Scope memories by API token and add shared-token e2e coverage

src/tools/purge.rs

@@ -1,4 +1,4 @@
-//! Purge Tool - Delete memories by agent_id or time range
+//! Purge Tool - Delete memories visible to the current token with optional filters
 
 use anyhow::{bail, Context, Result};
 use chrono::DateTime;
@@ -6,15 +6,21 @@ use serde_json::Value;
 use std::sync::Arc;
 use tracing::{info, warn};
 
+use crate::auth::PUBLIC_AUTH_SCOPE;
+use crate::tools::INTERNAL_AUTH_SCOPE_ARG;
 use crate::AppState;
 
 /// Execute the purge tool
 pub async fn execute(state: &Arc<AppState>, arguments: Value) -> Result<String> {
     // Extract parameters
-    let agent_id = arguments
-        .get("agent_id")
+    let source_agent_id = arguments
+        .get("source_agent_id")
         .and_then(|v| v.as_str())
-        .context("Missing required parameter: agent_id")?;
+        .or_else(|| arguments.get("agent_id").and_then(|v| v.as_str()));
+    let auth_scope = arguments
+        .get(INTERNAL_AUTH_SCOPE_ARG)
+        .and_then(|v| v.as_str())
+        .unwrap_or(PUBLIC_AUTH_SCOPE);
 
     let confirm = arguments
         .get("confirm")
@@ -36,15 +42,18 @@ pub async fn execute(state: &Arc<AppState>, arguments: Value) -> Result<String>
     // Get current count before purge
     let count_before = state
         .db
-        .count_memories(agent_id)
+        .count_memories(auth_scope, source_agent_id)
         .await
         .context("Failed to count memories")?;
 
     if count_before == 0 {
-        info!("No memories found for agent '{}'", agent_id);
+        info!(
+            "No memories found to purge for auth scope '{}' with source_agent_id={:?}",
+            auth_scope, source_agent_id
+        );
         return Ok(serde_json::json!({
             "success": true,
-            "agent_id": agent_id,
+            "source_agent_id_filter": source_agent_id,
             "deleted": 0,
             "message": "No memories found to purge"
         })
@@ -52,25 +61,25 @@ pub async fn execute(state: &Arc<AppState>, arguments: Value) -> Result<String>
     }
 
     warn!(
-        "Purging memories for agent '{}' (before={:?})",
-        agent_id, before
+        "Purging memories for auth scope '{}' with source_agent_id={:?} (before={:?})",
+        auth_scope, source_agent_id, before
     );
 
     // Execute purge
     let deleted = state
         .db
-        .purge_memories(agent_id, before)
+        .purge_memories(auth_scope, source_agent_id, before)
         .await
         .context("Failed to purge memories")?;
 
     info!(
-        "Purged {} memories for agent '{}'",
-        deleted, agent_id
+        "Purged {} memories for auth scope '{}' with source_agent_id={:?}",
+        deleted, auth_scope, source_agent_id
     );
 
     Ok(serde_json::json!({
         "success": true,
-        "agent_id": agent_id,
+        "source_agent_id_filter": source_agent_id,
         "deleted": deleted,
         "had_before_filter": before.is_some(),
         "message": format!("Successfully purged {} memories", deleted)