feat: Centralize bootstrap wiring and introduce Agent Loop specification

[yacosta738]

This pull request introduces a new bootstrap module to centralize and simplify the initialization of core agent components such as providers, memory, tools, and observer objects. The change removes duplicated setup logic from various entry points (agent, channels, gateway) and replaces it with calls to the shared bootstrap context. This improves maintainability, reduces code duplication, and ensures consistent initialization across the codebase.

Key changes include:

Centralized Initialization (Bootstrap Module):

• Introduced a new bootstrap module with a BootstrapContext struct and helper functions to create providers and core agent components from a Config. This module now handles the setup of observer, runtime, security, memory, and tools.
• Updated agent.rs, channels/mod.rs, and gateway/mod.rs to use the new bootstrap context and provider creation helpers, removing duplicated setup logic and ensuring all entry points initialize components in a consistent way. [1] [2] [3] [4]

Dependency Management and Imports:

• Refactored imports in affected files to use the new bootstrap module and cleaned up unused or redundant imports. [1] [2] [3] [4] [5]

Documentation:

• Added an Agent Loop Specification in openspec/specs/agent-loop/spec.md to define the canonical agent loop behavior, requirements, and invariants across all entry points.

These changes collectively improve the modularity and maintainability of the agent runtime by consolidating initialization logic and providing a clear contract for loop behavior and component setup.

---

• Centralized Bootstrap Initialization

  • Added bootstrap module with BootstrapContext for unified agent component setup, and helper functions for provider creation.
  • Updated agent.rs, channels/mod.rs, and gateway/mod.rs to use the new bootstrap context, eliminating duplicated initialization code. [1] [2] [3] [4]

• Dependency and Import Refactoring

  • Refactored imports to use the new bootstrap module and removed unnecessary imports in all affected files. [1] [2] [3] [4] [5]

• Documentation

  • Added openspec/specs/agent-loop/spec.md to formally specify the agent loop contract, lifecycle, and security requirements.

Closes: #160

[linear]

DALLAY-142 Refactor: Introduce shared BootstrapContext for agent/channels/gateway

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Introduces a shared BootstrapContext and factories to centralize provider, memory, runtime, observer, security, and tools wiring across agent, channels, and gateway; removes a SonarCloud coverage-gate relaxation step; expands .gitignore for agent backup artifacts; and adds two spec documents (agent-loop, MCP runtime).

Changes

Cohort / File(s)	Summary
Workflow Cleanup .github/workflows/sonarqube-analysis.yml	Removed the multi-step block that temporarily relaxed the SonarCloud new_coverage quality gate; SonarQube scan step unchanged.
Gitignore Expansion .gitignore	Added ignore patterns for AI agent backup/temporary artifacts across .agent, .agents, .claude, .gemini, .codex, .opencode, .github, and various MD backup patterns.
Bootstrap Module clients/agent-runtime/src/bootstrap/mod.rs	New BootstrapContext, DEFAULT_MODEL, and factory functions: from_config(), create_resilient_provider(), create_routed_provider(), create_memory_and_observer() plus unit tests.
Agent Integration clients/agent-runtime/src/agent/agent.rs	Agent initialization now sources runtime, observer, memory, tools, and provider from BootstrapContext instead of building them locally.
Channels Integration clients/agent-runtime/src/channels/mod.rs	start_channels refactored to use bootstrap factories and BootstrapContext-provided memory/tools/observer; provider warmup uses bootstrap-created provider.
Gateway Integration clients/agent-runtime/src/gateway/mod.rs	Replaced inline creation of provider/memory/observer/runtime/security/tools with bootstrap-based factories and bootstrap::DEFAULT_MODEL.
Module Exports clients/agent-runtime/src/lib.rs, clients/agent-runtime/src/main.rs	Added pub mod bootstrap; and mod bootstrap; to include the new module.
Providers API clients/agent-runtime/src/providers/mod.rs	create_routed_provider signature updated to accept &ProviderRuntimeOptions; routed/resilient provider construction now passes runtime options to resilience wrappers.
Specs Added openspec/specs/agent-loop/spec.md, openspec/specs/mcp-runtime/spec.md	Added canonical Agent Loop spec and MCP runtime tooling spec (lifecycle, dispatch semantics, timeouts, policy/approval, registration, failure modes).
Minor Test/Formatting clients/agent-runtime/src/tools/image_info.rs	Small test assertion formatting change only.

Sequence Diagram(s)

sequenceDiagram
    participant Config as Config
    participant Bootstrap as BootstrapContext
    participant Provider as Provider
    participant Memory as Memory
    participant Observer as Observer
    participant Tools as Tools
    participant Entry as Agent/Channels/Gateway

    rect rgba(52,152,219,0.5)
    Config->>Bootstrap: BootstrapContext::from_config(config)
    Bootstrap-->>Provider: create_resilient_provider()/create_routed_provider()
    Bootstrap-->>Memory: create_memory_and_observer()
    Bootstrap-->>Observer: create_memory_and_observer()
    Bootstrap-->>Tools: build tool registry
    end

    rect rgba(46,204,113,0.5)
    Entry->>Bootstrap: request components
    Bootstrap-->>Entry: return Provider, Memory, Observer, Tools
    Entry->>Provider: warmup()/start
    Entry->>Tools: describe/load
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(agent-runtime): add auth and provider runtime upgrades #29 — Provider runtime upgrades and options; overlaps provider/resilience API changes used by bootstrap.
• feat: Implement MCP support and update dependencies for agent runtime #129 — MCP support and agent-runtime changes; likely overlaps bootstrap/tool registration and MCP spec integration.
• fix(quality): reduce cognitive complexity and fix pre-existing bugs #135 — Channels initialization refactor; overlaps start_channels wiring moved into bootstrap.

Suggested reviewers

• yuniel-acosta

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 68.75% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Out of Scope Changes check	❓ Inconclusive	Changes align with stated objectives: bootstrap module introduction, entry point refactoring, import consolidation, and specifications. Minor unrelated changes (image_info test formatting, SonarQube workflow removal, .gitignore expansion) present minor scope concerns.	Clarify whether .github/workflows removal, .gitignore AI-agent patterns, and test formatting are intentional or accidental scope creep.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows Conventional Commit style with 'feat' prefix and clearly describes the main changes: centralized bootstrap wiring and Agent Loop specification.
Description check	✅ Passed	Description provides clear summary, key changes, and references issue #160, though structured sections (Tested Information, Breaking Changes) are not explicitly filled.
Linked Issues check	✅ Passed	PR implements all coding objectives: centralized BootstrapContext creation, refactored agent/channels/gateway entry points, removed duplicated initialization, updated provider/import management, and added agent loop specification.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/dallay-142-refactor-introduce-shared-bootstrapcontext-for

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	88%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	9	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3053 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	395	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	2	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	90%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	123	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-03-08 to 2026-03-08}

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	4bac6c3
Status:	✅  Deploy successful!
Preview URL:	https://155be6ed.corvus-42x.pages.dev
Branch Preview URL:	https://feature-dallay-142-refactor.corvus-42x.pages.dev

View logs

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/src/bootstrap/mod.rs`:
- Around line 120-127: The test currently asserts Arc::strong_count which is
meaningless for behavior; change it to assert the actual selected provider when
default_provider is None (i.e., that create_resilient_provider(&config) falls
back to the expected provider, e.g., "openrouter"). Locate the Config struct and
create_resilient_provider function, and update the test to either call a
provider API that exposes its identity (e.g., provider.name() or
provider.type()) or inject a test double/mock that records the chosen provider
name and assert that value equals the expected fallback; if the provider trait
lacks an identity method, add a small test-only accessor or use downcasting in
the test to verify the concrete provider type.

In `@clients/agent-runtime/src/channels/mod.rs`:
- Around line 1606-1616: start_channels currently advertises a separate
hand-maintained tool_descs list while the runtime uses bootstrap.tools, causing
divergent inventories; replace the manual tool_descs with descriptions derived
from the bootstrap registry returned by bootstrap::BootstrapContext::from_config
(or extend BootstrapContext to also expose preformatted prompt metadata) and use
the same Arc-wrapped bootstrap.tools instance (bootstrap.tools / tools_registry)
to build the prompt descriptions. Locate start_channels and remove the separate
tool_descs construction, iterate over bootstrap.tools (or its new exposed
metadata) to produce the prompt tool metadata, and ensure the same identifiers
and descriptions used by the runtime tools are serialized into the system prompt
so channels and agent/runtime remain in sync.
- Around line 1598-1606: The provider/bootstrap initialization
(create_resilient_provider, provider.warmup(), BootstrapContext::from_config)
should be moved so it runs only after confirming channels.is_empty() is false;
relocate the block to below the channels.is_empty() guard to preserve the
fast-path that returns early for empty configs, and ensure you add a regression
test that invokes the channel start path with an empty configuration to assert
it exits without performing network/bootstrap work or failing on provider
config.

In `@clients/agent-runtime/src/gateway/mod.rs`:
- Around line 1127-1129: Currently the gateway always calls
bootstrap::BootstrapContext::from_config which constructs memory and tools
(stored as _tools_registry) and later recreates an observer (lines ~1243-1245),
causing unnecessary MCP discovery and subprocess handles; change to a lighter
bootstrap path that only constructs and returns the pieces actually needed
(e.g., memory) or make a new function like
bootstrap::BootstrapContext::from_config_memory_only (or a lazy
BootstrapContext::from_config_lazy) so you avoid constructing tools unless they
are required (or gated by mcp-runtime feature/flag), or alternatively thread the
real BootstrapContext outputs into AppState and reuse them so tools/observer
aren’t redundantly constructed; update usages of BootstrapContext::from_config,
the local bindings memory and _tools_registry, and the later observer creation
to use the new lighter API or the shared AppState field.

In `@openspec/specs/agent-loop/spec.md`:
- Around line 11-27: The spec incorrectly states that gateway /webhook traffic
uses the canonical dispatcher and emits lifecycle stream events, but gateway
logic in clients/agent-runtime/src/gateway/mod.rs still performs canonical
pre-checks and handles requests via Provider::simple_chat(), so update the spec
to reflect current behavior: explicitly caveat that the gateway webhook is
handled via Provider::simple_chat() and does not yet route through the canonical
dispatcher or emit the described lifecycle events, or alternatively complete the
gateway migration in this PR by changing gateway/mod.rs to invoke the canonical
dispatcher boundary and emit the start/progress/completion stream events;
reference Provider::simple_chat() and gateway/mod.rs so reviewers can locate the
implementation to either align the docs or implement the migration.

In `@openspec/specs/mcp-runtime/spec.md`:
- Around line 93-117: The spec currently claims gateway parity for MCP approval
but the gateway webhook handler bypasses the shared approval pipeline by
prechecking canonical outcome and calling Provider::simple_chat(); either update
the spec text in spec.md to limit the "Entry-point parity for approval behavior"
requirement to the actual dispatcher entry points today (CLI and channel) or
change the gateway implementation so the /webhook handler stops prechecking and
instead routes MCP tool invocations into the shared approval/runtime pipeline
(remove the direct call to Provider::simple_chat() and invoke the same
policy/approval evaluators used by the other dispatchers), ensuring MCP tool
calls from the gateway undergo the same policy and approval checks and return
structured denial results when approval is not granted.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 63ebada2-f662-48d4-88db-de04c68598c7

📥 Commits

Reviewing files that changed from the base of the PR and between fce6eb4 and fffa545.

📒 Files selected for processing (10)

• .github/workflows/sonarqube-analysis.yml
• .gitignore
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• openspec/specs/agent-loop/spec.md
• openspec/specs/mcp-runtime/spec.md

💤 Files with no reviewable changes (1)

• .github/workflows/sonarqube-analysis.yml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: greet / Welcome first-time contributor
• GitHub Check: pr-checks
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (9)

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• openspec/specs/agent-loop/spec.md
• openspec/specs/mcp-runtime/spec.md
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

clients/agent-runtime/src/main.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/main.rs: Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths
Keep startup path lean and avoid heavy initialization in command parsing flow

Files:

• clients/agent-runtime/src/main.rs

clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

• clients/agent-runtime/src/channels/mod.rs

**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

• openspec/specs/agent-loop/spec.md
• openspec/specs/mcp-runtime/spec.md

clients/agent-runtime/src/{security,gateway,tools}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Treat src/security/, src/gateway/, src/tools/ as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Files:

• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Files:

• clients/agent-runtime/src/gateway/mod.rs

🧠 Learnings (15)

📓 Common learnings

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions

Applied to files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/providers/**/*.rs : Implement `Provider` trait in `src/providers/` and register in `src/providers/mod.rs` factory when adding a new provider

Applied to files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths

Applied to files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow

Applied to files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs
• clients/agent-runtime/src/bootstrap/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Preserve release-size profile assumptions in `Cargo.toml` and avoid adding heavy dependencies unless clearly justified

Applied to files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

• clients/agent-runtime/src/lib.rs
• clients/agent-runtime/src/main.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• openspec/specs/mcp-runtime/spec.md
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs

📚 Learning: 2026-02-17T07:28:38.934Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Document agent configurations and capabilities in AGENTS.md

Applied to files:

• openspec/specs/agent-loop/spec.md
• .gitignore

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path

Applied to files:

• openspec/specs/mcp-runtime/spec.md
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/agent/agent.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Applied to files:

• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Applied to files:

• clients/agent-runtime/src/agent/agent.rs

📚 Learning: 2026-02-17T07:28:38.934Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Maintain comprehensive agent metadata including name, description, purpose, and capabilities

Applied to files:

• .gitignore

📚 Learning: 2026-02-17T07:28:38.934Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Include version information and compatibility details for agents

Applied to files:

• .gitignore

🔇 Additional comments (1)

.gitignore (1)

165-210: LGTM — the backup ignore expansion looks safe.

These entries consistently broaden ignore coverage for generated agent backup artifacts without introducing an obvious tracked-path regression in this block.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

clients/agent-runtime/src/bootstrap/mod.rs (1)

138-152: ⚠️ Potential issue | 🟡 Minor

Assert fallback selection directly instead of coupling this test to an auth-error path.

Lines 143-150 only pass if the current failure mode happens to mention provider=openrouter. That keeps the test brittle and still doesn't prove the selection logic independently of provider initialization behavior. Since this module already imports super::*, prefer asserting the selection helper directly or adding a small factory seam around the chosen provider name.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/bootstrap/mod.rs` around lines 138 - 152, The test
resilient_provider_uses_openrouter_when_default_provider_missing should assert
the chosen fallback provider directly instead of relying on an auth error
message; change the test to inspect the provider selection returned by
create_resilient_provider(&config) (or add a small accessor/seam on the provider
type that exposes the selected provider name, e.g., a provider_name() / inner
enum) and assert it equals "openrouter" (or the corresponding enum variant)
rather than matching err.to_string(); update the test to call that accessor or
the selection helper from this module (super::select_provider or similar) to
verify provider selection deterministically.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/src/bootstrap/mod.rs`:
- Around line 90-104: The routed-provider path is not propagating
ProviderRuntimeOptions (e.g., corvus_dir and config.secrets.encrypt) which
causes routed setups to ignore runtime/secrets behavior; update the signature of
create_routed_provider (both in clients/agent-runtime/src/bootstrap/mod.rs and
the callee providers::create_routed_provider) to accept a ProviderRuntimeOptions
(or equivalent) and pass through config-derived options (corvus_dir and
config.secrets.encrypt) into providers::create_routed_provider and onward into
create_resilient_provider so the routed construction honors the same
runtime/secrets settings as the non-routed path.

In `@clients/agent-runtime/src/channels/mod.rs`:
- Around line 1724-1727: The code binds a local variable model using
config.default_model.unwrap_or_else(...) but uses a different literal fallback
("anthropic/claude-sonnet-4-20250514") than the other entry point that falls
back to "anthropic/claude-sonnet-4"; introduce a single shared constant (e.g.,
DEFAULT_MODEL = "anthropic/claude-sonnet-4") and replace the inline literal in
the model binding (the model variable that uses config.default_model) with
unwrap_or_else(|| DEFAULT_MODEL.into()), and update the other fallback site to
use the same DEFAULT_MODEL constant so both entry points use the exact same
shared default.

---

Duplicate comments:
In `@clients/agent-runtime/src/bootstrap/mod.rs`:
- Around line 138-152: The test
resilient_provider_uses_openrouter_when_default_provider_missing should assert
the chosen fallback provider directly instead of relying on an auth error
message; change the test to inspect the provider selection returned by
create_resilient_provider(&config) (or add a small accessor/seam on the provider
type that exposes the selected provider name, e.g., a provider_name() / inner
enum) and assert it equals "openrouter" (or the corresponding enum variant)
rather than matching err.to_string(); update the test to call that accessor or
the selection helper from this module (super::select_provider or similar) to
verify provider selection deterministically.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: d2fa06b5-aa07-4838-bcb1-1b644832fe8c

📥 Commits

Reviewing files that changed from the base of the PR and between fffa545 and b68e677.

📒 Files selected for processing (4)

• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/tools/image_info.rs

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: pr-checks
• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (8)

clients/agent-runtime/src/tools/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Tool trait in src/tools/ with strict parameter schema, validate and sanitize all inputs, and return structured ToolResult without panics in runtime path

Files:

• clients/agent-runtime/src/tools/image_info.rs

clients/agent-runtime/src/{security,gateway,tools}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Treat src/security/, src/gateway/, src/tools/ as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/gateway/mod.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

• clients/agent-runtime/src/channels/mod.rs

🧠 Learnings (12)

📓 Common learnings

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths

Applied to files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

• clients/agent-runtime/src/tools/image_info.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path

Applied to files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Preserve release-size profile assumptions in `Cargo.toml` and avoid adding heavy dependencies unless clearly justified

Applied to files:

• clients/agent-runtime/src/tools/image_info.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions

Applied to files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Applied to files:

• clients/agent-runtime/src/tools/image_info.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/providers/**/*.rs : Implement `Provider` trait in `src/providers/` and register in `src/providers/mod.rs` factory when adding a new provider

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Applied to files:

• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Applied to files:

• clients/agent-runtime/src/gateway/mod.rs

🔇 Additional comments (3)

clients/agent-runtime/src/tools/image_info.rs (1)

493-497: No concerns.

This is a formatting-only rewrite of the same assertion; behavior stays unchanged.

clients/agent-runtime/src/gateway/mod.rs (1)

1121-1127: Good lightweight gateway bootstrap.

This keeps provider selection centralized while avoiding the full tool bootstrap on gateway startup.

clients/agent-runtime/src/channels/mod.rs (1)

1883-1896: Good regression test for the empty-config fast path.

Using an invalid provider here is a clean way to prove start_channels() exits before any provider/bootstrap work.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/src/bootstrap/mod.rs`:
- Around line 34-46: BootstrapContext::from_config() duplicates observer and
memory initialization already done in create_memory_and_observer(), risking
drift; extract a single private helper (e.g., fn
init_memory_and_observer(config: &Config) -> anyhow::Result<(Arc<dyn Memory>,
Arc<dyn Observer>)>) that calls observability::create_observer(...) and
memory::create_memory(...)/config.api_key.as_deref() and returns the Arc-wrapped
values, then replace the duplicated wiring in BootstrapContext::from_config()
and in create_memory_and_observer() to call that helper so both paths share the
same initialization logic and error handling.

In `@clients/agent-runtime/src/channels/mod.rs`:
- Around line 1715-1730: The code currently constructs a resilient provider via
bootstrap::create_resilient_provider(&config) which bypasses route-specific
options; compute the default model first (using
BootstrapContext::from_config(&config) and config.default_model /
bootstrap::DEFAULT_MODEL) and then call
bootstrap::create_routed_provider(&config, &model) to obtain the Arc<dyn
Provider>, and keep calling provider.warmup().await on that routed provider;
replace the create_resilient_provider call with create_routed_provider(&config,
&model) and ensure types/signatures match so model_routes and routed
credentials/options are applied.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8cb003cd-8451-4d2f-ae73-20650fe4fad9

📥 Commits

Reviewing files that changed from the base of the PR and between b68e677 and 057c16b.

📒 Files selected for processing (4)

• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/providers/mod.rs

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: pr-checks
• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (8)

clients/agent-runtime/src/providers/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Provider trait in src/providers/ and register in src/providers/mod.rs factory when adding a new provider

Files:

• clients/agent-runtime/src/providers/mod.rs

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/providers/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/providers/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/providers/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/agent-runtime/src/providers/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

• clients/agent-runtime/src/channels/mod.rs

clients/agent-runtime/src/{security,gateway,tools}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Treat src/security/, src/gateway/, src/tools/ as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Files:

• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Files:

• clients/agent-runtime/src/gateway/mod.rs

🧠 Learnings (11)

📓 Common learnings

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/providers/**/*.rs : Implement `Provider` trait in `src/providers/` and register in `src/providers/mod.rs` factory when adding a new provider

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Document agent configurations and capabilities in AGENTS.md

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/providers/**/*.rs : Implement `Provider` trait in `src/providers/` and register in `src/providers/mod.rs` factory when adding a new provider

Applied to files:

• clients/agent-runtime/src/providers/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths

Applied to files:

• clients/agent-runtime/src/providers/mod.rs
• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

• clients/agent-runtime/src/channels/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path

Applied to files:

• clients/agent-runtime/src/channels/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Applied to files:

• clients/agent-runtime/src/channels/mod.rs
• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Applied to files:

• clients/agent-runtime/src/bootstrap/mod.rs
• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

• clients/agent-runtime/src/bootstrap/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Applied to files:

• clients/agent-runtime/src/gateway/mod.rs

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions

Applied to files:

• clients/agent-runtime/src/gateway/mod.rs

🔇 Additional comments (2)

clients/agent-runtime/src/gateway/mod.rs (2)

1121-1127: LGTM — lighter bootstrap path correctly adopted.

The gateway now uses create_memory_and_observer instead of the full BootstrapContext::from_config, which avoids constructing unused tools registry and MCP discovery overhead. This addresses the earlier review concern about unnecessary bootstrap work.

Error propagation is correct via ?, and the shared DEFAULT_MODEL constant ensures consistent fallback behavior across entry points.

---

11-14: Imports align with refactored initialization.

The bootstrap module import and updated memory imports correctly support the centralized wiring changes.

[sonarqubecloud]

Quality Gate failed

Failed conditions
62.9% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud