feat: workspace-wide Knowledge with agent tools and WebUI

[m-mizutani]

Summary

Adds a workspace-wide shared Knowledge feature: organization-specific information that does not exist in the LLM's general knowledge (operating rules, internal proper nouns, past judgements, threat intel, …), captured so it can be reused on future case processing. Both humans (WebUI) and AI agents read and write it.

A Knowledge entry is intentionally minimal: title + a single Markdown claim body + one-or-more free-form tags (no custom fields, not tied to a case). Retrieval is by embedding-based semantic search (in-memory cosine, with substring fallback) and by tag AND filter.

What's included

Backend (Go)

• Domain model model.Knowledge (Claim string Markdown, Tags []string, Embedding []float64) with Validate (title + ≥1 tag required, claim ≤ 8000 runes) and NormalizeTags.
• KnowledgeRepository interface + memory and Firestore implementations. Firestore uses the subcollection workspaces/{ws}/knowledges; tag filtering and ordering are done in memory, so no new Firestore index is required.
• KnowledgeUseCase: Create / Get / List / Search / Update / Delete / ListTags. Embedding generation is fail-open (works without an embed client; search falls back to substring). Reuses the existing embedding client (--embedding-* flags) — no new flags/env vars.
• GraphQL schema + resolvers (knowledges, knowledge, knowledgeTags, searchKnowledge; createKnowledge / updateKnowledge / deleteKnowledge).
• Agent tools knowledge__* (search/get/list_tags read; create/update write). Read is always available; write is withheld while processing a PRIVATE case so a private case's contents cannot leak into the workspace-shared base. Wired into casebound, threadcase/planexec (read), and Job execution.
• Removed dead graphql.Knowledge / Case.Knowledges remnants of a previously demolished feature.

Frontend (React/TS)

• Sidebar entry, list page (cards, tag filter, semantic search box), and detail/edit page (Markdown edit ↔ preview with character counter). New TagInput component (IME-guarded). All strings via i18n (en/ja), design-token CSS only.

Docs

• docs/concepts.md, docs/user_guide.md (Knowledge section + agent tool table), docs/eval.md (notes that in-process tools are not in the eval catalog).

Repository test performance (timeout fix)

The pkg/repository suite runs against real Firestore and was already near the go test 10-minute default (~880s before this change). To keep it green:

• Added t.Parallel() to the top-level repository tests (TestFirestoreSlackUserRepository left serial because it uses collection-wide DeleteAll/GetAll). This brought pkg/repository from 892s → ~300s, under the 600s default.
• Added a task test target (go test ./... -timeout 30m) for extra headroom; run as zenv task test.

Testing

• zenv go test ./... — all pass (real Firestore; pkg/repository ~300s).
• Memory repository tests pass with -race.
• Firestore round-trip tests cover all fields incl. claim / tags / embedding.
• GraphQL E2E lifecycle test (create → list → search → update → delete).
• Agent tool tests (read/write set membership, private-case write gating invariant).
• Frontend: 231 Vitest tests pass; ESLint clean.
• go vet, golangci-lint, gosec clean.

[gemini-code-assist]

Code Review

This pull request introduces a workspace-wide shared Knowledge base feature, adding backend support (domain models, Firestore/in-memory repositories, GraphQL schema, and a usecase with semantic search), agent tools, and a frontend UI for managing knowledge entries. Feedback on the changes highlights a critical Stored XSS vulnerability in the frontend where user-controlled titles are rendered unescaped via dangerouslySetInnerHTML. Additionally, several high-severity scalability issues were identified in the Firestore repository and usecase, such as loading the entire collection for in-memory filtering, sorting, and tag extraction. Other recommendations include removing a redundant Get check before document deletion, adding defensive nil checks to prevent pointer panics, using useEffect instead of onCompleted for React form state initialization, and normalizing tags to lowercase to avoid casing duplicates.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.