feat(agent-runtime): add auth and provider runtime upgrades

[yacosta738]

This pull request introduces a new query classification system to the agent runtime, enabling automatic selection of model hints based on user input. It also updates and adds dependencies, improves memory context relevance filtering, and enhances test and build configuration. The most important changes are grouped below.

Query Classification and Model Selection

• Added a new classifier module (classifier.rs) implementing rule-based query classification, allowing the agent to auto-select model hints based on user messages. This includes priority-based rule matching, keyword/pattern support, and length constraints, with comprehensive tests. [1] [2]
• Extended the Agent and AgentBuilder structs to include classification_config and available_hints, and integrated classification logic into the agent's message handling flow. Now, the agent can auto-select a model hint if the query matches a classification rule. [1] [2] [3] [4] [5] [6] [7] [8] [9]

Memory Context Filtering

• Enhanced DefaultMemoryLoader to support a configurable minimum relevance score, filtering out low-relevance memory entries from the context. This reduces noise and improves prompt quality. [1] [2]

Dependency and Build Updates

• Updated and added several dependencies: added tokio-util, urlencoding, ring, and criterion (for async benchmarks); updated versions for directories, rand, cron, console, and rppal. Added a benchmarks section in Cargo.toml. [1] [2] [3] [4] [5] [6] [7]

Code Quality and Testing

• Improved error handling in tool argument parsing by logging warnings when JSON parsing fails, defaulting to an empty object.
• Updated test utilities to use the system temporary directory instead of hardcoded /tmp paths, improving portability and reliability. [1] [2] [3]

Summary by CodeRabbit

• New Features

  • Provider authentication (OAuth/profile management), web search tool, query classification, progressive streaming drafts on supported channels, Prometheus metrics, new provider integrations (Codex, Astrai, GLM/OpenRouter support).

• Improvements

  • Smarter memory relevance filtering, thread-aware messaging and typing indicators (Telegram/Mattermost), richer tool-calling support and native tool integration, stronger security gating for tool actions, and more concurrent/resilient scheduling with timeouts.

[github-actions]

Thank you for contributing to this project with this PR, welcome to the community and the amazing world of open source!

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR makes large-scale enhancements across the agent runtime: package metadata update (corvus → zeroclaw), new authentication subsystem (OAuth/profile store/token refresh), query classification for runtime model routing, channel streaming/draft and threading support, multiple provider integrations (GLM, OpenAI Codex, router/resilient changes), Prometheus observability, web-search tool, security policy enforcement across tools, and numerous memory/SQLite, scheduler, gateway, and test changes.

Changes

Cohort / File(s)	Summary
Package / Workspace clients/agent-runtime/Cargo.toml	Package renamed corvus→zeroclaw, version/repo updates, workspace member added, multiple dependency upgrades and additions (tokio-util, urlencoding, ring), dev-deps/bench added.
Auth subsystem clients/agent-runtime/src/auth/...	New auth module: auth/mod.rs, openai_oauth.rs, profiles.rs, anthropic_token.rs — OAuth PKCE & device flow, profile store with encryption, token refresh/backoff, provider normalization, per-profile refresh locks, and AuthService API.
Agent & classification clients/agent-runtime/src/agent/agent.rs, .../classifier.rs, .../memory_loader.rs	Agent gains classification_config and available_hints, builder methods, runtime classify_model flow; new classifier function and tests; DefaultMemoryLoader adds min_relevance_score and new constructor filtering memories by score.
Agent loop, tool calling & parsing clients/agent-runtime/src/agent/loop_.rs, dispatcher.rs	Major refactor: parameterized max_tool_iterations, streaming chunking, GLM-style tool-call parsing, native tool history serialization, new helpers for JSON/tag extraction, delta streaming via on_delta, improved JSON parse warnings in dispatcher.
Channels (streaming, drafts, typing, history) clients/agent-runtime/src/channels/...	Per-sender history map, draft/stream support added to Channel trait; Telegram adds draft/thread support, typing background task and thread_id propagation; Mattermost gains thread_replies and typing; iMessage connection optimization; Discord channel constant change.
Providers & runtime options clients/agent-runtime/src/providers/...	New providers: glm.rs (JWT auth), openai_codex.rs (Codex streaming/SSE), provider runtime options and factory helpers (create_provider_with_options, resilient variants), many provider upgrades (Anthropic structured system prompts/cache_control, OpenAI reasoning_content fallback, Gemini OAuth envelope, compatible/provider tool-calling).
Tools & security policy integration clients/agent-runtime/src/tools/*	New ToolOperation enum and SecurityPolicy enforcement; tools updated to accept Arc<SecurityPolicy> and enforce Act for writes (Composio, Delegate, MemoryStore, MemoryForget, others). New WebSearchTool added and wired into tool list when enabled.
Config schema & onboarding clients/agent-runtime/src/config/schema.rs, mod.rs, onboard/wizard.rs	New config entries: WebSearchConfig, QueryClassificationConfig/ClassificationRule, MemoryConfig.min_relevance_score and sqlite_open_timeout_secs, StreamMode and Telegram draft_update_interval_ms, Gateway rate/idempotency caps; onboarding and wizard updated for astrai, openai-codex, web_search and classification defaults.
Observability & metrics clients/agent-runtime/src/observability/...	PrometheusObserver added (registry + metrics + encode), observer trait updated with as_any, AgentEnd events include provider/model, Log/Otel/Multi/Verbose/Noop observers updated to support downcast and new fields.
Gateway, rate limiting & idempotency clients/agent-runtime/src/gateway/mod.rs	ConnectInfo-based client context, client IP parsing with trusted proxy support, cardinality-limited rate limiter and idempotency store, AppState now holds config/trust_forwarded_headers/observer, Prometheus metrics endpoint and observer hooks, pairing token persistence.
Memory & SQLite clients/agent-runtime/src/memory/sqlite.rs, lucid.rs, response_cache.rs, mod.rs	SqliteMemory.conn -> Arc<Mutex<Connection>>, optional open_timeout_secs with cap, spawn_blocking patterns, Lucid invocation simplified, response cache tests added, memory wiring for sqlite_open_timeout_secs and min_relevance_score.
Cron scheduler & store clients/agent-runtime/src/cron/scheduler.rs, store.rs	Concurrent job execution with bounded concurrency, shell job timeout support, cron output truncation and atomic record/prune transactions, migration resilience and new index.
Gateway tests, CLI, service & other tests clients/agent-runtime/src/main.rs, service/mod.rs, tests/*	New Auth CLI subcommands, Windows service (scheduled task) support, many new/updated unit and integration tests (agent e2e, docker/wasm, security, schedulers, migration).
Minor / formatting / build gradle/..., .github/..., docs paths	Gradle Spotless ordering change, exclude copilot-instructions.md, GitHub workflow path adjustments, docs path updates.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant Agent
    participant Classifier
    participant Provider
    participant Tool
    participant Memory

    User->>Agent: turn(user_message)
    Agent->>Classifier: classify(message, rules)
    Classifier-->>Agent: hint / None
    Agent->>Provider: chat_with_system(..., model=effective_model)
    Provider-->>Agent: response (may include tool_calls)
    alt tool_calls present
        Agent->>Tool: execute(tool_call)
        Tool-->>Memory: store/lookup (if needed)
        Memory-->>Tool: result
        Tool-->>Agent: tool_result
        Agent->>Provider: chat_with_history(..., model=effective_model)
        Provider-->>Agent: followup response
    end
    Agent-->>User: final_response

Loading

sequenceDiagram
    participant Channel
    participant ChannelRuntime
    participant Agent
    participant Memory
    participant Provider

    Channel->>ChannelRuntime: process_channel_message(msg)
    ChannelRuntime->>Memory: build_memory_context(msg, min_relevance_score)
    Memory-->>ChannelRuntime: filtered_memories
    ChannelRuntime->>ChannelRuntime: load_per_sender_history(sender)
    ChannelRuntime->>Agent: turn(message + history + context, max_tool_iterations)
    Agent->>Provider: chat_with_history(...)
    Provider-->>Agent: response (streamed or final)
    alt supports_draft_updates
        ChannelRuntime->>Channel: send_draft(initial)
        loop stream
            ChannelRuntime->>Channel: update_draft(delta)
        end
        ChannelRuntime->>Channel: finalize_draft(final_text)
    else
        ChannelRuntime->>Channel: send_message(final_text)
    end
    ChannelRuntime->>ChannelRuntime: persist_sender_history(updated_history)

Loading

sequenceDiagram
    participant CLI
    participant AuthService
    participant Store
    participant OAuth
    participant SecretStore

    CLI->>AuthService: get_valid_openai_access_token(optional_override)
    AuthService->>Store: load_profiles()
    Store->>SecretStore: decrypt_tokens()
    SecretStore-->>Store: tokens
    Store-->>AuthService: selected_profile
    alt token expired
        AuthService->>AuthService: acquire_refresh_lock(profile)
        AuthService->>OAuth: refresh_access_token(refresh_token)
        OAuth-->>AuthService: new_token_set
        AuthService->>SecretStore: encrypt(new_token_set)
        SecretStore-->>Store: encrypted_data
        Store->>AuthService: persist_profile(updated_profile)
    end
    AuthService-->>CLI: access_token

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• chore(.github): apply Spotless formatting fixes to copilot-instructions.md #20: Related to Spotless/formatting exclusions and ordering (copilot-instructions.md) touched by this PR’s Gradle/CI changes.
• refactor: corvus env uppercase #18: Related environment-variable and provider handling changes (renames/normalization) that overlap with onboarding and provider config edits.
• ci: update release process #27: Related commit-message/workflow validation updates referenced by CI/script changes in this PR.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 61.86% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly summarizes the primary changes: adding authentication and provider runtime upgrades to the agent-runtime, which aligns with the main objectives of the PR.
Description check	✅ Passed	The PR description covers all required template sections with substantial detail: it explains the query classification system, memory context filtering, dependency updates, code quality improvements, and provides references to specific changes. However, the Breaking Changes and Tested Information sections are not explicitly filled out, though the description indicates testing was done.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch upgrade

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	89%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	9	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3035 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	362	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	3	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	88%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	26	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-02-18 to 2026-02-18}

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	d2722ae
Status:	✅  Deploy successful!
Preview URL:	https://011f09e6.corvus-42x.pages.dev
Branch Preview URL:	https://upgrade.corvus-42x.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 1

Note

Due to the large number of review comments, Critical severity comments were prioritized as inline comments.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (6)

clients/agent-runtime/src/security/landlock.rs (1)

128-133: ⚠️ Potential issue | 🟠 Major

wrap_command permanently restricts the calling process — not just the spawned child.

The comment correctly notes "This affects the current process". Landlock restrictions applied via restrict_self() are permanent and irreversible for the current process. Every time wrap_command is called (once per tool invocation), apply_restrictions() creates a new kernel ruleset and calls restrict_self() again. While repeated calls are safe (stacking only tightens), the primary concern is that the long-running agent process is permanently restricted to {workspace, /tmp, /usr, /bin} after the first tool call — blocking subsequent agent-level I/O like reading configs, making network calls, etc.

Consider:

1. Applying the sandbox once at agent startup rather than inside wrap_command, and tracking with a Once flag.
2. Or documenting explicitly that wrap_command must only be called once per process lifetime.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/security/landlock.rs` around lines 128 - 133,
wrap_command currently calls apply_restrictions (which ends up calling
restrict_self) on every invocation, permanently tightening the calling process's
Landlock and preventing later agent-level I/O; change the design so the Landlock
is applied at agent startup (once) instead of per-tool call: move the call to
apply_restrictions out of wrap_command and invoke it during agent initialization
guarded by a std::sync::Once (or a boolean flag on the Landlock struct), or
alternatively add clear documentation on Landlock::wrap_command that it must
only be called once per process; update references to wrap_command,
apply_restrictions, and restrict_self accordingly.

clients/agent-runtime/src/tools/mod.rs (1)

258-295: ⚠️ Potential issue | 🟡 Minor

Missing test for web_search.enabled = true; no empty-key guard

Two gaps:

1. No test exercises the root_config.web_search.enabled = true branch — the WebSearchTool code path is completely untested.
2. There is no guard preventing WebSearchTool from being constructed with an empty brave_api_key; if enabled = true but the key is unset, the tool silently registers and fails at runtime on first invocation.

🛡️ Guard + suggested test skeleton

     if root_config.web_search.enabled {
+        if root_config.web_search.brave_api_key.is_empty() {
+            tracing::warn!("web_search is enabled but brave_api_key is not configured; skipping WebSearchTool");
+        } else {
         tools.push(Box::new(WebSearchTool::new(
             root_config.web_search.provider.clone(),
             root_config.web_search.brave_api_key.clone(),
             root_config.web_search.max_results,
             root_config.web_search.timeout_secs,
         )));
+        }
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/tools/mod.rs` around lines 258 - 295, Update
all_tools to only construct/register WebSearchTool when
root_config.web_search.enabled is true AND root_config.web_search.brave_api_key
is non-empty (reject empty-string keys); reference the WebSearchTool
construction site in all_tools and add a guard checking
cfg.root_config.web_search.brave_api_key.trim().is_empty() to skip registration.
Add two tests mirroring the existing all_tools_excludes_browser_when_disabled:
one (e.g., all_tools_includes_web_search_when_enabled_with_key) that sets
web_search.enabled = true and brave_api_key = "valid" and asserts names contains
"web_search" (or the tool name), and another (e.g.,
all_tools_excludes_web_search_when_enabled_without_key) that sets
web_search.enabled = true but brave_api_key = "" and asserts the web search tool
is not registered.

clients/agent-runtime/src/providers/reliable.rs (2)

398-409: ⚠️ Potential issue | 🟡 Minor

Inconsistent failure message format in chat_with_tools vs other methods.

chat_with_system (line 197) and chat_with_history (line 302) use the updated "provider={name} model={model} attempt ..." format, but chat_with_tools still uses the old "{name}/{model} attempt ..." format. This will cause the aggregated error message to have mixed formats.

🐛 Fix the format string to match other methods

                             failures.push(format!(
-                                "{provider_name}/{current_model} attempt {}/{}: {failure_reason}",
+                                "provider={provider_name} model={current_model} attempt {}/{}: {failure_reason}",
                                 attempt + 1,
                                 self.max_retries + 1
                             ));

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/providers/reliable.rs` around lines 398 - 409, The
failures entry in chat_with_tools uses the old "{provider}/{model} attempt ..."
format; update it to match chat_with_system and chat_with_history by formatting
as "provider={provider_name} model={current_model} attempt {}/{}:
{failure_reason}" and keep using attempt + 1 and self.max_retries + 1 for the
attempt counters; modify the failures.push call (referencing failures,
failure_reason, provider_name, current_model, attempt, self.max_retries) to use
this new format string.

---

204-210: ⚠️ Potential issue | 🔴 Critical

Remove API key logging in rate-limit rotation messages.

Lines 208, 312, and 416 log the last 4 characters of rotated API keys using &new_key[new_key.len().saturating_sub(4)..]. This violates the security guideline: "Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements." API keys are credentials and should never be logged in any form, even partial. Remove the key value from these log messages entirely—log the rotation event without exposing any portion of the key.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/providers/reliable.rs` around lines 204 - 210, The
trace logs in the error-handling branch that call self.rotate_key() currently
include the rotated API key slice (new_key and
&new_key[new_key.len().saturating_sub(4)..]); remove any logging of the key
material and instead log only the rotation event and context (e.g.,
provider_name). Update the tracing::info calls that reference new_key (from the
rotate_key() call) to omit the key argument and adjust the message to something
like "Rate limited, rotated API key" so no secret bytes are printed; ensure this
change is applied to all occurrences that use rotate_key() and new_key in the
file (the blocks that currently construct the key-ending slice).

clients/agent-runtime/src/agent/agent.rs (1)

164-205: ⚠️ Potential issue | 🔴 Critical

Fix workspace configuration: missing crates/robot-kit directory blocks all cargo operations.

The Cargo.toml declares crates/robot-kit as a workspace member, but this directory does not exist. This prevents cargo fmt, cargo clippy, and cargo test from running. Either create the crates/robot-kit crate or remove it from the workspace members list. Once this is resolved, standard Rust checks must pass before these changes can be merged.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/agent/agent.rs` around lines 164 - 205, The
workspace is failing because the workspace member "crates/robot-kit" declared in
Cargo.toml is missing; fix by either creating a new crate at crates/robot-kit
(with Cargo.toml and src/lib.rs or src/main.rs) or by removing
"crates/robot-kit" from the workspace members list so cargo commands succeed;
after making that change, run cargo fmt/clippy/test to ensure the project
(including functions like Agent::build) compiles cleanly before merging.

clients/agent-runtime/src/channels/telegram.rs (1)

1594-1604: ⚠️ Potential issue | 🟡 Minor

Inline sendChatAction in listen uses reply_target directly as chat_id

msg.reply_target can now be "chat_id:thread_id" (introduced by lines 666–670), but it is passed verbatim as chat_id to sendChatAction. Telegram rejects the malformed ID with 400; the let _ = ... suppresses the error, so the one-shot typing indicator silently never fires for any forum-thread message.

🐛 Proposed fix

-                    let typing_body = serde_json::json!({
-                        "chat_id": &msg.reply_target,
-                        "action": "typing"
-                    });
+                    let (typing_chat_id, typing_thread_id) =
+                        Self::parse_reply_target(&msg.reply_target);
+                    let mut typing_body = serde_json::json!({
+                        "chat_id": &typing_chat_id,
+                        "action": "typing"
+                    });
+                    if let Some(ref tid) = typing_thread_id {
+                        typing_body["message_thread_id"] =
+                            serde_json::Value::String(tid.clone());
+                    }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/channels/telegram.rs` around lines 1594 - 1604, The
typing indicator in listen calls sendChatAction with msg.reply_target verbatim,
but reply_target may be "chat_id:thread_id" for forum threads; split
msg.reply_target on ':' and use only the chat_id portion when constructing
typing_body so Telegram gets a valid chat_id (e.g., let chat_id =
msg.reply_target.split_once(':').map(|(c,_)| c).unwrap_or(&msg.reply_target)),
then build the JSON with that chat_id and call sendChatAction; update the
sendChatAction/typing code block in listen to use this parsed chat_id (and
maintain the existing ignored-error behavior).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for rand 0.8 patterns that are broken or deprecated in 0.9
rg -n --type=rust \
  -e 'rand::distributions' \
  -e 'thread_rng\(\)' \
  -e 'OsRng\b' \
  -e 'Uniform::new\b' \
  -A 2

Repository: dallay/corvus

Length of output: 1691

---

🏁 Script executed:

#!/bin/bash
# Check chacha20poly1305 crate version and its RNG trait requirements
rg -n --type=rust 'ChaCha20Poly1305::generate' clients/agent-runtime/src/ -B 2 -A 3

Repository: dallay/corvus

Length of output: 1135

---

🏁 Script executed:

#!/bin/bash
# Check Cargo.toml for chacha20poly1305 version to understand API compatibility
grep -n 'chacha20poly1305' clients/agent-runtime/Cargo.toml

Repository: dallay/corvus

Length of output: 85

---

🌐 Web query:

chacha20poly1305 0.10 RNG trait TryRngCore compatibility rand 0.9

💡 Result:

chacha20poly1305 = 0.10.x is built on aead = 0.5, which pulls in crypto-common = 0.1.x and thus rand_core = 0.6 (via the rand_core feature). (docs.rs)
rand = 0.9 uses a newer rand_core where the new fallible RNG trait TryRngCore exists, and the trait ecosystem changed accordingly. (rust-random.github.io)
So an RNG type from rand 0.9 (i.e., rand_core 0.9) won’t satisfy bounds expecting rand_core 0.6 (what chacha20poly1305 0.10 expects), causing the compatibility error.

Ways to fix:

1. Keep chacha20poly1305 = 0.10 → use rand = 0.8 (rand_core 0.6) to match its rand_core version. (docs.rs)
2. Move to the new RustCrypto prerelease line: chacha20poly1305 = 0.11.0-rc.* depends on aead = 0.6.0-rc.* and is intended to work with the newer rand_core/os_rng ecosystem. (docs.rs)
3. Bridge the traits with rand_core_compat, which provides wrappers (including Try* wrappers) to adapt between rand_core 0.6/rand 0.8 and rand_core 0.9/rand 0.9. (docs.rs)

Citations:

• 1: https://docs.rs/crate/chacha20poly1305/0.10.1/source/Cargo.toml.orig
• 2: https://rust-random.github.io/book/update-0.9.html?utm_source=openai
• 3: https://docs.rs/crate/chacha20poly1305/0.10.1/source/Cargo.toml.orig
• 4: https://docs.rs/crate/chacha20poly1305/0.11.0-rc.1/source/Cargo.toml?utm_source=openai
• 5: https://docs.rs/rand_core_compat?utm_source=openai

---

Revert rand to 0.8 or upgrade chacha20poly1305 — incompatible trait bounds with rand 0.9

rand = 0.9 pulls in rand_core = 0.9, but chacha20poly1305 = 0.10 requires rand_core = 0.6. The trait bounds are incompatible and the code will not compile. The codebase uses OsRng with ChaCha20Poly1305::generate_nonce(), generate_key(), and fill_bytes() — all of which expect the older rand_core 0.6 API.

Choose one:

• Downgrade to rand = 0.8 to match chacha20poly1305 0.10's rand_core dependency.
• Upgrade to chacha20poly1305 = 0.11.0-rc (prerelease) to support rand_core 0.9.
• Use rand_core_compat as a bridge (adds an extra dependency).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/Cargo.toml` at line 69, The rand 0.9 entry causes
incompatible rand_core versions with chacha20poly1305 0.10; either revert rand
to 0.8 or upgrade chacha20poly1305 to a rand_core 0.9-compatible release so
OsRng and ChaCha20Poly1305::generate_nonce(), ::generate_key(), and fill_bytes()
keep working. Update Cargo.toml to change the dependency: replace rand = "0.9"
with rand = "0.8" (preferred) OR change chacha20poly1305 to a 0.11 (or rc that
supports rand_core 0.9); after editing run cargo update and cargo build to
ensure trait-bound errors are resolved.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/core-check.yml (1)

61-78: Remove the now-orphaned Rust toolchain setup and its PATH prefix.

Since :agent-core-rust:check was dropped and only :agent-core-kmp:check is now executed, the entire "Setup Rust toolchain" step (lines 61–73) and the PATH="$HOME/.cargo/bin:$PATH" prefix on line 78 are dead. If Rust isn't already cached on the runner this step will execute curl | sh and install a full toolchain unnecessarily, wasting CI minutes on every KMP-only run.

♻️ Proposed cleanup

Remove lines 61–73 entirely, and simplify line 78:

-      - name: 🦀 Setup Rust toolchain
-        shell: bash
-        run: |
-          if command -v cargo >/dev/null 2>&1; then
-            cargo --version
-            rustc --version
-            exit 0
-          fi
-
-          curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain stable
-          echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
-          "$HOME/.cargo/bin/cargo" --version
-          "$HOME/.cargo/bin/rustc" --version
-
       - name: ✅ Run core checks
         shell: bash
         run: |
-          PATH="$HOME/.cargo/bin:$PATH" ./gradlew :agent-core-kmp:check
+          ./gradlew :agent-core-kmp:check

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/core-check.yml around lines 61 - 78, Remove the entire "🦀
Setup Rust toolchain" CI step (the block that installs rustup/cargo and updates
GITHUB_PATH) because :agent-core-rust:check was removed, and also remove the
PATH="$HOME/.cargo/bin:$PATH" prefix before running ./gradlew
:agent-core-kmp:check so the workflow no longer installs or prepends the Rust
toolchain for KMP-only runs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/core-check.yml:
- Around line 61-78: Remove the entire "🦀 Setup Rust toolchain" CI step (the
block that installs rustup/cargo and updates GITHUB_PATH) because
:agent-core-rust:check was removed, and also remove the
PATH="$HOME/.cargo/bin:$PATH" prefix before running ./gradlew
:agent-core-kmp:check so the workflow no longer installs or prepends the Rust
toolchain for KMP-only runs.