Add webhook verification, markdown memory, skills scanning, metrics — bump to v0.6.0

Brings SDK to feature parity with Symbiont Runtime v1.4.0:
- MarkdownMemoryStore for file-based agent context persistence
- HMAC/JWT webhook signature verification with provider presets
- ClawHavoc skill scanner (10 built-in rules) and skill loader
- Metrics collection/export with file, OTLP stub, and composite backends
- MetricsClient sub-client for runtime metrics API
- 45 new tests (120 total), all passing

Author: jaschadub

CHANGELOG.md

@@ -5,6 +5,58 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.0] - 2026-02-15
+
+### Added
+
+#### Markdown Memory Persistence
+- **MarkdownMemoryStore** — File-based agent context persistence using markdown format
+  - `save_context()` / `load_context()` — Atomic save with daily log files
+  - `delete_context()` / `list_agent_contexts()` — Context lifecycle management
+  - `compact()` — Remove log files older than retention period
+  - `get_storage_stats()` — Storage statistics across all agents
+
+#### Webhook Verification
+- **HmacVerifier** — HMAC-SHA256 webhook signature verification with prefix stripping
+- **JwtVerifier** — JWT-based webhook verification with optional issuer validation
+- **WebhookProvider** — Pre-configured providers (GitHub, Stripe, Slack, Custom) with factory method
+- **SignatureVerifier** ABC for custom verifier implementations
+
+#### Agent Skills (ClawHavoc Scanning + Loading)
+- **SkillScanner** — Security scanning with 10 built-in ClawHavoc rules and custom rule support
+  - Detects pipe-to-shell, wget-pipe-to-shell, env file references, SOUL.md/memory.md tampering, eval+fetch, base64-decode-exec, rm-rf, chmod-777
+- **SkillLoader** — Skill discovery and loading from configured paths
+  - YAML frontmatter parsing for skill metadata
+  - Optional SchemaPin signature verification (soft dependency)
+  - Configurable scan-on-load behavior
+
+#### Metrics Collection & Export
+- **MetricsClient** — Sub-client for runtime metrics API (`GET /metrics/snapshot`, etc.)
+- **FileMetricsExporter** — Atomic JSON file export with compact mode
+- **OtlpExporter** — OTLP export stub (requires `opentelemetry-api`)
+- **CompositeExporter** — Fan-out to multiple export backends
+- **MetricsCollector** — Background thread for periodic metrics export
+- **MetricsSnapshot** — Serializable snapshot with scheduler, task manager, load balancer, and system metrics
+
+#### New Exceptions
+- `WebhookVerificationError`, `SkillLoadError`, `SkillScanError`, `MetricsExportError`, `MetricsConfigError`
+
+#### New Pydantic Models
+- Webhook: `WebhookProviderType`, `WebhookVerificationConfig`
+- Skills: `SignatureStatusType`, `ScanSeverityType`, `ScanFindingModel`, `ScanResultModel`, `SkillMetadataModel`, `LoadedSkillModel`, `SkillsConfig`
+- Metrics: `OtlpProtocol`, `OtlpConfig`, `FileMetricsConfig`, `MetricsConfig`, `SchedulerMetricsSnapshot`, `TaskManagerMetricsSnapshot`, `LoadBalancerMetricsSnapshot`, `SystemResourceMetricsSnapshot`, `MetricsSnapshot`
+
+#### Optional Dependencies
+- `skills` extra: `schemapin>=0.2.0`
+- `metrics` extra: `opentelemetry-api`, `opentelemetry-sdk`, `opentelemetry-exporter-otlp`
+
+### Changed
+- Aligned with Symbiont Runtime v1.4.0
+- `Client.metrics_client` property — Lazy-loaded `MetricsClient` sub-client
+- All new types exported from `symbiont` package
+
+---
+
 ## [0.5.0] - 2026-02-11
 
 ### Added

pyproject.toml

@@ -48,6 +48,14 @@ dev = [
     "ruff>=0.1.0",
     "bandit>=1.7.0",
 ]
+skills = [
+    "schemapin>=0.2.0",
+]
+metrics = [
+    "opentelemetry-api>=1.20.0",
+    "opentelemetry-sdk>=1.20.0",
+    "opentelemetry-exporter-otlp>=1.20.0",
+]
 
 [project.urls]
 Homepage = "https://github.com/thirdkeyai/symbiont-sdk-python"

symbiont/__init__.py

@@ -7,9 +7,22 @@
 from .exceptions import (
     APIError,
     AuthenticationError,
+    MetricsConfigError,
+    MetricsExportError,
     NotFoundError,
     RateLimitError,
+    SkillLoadError,
+    SkillScanError,
     SymbiontError,
+    WebhookVerificationError,
+)
+from .markdown_memory import AgentMemoryContext, MarkdownMemoryStore, StorageStats
+from .metrics import (
+    CompositeExporter,
+    FileMetricsExporter,
+    MetricsClient,
+    MetricsCollector,
+    MetricsSnapshot,
 )
 from .models import (
     # Core Agent Models
@@ -97,11 +110,23 @@
     ScheduleSummary,
     UpdateScheduleRequest,
 )
+from .skills import (
+    LoadedSkill,
+    ScanFinding,
+    ScanResult,
+    ScanSeverity,
+    SignatureStatus,
+    SkillLoader,
+    SkillLoaderConfig,
+    SkillMetadata,
+    SkillScanner,
+)
+from .webhooks import HmacVerifier, JwtVerifier, SignatureVerifier, WebhookProvider
 
 # Load environment variables from .env file
 load_dotenv()
 
-__version__ = "0.5.0"
+__version__ = "0.6.0"
 
 __all__ = [
     # Client
@@ -155,10 +180,29 @@
     'ScheduleActionResponse', 'DeleteScheduleResponse',
     'SchedulerHealthResponse',
 
+    # Webhook Verification
+    'WebhookProvider', 'HmacVerifier', 'JwtVerifier', 'SignatureVerifier',
+
+    # Markdown Memory
+    'MarkdownMemoryStore', 'AgentMemoryContext', 'StorageStats',
+
+    # Skills
+    'SkillLoader', 'SkillScanner', 'LoadedSkill', 'ScanResult', 'ScanFinding',
+    'ScanSeverity', 'SignatureStatus', 'SkillLoaderConfig', 'SkillMetadata',
+
+    # Metrics
+    'MetricsClient', 'MetricsCollector', 'MetricsSnapshot',
+    'FileMetricsExporter', 'CompositeExporter',
+
     # Exceptions
     'SymbiontError',
     'APIError',
     'AuthenticationError',
     'NotFoundError',
     'RateLimitError',
+    'WebhookVerificationError',
+    'SkillLoadError',
+    'SkillScanError',
+    'MetricsExportError',
+    'MetricsConfigError',
 ]

symbiont/client.py

@@ -153,6 +153,7 @@ def __init__(self,
         self._schedules: Optional[ScheduleClient] = None
         self._channels: Optional[ChannelClient] = None
         self._agentpin: Optional[Any] = None
+        self._metrics_client: Optional[Any] = None
 
     @property
     def schedules(self) -> ScheduleClient:
@@ -176,6 +177,14 @@ def agentpin(self):
             self._agentpin = AgentPinClient(self)
         return self._agentpin
 
+    @property
+    def metrics_client(self):
+        """Lazy-loaded metrics client for runtime metrics queries."""
+        if self._metrics_client is None:
+            from .metrics import MetricsClient
+            self._metrics_client = MetricsClient(self)
+        return self._metrics_client
+
     def _request(self, method: str, endpoint: str, **kwargs):
         """Make an HTTP request to the API.
 

symbiont/exceptions.py

@@ -283,3 +283,77 @@ def __init__(self, message: str = "Endpoint rate limit exceeded", endpoint_id: s
         """
         super().__init__(message, 429)
         self.endpoint_id = endpoint_id
+
+
+# =============================================================================
+# Phase 5 Webhook, Skill & Metrics Exception Classes
+# =============================================================================
+
+class WebhookVerificationError(SymbiontError):
+    """Raised when webhook signature verification fails."""
+
+    def __init__(self, message: str = "Webhook verification failed", header_name: str = None):
+        """Initialize the WebhookVerificationError.
+
+        Args:
+            message: Error message describing the verification failure.
+            header_name: Optional header name that failed verification.
+        """
+        super().__init__(message)
+        self.header_name = header_name
+
+
+class SkillLoadError(SymbiontError):
+    """Raised when a skill fails to load."""
+
+    def __init__(self, message: str = "Skill load error", skill_path: str = None):
+        """Initialize the SkillLoadError.
+
+        Args:
+            message: Error message describing the load failure.
+            skill_path: Optional path to the skill that failed to load.
+        """
+        super().__init__(message)
+        self.skill_path = skill_path
+
+
+class SkillScanError(SymbiontError):
+    """Raised when skill scanning encounters an error."""
+
+    def __init__(self, message: str = "Skill scan error", findings_count: int = None):
+        """Initialize the SkillScanError.
+
+        Args:
+            message: Error message describing the scan error.
+            findings_count: Optional number of findings detected.
+        """
+        super().__init__(message)
+        self.findings_count = findings_count
+
+
+class MetricsExportError(SymbiontError):
+    """Raised when metrics export operations fail."""
+
+    def __init__(self, message: str = "Metrics export failed", backend: str = None):
+        """Initialize the MetricsExportError.
+
+        Args:
+            message: Error message describing the export failure.
+            backend: Optional backend name that failed.
+        """
+        super().__init__(message)
+        self.backend = backend
+
+
+class MetricsConfigError(SymbiontError):
+    """Raised when metrics configuration is invalid."""
+
+    def __init__(self, message: str = "Metrics configuration error", config_field: str = None):
+        """Initialize the MetricsConfigError.
+
+        Args:
+            message: Error message describing the configuration issue.
+            config_field: Optional configuration field that is invalid.
+        """
+        super().__init__(message)
+        self.config_field = config_field