feat: v3 dependency swap — reduce maintenance surface by ~40%#1
Merged
machinelearnear merged 14 commits intomainfrom Mar 11, 2026
Merged
feat: v3 dependency swap — reduce maintenance surface by ~40%#1machinelearnear merged 14 commits intomainfrom
machinelearnear merged 14 commits intomainfrom
Conversation
Set up operativo quality regression testing with promptfoo: config for DCE compliant/non-compliant/injection test cases, golden_cases directory for PDF fixtures, and GitHub Actions workflow triggered on prompt/agent/ domain changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add detection for system role injection, ChatML format, [INST] format, and assistant role confusion patterns. These cover newer prompt injection vectors seen in MCP tool ecosystems. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add async compact() method that calls anthropic_client.messages.create() with a compaction system prompt preserving compliance verdicts, citations, document facts, tool results, and the operativo plan. Returns summary message + last 10 recent messages as CompactionResult. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add create_instructor_client() factory that wraps AsyncAnthropicVertex with instructor for structured output extraction. Mark AnthropicClient as deprecated in favor of the new factory. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Scans tool outputs before they re-enter agent context, redacting results that contain injection patterns (ignore previous, new instructions, system prompt probing, exfiltration, base64 decode). Prevents MCP tool-result injection attacks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add domain.toml declarative manifests for all three domains and a DomainRegistry that discovers and loads them at startup using stdlib tomllib. Each manifest captures models, MCP server, Temporal queue, memory collection, injection guard, and operational limits. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ToolSchemaRegistry snapshots SHA-256 hashes of MCP tool schemas at startup and verifies them before each operativo. Detects schema changes and newly appeared tools that could indicate a compromised tool server. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add optional compaction_client and anthropic_raw_client params to ToolHandler.__init__(). Before each LLM call in run_loop(), check if compaction is needed and compact messages when threshold is exceeded. Fully backward-compatible — compaction only runs when both clients are provided. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wraps mem0 (self-hosted, pgvector) as a memory layer with domain
isolation enforced via user_id namespacing ({domain}:{operativo_id}).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add logfire configuration as a single entry point for OpenTelemetry-native distributed tracing. Integrate into the FastAPI gateway with send_to_logfire disabled by default for safe local/test usage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Expose DCE and IDP tools as MCP servers via FastMCP, and add an MCPExecutor class for Lamponne to call tools through the MCP protocol. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…and activities
Add the feedback processing pipeline for human-in-the-loop learning:
- OperativoFeedback and ExtractedLesson dataclasses in core/feedback.py
- FeedbackRequest/FeedbackResponse Pydantic models in gateway/feedback.py
- POST /operativos/{id}/feedback stub endpoint in gateway app
- FeedbackProcessingWorkflow for Temporal-orchestrated lesson extraction
- extract_lesson and store_lesson activity stubs
- 9 tests covering schema, API, workflow input, and activities
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Guard mem0 import in memory/__init__.py to prevent cascading failures - Wire sanitize_tool_result() into ToolHandler.run_loop() (was dead code) - Add auth check to feedback endpoint (security gap) - Fix datetime.utcnow() deprecation → datetime.now(UTC) - Detect removed tools in ToolSchemaRegistry.verify() (rug pull gap) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove 92 unused imports (F401), fix string annotation references in factory.py (F821), move os import to top of base.py (E402), and reorder Dockerfile COPY before pip install so hatchling can find the agent_harness package. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
domain.tomlmanifests +DomainRegistry— new domains require zero changes to coreCompactionClient.compact()integrated into ToolHandler loop with threshold-based triggeringStats
Test plan
uv run pytest tests/ --ignore=tests/test_export)🤖 Generated with Claude Code