URI") + .unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into()); + let prefix = format!("m72d_{}", short_id()); + let pool = DatabasePool::connect(&uri, &prefix).await.expect("connect"); + + let acme = ctx("00000000-0000-0000-0000-00000000acme", "acme"); + let globex = ctx("00000000-0000-0000-0000-0000globex000", "globex"); + + // Provision two tenants and write a doc into each so the databases + // actually materialize on the cluster (Mongo lazily creates DBs). + let acme_db = pool.for_tenant(&acme).await.expect("acme db"); + let globex_db = pool.for_tenant(&globex).await.expect("globex db"); + acme_db + .repositories() + .insert_one(fixture_repo("acme-app", "git@example.com:acme/app.git")) + .await + .expect("insert acme"); + globex_db + .repositories() + .insert_one(fixture_repo("globex-app", "git@example.com:globex/app.git")) + .await + .expect("insert globex"); + + // list_tenant_db_names sees both, filtered by prefix + let names = pool.list_tenant_db_names().await.expect("list tenants"); + let acme_name = pool.tenant_db_name(&acme.tenant_id); + let globex_name = pool.tenant_db_name(&globex.tenant_id); + assert!( + names.contains(&acme_name), + "expected {acme_name} in {names:?}" + ); + assert!( + names.contains(&globex_name), + "expected {globex_name} in {names:?}" + ); + for name in &names { + assert!(name.starts_with(&format!("{prefix}_"))); + } + + // drop_tenant removes acme's DB + pool.drop_tenant(&acme.tenant_id) + .await + .expect("drop acme tenant"); + let after = pool + .list_tenant_db_names() + .await + .expect("list tenants after drop"); + assert!( + !after.contains(&acme_name), + "acme should be gone after drop, got {after:?}" + ); + assert!( + after.contains(&globex_name), + "globex should still be present, got {after:?}" + ); + + // Cleanup remaining + pool.drop_tenant(&globex.tenant_id) + .await + .expect("drop globex tenant"); +} + #[tokio::test] async fn tenant_db_name_falls_back_to_hash_when_too_long() { let uri = std::env::var("TEST_MONGODB_URI") -- 2.52.0 From dcec519565aab6dc13274ef9b0aba66312e8b720 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Wed, 17 Jun 2026 20:31:21 +0200 Subject: [PATCH 6/6] fix(dashboard): attach Keycloak token on agent API calls MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Symptom: "unable to load repositories" — agent returns "Missing authorization header" 401 on every protected endpoint because the dashboard's server functions were calling reqwest::get without an Authorization header. The Keycloak OIDC flow (auth_login / auth_callback) was already wired up and storing the access_token in tower-sessions, but the access_token was never threaded into outbound calls. Fix - New `infrastructure::agent_client` module exposes: - `agent_request(method, path) -> RequestBuilder` - `agent_get(path) -> RequestBuilder` (sugar for GET) Both pull the session's access_token (via FullstackContext extract) and attach `Authorization: Bearer `. When Keycloak is not configured the helper short-circuits — matching the dashboard's require_auth middleware which short-circuits in the same state. - Migrated every #[server] function in: - chat, dast, findings, graph, issues, notifications, pentest, repositories, sbom, scans, stats - 57 call sites total, all replaced. - Left as-is: - `infrastructure::server::webhook_proxy` — forwards to the agent's separate webhook server (port 3002), which is HMAC-authenticated, not JWT-authenticated. - `infrastructure::auth::auth_callback` — performs the KC token exchange itself; bearer auth would be circular. Test plan - cargo fmt --all clean - cargo clippy -p compliance-dashboard --features server -- -D warnings clean - cargo check -p compliance-dashboard --features server clean - cargo check -p compliance-dashboard (web target) implicit via build - Manual: after deploy, dashboard's repositories page loads without 401; calls now carry Authorization: Bearer header to the agent. Co-Authored-By: Claude Opus 4.7 --- .../src/infrastructure/agent_client.rs | 61 ++++ .../src/infrastructure/chat.rs | 61 ++-- .../src/infrastructure/dast.rs | 56 ++- .../src/infrastructure/findings.rs | 86 ++--- .../src/infrastructure/graph.rs | 78 ++--- .../src/infrastructure/issues.rs | 8 +- .../src/infrastructure/mod.rs | 2 + .../src/infrastructure/notifications.rs | 41 +-- .../src/infrastructure/pentest.rs | 329 ++++++++---------- .../src/infrastructure/repositories.rs | 109 +++--- .../src/infrastructure/sbom.rs | 55 ++- .../src/infrastructure/scans.rs | 11 +- .../src/infrastructure/stats.rs | 8 +- 13 files changed, 412 insertions(+), 493 deletions(-) create mode 100644 compliance-dashboard/src/infrastructure/agent_client.rs diff --git a/compliance-dashboard/src/infrastructure/agent_client.rs b/compliance-dashboard/src/infrastructure/agent_client.rs new file mode 100644 index 0000000..f2354b0 --- /dev/null +++ b/compliance-dashboard/src/infrastructure/agent_client.rs @@ -0,0 +1,61 @@ +//! Authenticated HTTP client for talking to the compliance-agent. +//! +//! Every dashboard server function that hits `comp-dev.meghsakha.com/api/v1/*` +//! must go through here so the Keycloak access token from the user's +//! session is attached as `Authorization: Bearer `. Without it +//! the agent's M7.1 `require_jwt_auth` middleware rejects with 401 +//! "Missing authorization header". +//! +//! When Keycloak is not configured (dev convenience), the helper +//! returns an unauthenticated builder — matching the agent's +//! pass-through behavior in the same state. + +use dioxus::prelude::ServerFnError; +use dioxus_fullstack::FullstackContext; +use reqwest::Method; + +use super::auth::LOGGED_IN_USER_SESS_KEY; +use super::server_state::ServerState; +use super::user_state::UserStateInner; + +/// Build a `RequestBuilder` for `` with the +/// session's access token attached. `path` should include a leading +/// `/`, e.g. `"/api/v1/repositories"`. +pub async fn agent_request( + method: Method, + path: &str, +) -> Result { + let state: ServerState = FullstackContext::extract().await?; + let url = format!("{}{}", state.agent_api_url, path); + let mut req = reqwest::Client::new().request(method, &url); + req = attach_token(req, &state).await?; + Ok(req) +} + +/// Same as [`agent_request`] but for `GET`. Convenience for the common case. +pub async fn agent_get(path: &str) -> Result { + agent_request(Method::GET, path).await +} + +/// Attach the session's bearer token if Keycloak is configured AND the +/// session has a logged-in user. Otherwise leave the request as-is. +/// +/// The Keycloak-disabled path mirrors the dashboard's `require_auth` +/// middleware, which short-circuits when `state.keycloak.is_none()`. +async fn attach_token( + req: reqwest::RequestBuilder, + state: &ServerState, +) -> Result { + if state.keycloak.is_none() { + return Ok(req); + } + let session: tower_sessions::Session = FullstackContext::extract().await?; + let user: Option = session + .get(LOGGED_IN_USER_SESS_KEY) + .await + .map_err(|e| ServerFnError::new(format!("session read failed: {e}")))?; + Ok(match user { + Some(u) => req.bearer_auth(u.access_token), + None => req, + }) +} diff --git a/compliance-dashboard/src/infrastructure/chat.rs b/compliance-dashboard/src/infrastructure/chat.rs index 6dee347..54b9b58 100644 --- a/compliance-dashboard/src/infrastructure/chat.rs +++ b/compliance-dashboard/src/infrastructure/chat.rs @@ -61,23 +61,21 @@ pub async fn send_chat_message( message: String, history: Vec, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/chat/{repo_id}", state.agent_api_url); - let client = reqwest::Client::builder() - .timeout(std::time::Duration::from_secs(120)) - .build() - .map_err(|e| ServerFnError::new(e.to_string()))?; - let resp = client - .post(&url) - .json(&serde_json::json!({ - "message": message, - "history": history, - })) - .send() - .await - .map_err(|e| ServerFnError::new(format!("Request failed: {e}")))?; + // Chat uses a longer timeout because the LLM round-trip can be slow; + // agent_request doesn't expose a per-call timeout so we layer one on. + let resp = super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/chat/{repo_id}"), + ) + .await? + .timeout(std::time::Duration::from_secs(120)) + .json(&serde_json::json!({ + "message": message, + "history": history, + })) + .send() + .await + .map_err(|e| ServerFnError::new(format!("Request failed: {e}")))?; let text = resp .text() @@ -91,19 +89,14 @@ pub async fn send_chat_message( #[server] pub async fn trigger_embedding_build(repo_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!( - "{}/api/v1/chat/{repo_id}/build-embeddings", - state.agent_api_url - ); - let client = reqwest::Client::new(); - client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/chat/{repo_id}/build-embeddings"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } @@ -111,11 +104,9 @@ pub async fn trigger_embedding_build(repo_id: String) -> Result<(), ServerFnErro pub async fn fetch_embedding_status( repo_id: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/chat/{repo_id}/status", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/chat/{repo_id}/status")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: EmbeddingStatusResponse = resp diff --git a/compliance-dashboard/src/infrastructure/dast.rs b/compliance-dashboard/src/infrastructure/dast.rs index 9b6fe50..8b51002 100644 --- a/compliance-dashboard/src/infrastructure/dast.rs +++ b/compliance-dashboard/src/infrastructure/dast.rs @@ -26,10 +26,9 @@ pub struct DastFindingDetailResponse { #[server] pub async fn fetch_dast_targets() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/dast/targets", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/dast/targets") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: DastTargetsResponse = resp @@ -41,10 +40,9 @@ pub async fn fetch_dast_targets() -> Result #[server] pub async fn fetch_dast_scan_runs() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/dast/scan-runs", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/dast/scan-runs") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: DastScanRunsResponse = resp @@ -56,10 +54,9 @@ pub async fn fetch_dast_scan_runs() -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/dast/findings", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/dast/findings") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: DastFindingsResponse = resp @@ -73,10 +70,9 @@ pub async fn fetch_dast_findings() -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/dast/findings/{id}", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/dast/findings/{id}")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: DastFindingDetailResponse = resp @@ -88,12 +84,8 @@ pub async fn fetch_dast_finding_detail( #[server] pub async fn add_dast_target(name: String, base_url: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/dast/targets", state.agent_api_url); - let client = reqwest::Client::new(); - client - .post(&url) + super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/dast/targets") + .await? .json(&serde_json::json!({ "name": name, "base_url": base_url, @@ -106,17 +98,13 @@ pub async fn add_dast_target(name: String, base_url: String) -> Result<(), Serve #[server] pub async fn trigger_dast_scan(target_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/dast/targets/{target_id}/scan", - state.agent_api_url - ); - let client = reqwest::Client::new(); - client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/dast/targets/{target_id}/scan"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } diff --git a/compliance-dashboard/src/infrastructure/findings.rs b/compliance-dashboard/src/infrastructure/findings.rs index 41ce95b..06ca180 100644 --- a/compliance-dashboard/src/infrastructure/findings.rs +++ b/compliance-dashboard/src/infrastructure/findings.rs @@ -24,39 +24,35 @@ pub struct FindingsQuery { #[server] pub async fn fetch_findings(query: FindingsQuery) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let mut url = format!( - "{}/api/v1/findings?page={}&limit=20", - state.agent_api_url, query.page - ); + let mut path = format!("/api/v1/findings?page={}&limit=20", query.page); if !query.severity.is_empty() { - url.push_str(&format!("&severity={}", query.severity)); + path.push_str(&format!("&severity={}", query.severity)); } if !query.scan_type.is_empty() { - url.push_str(&format!("&scan_type={}", query.scan_type)); + path.push_str(&format!("&scan_type={}", query.scan_type)); } if !query.status.is_empty() { - url.push_str(&format!("&status={}", query.status)); + path.push_str(&format!("&status={}", query.status)); } if !query.repo_id.is_empty() { - url.push_str(&format!("&repo_id={}", query.repo_id)); + path.push_str(&format!("&repo_id={}", query.repo_id)); } if !query.q.is_empty() { - url.push_str(&format!( + path.push_str(&format!( "&q={}", url::form_urlencoded::byte_serialize(query.q.as_bytes()).collect::() )); } if !query.sort_by.is_empty() { - url.push_str(&format!("&sort_by={}", query.sort_by)); + path.push_str(&format!("&sort_by={}", query.sort_by)); } if !query.sort_order.is_empty() { - url.push_str(&format!("&sort_order={}", query.sort_order)); + path.push_str(&format!("&sort_order={}", query.sort_order)); } - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&path) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: FindingsListResponse = resp @@ -68,11 +64,9 @@ pub async fn fetch_findings(query: FindingsQuery) -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/findings/{id}", state.agent_api_url); - - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/findings/{id}")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: serde_json::Value = resp @@ -86,18 +80,15 @@ pub async fn fetch_finding_detail(id: String) -> Result #[server] pub async fn update_finding_status(id: String, status: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/findings/{id}/status", state.agent_api_url); - - let client = reqwest::Client::new(); - client - .patch(&url) - .json(&serde_json::json!({ "status": status })) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; - + super::agent_client::agent_request( + reqwest::Method::PATCH, + &format!("/api/v1/findings/{id}/status"), + ) + .await? + .json(&serde_json::json!({ "status": status })) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } @@ -106,34 +97,25 @@ pub async fn bulk_update_finding_status( ids: Vec, status: String, ) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/findings/bulk-status", state.agent_api_url); - - let client = reqwest::Client::new(); - client - .patch(&url) + super::agent_client::agent_request(reqwest::Method::PATCH, "/api/v1/findings/bulk-status") + .await? .json(&serde_json::json!({ "ids": ids, "status": status })) .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; - Ok(()) } #[server] pub async fn update_finding_feedback(id: String, feedback: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/findings/{id}/feedback", state.agent_api_url); - - let client = reqwest::Client::new(); - client - .patch(&url) - .json(&serde_json::json!({ "feedback": feedback })) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; - + super::agent_client::agent_request( + reqwest::Method::PATCH, + &format!("/api/v1/findings/{id}/feedback"), + ) + .await? + .json(&serde_json::json!({ "feedback": feedback })) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } diff --git a/compliance-dashboard/src/infrastructure/graph.rs b/compliance-dashboard/src/infrastructure/graph.rs index 68a0d06..566f4f3 100644 --- a/compliance-dashboard/src/infrastructure/graph.rs +++ b/compliance-dashboard/src/infrastructure/graph.rs @@ -50,10 +50,9 @@ pub struct SearchResponse { #[server] pub async fn fetch_graph(repo_id: String) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/graph/{repo_id}", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: GraphDataResponse = resp @@ -68,15 +67,12 @@ pub async fn fetch_impact( repo_id: String, finding_id: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/graph/{repo_id}/impact/{finding_id}", - state.agent_api_url - ); - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = + super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}/impact/{finding_id}")) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: ImpactResponse = resp .json() .await @@ -86,10 +82,9 @@ pub async fn fetch_impact( #[server] pub async fn fetch_communities(repo_id: String) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/graph/{repo_id}/communities", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}/communities")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: CommunitiesResponse = resp @@ -104,15 +99,13 @@ pub async fn fetch_file_content( repo_id: String, file_path: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/graph/{repo_id}/file-content?path={file_path}", - state.agent_api_url - ); - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_get(&format!( + "/api/v1/graph/{repo_id}/file-content?path={file_path}" + )) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: FileContentResponse = resp .json() .await @@ -122,15 +115,13 @@ pub async fn fetch_file_content( #[server] pub async fn search_nodes(repo_id: String, query: String) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/graph/{repo_id}/search?q={query}&limit=50", - state.agent_api_url - ); - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_get(&format!( + "/api/v1/graph/{repo_id}/search?q={query}&limit=50" + )) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: SearchResponse = resp .json() .await @@ -140,14 +131,13 @@ pub async fn search_nodes(repo_id: String, query: String) -> Result Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/graph/{repo_id}/build", state.agent_api_url); - let client = reqwest::Client::new(); - client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/graph/{repo_id}/build"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } diff --git a/compliance-dashboard/src/infrastructure/issues.rs b/compliance-dashboard/src/infrastructure/issues.rs index e1bc580..0b3dd6a 100644 --- a/compliance-dashboard/src/infrastructure/issues.rs +++ b/compliance-dashboard/src/infrastructure/issues.rs @@ -12,11 +12,9 @@ pub struct IssuesListResponse { #[server] pub async fn fetch_issues(page: u64) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/issues?page={page}&limit=20", state.agent_api_url); - - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/issues?page={page}&limit=20")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: IssuesListResponse = resp diff --git a/compliance-dashboard/src/infrastructure/mod.rs b/compliance-dashboard/src/infrastructure/mod.rs index cfd2057..4660eef 100644 --- a/compliance-dashboard/src/infrastructure/mod.rs +++ b/compliance-dashboard/src/infrastructure/mod.rs @@ -18,6 +18,8 @@ pub mod stats; // Server-only modules #[cfg(feature = "server")] +mod agent_client; +#[cfg(feature = "server")] mod auth; #[cfg(feature = "server")] mod auth_middleware; diff --git a/compliance-dashboard/src/infrastructure/notifications.rs b/compliance-dashboard/src/infrastructure/notifications.rs index 9e280f2..9764f88 100644 --- a/compliance-dashboard/src/infrastructure/notifications.rs +++ b/compliance-dashboard/src/infrastructure/notifications.rs @@ -32,11 +32,9 @@ pub struct NotificationCountResponse { #[server] pub async fn fetch_notification_count() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/notifications/count", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/notifications/count") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: NotificationCountResponse = resp @@ -48,11 +46,9 @@ pub async fn fetch_notification_count() -> Result { #[server] pub async fn fetch_notifications() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/notifications?limit=20", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/notifications?limit=20") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: NotificationListResponse = resp @@ -64,12 +60,8 @@ pub async fn fetch_notifications() -> Result Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/notifications/read-all", state.agent_api_url); - reqwest::Client::new() - .post(&url) + super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/notifications/read-all") + .await? .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; @@ -78,14 +70,13 @@ pub async fn mark_all_notifications_read() -> Result<(), ServerFnError> { #[server] pub async fn dismiss_notification(id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/notifications/{id}/dismiss", state.agent_api_url); - reqwest::Client::new() - .patch(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + super::agent_client::agent_request( + reqwest::Method::PATCH, + &format!("/api/v1/notifications/{id}/dismiss"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } diff --git a/compliance-dashboard/src/infrastructure/pentest.rs b/compliance-dashboard/src/infrastructure/pentest.rs index ddae313..a9b38f1 100644 --- a/compliance-dashboard/src/infrastructure/pentest.rs +++ b/compliance-dashboard/src/infrastructure/pentest.rs @@ -32,12 +32,10 @@ pub struct AttackChainResponse { #[server] pub async fn fetch_pentest_sessions() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - // Fetch sessions - let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/pentest/sessions") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let mut body: PentestSessionsResponse = resp @@ -46,31 +44,32 @@ pub async fn fetch_pentest_sessions() -> Result().await { - let targets = tbody.get("data").and_then(|v| v.as_array()); - if let Some(targets) = targets { - // Build target_id -> name lookup - let target_map: std::collections::HashMap = targets - .iter() - .filter_map(|t| { - let id = t.get("_id")?.get("$oid")?.as_str()?.to_string(); - let name = t.get("name")?.as_str()?.to_string(); - Some((id, name)) - }) - .collect(); + if let Ok(tresp_builder) = super::agent_client::agent_get("/api/v1/dast/targets").await { + if let Ok(tresp) = tresp_builder.send().await { + if let Ok(tbody) = tresp.json::().await { + let targets = tbody.get("data").and_then(|v| v.as_array()); + if let Some(targets) = targets { + // Build target_id -> name lookup + let target_map: std::collections::HashMap = targets + .iter() + .filter_map(|t| { + let id = t.get("_id")?.get("$oid")?.as_str()?.to_string(); + let name = t.get("name")?.as_str()?.to_string(); + Some((id, name)) + }) + .collect(); - // Enrich sessions with target_name - for session in body.data.iter_mut() { - if let Some(tid) = session.get("target_id").and_then(|v| v.as_str()) { - if let Some(name) = target_map.get(tid) { - session.as_object_mut().map(|obj| { - obj.insert( - "target_name".to_string(), - serde_json::Value::String(name.clone()), - ) - }); + // Enrich sessions with target_name + for session in body.data.iter_mut() { + if let Some(tid) = session.get("target_id").and_then(|v| v.as_str()) { + if let Some(name) = target_map.get(tid) { + session.as_object_mut().map(|obj| { + obj.insert( + "target_name".to_string(), + serde_json::Value::String(name.clone()), + ) + }); + } } } } @@ -83,10 +82,9 @@ pub async fn fetch_pentest_sessions() -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/pentest/sessions/{id}", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{id}")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let mut body: PentestSessionResponse = resp @@ -96,26 +94,27 @@ pub async fn fetch_pentest_session(id: String) -> Result().await { - if let Some(targets) = tbody.get("data").and_then(|v| v.as_array()) { - for t in targets { - let t_id = t - .get("_id") - .and_then(|v| v.get("$oid")) - .and_then(|v| v.as_str()) - .unwrap_or(""); - if t_id == tid { - if let Some(name) = t.get("name").and_then(|v| v.as_str()) { - body.data.as_object_mut().map(|obj| { - obj.insert( - "target_name".to_string(), - serde_json::Value::String(name.to_string()), - ) - }); + if let Ok(tresp_builder) = super::agent_client::agent_get("/api/v1/dast/targets").await { + if let Ok(tresp) = tresp_builder.send().await { + if let Ok(tbody) = tresp.json::().await { + if let Some(targets) = tbody.get("data").and_then(|v| v.as_array()) { + for t in targets { + let t_id = t + .get("_id") + .and_then(|v| v.get("$oid")) + .and_then(|v| v.as_str()) + .unwrap_or(""); + if t_id == tid { + if let Some(name) = t.get("name").and_then(|v| v.as_str()) { + body.data.as_object_mut().map(|obj| { + obj.insert( + "target_name".to_string(), + serde_json::Value::String(name.to_string()), + ) + }); + } + break; } - break; } } } @@ -130,15 +129,12 @@ pub async fn fetch_pentest_session(id: String) -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/messages", - state.agent_api_url - ); - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = + super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{session_id}/messages")) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: PentestMessagesResponse = resp .json() .await @@ -148,10 +144,9 @@ pub async fn fetch_pentest_messages( #[server] pub async fn fetch_pentest_stats() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/pentest/stats", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/pentest/stats") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: PentestStatsResponse = resp @@ -163,15 +158,13 @@ pub async fn fetch_pentest_stats() -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/attack-chain", - state.agent_api_url - ); - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_get(&format!( + "/api/v1/pentest/sessions/{session_id}/attack-chain" + )) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: AttackChainResponse = resp .json() .await @@ -185,20 +178,17 @@ pub async fn create_pentest_session( strategy: String, message: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url); - let client = reqwest::Client::new(); - let resp = client - .post(&url) - .json(&serde_json::json!({ - "target_id": target_id, - "strategy": strategy, - "message": message, - })) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = + super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/pentest/sessions") + .await? + .json(&serde_json::json!({ + "target_id": target_id, + "strategy": strategy, + "message": message, + })) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: PentestSessionResponse = resp .json() .await @@ -211,18 +201,15 @@ pub async fn create_pentest_session( pub async fn create_pentest_session_wizard( config_json: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url); let config: serde_json::Value = serde_json::from_str(&config_json).map_err(|e| ServerFnError::new(e.to_string()))?; - let client = reqwest::Client::new(); - let resp = client - .post(&url) - .json(&serde_json::json!({ "config": config })) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = + super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/pentest/sessions") + .await? + .json(&serde_json::json!({ "config": config })) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; if !resp.status().is_success() { let text = resp.text().await.unwrap_or_default(); return Err(ServerFnError::new(format!( @@ -239,8 +226,6 @@ pub async fn create_pentest_session_wizard( /// Look up a tracked repository by its git URL #[server] pub async fn lookup_repo_by_url(url: String) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; let encoded_url: String = url .bytes() .flat_map(|b| { @@ -251,13 +236,12 @@ pub async fn lookup_repo_by_url(url: String) -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/chat", - state.agent_api_url - ); - let client = reqwest::Client::new(); - let resp = client - .post(&url) - .json(&serde_json::json!({ - "message": message, - })) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/pentest/sessions/{session_id}/chat"), + ) + .await? + .json(&serde_json::json!({ + "message": message, + })) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: PentestMessagesResponse = resp .json() .await @@ -294,35 +274,27 @@ pub async fn send_pentest_message( #[server] pub async fn stop_pentest_session(session_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/stop", - state.agent_api_url - ); - let client = reqwest::Client::new(); - client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/pentest/sessions/{session_id}/stop"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } #[server] pub async fn pause_pentest_session(session_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/pause", - state.agent_api_url - ); - let client = reqwest::Client::new(); - let resp = client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/pentest/sessions/{session_id}/pause"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; if !resp.status().is_success() { let text = resp.text().await.unwrap_or_default(); return Err(ServerFnError::new(format!("Pause failed: {text}"))); @@ -332,18 +304,14 @@ pub async fn pause_pentest_session(session_id: String) -> Result<(), ServerFnErr #[server] pub async fn resume_pentest_session(session_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/resume", - state.agent_api_url - ); - let client = reqwest::Client::new(); - let resp = client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/pentest/sessions/{session_id}/resume"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; if !resp.status().is_success() { let text = resp.text().await.unwrap_or_default(); return Err(ServerFnError::new(format!("Resume failed: {text}"))); @@ -355,15 +323,12 @@ pub async fn resume_pentest_session(session_id: String) -> Result<(), ServerFnEr pub async fn fetch_pentest_findings( session_id: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/findings", - state.agent_api_url - ); - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = + super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{session_id}/findings")) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: DastFindingsResponse = resp .json() .await @@ -385,23 +350,19 @@ pub async fn export_pentest_report( requester_name: String, requester_email: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/pentest/sessions/{session_id}/export", - state.agent_api_url - ); - let client = reqwest::Client::new(); - let resp = client - .post(&url) - .json(&serde_json::json!({ - "password": password, - "requester_name": requester_name, - "requester_email": requester_email, - })) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/pentest/sessions/{session_id}/export"), + ) + .await? + .json(&serde_json::json!({ + "password": password, + "requester_name": requester_name, + "requester_email": requester_email, + })) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; if !resp.status().is_success() { let text = resp.text().await.unwrap_or_default(); return Err(ServerFnError::new(format!("Export failed: {text}"))); diff --git a/compliance-dashboard/src/infrastructure/repositories.rs b/compliance-dashboard/src/infrastructure/repositories.rs index c684522..666c7e4 100644 --- a/compliance-dashboard/src/infrastructure/repositories.rs +++ b/compliance-dashboard/src/infrastructure/repositories.rs @@ -12,14 +12,10 @@ pub struct RepositoryListResponse { #[server] pub async fn fetch_repositories(page: u64) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/repositories?page={page}&limit=20", - state.agent_api_url - ); - - let resp = reqwest::get(&url) + let path = format!("/api/v1/repositories?page={page}&limit=20"); + let resp = super::agent_client::agent_get(&path) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: RepositoryListResponse = resp @@ -41,10 +37,6 @@ pub async fn add_repository( tracker_repo: Option, tracker_token: Option, ) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/repositories", state.agent_api_url); - let mut body = serde_json::json!({ "name": name, "git_url": git_url, @@ -69,9 +61,8 @@ pub async fn add_repository( body["tracker_token"] = serde_json::Value::String(tk); } - let client = reqwest::Client::new(); - let resp = client - .post(&url) + let resp = super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/repositories") + .await? .json(&body) .send() .await @@ -100,10 +91,6 @@ pub async fn update_repository( tracker_token: Option, scan_schedule: Option, ) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/repositories/{repo_id}", state.agent_api_url); - let mut body = serde_json::Map::new(); if let Some(v) = name.filter(|s| !s.is_empty()) { body.insert("name".into(), serde_json::Value::String(v)); @@ -133,13 +120,15 @@ pub async fn update_repository( body.insert("scan_schedule".into(), serde_json::Value::String(v)); } - let client = reqwest::Client::new(); - let resp = client - .patch(&url) - .json(&body) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_request( + reqwest::Method::PATCH, + &format!("/api/v1/repositories/{repo_id}"), + ) + .await? + .json(&body) + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; if !resp.status().is_success() { let text = resp.text().await.unwrap_or_default(); @@ -153,11 +142,9 @@ pub async fn update_repository( #[server] pub async fn fetch_ssh_public_key() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/settings/ssh-public-key", state.agent_api_url); - - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/settings/ssh-public-key") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; @@ -179,16 +166,14 @@ pub async fn fetch_ssh_public_key() -> Result { #[server] pub async fn delete_repository(repo_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/repositories/{repo_id}", state.agent_api_url); - - let client = reqwest::Client::new(); - let resp = client - .delete(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = super::agent_client::agent_request( + reqwest::Method::DELETE, + &format!("/api/v1/repositories/{repo_id}"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; if !resp.status().is_success() { let body = resp.text().await.unwrap_or_default(); @@ -202,16 +187,14 @@ pub async fn delete_repository(repo_id: String) -> Result<(), ServerFnError> { #[server] pub async fn trigger_repo_scan(repo_id: String) -> Result<(), ServerFnError> { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/repositories/{repo_id}/scan", state.agent_api_url); - - let client = reqwest::Client::new(); - client - .post(&url) - .send() - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + super::agent_client::agent_request( + reqwest::Method::POST, + &format!("/api/v1/repositories/{repo_id}/scan"), + ) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; Ok(()) } @@ -224,16 +207,12 @@ pub struct WebhookConfigResponse { #[server] pub async fn fetch_webhook_config(repo_id: String) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/repositories/{repo_id}/webhook-config", - state.agent_api_url - ); - - let resp = reqwest::get(&url) - .await - .map_err(|e| ServerFnError::new(e.to_string()))?; + let resp = + super::agent_client::agent_get(&format!("/api/v1/repositories/{repo_id}/webhook-config")) + .await? + .send() + .await + .map_err(|e| ServerFnError::new(e.to_string()))?; let body: WebhookConfigResponse = resp .json() .await @@ -244,11 +223,9 @@ pub async fn fetch_webhook_config(repo_id: String) -> Result Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/scan-runs?page=1&limit=1", state.agent_api_url); - - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/scan-runs?page=1&limit=1") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: serde_json::Value = resp diff --git a/compliance-dashboard/src/infrastructure/sbom.rs b/compliance-dashboard/src/infrastructure/sbom.rs index f0dc2b6..2ed8532 100644 --- a/compliance-dashboard/src/infrastructure/sbom.rs +++ b/compliance-dashboard/src/infrastructure/sbom.rs @@ -87,11 +87,9 @@ pub struct SbomFiltersResponse { #[server] pub async fn fetch_sbom_filters() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!("{}/api/v1/sbom/filters", state.agent_api_url); - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/sbom/filters") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let text = resp @@ -112,9 +110,6 @@ pub async fn fetch_sbom_filtered( license: Option, page: u64, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let mut params = vec![format!("page={page}"), "limit=50".to_string()]; if let Some(r) = &repo_id { if !r.is_empty() { @@ -140,9 +135,10 @@ pub async fn fetch_sbom_filtered( } } - let url = format!("{}/api/v1/sbom?{}", state.agent_api_url, params.join("&")); - - let resp = reqwest::get(&url) + let path = format!("/api/v1/sbom?{}", params.join("&")); + let resp = super::agent_client::agent_get(&path) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let text = resp @@ -156,15 +152,10 @@ pub async fn fetch_sbom_filtered( #[server] pub async fn fetch_sbom_export(repo_id: String, format: String) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!( - "{}/api/v1/sbom/export?repo_id={}&format={}", - state.agent_api_url, repo_id, format - ); - - let resp = reqwest::get(&url) + let path = format!("/api/v1/sbom/export?repo_id={repo_id}&format={format}"); + let resp = super::agent_client::agent_get(&path) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let text = resp @@ -178,17 +169,16 @@ pub async fn fetch_sbom_export(repo_id: String, format: String) -> Result, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let mut url = format!("{}/api/v1/sbom/licenses", state.agent_api_url); + let mut path = "/api/v1/sbom/licenses".to_string(); if let Some(r) = &repo_id { if !r.is_empty() { - url = format!("{url}?repo_id={r}"); + path = format!("{path}?repo_id={r}"); } } - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&path) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let text = resp @@ -205,15 +195,10 @@ pub async fn fetch_sbom_diff( repo_a: String, repo_b: String, ) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - - let url = format!( - "{}/api/v1/sbom/diff?repo_a={}&repo_b={}", - state.agent_api_url, repo_a, repo_b - ); - - let resp = reqwest::get(&url) + let path = format!("/api/v1/sbom/diff?repo_a={repo_a}&repo_b={repo_b}"); + let resp = super::agent_client::agent_get(&path) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let text = resp diff --git a/compliance-dashboard/src/infrastructure/scans.rs b/compliance-dashboard/src/infrastructure/scans.rs index 0eb8dd9..97fe5c8 100644 --- a/compliance-dashboard/src/infrastructure/scans.rs +++ b/compliance-dashboard/src/infrastructure/scans.rs @@ -12,14 +12,9 @@ pub struct ScansListResponse { #[server] pub async fn fetch_scan_runs(page: u64) -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!( - "{}/api/v1/scan-runs?page={page}&limit=20", - state.agent_api_url - ); - - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get(&format!("/api/v1/scan-runs?page={page}&limit=20")) + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: ScansListResponse = resp diff --git a/compliance-dashboard/src/infrastructure/stats.rs b/compliance-dashboard/src/infrastructure/stats.rs index 743fe49..8cdc4b2 100644 --- a/compliance-dashboard/src/infrastructure/stats.rs +++ b/compliance-dashboard/src/infrastructure/stats.rs @@ -16,11 +16,9 @@ pub struct OverviewStats { #[server] pub async fn fetch_overview_stats() -> Result { - let state: super::server_state::ServerState = - dioxus_fullstack::FullstackContext::extract().await?; - let url = format!("{}/api/v1/stats/overview", state.agent_api_url); - - let resp = reqwest::get(&url) + let resp = super::agent_client::agent_get("/api/v1/stats/overview") + .await? + .send() .await .map_err(|e| ServerFnError::new(e.to_string()))?; let body: serde_json::Value = resp -- 2.52.0