Skip to content

fix(mcp): wire EmbeddingAnomalyGuard into McpManager#2336

Merged
bug-ops merged 2 commits intomainfrom
2331-wire-embedding-anomaly-guard
Mar 28, 2026
Merged

fix(mcp): wire EmbeddingAnomalyGuard into McpManager#2336
bug-ops merged 2 commits intomainfrom
2331-wire-embedding-anomaly-guard

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 28, 2026

Summary

  • Adds with_embedding_guard() builder to McpManager (same pattern as with_prober()/with_trust_store())
  • Hooks call_tool() to call guard.check_async() fire-and-forget after every successful MCP tool call
  • Wires the guard in build_tool_setup() when security.content_isolation.embedding_guard.enabled = true
  • Spawns a background drain task logging Anomalous and regex-injection RegexFallback events at warn! level
  • Fixes AnyProvider::embed_fn() return type with + use<> to prevent Edition 2024 lifetime overcapture

Closes #2331

Test plan

  • cargo build --workspace --features full — clean
  • cargo +nightly fmt --check — clean
  • cargo clippy --all-features --workspace -- -D warnings (changed crates) — clean
  • cargo nextest run --workspace --all-features --lib --bins — 6927/6927 passed

@github-actions github-actions bot added bug Something isn't working size/M Medium PR (51-200 lines) documentation Improvements or additions to documentation llm zeph-llm crate (Ollama, Claude) rust Rust code changes and removed bug Something isn't working labels Mar 28, 2026
@bug-ops bug-ops enabled auto-merge (squash) March 28, 2026 09:42
@bug-ops bug-ops force-pushed the 2331-wire-embedding-anomaly-guard branch from 4d08f18 to 44da55c Compare March 28, 2026 09:42
@github-actions github-actions bot added the bug Something isn't working label Mar 28, 2026
bug-ops added 2 commits March 28, 2026 10:52
@bug-ops
fix(mcp): wire EmbeddingAnomalyGuard into McpManager (#2331)
990135b 
Add with_embedding_guard() builder to McpManager following the same
pattern as with_prober()/with_trust_store(). Hook call_tool() to call
guard.check_async() fire-and-forget after every successful tool call.

Wire the guard in build_tool_setup() when
security.content_isolation.embedding_guard.enabled = true. Spawn a
background drain task that logs Anomalous and injection-detected
RegexFallback events at warn level.

Annotate AnyProvider::embed_fn() return type with + use<> to prevent
lifetime overcapture under Edition 2024.

Closes #2331
@bug-ops
fix(mcp): allow too_many_arguments on build_tool_setup after rebase a…
c3cce75 
…dds pool param
@bug-ops bug-ops force-pushed the 2331-wire-embedding-anomaly-guard branch from a347be4 to c3cce75 Compare March 28, 2026 09:52
@bug-ops bug-ops merged commit 95f4be7 into main Mar 28, 2026
25 checks passed
@bug-ops bug-ops deleted the 2331-wire-embedding-anomaly-guard branch March 28, 2026 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working documentation Improvements or additions to documentation llm zeph-llm crate (Ollama, Claude) rust Rust code changes size/M Medium PR (51-200 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(mcp): wire EmbeddingAnomalyGuard into McpManager/McpToolExecutor

1 participant

@bug-ops