feat: proxy research boundaries through platform

DeliciousBuding · DeliciousBuding · commit fe9fae9825e5 · 2026-05-25T07:18:09.000+08:00
diff --git a/apps/api-go/README.md b/apps/api-go/README.md
@@ -48,6 +48,7 @@ Snapshot-backed read routes:
 
 Optional live control-plane routes:
 
+- `GET /api/v1/research-boundaries`
 - `GET /api/v1/audit/jobs`
 - `POST /api/v1/audit/jobs`
 - `GET /api/v1/audit/jobs/{job_id}`
@@ -61,4 +62,4 @@ This service is a gateway only:
 - it does not run research jobs directly;
 - it does not shell out to Python during public requests;
 - it serves workspace read models from the configured snapshot bundle;
-- it forwards only audit control-plane calls to Runtime, and only when that upstream is configured.
+- it forwards only audit control-plane calls and read-only research admission boundaries to Runtime, and only when that upstream is configured.
diff --git a/apps/api-go/internal/proxy/server.go b/apps/api-go/internal/proxy/server.go
@@ -47,9 +47,9 @@ type Server struct {
 func NewServer(config Config) *Server {
 	mux := http.NewServeMux()
 	server := &Server{
-		config:    config,
-		mux:       mux,
-		client:    &http.Client{
+		config: config,
+		mux:    mux,
+		client: &http.Client{
 			Timeout: config.timeout(),
 		},
 		cacheDir:  config.PublicDataDir,
@@ -60,6 +60,7 @@ func NewServer(config Config) *Server {
 	mux.HandleFunc("GET /api/v1/catalog", server.handleSnapshotFile("catalog.json"))
 	mux.HandleFunc("GET /api/v1/evidence/attack-defense-table", server.handleSnapshotFile("attack-defense-table.json"))
 	mux.HandleFunc("GET /api/v1/models", server.handleSnapshotFile("models.json"))
+	mux.HandleFunc("GET /api/v1/research-boundaries", server.handleResearchBoundaries)
 	mux.HandleFunc("GET /api/v1/experiments/recon/best", server.handleBestSummaryByContract)
 	mux.HandleFunc("GET /api/v1/experiments/best", server.handleBestSummaryByContract)
 	mux.HandleFunc("GET /api/v1/experiments/{workspace}/summary", server.handleWorkspaceSummary)
@@ -203,6 +204,62 @@ func (s *Server) handleBestSummaryByContract(writer http.ResponseWriter, request
 	writeJSON(writer, http.StatusServiceUnavailable, map[string]any{"detail": "snapshot unavailable: best summary for contract"})
 }
 
+func (s *Server) handleResearchBoundaries(writer http.ResponseWriter, request *http.Request) {
+	if s.config.DemoMode || s.config.RuntimeBaseURL == "" {
+		writeJSON(writer, http.StatusOK, researchBoundariesUnavailablePayload(s.config.DemoMode, s.config.RuntimeBaseURL != ""))
+		return
+	}
+
+	upstreamURL, err := url.JoinPath(s.config.RuntimeBaseURL, request.URL.Path)
+	if err != nil {
+		writeJSON(writer, http.StatusOK, researchBoundariesUnavailablePayload(false, true))
+		return
+	}
+
+	upstreamRequest, err := http.NewRequest(http.MethodGet, upstreamURL, nil)
+	if err != nil {
+		writeJSON(writer, http.StatusOK, researchBoundariesUnavailablePayload(false, true))
+		return
+	}
+
+	response, err := s.doWithRetry(upstreamRequest, maxRetries)
+	if err != nil {
+		writeJSON(writer, http.StatusOK, researchBoundariesUnavailablePayload(false, true))
+		return
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode < http.StatusOK || response.StatusCode >= http.StatusMultipleChoices {
+		writeJSON(writer, http.StatusOK, researchBoundariesUnavailablePayload(false, true))
+		return
+	}
+
+	responseBody, err := io.ReadAll(response.Body)
+	if err != nil || !json.Valid(responseBody) {
+		writeJSON(writer, http.StatusOK, researchBoundariesUnavailablePayload(false, true))
+		return
+	}
+
+	writer.Header().Set("Content-Type", "application/json")
+	writer.WriteHeader(http.StatusOK)
+	_, _ = writer.Write(responseBody)
+}
+
+func researchBoundariesUnavailablePayload(demoMode bool, runtimeConfigured bool) map[string]any {
+	return map[string]any{
+		"status":             "unavailable",
+		"source":             "runtime",
+		"candidate_policy":   "not-exposed-as-live-jobs",
+		"boundaries":         []any{},
+		"demo_mode":          demoMode,
+		"runtime_configured": runtimeConfigured,
+		"source_readiness": map[string]any{
+			"configured": runtimeConfigured,
+			"ready":      false,
+		},
+	}
+}
+
 func (s *Server) handleControlGet(writer http.ResponseWriter, request *http.Request) {
 	if s.config.DemoMode {
 		s.handleDemoControlGet(writer, request)
diff --git a/apps/api-go/internal/proxy/server_test.go b/apps/api-go/internal/proxy/server_test.go
@@ -429,6 +429,104 @@ func TestSnapshotBackedRouteReturns503WhenSnapshotMissing(t *testing.T) {
 	}
 }
 
+func TestResearchBoundariesEndpointProxiesRuntimeBoundaryRegistry(t *testing.T) {
+	upstream := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		if request.URL.Path != "/api/v1/research-boundaries" {
+			t.Fatalf("unexpected path %s", request.URL.Path)
+		}
+		writeJSON(writer, http.StatusOK, map[string]any{
+			"status":           "ok",
+			"source":           "registry",
+			"candidate_policy": "not-exposed-as-live-jobs",
+			"boundaries": []map[string]any{
+				{
+					"key":              "h2-output-cloud-geometry-candidate-no-runtime-job",
+					"admission_status": "watch",
+				},
+			},
+			"source_readiness": map[string]any{"ready": true},
+		})
+	}))
+	defer upstream.Close()
+
+	server := NewServer(Config{RuntimeBaseURL: upstream.URL})
+	request := httptest.NewRequest(http.MethodGet, "/api/v1/research-boundaries", nil)
+	recorder := httptest.NewRecorder()
+
+	server.Handler().ServeHTTP(recorder, request)
+
+	if recorder.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d", recorder.Code)
+	}
+	var payload map[string]any
+	if err := json.Unmarshal(recorder.Body.Bytes(), &payload); err != nil {
+		t.Fatalf("decode failed: %v", err)
+	}
+	if payload["source"] != "registry" {
+		t.Fatalf("expected runtime registry payload, got %v", payload)
+	}
+	if payload["candidate_policy"] != "not-exposed-as-live-jobs" {
+		t.Fatalf("unexpected candidate policy %v", payload["candidate_policy"])
+	}
+	if payload["job_type"] != nil {
+		t.Fatalf("research boundary payload must not expose live job_type: %v", payload)
+	}
+}
+
+func TestResearchBoundariesEndpointReturnsStableUnavailablePayloadWithoutRuntime(t *testing.T) {
+	server := NewServer(Config{})
+	request := httptest.NewRequest(http.MethodGet, "/api/v1/research-boundaries", nil)
+	recorder := httptest.NewRecorder()
+
+	server.Handler().ServeHTTP(recorder, request)
+
+	if recorder.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d", recorder.Code)
+	}
+	var payload map[string]any
+	if err := json.Unmarshal(recorder.Body.Bytes(), &payload); err != nil {
+		t.Fatalf("decode failed: %v", err)
+	}
+	if payload["status"] != "unavailable" {
+		t.Fatalf("expected unavailable status, got %v", payload["status"])
+	}
+	if payload["candidate_policy"] != "not-exposed-as-live-jobs" {
+		t.Fatalf("unexpected candidate policy %v", payload["candidate_policy"])
+	}
+	if payload["runtime_configured"] != false {
+		t.Fatalf("expected runtime_configured=false, got %v", payload["runtime_configured"])
+	}
+}
+
+func TestResearchBoundariesEndpointDoesNotExposeRuntimeErrors(t *testing.T) {
+	server := NewServer(Config{
+		RuntimeBaseURL: "http://192.0.2.10:8765",
+		RuntimeTimeout: 10 * time.Millisecond,
+	})
+	request := httptest.NewRequest(http.MethodGet, "/api/v1/research-boundaries", nil)
+	recorder := httptest.NewRecorder()
+
+	server.Handler().ServeHTTP(recorder, request)
+
+	if recorder.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d", recorder.Code)
+	}
+	raw := recorder.Body.String()
+	if strings.Contains(raw, "192.0.2.10") || strings.Contains(raw, "connection refused") || strings.Contains(raw, "deadline") {
+		t.Fatalf("research boundaries leaked upstream details: %s", raw)
+	}
+	var payload map[string]any
+	if err := json.Unmarshal([]byte(raw), &payload); err != nil {
+		t.Fatalf("decode failed: %v", err)
+	}
+	if payload["status"] != "unavailable" {
+		t.Fatalf("expected unavailable status, got %v", payload["status"])
+	}
+	if payload["runtime_configured"] != true {
+		t.Fatalf("expected runtime_configured=true, got %v", payload["runtime_configured"])
+	}
+}
+
 func TestJobsListEndpointIsProxied(t *testing.T) {
 	upstream := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
 		if request.URL.Path != "/api/v1/audit/jobs" {
diff --git a/apps/web/src/app/api/v1/proxy-routes.test.ts b/apps/web/src/app/api/v1/proxy-routes.test.ts
@@ -70,6 +70,14 @@ describe("platform api proxy routes", () => {
     expect(proxyToBackend).toHaveBeenCalledWith("/api/v1/evidence/attack-defense-table");
   });
 
+  it("proxies research boundary requests to the backend", async () => {
+    const route = await import("./research-boundaries/route");
+
+    await route.GET();
+
+    expect(proxyToBackend).toHaveBeenCalledWith("/api/v1/research-boundaries");
+  });
+
   it("proxies workspace summary requests to the backend", async () => {
     const route = await import("./experiments/[workspace]/summary/route");
 
diff --git a/apps/web/src/app/api/v1/research-boundaries/route.ts b/apps/web/src/app/api/v1/research-boundaries/route.ts
@@ -0,0 +1,5 @@
+import { proxyToBackend } from "@/lib/api-proxy";
+
+export async function GET() {
+  return proxyToBackend("/api/v1/research-boundaries");
+}
