feat(workflows-mcp): add validate_knowledge tool for USER_VALIDATED authority promotion

ibacalu · ibacalu · commit 7a49dd286ddf · 2026-03-21T17:04:10.000+01:00
Adds a dedicated in-place authority update path so existing propositions
can be promoted to USER_VALIDATED (archive-immune) without losing their
original UUID, created_by, created_at, or category associations.

- KnowledgeExecutor: add "validate" op, _op_validate method, validated_count output field
- tools_knowledge.py: register validate_knowledge MCP tool
- tests: TestValidateOperation + TestUserValidatedImmunity (immunity SQL regression guards)
diff --git a/src/workflows_mcp/engine/executors_knowledge.py b/src/workflows_mcp/engine/executors_knowledge.py
@@ -117,7 +117,7 @@ class KnowledgeInput(BlockInput):
         ```
     """
 
-    op: Literal["search", "store", "recall", "forget", "context"] = Field(
+    op: Literal["search", "store", "recall", "forget", "context", "validate"] = Field(
         description="Operation to perform",
     )
 
@@ -276,6 +276,8 @@ def validate_op_fields(self) -> KnowledgeInput:
                 "'proposition_ids', 'where', 'source', 'created_before', or 'created_after' "
                 "is required for op='forget'"
             )
+        if self.op == "validate" and not self.proposition_ids:
+            raise ValueError("'proposition_ids' is required for op='validate'")
         if self.path is not None and not self.source:
             raise ValueError("'source' is required when 'path' is provided")
         return self
@@ -288,6 +290,7 @@ class KnowledgeOutput(BlockOutput):
     - search/recall: rows, columns, row_count
     - store: proposition_ids, stored_count
     - forget: archived_count, skipped_count
+    - validate: validated_count
     - context: context_text, proposition_count, tokens_used
     """
 
@@ -316,6 +319,9 @@ class KnowledgeOutput(BlockOutput):
     archived_count: int = Field(default=0, description="Number archived")
     skipped_count: int = Field(default=0, description="Number skipped (immune)")
 
+    # Validate output
+    validated_count: int = Field(default=0, description="Number promoted to USER_VALIDATED")
+
     # Context output
     context_text: str = Field(default="", description="Clean content assembled text")
     proposition_count: int = Field(default=0, description="Propositions included in context")
@@ -394,6 +400,7 @@ async def execute(  # type: ignore[override]
                 "store": self._op_store,
                 "recall": self._op_recall,
                 "forget": self._op_forget,
+                "validate": self._op_validate,
                 "context": self._op_context,
             }
             handler = op_handlers[inputs.op]
@@ -1077,6 +1084,59 @@ async def _op_forget(
             skipped_count=skipped,
         )
 
+    async def _op_validate(
+        self,
+        inputs: KnowledgeInput,
+        context: Execution,
+        backend: Any,
+    ) -> KnowledgeOutput:
+        """Promote propositions to USER_VALIDATED authority (in-place update).
+
+        Unlike forget+store, this preserves the original UUID, created_by,
+        created_at, and category associations — making it the correct path for
+        authority promotion (metadata change) rather than belief replacement.
+
+        SECURITY: Records validated_by and logs to audit table.
+        """
+        ids: list[str] = []
+        if isinstance(inputs.proposition_ids, str):
+            ids = [s.strip() for s in inputs.proposition_ids.split(",") if s.strip()]
+        elif isinstance(inputs.proposition_ids, list):
+            ids = inputs.proposition_ids
+
+        if not ids:
+            return KnowledgeOutput(success=True, validated_count=0)
+
+        validated_by = _get_audit_user_id(context)
+        auth_method = _get_auth_method(context)
+        user_string = _get_user_string_id(context)
+
+        placeholders = ", ".join(f"${i + 1}::uuid" for i in range(len(ids)))
+        update_sql = f"""
+            UPDATE knowledge_propositions
+            SET authority = '{Authority.USER_VALIDATED}'
+            WHERE id IN ({placeholders})
+              AND lifecycle_state != '{LifecycleState.ARCHIVED}'
+            RETURNING id
+        """
+        result = await backend.query(update_sql, tuple(ids))
+        validated = len(result.rows) if result and result.rows else 0
+
+        if validated > 0:
+            validated_ids = [row["id"] for row in result.rows]
+            for prop_id in validated_ids:
+                await self._log_audit_entry(
+                    backend=backend,
+                    proposition_id=prop_id,
+                    action="VALIDATED",
+                    performed_by=validated_by,
+                    auth_method=auth_method,
+                    user_string=user_string,
+                    metadata={"previous_authority": "unknown", "method": "explicit_ids"},
+                )
+
+        return KnowledgeOutput(success=True, validated_count=validated)
+
     async def _op_context(
         self,
         inputs: KnowledgeInput,
diff --git a/src/workflows_mcp/tools_knowledge.py b/src/workflows_mcp/tools_knowledge.py
@@ -570,6 +570,57 @@ async def forget_knowledge(
             }
         )
 
+    @mcp_server.tool(
+        annotations=ToolAnnotations(
+            title="Validate Knowledge",
+            readOnlyHint=False,
+            destructiveHint=False,
+            idempotentHint=True,
+            openWorldHint=True,
+        )
+    )
+    async def validate_knowledge(
+        proposition_ids: Annotated[
+            list[str],
+            Field(description="UUIDs of propositions to promote to USER_VALIDATED authority"),
+        ],
+        *,
+        ctx: AppContextType,
+    ) -> CallToolResult:
+        """
+        Promote propositions to USER_VALIDATED authority, granting archive immunity.
+
+        WHEN TO USE: After a human has reviewed and confirmed a fact as permanently
+        trustworthy. USER_VALIDATED propositions are immune to forget_knowledge — they
+        cannot be archived by automated cleanup or bulk operations.
+
+        This is an in-place authority update, NOT a forget+store cycle. The original
+        proposition UUID, created_by, created_at, and category associations are all
+        preserved. Only the authority field is changed.
+
+        PARAMETERS:
+        - proposition_ids: List of proposition UUIDs to validate
+
+        RETURNS: {validated_count: N}
+
+        SEE ALSO: recall_knowledge (find propositions to validate), forget_knowledge (skips
+        USER_VALIDATED propositions automatically)
+        """
+        from .engine.executors_knowledge import KnowledgeExecutor, KnowledgeInput
+
+        execution = _create_knowledge_execution(ctx)
+        executor = KnowledgeExecutor()
+        inputs = KnowledgeInput(
+            op="validate",
+            proposition_ids=proposition_ids,
+        )
+        result = await executor.execute(inputs, context=execution)
+
+        if not result.success:
+            return _json_response({"status": "failure", "error": result.error})
+
+        return _json_response({"validated_count": result.validated_count})
+
     @mcp_server.tool(
         annotations=ToolAnnotations(
             title="Knowledge Context",
diff --git a/tests/test_knowledge_executor.py b/tests/test_knowledge_executor.py
@@ -906,6 +906,23 @@ def test_forget_with_where_has_date_filters(self) -> None:
         assert inp.where is not None
         assert inp.created_before == "2025-01-01"
 
+    def test_forget_sql_contains_user_validated_immunity(self) -> None:
+        """Both forget UPDATE paths must exclude USER_VALIDATED propositions.
+
+        Regression guard: if the immunity clause is removed, archived_count and
+        skipped_count would be wrong and human-validated facts could be wiped.
+        The SQL uses f-string interpolation of Authority.USER_VALIDATED, so we
+        check for the enum reference rather than the evaluated string value.
+        """
+        import inspect
+
+        from workflows_mcp.engine.executors_knowledge import KnowledgeExecutor
+
+        source = inspect.getsource(KnowledgeExecutor._op_forget)
+        assert source.count("Authority.USER_VALIDATED") == 2, (
+            "_op_forget must exclude USER_VALIDATED in BOTH update paths (by-ID and by-filter)"
+        )
+
     def test_forget_update_sql_does_not_contain_updated_at(self) -> None:
         """The forget UPDATE statements must NOT reference updated_at.
 
@@ -1575,3 +1592,207 @@ def patch_embedding() -> Any:
         "workflows_mcp.engine.executors_knowledge.compute_embedding",
         new=AsyncMock(return_value=(fake_embedding, "text-embedding-3-small", 3, None)),
     )
+
+
+# ============================================================================
+# Validate Operation Tests
+# ============================================================================
+
+
+class TestValidateOperation:
+    """Tests for validate op validation and output model."""
+
+    def test_validate_requires_proposition_ids(self) -> None:
+        """validate without proposition_ids should raise ValidationError."""
+        with pytest.raises(ValidationError, match="proposition_ids"):
+            KnowledgeInput(op="validate")
+
+    def test_validate_with_ids_passes(self) -> None:
+        """validate with proposition_ids passes validation."""
+        inp = KnowledgeInput(op="validate", proposition_ids=["uuid-1", "uuid-2"])
+        assert inp.op == "validate"
+        assert inp.proposition_ids == ["uuid-1", "uuid-2"]
+
+    def test_validate_output_model(self) -> None:
+        """Validate output populates validated_count."""
+        out = KnowledgeOutput(success=True, validated_count=2)
+        assert out.validated_count == 2
+        assert out.success is True
+
+    def test_validate_output_default_zero(self) -> None:
+        """validated_count defaults to zero."""
+        out = KnowledgeOutput(success=True)
+        assert out.validated_count == 0
+
+    def test_validate_sql_targets_user_validated_authority(self) -> None:
+        """_op_validate SQL must SET authority to USER_VALIDATED, not archive.
+
+        SQL uses f-string interpolation of Authority.USER_VALIDATED; check for
+        the enum reference rather than the evaluated string value.
+        """
+        import inspect
+
+        from workflows_mcp.engine.executors_knowledge import KnowledgeExecutor
+
+        source = inspect.getsource(KnowledgeExecutor._op_validate)
+        assert "Authority.USER_VALIDATED" in source
+        assert "lifecycle_state = " not in source, "_op_validate must not modify lifecycle_state"
+
+    def test_validate_sql_skips_archived_propositions(self) -> None:
+        """_op_validate must not promote ARCHIVED propositions."""
+        import inspect
+
+        from workflows_mcp.engine.executors_knowledge import KnowledgeExecutor
+
+        source = inspect.getsource(KnowledgeExecutor._op_validate)
+        assert "lifecycle_state != " in source or "lifecycle_state !=" in source
+
+    @pytest.mark.asyncio
+    async def test_validate_updates_authority_and_logs_audit(self) -> None:
+        """_op_validate updates authority and logs a VALIDATED audit entry."""
+        executor = KnowledgeExecutor()
+        prop_id = "aaaaaaaa-1111-2222-3333-444444444444"
+
+        update_result = MagicMock()
+        update_result.rows = [{"id": prop_id}]
+
+        backend = MagicMock()
+        backend.query = AsyncMock(return_value=update_result)
+        backend.execute = AsyncMock()  # audit INSERT
+
+        inputs = KnowledgeInput(op="validate", proposition_ids=[prop_id])
+        result = await executor._op_validate(inputs, _make_execution_context(), backend)
+
+        assert result.success is True
+        assert result.validated_count == 1
+
+        # Verify the UPDATE SQL targeted USER_VALIDATED
+        update_call = backend.query.call_args
+        update_sql = update_call[0][0]
+        assert "USER_VALIDATED" in update_sql
+        assert prop_id in update_call[0][1]
+
+        # Verify audit entry was written with action=VALIDATED
+        audit_call = backend.execute.call_args
+        audit_sql = audit_call[0][0]
+        assert "knowledge_proposition_audits" in audit_sql
+        audit_params = audit_call[0][1]
+        assert "VALIDATED" in audit_params
+
+    def test_validate_empty_list_rejected_by_validation(self) -> None:
+        """Empty proposition_ids list is rejected at validation time (not silently ignored)."""
+        with pytest.raises(ValidationError, match="proposition_ids"):
+            KnowledgeInput(op="validate", proposition_ids=[])
+
+
+# ============================================================================
+# USER_VALIDATED Immunity Behavioural Tests
+# ============================================================================
+
+
+class TestUserValidatedImmunity:
+    """Behavioural tests for USER_VALIDATED archive immunity in _op_forget.
+
+    These tests verify that the immunity SQL clause is correctly applied so that
+    skipped_count reflects propositions not archived due to USER_VALIDATED authority.
+    """
+
+    @pytest.mark.asyncio
+    async def test_forget_by_id_skips_user_validated(self) -> None:
+        """When 2 IDs are targeted but 1 is USER_VALIDATED, skipped_count=1."""
+        executor = KnowledgeExecutor()
+        prop_id_normal = "aaaaaaaa-1111-2222-3333-444444444444"
+        prop_id_immune = "bbbbbbbb-5555-6666-7777-888888888888"
+
+        # Simulate DB: only normal proposition is returned (immune one is skipped by SQL)
+        update_result = MagicMock()
+        update_result.rows = [{"id": prop_id_normal}]
+
+        backend = MagicMock()
+        backend.query = AsyncMock(return_value=update_result)
+        backend.execute = AsyncMock()  # audit INSERT
+
+        inputs = KnowledgeInput(
+            op="forget",
+            proposition_ids=[prop_id_normal, prop_id_immune],
+        )
+        result = await executor._op_forget(inputs, _make_execution_context(), backend)
+
+        assert result.success is True
+        assert result.archived_count == 1
+        assert result.skipped_count == 1  # immune proposition not returned by UPDATE ... RETURNING
+
+    @pytest.mark.asyncio
+    async def test_forget_by_id_all_immune_gives_zero_archived(self) -> None:
+        """When all targeted propositions are USER_VALIDATED, archived_count=0."""
+        executor = KnowledgeExecutor()
+
+        update_result = MagicMock()
+        update_result.rows = []  # DB skips all (all USER_VALIDATED)
+
+        backend = MagicMock()
+        backend.query = AsyncMock(return_value=update_result)
+        backend.execute = AsyncMock()
+
+        inputs = KnowledgeInput(
+            op="forget",
+            proposition_ids=["immune-1", "immune-2"],
+        )
+        result = await executor._op_forget(inputs, _make_execution_context(), backend)
+
+        assert result.success is True
+        assert result.archived_count == 0
+        assert result.skipped_count == 2
+
+    @pytest.mark.asyncio
+    async def test_forget_by_filter_skipped_count_reflects_immunity(self) -> None:
+        """Filter path: total=3, archived=2 → skipped_count=1 (one USER_VALIDATED)."""
+        executor = KnowledgeExecutor()
+
+        # COUNT(*) query returns 3 total
+        count_result = MagicMock()
+        count_result.rows = [{"total": 3}]
+
+        # UPDATE ... RETURNING only gives back 2 (one immune)
+        update_result = MagicMock()
+        update_result.rows = [{"id": "id-1"}, {"id": "id-2"}]
+
+        backend = MagicMock()
+        # First query: _build_where_clause category resolution (if any)
+        # For source-only filter: first call is COUNT, second is UPDATE
+        backend.query = AsyncMock(side_effect=[count_result, update_result])
+        backend.execute = AsyncMock()
+
+        inputs = KnowledgeInput(op="forget", source="old-session")
+        result = await executor._op_forget(inputs, _make_execution_context(), backend)
+
+        assert result.success is True
+        assert result.archived_count == 2
+        assert result.skipped_count == 1
+
+    @pytest.mark.asyncio
+    async def test_forget_by_filter_audit_logged_for_each_archived(self) -> None:
+        """Audit entries are written for each archived proposition, not for skipped ones."""
+        executor = KnowledgeExecutor()
+
+        count_result = MagicMock()
+        count_result.rows = [{"total": 2}]
+
+        archived_ids = ["id-arch-1", "id-arch-2"]
+        update_result = MagicMock()
+        update_result.rows = [{"id": i} for i in archived_ids]
+
+        backend = MagicMock()
+        backend.query = AsyncMock(side_effect=[count_result, update_result])
+        backend.execute = AsyncMock()
+
+        inputs = KnowledgeInput(op="forget", source="cleanup-session")
+        await executor._op_forget(inputs, _make_execution_context(), backend)
+
+        # One audit INSERT per archived proposition
+        audit_calls = [
+            c for c in backend.execute.call_args_list if "knowledge_proposition_audits" in c[0][0]
+        ]
+        assert len(audit_calls) == 2
+        audit_actions = [c[0][1][1] for c in audit_calls]  # action is second param
+        assert all(a == "ARCHIVED" for a in audit_actions)
