Agent runtime with security hardening, cockpit TUI, and observability#94
Merged
langowarny merged 197 commits intomainfrom Apr 13, 2026
Merged
Agent runtime with security hardening, cockpit TUI, and observability#94langowarny merged 197 commits intomainfrom
langowarny merged 197 commits intomainfrom
Conversation
- Added a new `/playground` endpoint serving an embedded HTML interface for testing agents via WebSocket. - Implemented session isolation for unauthenticated WebSocket clients by assigning a unique `clientID` as their session key. - Updated P2P metadata endpoints to require authentication when OIDC is configured, ensuring consistent access control. - Renamed `requireAuth` middleware to `RequireAuth` for better accessibility across packages. - Fixed documentation discrepancies regarding approval policy names and metrics format. - Added a startup warning for the approval policy set to "none" to prevent unapproved tool execution in production.
- Introduced the RunLedger module, enabling durable execution capabilities within the Task OS. - Updated the application initialization to include the RunLedger module and its configuration. - Enhanced the App struct to support RunLedger components, including RunLedgerStore and RunLedgerPEV. - Added configuration options for RunLedger in the config package, allowing for flexible setup. - Implemented necessary ent schema updates for RunJournal, RunSnapshot, and RunStep to support RunLedger functionality.
…tion - Added CLI commands for managing RunLedger runs, including listing recent runs, checking status, and viewing journal events. - Updated README and feature documentation to include details about RunLedger (Task OS) and its capabilities. - Implemented workspace isolation for coding steps, ensuring proper environment management during execution. - Enhanced validation mechanisms with new acceptance criteria and event handling for run completion. - Introduced new tests for RunLedger validators and tools to ensure robustness and correctness.
- Updated `run_propose_step_result` to validate step existence, ownership, and state before journaling proposals, preventing unauthorized access. - Improved workspace preparation to ensure retry-safe branch naming, allowing multiple validation attempts without conflicts. - Clarified documentation and comments to explicitly state that workspace isolation remains phase-gated in the current runtime. - Added tests for new validation scenarios and workspace lifecycle to ensure robustness and correctness.
- Introduced an Ent-backed `RunLedgerStore` to replace the in-memory store, enabling persistent storage of journal events and snapshots. - Updated CLI commands to support listing recent runs and viewing journal events from the persistent store. - Enhanced documentation to reflect the new persistent storage capabilities and updated command usage. - Implemented tests for the new storage functionality, ensuring robustness and correctness in handling journal events and snapshots. - Clarified that workspace isolation remains disabled until the execution-isolation phase is activated.
- Introduced the `runLedger.workspaceIsolation` configuration option to enable workspace isolation for coding-step validation. - Updated the application to activate workspace isolation when the configuration is set to true, allowing validators to execute in isolated worktrees. - Enhanced documentation to reflect the new configuration option and its implications for runtime behavior. - Added tests to verify the correct activation of workspace isolation in the RunLedger module.
- Introduced a new `RunSummaryProvider` interface to retrieve active run summaries for session context. - Implemented `mockRunSummaryProvider` for testing and integrated it into the `ContextAwareModelAdapter`. - Enhanced `GenerateContent` method to include run summaries in the generated prompts. - Added tests to verify the correct injection of run summaries into prompts, ensuring accurate context representation. - Updated relevant documentation to reflect the new functionality and its usage.
- Integrated `RunLedger` into the `Server` to manage run states and enable resume functionality. - Updated `handleChatMessage` to detect resume intents and provide candidates for user confirmation. - Enhanced `ContextAwareModelAdapter` to include `RunSummaryProvider` for improved context in LLM requests. - Added tests for resume handling and context injection to ensure robustness and correctness. - Updated documentation to reflect new features and usage scenarios for the enhanced RunLedger capabilities.
- Introduced `ToolProfileGuard` middleware to restrict tool execution based on the active step's `ToolProfile`. - Enhanced the application to conditionally apply tool profile restrictions when `RunLedger` workspace isolation is enabled. - Added comprehensive tests for the `ToolProfileGuard` to ensure correct behavior for allowed and disallowed tools based on profiles. - Updated documentation to reflect the new tool governance features and their implications for runtime execution.
- Introduced a caching mechanism for run summaries in the `ContextAwareModelAdapter`, improving performance by reducing redundant queries. - Updated `RunSummaryProvider` to include a method for retrieving the maximum journal sequence for a session, facilitating better cache management. - Enhanced the `EntStore` to support pruning old runs, ensuring efficient storage management and compliance with retention policies. - Added benchmarks and tests for the new caching and pruning functionalities to ensure robustness and performance. - Updated documentation to reflect the new caching capabilities and their impact on run summary retrieval.
- Introduced a dedicated RunLedger category in the settings TUI under the Automation section, allowing users to edit all RunLedger configuration fields. - Implemented a new RunLedgerCheck in the doctor command to validate configuration invariants, ensuring proper setup and operational integrity. - Updated relevant documentation, including README and CLI help texts, to reflect the new settings and diagnostic capabilities for RunLedger. - Enhanced tests to cover the new configuration form and validation checks, ensuring robustness and correctness in the implementation.
Feature/enhancement agent work
- Introduced a new Provenance feature, including configuration options in the settings and diagnostics. - Updated the CLI to include a provenance command, allowing users to manage provenance settings. - Enhanced the application to track provenance checkpoints and session provenance, integrating them into the existing ent framework. - Added relevant tests to ensure the correctness of the new provenance functionalities. - Updated documentation to reflect the new provenance capabilities and their usage.
- Implemented `EntCheckpointStore` for persistent checkpoint storage, ensuring data survives process restarts. - Added `AppendHookSetter` interface to allow post-construction hook registration for `MemoryStore` and `EntStore`. - Wired `CheckpointService.OnJournalEvent` to automatically create checkpoints on qualifying journal events. - Updated CLI commands to utilize `EntCheckpointStore` for checkpoint management, replacing ephemeral memory stores. - Introduced placeholder messages for session tree and list commands until persistent session tree storage is implemented. - Enhanced tests to cover new functionalities and ensure correctness in checkpoint persistence and hook behavior.
- Upgraded ADK dependency from v0.5.0 to v0.6.0, introducing maintenance improvements. - Implemented filtering for thought tool calls in the OpenAI provider to prevent API errors. - Added functionality to remove orphaned FunctionResponses when their corresponding FunctionCalls are dropped. - Enhanced error classification to treat `thought_signature` errors as model errors, avoiding unnecessary learning retries. - Introduced new CLI commands for provenance management, including status and checkpoint operations, with placeholders for unimplemented features. - Updated documentation and tests to reflect new functionalities and ensure correctness across the application.
- Expanded the provenance functionality with new commands for session management, including session tree visualization and session node listing. - Implemented the ability to export and import signed provenance bundles with configurable redaction levels. - Updated the CLI to provide detailed attribution reports and raw attribution data for sessions. - Enhanced documentation to reflect the new provenance capabilities and their usage in the application. - Added tests to ensure the correctness of the new features and their integration into the existing system.
- Introduced new CLI commands for pushing and fetching signed provenance bundles between peers, enhancing P2P capabilities. - Updated documentation to include usage instructions for the new provenance commands. - Enhanced session isolation for built-in specialist agents, ensuring their operations respect child session routing. - Added tests to validate the new provenance features and their integration with existing functionalities.
- Introduced a new Provenance configuration form in the settings, allowing users to manage provenance-related options such as enabling the subsystem, auto-checkpointing, and retention settings. - Updated the settings menu to include a dedicated Provenance category under Automation. - Enhanced the configuration state update logic to handle provenance settings from the form. - Updated documentation to reflect the new Provenance configuration capabilities and usage instructions.
- Implemented a two-stage shutdown process for `lango serve`, where the first signal initiates a graceful shutdown and a second signal forces an immediate exit with code `130`. - Updated lifecycle management to ensure that individual component shutdowns respect the provided context, preventing one blocked component from stalling the entire shutdown process. - Enhanced channel stop methods to be context-aware, allowing them to return promptly when the shutdown context is done. - Improved logging for shutdown progress and timeout scenarios to enhance observability during the shutdown sequence. - Added tests to validate the new shutdown behavior and ensure robustness against blocking components.
- Added `RedactionLevel.Valid()` method and `ErrInvalidRedaction` error to ensure only valid redaction levels are accepted in core services. - Implemented early validation for redaction levels in HTTP routes, returning a 400 Bad Request for invalid inputs. - Enhanced CLI commands to respect the `provenance.enabled` configuration, ensuring appropriate messages are displayed when provenance is disabled. - Refactored duplicate code for handling provenance requests and added utility functions for better code organization. - Introduced tests for new validation logic and command behavior to ensure correctness and compliance with specifications.
Feat: add session provenance tracking system
Unit 1 — Phase B post-build wiring rollback mechanism:
When a late Phase B step (e.g., agent creation at B6) fails, previously
registered components like OutputStore and Gateway were leaked. Introduce
a cleanupStack that accumulates rollback functions during Phase B wiring;
on failure the stack executes in reverse order (bootstrap pipeline pattern);
on success it is discarded as the lifecycle registry takes ownership.
Unit 5 — Consolidate TextGenerator interface into internal/llm:
Four identical TextGenerator interface definitions (learning, memory,
graph, librarian) unified into a single internal/llm package to eliminate
duplication and clarify ownership.
Unit 6 — CLI test harness and zero-coverage package tests:
Add shared CLI test harness (testutil/cli_harness.go) with fake config
loader, in-memory store factory, and stdout capture. Add tests for 6
previously untested CLI packages: memory, graph, learning, librarian,
approval, cron.
- Introduced an event bus system to facilitate communication between various application components, replacing previous callback mechanisms for embedding and graph updates. - Updated intelligence, memory, and knowledge modules to utilize the event bus for publishing content saved events and graph triples, improving modularity and decoupling. - Enhanced wiring of components to support event-driven architecture, allowing for more flexible and maintainable code. - Added tests to verify the correct behavior of the new event bus integration and its impact on existing functionalities.
- Added a new package for agent memory tools, enabling agents to save, recall, and forget their persistent memories (patterns, preferences, facts, skills). - Implemented three core tools: `memory_agent_save`, `memory_agent_recall`, and `memory_agent_forget`, each with defined parameters and handlers for managing memory entries. - Updated the application wiring to integrate the new agent memory tools, enhancing the modularity and functionality of the agent system. - Removed legacy tool implementations to streamline the codebase and improve maintainability. - Added tests to ensure the correct behavior of the new memory tools and their integration within the application.
- Replaced custom tool building functions with dedicated builder functions from respective packages (e.g., `tooloutput`, `toolcrypto`, `toolsecrets`, `filesystem`, `browser`, and `exec`). - Removed legacy tool building functions to enhance code clarity and maintainability. - Introduced new files for browser, crypto, filesystem, and secrets tools, encapsulating their functionalities. - Added tests for new tool functionalities to ensure correctness and integration within the application.
- Introduced a new test file for validating the construction and behavior of various tool types, including agent memory, output, filesystem, exec, browser, graph, RAG, memory agent, librarian, and crypto tools. - Implemented tests to ensure all tools have non-nil handlers, unique names, and correct descriptions where applicable. - Enhanced test coverage to verify the integrity and correctness of tool definitions across different components, improving overall code reliability.
- Added validation for memory kinds in the Save method, ensuring only valid kinds are accepted. - Introduced new tests for handling invalid and empty kinds in the Save method. - Enhanced the SearchWithContextOptions method to apply filters for kind, tags, and minimum confidence during searches. - Updated existing search methods to utilize the new context options, improving search accuracy and flexibility. - Added comprehensive tests for the new search functionality, ensuring correct behavior with various input scenarios.
- Added documentation for recent refactoring of tool builders, including package ownership and agent memory validation. - Updated existing specifications to align with new capabilities and ownership boundaries. - Introduced new specs for shared automation helpers and parity verification for extracted builders. - Ensured comprehensive coverage of tool registration and behavior changes in the documentation.
- Introduced new plugin capabilities for agent-level callbacks, allowing for enhanced tool invocation handling. - Added support for plugins in the agent options, enabling the configuration of ADK plugins for tool callbacks. - Implemented a new memory section assembly method to manage conversation memory efficiently, enforcing token budgets for reflections and observations. - Created new context assembly and retrieval functionalities to improve memory management and session handling. - Added comprehensive tests to validate the new plugin and memory functionalities, ensuring correct behavior and integration within the application.
- Introduced a new Ent-backed implementation for agent memory storage, allowing for persistent memory retention across sessions. - Updated the agent memory configuration to utilize the new Ent store, enhancing memory management capabilities. - Enhanced the README documentation to reflect the changes in agent memory persistence and usage. - Added comprehensive tests for the new Ent store functionality, ensuring correct behavior for saving, retrieving, and searching memory entries. - Refactored existing memory-related commands to align with the new persistent storage model.
Introduces the canonical path normalization pipeline shared by all
sandbox backends (bwrap, Seatbelt, planned native):
entry → sanitize → Abs → Glob → EvalSymlinks-with-fallback → []string
The new normalizePath helper in policy.go runs this pipeline once per
entry and returns zero or more concrete paths. compileBwrapArgs and
GenerateSeatbeltProfile both consume it so the two backends cannot drift:
whatever one sees, the other sees.
findGitRoot rewritten to return a gitRoot struct (pointerPath +
gitdirPath) implementing the two-deny strategy:
- Standard .git directory → pointerPath == gitdirPath, one deny entry
- Linked worktree .git file → pointer denied at file level (Stage 1),
gitdir target parsed from "gitdir: <path>" line and resolved via
Abs + EvalSymlinks, then ALSO added to DenyPaths
- Relative gitdir paths resolved against the pointer file's parent dir
- Malformed pointer → pointer-only deny (degraded protection)
canonicalWorkDir helper applies EvalSymlinks to workDir so WritePaths[0]
becomes the canonical filesystem path — symlinked workspaces no longer
leak their pre-resolve path into the writable set.
Glob expansion (D3) is included in the shared normalizePath helper, so
Stage 2 covers both symlink (D2) and glob (D3) semantic upgrades:
- Zero matches → silent skip (shell nullglob)
- filepath.ErrBadPattern → error, startup fails loudly
- Each match flows through EvalSymlinks and downstream stat/type-check
independently
Test additions (policy_test.go + bwrap_args_test.go):
- TestFindGitRoot now tests gitRoot struct — worktree absolute/relative
gitdir, malformed pointer degradation, symlinked workDir
- TestDefaultToolPolicy_WorktreeDenyBothPointerAndGitdir
- TestCompileBwrapArgs_SymlinkedDenyPath (symlink escape closed)
- TestNormalizePath_{NonexistentFallback,GlobExpansion,UnmatchedGlobSilentSkip,InvalidGlobErrors}
- TestCompileBwrapArgs_DenyPathWithGlob (integration)
- Existing tests updated with new resolveSymlinks(t, path) helper so
macOS /var → /private/var and /tmp → /private/tmp resolutions don't
break assertions.
Final stage of PR 5c documents the file-level deny + symlink resolution
+ glob expansion + worktree gitdir pointer changes from Stages 1-2.
Delta specs merged into main specs without --no-validate (first real
test of PR 5b's canonical cleanup success criterion):
- linux-bwrap-isolation: DenyPaths now supports regular files via
--ro-bind /dev/null; new requirement documenting the shared
normalizePath pipeline (sanitize → Abs → Glob → EvalSymlinks)
used by all three path classes (Read/Write/Deny)
- os-sandbox-core: Policy types requirement documents canonicalWorkDir
helper, gitRoot struct (pointerPath + gitdirPath for two-deny
strategy), collectBaselineDeny shared helper, and normalizePath
pipeline contract shared across backends
Docs sync (all four downstream targets):
- docs/configuration.md: new "Path semantics" paragraph covering
file-level deny, symlink resolution, and glob expansion; allowedWritePaths
row annotated with the shared pipeline note
- docs/cli/sandbox.md: "Path semantics" paragraph in the experimental note
- README.md: OS-level Sandbox bullet extended with worktree walk-up,
file-deny, symlink, glob
- prompts/SAFETY.md: Control-plane bullet extended with symlink/worktree/
glob mentions so agents know these paths cannot be escaped
feat(sandbox): Linux bwrap backend, escape hardening, and OpenSpec canonicalization
- Introduced a new command `lango security recovery` for managing recovery mnemonics. - Added functionality to generate and add a BIP39 recovery mnemonic as a KEK slot in the Master Key envelope. - Implemented recovery process using the mnemonic to restore access to the Master Key. - Updated bootstrap phases to load the envelope file and acquire credentials more effectively. - Modified database opening logic to support both raw key and passphrase-based access. - Enhanced tests to cover new recovery features and ensure proper functionality.
- Enhanced README.md to reflect the new Master Key envelope architecture and recovery mnemonic support. - Updated CLI documentation to clarify the `lango security` commands, including the new `change-passphrase` command and its implications. - Added detailed migration instructions for transitioning from legacy passphrase-based encryption to the new envelope-based system. - Improved encryption documentation to explain the key hierarchy and recovery options. - Introduced a new document for Master Key envelope migration, outlining the process and safety measures during the upgrade.
- Removed direct imports of `wallet` from `internal/p2p/handshake` and `internal/p2p/identity`, replacing them with `Signer` and `KeyProvider` interfaces respectively. - Eliminated the dependency of `internal/provenance` on `internal/p2p/identity`, addressing reverse dependency issues. - Introduced a `BundleSigner` interface for signing operations in `provenance`, allowing for injectable signature verification functions. - Updated various service and test files to accommodate the new signing architecture and ensure proper functionality. - Enhanced boundary tests to enforce new import rules and prevent unwanted dependencies.
- Introduced support for Ed25519 signature algorithm alongside existing secp256k1-keccak256. - Enhanced the Signer interface to include an Algorithm() method for algorithm identification. - Updated Challenge and ChallengeResponse structs to include a SignatureAlgorithm field for backward compatibility. - Implemented a verifier map in the Handshaker to dispatch signature verification based on the algorithm used. - Fixed a double-hash bug in challenge signature verification by returning raw canonical bytes for signing. - Added ParseDIDPublicKey function to extract public keys from DIDs without deriving peer IDs. - Updated various services and tests to accommodate the new signing architecture and ensure proper functionality.
- Introduced an Identity Bundle that includes an Ed25519 signing key, secp256k1 settlement key, and dual proofs for DID v2. - Enhanced the bootstrap process to derive the Ed25519 identity key from the Master Key using HKDF. - Updated the P2P networking components to utilize the new identity bundle for improved identity management. - Modified the handshake process to support both legacy and new identity verification methods. - Added tests for the new identity bundle functionality and ensured backward compatibility with existing DIDs.
- Added a new Bundle method to the bundleHandshakeSigner for retrieving the IdentityBundle. - Introduced an AddressResolver interface to facilitate resolution of v2 DIDs to Ethereum addresses. - Updated the USDCSettler to utilize the new AddressResolver for resolving buyer and seller DIDs. - Enhanced the handshake process to support DID aliasing for session continuity between v1 and v2 DIDs. - Implemented tests for the new address resolution functionality and ensured compatibility with existing systems.
- Added support for hybrid KEM (X25519-MLKEM768) in the handshake as protocol v1.2. - Extended Challenge and ChallengeResponse structs to include optional KEM fields for backward compatibility. - Implemented session key derivation using HKDF-SHA256 from the hybrid shared secret. - Introduced KEM transcript binding to prevent active tampering during handshake. - Updated configuration to include EnablePQHandshake for opt-in KEM support. - Enhanced tests for KEM functionality and ensured graceful degradation with v1.1 peers. - Promoted cloudflare/circl to a direct dependency for KEM operations.
- Added ML-DSA-65 post-quantum signature scheme for dual signatures alongside classical signatures. - Extended IdentityBundle to include PQSigningKey and PQGeneration for key rotation. - Introduced PQBundleSigner interface for signing operations in provenance bundles. - Implemented self-contained PQ verification by embedding PQSignerPublicKey in artifacts. - Updated bootstrap process to derive PQ signing keys from the Master Key. - Enhanced GossipCard structure to support dual signatures and updated signing logic. - Added tests for dual-signature functionality and ensured backward compatibility with classical-only bundles.
- Added KMS KEK slot functionality to the MasterKeyEnvelope, allowing the Master Key to be wrapped and unwrapped using various KMS providers (AWS, GCP, Azure, PKCS#11). - Implemented KMSConfigFromEnv to read KMS configuration from environment variables, enabling passphraseless bootstrap when KMS credentials are available. - Enhanced the bootstrap process to attempt KMS unwrapping before falling back to passphrase acquisition. - Introduced CLI commands for adding and detaching KMS slots, improving user interaction with KMS features. - Updated status reporting to include KMS protection status in the envelope. - Added comprehensive tests for KMS integration, ensuring functionality and backward compatibility.
- Introduced a new command `zkexport` to compile gnark circuits and export Groth16 verifying keys as Solidity contracts. - Implemented functionality to export specific circuits or all circuits to a designated output directory. - Added an interface `IZKVerifier` for Groth16 proof verification in Solidity. - Created multiple verifier contracts for different circuits including Ownership, Balance, Capability, and PQ Attestation. - Enhanced the escrow contract to utilize ZK proof verification for fund release, ensuring security and trust in attestation. - Comprehensive tests added to validate the new functionality and ensure backward compatibility.
- Implemented security hardening measures based on extensive code review, focusing on identity binding, credential management, and trust boundaries. - Updated the `LangoZKEscrow` contract to pin the ZK verifier address as immutable, preventing potential attacks from mock verifiers. - Modified the handshake process to ensure bundle caching occurs only after signature verification, preventing forged bundles from being cached. - Enforced strict checks for v2 DIDs, requiring both a valid bundle and matching signing key to prevent replay attacks. - Enhanced the CLI commands for passphrase management to ensure keyring entries are updated consistently, preventing stale entries during headless bootstrap. - Improved the bootstrap phase order to load security state before envelope migration, ensuring proper handling of pending migrations. - Comprehensive tests added to validate the new security features and ensure backward compatibility.
- Added new error classifications for provider authentication and connection issues, enhancing user feedback with specific messages. - Implemented case-insensitive matching for common error patterns (e.g., 401, 403, invalid API key) to improve accuracy in error handling. - Updated `UserMessage()` to provide curated guidance for authentication failures and connection issues without exposing raw error details. - Enhanced recovery policy to escalate authentication errors immediately and allow retries for connection errors. - Added comprehensive tests to validate the new error handling and recovery logic.
- Replaced hardcoded command count in README.md with count-free phrasing for accuracy. - Added missing A2A Commands entry to mkdocs.yml CLI Reference navigation. - Updated architecture documentation to reflect the integration of Google ADK v1.0.0.
- Added comments to clarify that KMS provider errors are expected during development with stubs, indicating that real implementations will utilize specific build tags. - Ensured consistency in error handling across multiple CLI commands related to KMS provider creation.
langowarny
added
bug
- Updated architecture overview and specifications to reference Google ADK v1.0.0 instead of v0.6.0. - Adjusted plugin and tool dispatch analysis documentation to align with the new versioning. - Ensured consistency across all relevant documentation regarding the ADK version update.
- Introduced a new `NewCompositeIsolator` function to create an isolator that applies multiple OS isolators in sequence. - Added compile-time interface compliance check for `compositeIsolator` to ensure it implements the `OSIsolator` interface. - Enhanced the `Apply` method to iterate through the list of isolators and apply them in order.
- Added testdata JSON files to .gitignore to prevent them from being tracked. - Introduced a mutex in the mockProjection struct to ensure thread-safe access to prepared and synced task data. - Updated methods to use the new mutex for safe concurrent access, improving the reliability of tests in a multi-threaded context.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
approval dialog, and background task management
ML-DSA-65 dual-sign for provenance bundles, algorithm agility for signature verification, Cloud KMS integration (AWS/GCP/Azure/PKCS#11)
/dev/nullbind, symlink resolution, and worktree gitdir pointer followingbundle export/import), Prometheus metrics, OpenTelemetry tracing, operational alerting with webhook delivery
profiles (off/lite/balanced/full)
librarian
zkexportcommand), attestation/balance/capability/ownership/post-quantum verifier contracts