brainzlab 0.1.1 → 0.1.3

data/lib/brainzlab/vault/client.rb

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'json'
+require 'uri'
+
+module BrainzLab
+  module Vault
+    class Client
+      def initialize(config)
+        @config = config
+        @base_url = config.vault_url || 'https://vault.brainzlab.ai'
+      end
+
+      def get(key, environment:)
+        response = request(
+          :get,
+          "/api/v1/secrets/#{CGI.escape(key)}",
+          headers: { 'X-Vault-Environment' => environment }
+        )
+
+        return nil unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        data[:value]
+      rescue StandardError => e
+        log_error('get', e)
+        nil
+      end
+
+      def set(key, value, environment:, description: nil, note: nil)
+        body = {
+          key: key,
+          value: value,
+          description: description,
+          note: note
+        }.compact
+
+        response = request(
+          :post,
+          '/api/v1/secrets',
+          headers: { 'X-Vault-Environment' => environment },
+          body: body
+        )
+
+        response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPCreated)
+      rescue StandardError => e
+        log_error('set', e)
+        false
+      end
+
+      def list(environment:)
+        response = request(
+          :get,
+          '/api/v1/secrets',
+          headers: { 'X-Vault-Environment' => environment }
+        )
+
+        return [] unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        data[:secrets] || []
+      rescue StandardError => e
+        log_error('list', e)
+        []
+      end
+
+      def delete(key)
+        response = request(:delete, "/api/v1/secrets/#{CGI.escape(key)}")
+        response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPNoContent)
+      rescue StandardError => e
+        log_error('delete', e)
+        false
+      end
+
+      def export(environment:, format:)
+        params = { format: format }
+        response = request(
+          :get,
+          '/api/v1/sync/export',
+          headers: { 'X-Vault-Environment' => environment },
+          params: params
+        )
+
+        return {} unless response.is_a?(Net::HTTPSuccess)
+
+        case format
+        when :json
+          data = JSON.parse(response.body, symbolize_names: true)
+          data[:secrets] || {}
+        else
+          response.body
+        end
+      rescue StandardError => e
+        log_error('export', e)
+        format == :json ? {} : ''
+      end
+
+      def provision(project_id:, app_name:)
+        response = request(
+          :post,
+          '/api/v1/projects/provision',
+          body: { project_id: project_id, app_name: app_name },
+          use_service_key: true
+        )
+
+        response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPCreated)
+      rescue StandardError => e
+        log_error('provision', e)
+        false
+      end
+
+      # Get all provider keys for the current project
+      # Returns a hash of provider => decrypted_key
+      def get_provider_keys
+        response = request(:get, '/api/v1/provider_keys/bulk')
+
+        return {} unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        # Convert to simple hash: { openai: "sk-...", anthropic: "sk-..." }
+        keys = {}
+        (data[:keys] || []).each do |key_data|
+          keys[key_data[:provider].to_sym] = key_data[:key]
+        end
+        keys
+      rescue StandardError => e
+        log_error('get_provider_keys', e)
+        {}
+      end
+
+      # Get a specific provider key
+      def get_provider_key(provider:, model_type: 'llm')
+        response = request(
+          :get,
+          '/api/v1/provider_keys/resolve',
+          params: { provider: provider, model_type: model_type }
+        )
+
+        return nil unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        data[:key]
+      rescue StandardError => e
+        log_error('get_provider_key', e)
+        nil
+      end
+
+      private
+
+      def request(method, path, headers: {}, body: nil, params: nil, use_service_key: false)
+        uri = URI.parse("#{@base_url}#{path}")
+
+        uri.query = URI.encode_www_form(params) if params
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == 'https'
+        http.open_timeout = 10
+        http.read_timeout = 30
+
+        request = case method
+                  when :get
+                    Net::HTTP::Get.new(uri)
+                  when :post
+                    Net::HTTP::Post.new(uri)
+                  when :put
+                    Net::HTTP::Put.new(uri)
+                  when :delete
+                    Net::HTTP::Delete.new(uri)
+                  end
+
+        # Set headers
+        request['Content-Type'] = 'application/json'
+        request['Accept'] = 'application/json'
+
+        if use_service_key
+          request['X-Service-Key'] = @config.vault_master_key || @config.secret_key
+        else
+          auth_key = @config.vault_api_key || @config.secret_key
+          request['Authorization'] = "Bearer #{auth_key}" if auth_key
+        end
+
+        headers.each { |k, v| request[k] = v }
+
+        # Set body
+        request.body = body.to_json if body
+
+        http.request(request)
+      end
+
+      def log_error(operation, error)
+        BrainzLab.debug_log("[Vault::Client] #{operation} failed: #{error.message}")
+      end
+    end
+  end
+end

data/lib/brainzlab/vault/provisioner.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module BrainzLab
+  module Vault
+    class Provisioner
+      def initialize(config)
+        @config = config
+        @provisioned = false
+      end
+
+      def ensure_project!
+        return if @provisioned
+        return unless @config.vault_auto_provision
+        return unless valid_auth?
+
+        @provisioned = true
+
+        # Try to provision with Platform project ID
+        project_id = detect_project_id
+        return unless project_id
+
+        client = Client.new(@config)
+        client.provision(
+          project_id: project_id,
+          app_name: @config.app_name || @config.service
+        )
+
+        BrainzLab.debug_log("[Vault::Provisioner] Project provisioned: #{project_id}")
+      rescue StandardError => e
+        BrainzLab.debug_log("[Vault::Provisioner] Provisioning failed: #{e.message}")
+      end
+
+      private
+
+      def valid_auth?
+        key = @config.vault_api_key || @config.vault_master_key || @config.secret_key
+        !key.nil? && !key.empty?
+      end
+
+      def detect_project_id
+        # Try environment variable first
+        return ENV['BRAINZLAB_PROJECT_ID'] if ENV['BRAINZLAB_PROJECT_ID']
+
+        # Could also detect from Platform API if we have a secret key
+        nil
+      end
+    end
+  end
+end

data/lib/brainzlab/vault.rb

@@ -0,0 +1,262 @@
+# frozen_string_literal: true
+
+require_relative 'vault/client'
+require_relative 'vault/cache'
+require_relative 'vault/provisioner'
+
+module BrainzLab
+  module Vault
+    class << self
+      # Load all secrets into ENV like dotenv
+      # This is the main method to use at app startup
+      #
+      # @param environment [String, Symbol] Environment to load (defaults to current)
+      # @param overwrite [Boolean] Whether to overwrite existing ENV vars (default: false)
+      # @param provider_keys [Boolean] Also load provider keys like OPENAI_API_KEY (default: true)
+      # @return [Hash] The secrets that were loaded
+      #
+      # @example
+      #   # In config/application.rb or an initializer
+      #   BrainzLab::Vault.load!
+      #
+      #   # Load with options
+      #   BrainzLab::Vault.load!(environment: :production, overwrite: true)
+      #
+      def load!(environment: nil, overwrite: false, provider_keys: true)
+        return {} unless enabled?
+
+        ensure_provisioned!
+        return {} unless BrainzLab.configuration.vault_valid?
+
+        env = environment&.to_s || BrainzLab.configuration.environment
+        loaded = {}
+
+        # Load regular secrets
+        secrets = export(environment: env, format: :json)
+        secrets.each do |key, value|
+          key_str = key.to_s
+          next unless overwrite || !ENV.key?(key_str)
+
+          ENV[key_str] = value.to_s
+          loaded[key_str] = value
+          BrainzLab.debug_log("[Vault] Loaded #{key_str}")
+        end
+
+        # Load provider keys (OpenAI, Anthropic, etc.)
+        if provider_keys
+          provider_secrets = load_provider_keys!(overwrite: overwrite)
+          loaded.merge!(provider_secrets)
+        end
+
+        BrainzLab.debug_log("[Vault] Loaded #{loaded.size} secrets into ENV")
+        loaded
+      rescue StandardError => e
+        BrainzLab.debug_log("[Vault] Failed to load secrets: #{e.message}")
+        {}
+      end
+
+      # Load provider keys (API keys for LLMs, etc.) into ENV
+      #
+      # @param overwrite [Boolean] Whether to overwrite existing ENV vars
+      # @return [Hash] Provider keys that were loaded
+      def load_provider_keys!(overwrite: false)
+        return {} unless enabled? && BrainzLab.configuration.vault_valid?
+
+        loaded = {}
+        provider_keys = client.get_provider_keys
+
+        provider_keys.each do |provider, key|
+          env_var = "#{provider.to_s.upcase}_API_KEY"
+          next unless overwrite || !ENV.key?(env_var)
+
+          ENV[env_var] = key
+          loaded[env_var] = key
+          BrainzLab.debug_log("[Vault] Loaded provider key: #{env_var}")
+        end
+
+        loaded
+      rescue StandardError => e
+        BrainzLab.debug_log("[Vault] Failed to load provider keys: #{e.message}")
+        {}
+      end
+
+      # Get a specific provider key
+      # @param provider [String, Symbol] Provider name (openai, anthropic, etc.)
+      # @param model_type [String] Model type (llm, embedding, etc.)
+      # @return [String, nil] The API key
+      def provider_key(provider, model_type: 'llm')
+        return nil unless enabled?
+
+        ensure_provisioned!
+        return nil unless BrainzLab.configuration.vault_valid?
+
+        # Check ENV first
+        env_var = "#{provider.to_s.upcase}_API_KEY"
+        return ENV[env_var] if ENV[env_var] && !ENV[env_var].empty?
+
+        # Fetch from Vault
+        client.get_provider_key(provider: provider.to_s, model_type: model_type)
+      end
+
+      # Get a secret value
+      # @param key [String] The secret key
+      # @param environment [String, Symbol] Optional environment (defaults to current environment)
+      # @param default [Object] Default value if secret not found
+      # @return [String, nil] The secret value
+      def get(key, environment: nil, default: nil)
+        return default unless enabled?
+
+        ensure_provisioned!
+        return default unless BrainzLab.configuration.vault_valid?
+
+        env = environment&.to_s || BrainzLab.configuration.environment
+        cache_key = "#{env}:#{key}"
+
+        # Check cache first
+        return cache.get(cache_key) if BrainzLab.configuration.vault_cache_enabled && cache.has?(cache_key)
+
+        value = client.get(key, environment: env)
+
+        if value.nil?
+          default
+        else
+          cache.set(cache_key, value) if BrainzLab.configuration.vault_cache_enabled
+          value
+        end
+      end
+
+      # Set a secret value
+      # @param key [String] The secret key
+      # @param value [String] The secret value
+      # @param environment [String, Symbol] Optional environment (defaults to current environment)
+      # @param description [String] Optional description
+      # @param note [String] Optional version note
+      # @return [Boolean] True if successful
+      def set(key, value, environment: nil, description: nil, note: nil)
+        return false unless enabled?
+
+        ensure_provisioned!
+        return false unless BrainzLab.configuration.vault_valid?
+
+        env = environment&.to_s || BrainzLab.configuration.environment
+        result = client.set(key, value, environment: env, description: description, note: note)
+
+        # Invalidate cache
+        cache.delete("#{env}:#{key}") if result && BrainzLab.configuration.vault_cache_enabled
+
+        result
+      end
+
+      # List all secret keys
+      # @param environment [String, Symbol] Optional environment
+      # @return [Array<Hash>] List of secret metadata
+      def list(environment: nil)
+        return [] unless enabled?
+
+        ensure_provisioned!
+        return [] unless BrainzLab.configuration.vault_valid?
+
+        env = environment&.to_s || BrainzLab.configuration.environment
+        client.list(environment: env)
+      end
+
+      # Delete (archive) a secret
+      # @param key [String] The secret key
+      # @return [Boolean] True if successful
+      def delete(key)
+        return false unless enabled?
+
+        ensure_provisioned!
+        return false unless BrainzLab.configuration.vault_valid?
+
+        result = client.delete(key)
+
+        # Invalidate all environment caches for this key
+        cache.delete_pattern("*:#{key}") if result && BrainzLab.configuration.vault_cache_enabled
+
+        result
+      end
+
+      # Export all secrets for an environment
+      # @param environment [String, Symbol] Environment to export
+      # @param format [Symbol] Output format (:json, :dotenv, :shell)
+      # @return [Hash, String] Exported secrets
+      def export(environment: nil, format: :json)
+        return {} unless enabled?
+
+        ensure_provisioned!
+        return {} unless BrainzLab.configuration.vault_valid?
+
+        env = environment&.to_s || BrainzLab.configuration.environment
+        client.export(environment: env, format: format)
+      end
+
+      # Fetch a secret with automatic fallback
+      # @param key [String] The secret key
+      # @param env_var [String] Environment variable to fall back to
+      # @return [String, nil] The secret value
+      def fetch(key, env_var: nil)
+        value = get(key)
+        return value if value && !value.to_s.empty?
+
+        # Fall back to environment variable
+        if env_var
+          ENV.fetch(env_var, nil)
+        else
+          ENV.fetch(key, nil)
+        end
+      end
+
+      # Clear the secret cache
+      def clear_cache!
+        cache.clear!
+      end
+
+      # Warm the cache with all secrets
+      def warm_cache!(environment: nil)
+        return unless enabled? && BrainzLab.configuration.vault_cache_enabled
+
+        env = environment&.to_s || BrainzLab.configuration.environment
+        secrets = export(environment: env, format: :json)
+
+        secrets.each do |key, value|
+          cache.set("#{env}:#{key}", value)
+        end
+      end
+
+      # === INTERNAL ===
+
+      def ensure_provisioned!
+        return if @provisioned
+
+        @provisioned = true
+        provisioner.ensure_project!
+      end
+
+      def provisioner
+        @provisioner ||= Provisioner.new(BrainzLab.configuration)
+      end
+
+      def client
+        @client ||= Client.new(BrainzLab.configuration)
+      end
+
+      def cache
+        @cache ||= Cache.new(BrainzLab.configuration.vault_cache_ttl)
+      end
+
+      def reset!
+        @client = nil
+        @provisioner = nil
+        @cache = nil
+        @provisioned = false
+      end
+
+      private
+
+      def enabled?
+        BrainzLab.configuration.vault_enabled
+      end
+    end
+  end
+end

data/lib/brainzlab/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BrainzLab
-  VERSION = "0.1.1"
+  VERSION = '0.1.3'
 end

data/lib/brainzlab/vision/client.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'uri'
+require 'json'
+
+module BrainzLab
+  module Vision
+    class Client
+      def initialize(config)
+        @config = config
+      end
+
+      # Execute an autonomous AI task
+      def execute_task(instruction:, start_url:, model: nil, browser_provider: nil, max_steps: 50, timeout: 300)
+        payload = {
+          instruction: instruction,
+          start_url: start_url,
+          max_steps: max_steps,
+          timeout: timeout
+        }
+        payload[:model] = model if model
+        payload[:browser_provider] = browser_provider if browser_provider
+
+        post('/mcp/tools/vision_task', payload)
+      end
+
+      # Create a browser session
+      def create_session(url: nil, viewport: nil, browser_provider: nil)
+        payload = {}
+        payload[:url] = url if url
+        payload[:viewport] = viewport if viewport
+        payload[:browser_provider] = browser_provider if browser_provider
+
+        post('/mcp/tools/vision_session_create', payload)
+      end
+
+      # Perform an AI-powered action
+      def ai_action(session_id:, instruction:, model: nil)
+        payload = {
+          session_id: session_id,
+          instruction: instruction
+        }
+        payload[:model] = model if model
+
+        post('/mcp/tools/vision_ai_action', payload)
+      end
+
+      # Perform a direct browser action
+      def perform(session_id:, action:, selector: nil, value: nil)
+        payload = {
+          session_id: session_id,
+          action: action.to_s
+        }
+        payload[:selector] = selector if selector
+        payload[:value] = value if value
+
+        post('/mcp/tools/vision_perform', payload)
+      end
+
+      # Extract structured data
+      def extract(session_id:, schema:, instruction: nil)
+        payload = {
+          session_id: session_id,
+          schema: schema
+        }
+        payload[:instruction] = instruction if instruction
+
+        post('/mcp/tools/vision_extract', payload)
+      end
+
+      # Close a session
+      def close_session(session_id:)
+        post('/mcp/tools/vision_session_close', { session_id: session_id })
+      end
+
+      # Take a screenshot
+      def screenshot(session_id:, full_page: true)
+        post('/mcp/tools/vision_screenshot', {
+               session_id: session_id,
+               full_page: full_page
+             })
+      end
+
+      private
+
+      def post(path, payload)
+        uri = URI.parse("#{@config.vision_url}#{path}")
+        request = Net::HTTP::Post.new(uri)
+        request['Content-Type'] = 'application/json'
+        request['Authorization'] = "Bearer #{auth_key}"
+        request['User-Agent'] = "brainzlab-sdk-ruby/#{BrainzLab::VERSION}"
+        request.body = JSON.generate(payload)
+
+        response = execute(uri, request)
+
+        case response
+        when Net::HTTPSuccess
+          JSON.parse(response.body, symbolize_names: true)
+        when Net::HTTPUnauthorized
+          { error: 'Unauthorized: Invalid API key' }
+        when Net::HTTPForbidden
+          { error: 'Forbidden: Vision is not enabled for this project' }
+        when Net::HTTPNotFound
+          { error: "Not found: #{path}" }
+        else
+          { error: "HTTP #{response.code}: #{response.message}" }
+        end
+      rescue JSON::ParserError => e
+        { error: "Invalid JSON response: #{e.message}" }
+      rescue StandardError => e
+        { error: "Request failed: #{e.message}" }
+      end
+
+      def auth_key
+        @config.vision_ingest_key || @config.vision_api_key || @config.secret_key
+      end
+
+      def execute(uri, request)
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == 'https'
+        http.open_timeout = 10
+        http.read_timeout = 300 # Long timeout for AI tasks
+        http.request(request)
+      end
+    end
+  end
+end