M24: Architecture improvements

## Overview

Architecture audit identified 12 improvement areas across the codebase. This epic tracks refactoring work to address accumulated architectural debt before 1.0. Additionally includes performance optimizations and security fixes identified during audit.

## Audit Report

Full report: `.local/audit/architecture-audit.md`

## Architecture Refactoring (8 issues)

| Priority | Issue | Effort | Impact |
|----------|-------|--------|--------|
| P0 | #392 Extract ProviderFactory from main.rs to zeph-llm | M | High |
| P0 | #393 Extract bootstrap/AppBuilder from main.rs | L | High |
| P1 | #394 Add shared embed_fn helper to AnyProvider | S | Medium |
| P1 | #395 Move AnyChannel and dispatch_channel! to zeph-channels | S | Medium |
| P2 | #396 Replace stringly-typed provider selection with ProviderKind enum | S | Medium |
| P2 | #397 Group Agent loose fields into RuntimeConfig struct | M | Medium |
| P3 | #398 Narrow SemanticMemory generic from LlmProvider to EmbedFn | L | Medium |
| P3 | #399 Deprecate string-based ToolExecutor::execute | M | Low |

## Performance Optimizations (10 issues)

| Issue | Area |
|-------|------|
| #400 Reduce provider clone overhead in skill embedding | skills |
| #401 Pre-allocate strings in context building loops | core |
| #402 Cache prompt token estimate instead of rescanning | core |
| #403 Tune skill embedding concurrency limit | skills |
| #404 Optimize cosine similarity with SIMD | memory |
| #405 Add Vec::with_capacity hints in hot paths | core |
| #406 Document sccache setup for macOS developers | docs |
| #407 Reduce monomorphization bloat from provider generic P | build |
| #408 Create minimal default feature set for faster builds | build |
| #409 Add timeout wrapper for embedding calls | llm |

## Security Fixes (7 issues)

| Issue | Area |
|-------|------|
| #410 Update clap to eliminate unmaintained atty dependency | deps |
| #411 Update rmcp to fix quinn-udp DoS vulnerability | deps |
| #412 Reject empty Telegram allowed_users whitelist | channels |
| #413 Enforce max body size limit in A2A server routes | a2a |
| #414 Add safetensors validation before unsafe mmap in candle | llm |
| #415 Add validation bounds for configuration values | config |
| #416 Sanitize error messages to prevent path disclosure | core |

## Progress

- [ ] Architecture: 0/8
- [ ] Performance: 0/10
- [ ] Security: 0/7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

M24: Architecture improvements #391

Overview

Audit Report

Architecture Refactoring (8 issues)

Performance Optimizations (10 issues)

Security Fixes (7 issues)

Progress

Sub-issues

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Priority	Issue	Effort	Impact
P0	#392 Extract ProviderFactory from main.rs to zeph-llm	M	High
P0	#393 Extract bootstrap/AppBuilder from main.rs	L	High
P1	#394 Add shared embed_fn helper to AnyProvider	S	Medium
P1	#395 Move AnyChannel and dispatch_channel! to zeph-channels	S	Medium
P2	#396 Replace stringly-typed provider selection with ProviderKind enum	S	Medium
P2	#397 Group Agent loose fields into RuntimeConfig struct	M	Medium
P3	#398 Narrow SemanticMemory generic from LlmProvider to EmbedFn	L	Medium
P3	#399 Deprecate string-based ToolExecutor::execute	M	Low

Issue	Area
#400 Reduce provider clone overhead in skill embedding	skills
#401 Pre-allocate strings in context building loops	core
#402 Cache prompt token estimate instead of rescanning	core
#403 Tune skill embedding concurrency limit	skills
#404 Optimize cosine similarity with SIMD	memory
#405 Add Vec::with_capacity hints in hot paths	core
#406 Document sccache setup for macOS developers	docs
#407 Reduce monomorphization bloat from provider generic P	build
#408 Create minimal default feature set for faster builds	build
#409 Add timeout wrapper for embedding calls	llm

Issue	Area
#410 Update clap to eliminate unmaintained atty dependency	deps
#411 Update rmcp to fix quinn-udp DoS vulnerability	deps
#412 Reject empty Telegram allowed_users whitelist	channels
#413 Enforce max body size limit in A2A server routes	a2a
#414 Add safetensors validation before unsafe mmap in candle	llm
#415 Add validation bounds for configuration values	config
#416 Sanitize error messages to prevent path disclosure	core

M24: Architecture improvements #391

Description

Overview

Audit Report

Architecture Refactoring (8 issues)

Performance Optimizations (10 issues)

Security Fixes (7 issues)

Progress

Sub-issues

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions