Skip to content

Comments

feat: architecture improvements, performance optimizations, security hardening (M24)#417

Merged
bug-ops merged 3 commits intomainfrom
feat/m24/arch-improvements
Feb 17, 2026
Merged

feat: architecture improvements, performance optimizations, security hardening (M24)#417
bug-ops merged 3 commits intomainfrom
feat/m24/arch-improvements

Conversation

@bug-ops
Copy link
Owner

@bug-ops bug-ops commented Feb 17, 2026

Summary

Architecture audit identified 25 improvement areas. This PR addresses 15 issues directly, 4 were already resolved, 1 already implemented, and 5 deferred to follow-up.

closes #396,closes #397,closes #392,closes #394,closes #395,closes #399
closes #401,closes #403,closes #404,closes #405,closes #408,closes #409
closes #412,closes #415,closes #416

Architecture

Performance

Security

Already resolved (closed)

Deferred

Stats

  • 18 files changed, 526 insertions, 398 deletions
  • 1533 tests pass, 0 failures
  • Clippy clean, fmt clean

Breaking changes

  • LlmConfig.provider is now ProviderKind enum (was String)
  • Default features reduced: a2a, candle, compatible, index, mcp, openai, orchestrator, router removed from defaults
  • Telegram channel rejects empty allowed_users list
  • Config with extreme values (history_limit > 10000, etc.) now rejected

Test plan

  • cargo nextest run --workspace --lib --bins --features full (1533 pass)
  • cargo clippy --workspace --features full -- -D warnings (clean)
  • Security validation (all fixes verified)
  • Performance validation (no regressions)
  • Code review approved
  • CI gate passes

…hardening (M24)

Extract ProviderKind enum replacing stringly-typed provider selection.
Group Agent loose fields into RuntimeConfig struct.
Consolidate provider construction via shared create_named_provider.
Add AnyProvider::embed_fn() eliminating duplicate closures.
Move AnyChannel to zeph-channels crate.
Trim default features to minimal set (qdrant, self-learning, vault-age).

Performance: String::with_capacity in context loops, buffer_unordered(20),
embedding timeout wrappers, inline cosine_similarity.

Security: reject empty Telegram allowed_users, Config::validate() with
bounds checking, sanitize_paths() for error message path disclosure.

Resolves #392, #394, #395, #396, #397, #399, #401, #403, #404, #405,
#408, #409, #412, #415, #416
Replace string comparison with ProviderKind::Ollama in config defaults test.
@github-actions github-actions bot added the tests label Feb 17, 2026
Update feature-flags, configuration, channels, architecture, and
security docs to reflect ProviderKind enum, minimal default features,
Telegram auth guard, config validation, and path sanitization.

Add doc tests step to CI workflow.
Update CHANGELOG.md with Unreleased section for M24 changes.
Update README.md with new feature flags and architecture notes.
@github-actions github-actions bot added the documentation Improvements or additions to documentation label Feb 17, 2026
@bug-ops bug-ops enabled auto-merge (squash) February 17, 2026 01:29
@bug-ops bug-ops merged commit 156960a into main Feb 17, 2026
20 checks passed
@bug-ops bug-ops deleted the feat/m24/arch-improvements branch February 17, 2026 01:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment