fix: enforce agent run API permissions

tests/unit_tests/agent/test_resource_builder.py

@@ -18,6 +18,7 @@ def make_descriptor(
     *,
     permissions: dict | None = None,
     config_schema: list[dict] | None = None,
+    capabilities: dict | None = None,
 ) -> AgentRunnerDescriptor:
     return AgentRunnerDescriptor(
         id=RUNNER_ID,
@@ -26,6 +27,7 @@ def make_descriptor(
         plugin_author='test',
         plugin_name='runner',
         runner_name='default',
+        capabilities=capabilities or {},
         permissions=permissions or {'models': ['invoke', 'stream']},
         config_schema=config_schema or [],
     )
@@ -99,6 +101,7 @@ async def test_build_models_authorizes_config_declared_llm_and_rerank_models(app
     app.model_mgr.get_model_by_uuid = AsyncMock(side_effect=get_model_by_uuid)
     app.model_mgr.get_rerank_model_by_uuid = AsyncMock(side_effect=get_rerank_model_by_uuid)
     descriptor = make_descriptor(
+        permissions={'models': ['invoke', 'stream', 'rerank']},
         config_schema=[
             {'name': 'model', 'type': 'model-fallback-selector'},
             {'name': 'aux-model', 'type': 'llm-model-selector'},
@@ -145,6 +148,33 @@ async def test_build_models_still_honors_manifest_permissions(app):
     app.model_mgr.get_rerank_model_by_uuid.assert_not_awaited()
 
 
+@pytest.mark.asyncio
+async def test_build_models_authorizes_rerank_only_runner(app):
+    """A rerank-only runner should receive config-selected rerank models."""
+    app.model_mgr.get_model_by_uuid = AsyncMock(return_value=make_model())
+    app.model_mgr.get_rerank_model_by_uuid = AsyncMock(
+        return_value=make_model(model_type='rerank', provider='rerank-provider')
+    )
+    descriptor = make_descriptor(
+        permissions={'models': ['rerank']},
+        config_schema=[
+            {'name': 'model', 'type': 'llm-model-selector'},
+            {'name': 'rerank-model', 'type': 'rerank-model-selector'},
+        ],
+    )
+    query = make_query({
+        'model': 'llm',
+        'rerank-model': 'rerank',
+    })
+
+    resources = await build_resources(app, query, descriptor)
+
+    assert resources['models'] == [
+        {'model_id': 'rerank', 'model_type': 'rerank', 'provider': 'rerank-provider'},
+    ]
+    app.model_mgr.get_model_by_uuid.assert_not_awaited()
+
+
 @pytest.mark.asyncio
 async def test_build_models_deduplicates_query_and_config_models(app):
     """A model selected by both preproc and runner config should appear once."""
@@ -197,3 +227,37 @@ async def test_build_tools_authorizes_query_declared_tools(app):
             'description': None,
         },
     ]
+
+
+@pytest.mark.asyncio
+async def test_build_knowledge_bases_unions_config_and_policy_grants(app):
+    descriptor = make_descriptor(
+        capabilities={'knowledge_retrieval': True},
+        permissions={
+            'models': [],
+            'knowledge_bases': ['retrieve'],
+        },
+        config_schema=[
+            {'name': 'knowledge-bases', 'type': 'knowledge-base-multi-selector'},
+        ],
+    )
+    query = make_query(
+        {'knowledge-bases': ['kb_config']},
+        variables={'_knowledge_base_uuids': ['kb_policy']},
+    )
+
+    async def get_kb(kb_uuid):
+        return SimpleNamespace(
+            uuid=kb_uuid,
+            get_name=lambda: f'name-{kb_uuid}',
+            knowledge_base_entity=SimpleNamespace(kb_type='default'),
+        )
+
+    app.rag_mgr.get_knowledge_base_by_uuid = AsyncMock(side_effect=get_kb)
+
+    resources = await build_resources(app, query, descriptor)
+
+    assert resources['knowledge_bases'] == [
+        {'kb_id': 'kb_config', 'kb_name': 'name-kb_config', 'kb_type': 'default'},
+        {'kb_id': 'kb_policy', 'kb_name': 'name-kb_policy', 'kb_type': 'default'},
+    ]