decision_agent 0.1.3 → 0.1.6

data/lib/decision_agent/ab_testing/storage/adapter.rb

@@ -0,0 +1,67 @@
+module DecisionAgent
+  module ABTesting
+    module Storage
+      # Base adapter interface for A/B test persistence
+      class Adapter
+        # Save an A/B test
+        # @param test [ABTest] The test to save
+        # @return [ABTest] The saved test with ID
+        def save_test(test)
+          raise NotImplementedError, "#{self.class} must implement #save_test"
+        end
+
+        # Get an A/B test by ID
+        # @param test_id [String, Integer] The test ID
+        # @return [ABTest, nil] The test or nil
+        def get_test(test_id)
+          raise NotImplementedError, "#{self.class} must implement #get_test"
+        end
+
+        # Update an A/B test
+        # @param test_id [String, Integer] The test ID
+        # @param attributes [Hash] Attributes to update
+        # @return [ABTest] The updated test
+        def update_test(test_id, attributes)
+          raise NotImplementedError, "#{self.class} must implement #update_test"
+        end
+
+        # List A/B tests
+        # @param status [String, nil] Filter by status
+        # @param limit [Integer, nil] Limit results
+        # @return [Array<ABTest>] Array of tests
+        def list_tests(status: nil, limit: nil)
+          raise NotImplementedError, "#{self.class} must implement #list_tests"
+        end
+
+        # Save an assignment
+        # @param assignment [ABTestAssignment] The assignment to save
+        # @return [ABTestAssignment] The saved assignment with ID
+        def save_assignment(assignment)
+          raise NotImplementedError, "#{self.class} must implement #save_assignment"
+        end
+
+        # Update an assignment
+        # @param assignment_id [String, Integer] The assignment ID
+        # @param attributes [Hash] Attributes to update
+        # @return [ABTestAssignment] The updated assignment
+        def update_assignment(assignment_id, attributes)
+          raise NotImplementedError, "#{self.class} must implement #update_assignment"
+        end
+
+        # Get assignments for a test
+        # @param test_id [String, Integer] The test ID
+        # @return [Array<ABTestAssignment>] Array of assignments
+        def get_assignments(test_id)
+          raise NotImplementedError, "#{self.class} must implement #get_assignments"
+        end
+
+        # Delete a test and its assignments
+        # @param test_id [String, Integer] The test ID
+        # @return [Boolean] True if deleted
+        def delete_test(test_id)
+          raise NotImplementedError, "#{self.class} must implement #delete_test"
+        end
+      end
+    end
+  end
+end

data/lib/decision_agent/ab_testing/storage/memory_adapter.rb

@@ -0,0 +1,116 @@
+require "monitor"
+
+module DecisionAgent
+  module ABTesting
+    module Storage
+      # In-memory storage adapter for A/B tests
+      # Useful for testing and development
+      class MemoryAdapter < Adapter
+        include MonitorMixin
+
+        def initialize
+          super
+          @tests = {}
+          @assignments = {}
+          @test_id_counter = 0
+          @assignment_id_counter = 0
+        end
+
+        def save_test(test)
+          synchronize do
+            @test_id_counter += 1
+            test_data = test.to_h.merge(id: @test_id_counter)
+            @tests[@test_id_counter] = test_data
+
+            ABTest.new(**test_data)
+          end
+        end
+
+        def get_test(test_id)
+          synchronize do
+            test_data = @tests[test_id.to_i]
+            test_data ? ABTest.new(**test_data) : nil
+          end
+        end
+
+        def update_test(test_id, attributes)
+          synchronize do
+            test_data = @tests[test_id.to_i]
+            raise TestNotFoundError, "Test not found: #{test_id}" unless test_data
+
+            test_data.merge!(attributes)
+            @tests[test_id.to_i] = test_data
+
+            ABTest.new(**test_data)
+          end
+        end
+
+        def list_tests(status: nil, limit: nil)
+          synchronize do
+            tests = @tests.values
+
+            tests = tests.select { |t| t[:status] == status } if status
+            tests = tests.last(limit) if limit
+
+            tests.map { |t| ABTest.new(**t) }
+          end
+        end
+
+        def save_assignment(assignment)
+          synchronize do
+            @assignment_id_counter += 1
+            assignment_data = assignment.to_h.merge(id: @assignment_id_counter)
+            @assignments[@assignment_id_counter] = assignment_data
+
+            ABTestAssignment.new(**assignment_data)
+          end
+        end
+
+        def update_assignment(assignment_id, attributes)
+          synchronize do
+            assignment_data = @assignments[assignment_id.to_i]
+            raise "Assignment not found: #{assignment_id}" unless assignment_data
+
+            assignment_data.merge!(attributes)
+            @assignments[assignment_id.to_i] = assignment_data
+
+            ABTestAssignment.new(**assignment_data)
+          end
+        end
+
+        def get_assignments(test_id)
+          synchronize do
+            assignments = @assignments.values.select { |a| a[:ab_test_id] == test_id }
+            assignments.map { |a| ABTestAssignment.new(**a) }
+          end
+        end
+
+        def delete_test(test_id)
+          synchronize do
+            @tests.delete(test_id.to_i)
+            @assignments.delete_if { |_id, a| a[:ab_test_id] == test_id }
+            true
+          end
+        end
+
+        # Additional helper methods
+        def clear!
+          synchronize do
+            @tests.clear
+            @assignments.clear
+            @test_id_counter = 0
+            @assignment_id_counter = 0
+          end
+        end
+
+        def test_count
+          synchronize { @tests.size }
+        end
+
+        def assignment_count
+          synchronize { @assignments.size }
+        end
+      end
+    end
+  end
+end

data/lib/decision_agent/agent.rb

@@ -6,10 +6,12 @@ module DecisionAgent
   class Agent
     attr_reader :evaluators, :scoring_strategy, :audit_adapter
 
-    def initialize(evaluators:, scoring_strategy: nil, audit_adapter: nil)
+    def initialize(evaluators:, scoring_strategy: nil, audit_adapter: nil, validate_evaluations: nil)
       @evaluators = Array(evaluators)
       @scoring_strategy = scoring_strategy || Scoring::WeightedAverage.new
       @audit_adapter = audit_adapter || Audit::NullAdapter.new
+      # Default to validating in development, skip in production for performance
+      @validate_evaluations = validate_evaluations.nil? ? (ENV["RAILS_ENV"] != "production") : validate_evaluations
 
       validate_configuration!
 
@@ -24,8 +26,8 @@ module DecisionAgent
 
       raise NoEvaluationsError if evaluations.empty?
 
-      # Validate all evaluations for correctness and thread-safety
-      EvaluationValidator.validate_all!(evaluations)
+      # Validate all evaluations for correctness and thread-safety (optional for performance)
+      EvaluationValidator.validate_all!(evaluations) if @validate_evaluations
 
       scored_result = @scoring_strategy.score(evaluations)
 

data/lib/decision_agent/auth/access_audit_logger.rb

@@ -0,0 +1,122 @@
+require "json"
+require_relative "../audit/adapter"
+
+module DecisionAgent
+  module Auth
+    class AccessAuditLogger
+      attr_reader :adapter
+
+      def initialize(adapter: nil)
+        @adapter = adapter || Audit::InMemoryAccessAdapter.new
+      end
+
+      def log_authentication(event_type, user_id:, email: nil, success: true, reason: nil)
+        log_entry = {
+          event_type: event_type.to_s,
+          user_id: user_id,
+          email: email,
+          success: success,
+          reason: reason,
+          timestamp: Time.now.utc.iso8601,
+          ip_address: nil # Can be set by middleware
+        }
+
+        @adapter.record_access(log_entry)
+      end
+
+      def log_permission_check(user_id:, permission:, resource_type: nil, resource_id: nil, granted: true)
+        log_entry = {
+          event_type: "permission_check",
+          user_id: user_id,
+          permission: permission.to_s,
+          resource_type: resource_type,
+          resource_id: resource_id,
+          granted: granted,
+          timestamp: Time.now.utc.iso8601
+        }
+
+        @adapter.record_access(log_entry)
+      end
+
+      def log_access(user_id:, action:, resource_type: nil, resource_id: nil, success: true)
+        log_entry = {
+          event_type: "access",
+          user_id: user_id,
+          action: action.to_s,
+          resource_type: resource_type,
+          resource_id: resource_id,
+          success: success,
+          timestamp: Time.now.utc.iso8601
+        }
+
+        @adapter.record_access(log_entry)
+      end
+
+      def query(filters = {})
+        @adapter.query_access_logs(filters)
+      end
+    end
+  end
+
+  module Audit
+    class AccessAdapter < Adapter
+      def record_access(log_entry)
+        raise NotImplementedError, "Subclasses must implement #record_access"
+      end
+
+      def query_access_logs(filters = {})
+        raise NotImplementedError, "Subclasses must implement #query_access_logs"
+      end
+    end
+
+    class InMemoryAccessAdapter < AccessAdapter
+      def initialize
+        super
+        @logs = []
+        @mutex = Mutex.new
+      end
+
+      def record_access(log_entry)
+        @mutex.synchronize do
+          @logs << log_entry.dup
+        end
+      end
+
+      def query_access_logs(filters = {})
+        @mutex.synchronize do
+          results = @logs.dup
+
+          results.select! { |log| log[:user_id] == filters[:user_id] } if filters[:user_id]
+
+          results.select! { |log| log[:event_type] == filters[:event_type].to_s } if filters[:event_type]
+
+          if filters[:start_time]
+            start_time = filters[:start_time].is_a?(String) ? Time.parse(filters[:start_time]) : filters[:start_time]
+            results.select! { |log| Time.parse(log[:timestamp]) >= start_time }
+          end
+
+          if filters[:end_time]
+            end_time = filters[:end_time].is_a?(String) ? Time.parse(filters[:end_time]) : filters[:end_time]
+            results.select! { |log| Time.parse(log[:timestamp]) <= end_time }
+          end
+
+          results = results.last(filters[:limit]) if filters[:limit]
+
+          results.reverse # Most recent first
+        end
+      end
+
+      def all_logs
+        @mutex.synchronize do
+          @logs.dup
+        end
+      end
+
+      def clear
+        @mutex.synchronize do
+          @logs.clear
+        end
+      end
+    end
+  end
+end

data/lib/decision_agent/auth/authenticator.rb

@@ -0,0 +1,127 @@
+module DecisionAgent
+  module Auth
+    class Authenticator
+      attr_reader :user_store, :session_manager, :password_reset_manager
+
+      def initialize(user_store: nil, session_manager: nil, password_reset_manager: nil)
+        @user_store = user_store || InMemoryUserStore.new
+        @session_manager = session_manager || SessionManager.new
+        @password_reset_manager = password_reset_manager || PasswordResetManager.new
+      end
+
+      def login(email, password)
+        user = @user_store.find_by_email(email)
+        return nil unless user
+        return nil unless user.active
+        return nil unless user.authenticate(password)
+
+        @session_manager.create_session(user.id)
+      end
+
+      def logout(token)
+        @session_manager.delete_session(token)
+      end
+
+      def authenticate(token)
+        session = @session_manager.get_session(token)
+        return nil unless session
+
+        user = @user_store.find_by_id(session.user_id)
+        return nil unless user
+        return nil unless user.active
+
+        { user: user, session: session }
+      end
+
+      def create_user(email:, password:, roles: [])
+        user = User.new(email: email, password: password, roles: roles)
+        @user_store.save(user)
+        user
+      end
+
+      def find_user(user_id)
+        @user_store.find_by_id(user_id)
+      end
+
+      def find_user_by_email(email)
+        @user_store.find_by_email(email)
+      end
+
+      def request_password_reset(email)
+        user = @user_store.find_by_email(email)
+        return nil unless user
+        return nil unless user.active
+
+        # Delete any existing reset tokens for this user
+        @password_reset_manager.delete_user_tokens(user.id)
+
+        # Create a new reset token (expires in 1 hour)
+        @password_reset_manager.create_token(user.id, expires_in: 3600)
+      end
+
+      def reset_password(token_string, new_password)
+        token = @password_reset_manager.get_token(token_string)
+        return nil unless token
+
+        user = @user_store.find_by_id(token.user_id)
+        return nil unless user
+        return nil unless user.active
+
+        # Update the password
+        user.update_password(new_password)
+        @user_store.save(user)
+
+        # Delete the used token and all other tokens for this user
+        @password_reset_manager.delete_user_tokens(user.id)
+
+        # Invalidate all existing sessions for security
+        @session_manager.delete_user_sessions(user.id)
+
+        user
+      end
+    end
+
+    # In-memory user store (can be replaced with ActiveRecord adapter later)
+    class InMemoryUserStore
+      def initialize
+        @users = {}
+        @users_by_email = {}
+        @mutex = Mutex.new
+      end
+
+      def save(user)
+        @mutex.synchronize do
+          @users[user.id] = user
+          @users_by_email[user.email.downcase] = user
+        end
+        user
+      end
+
+      def find_by_id(id)
+        @mutex.synchronize do
+          @users[id]
+        end
+      end
+
+      def find_by_email(email)
+        @mutex.synchronize do
+          @users_by_email[email.downcase]
+        end
+      end
+
+      def all
+        @mutex.synchronize do
+          @users.values.dup
+        end
+      end
+
+      def delete(id)
+        @mutex.synchronize do
+          user = @users.delete(id)
+          @users_by_email.delete(user.email.downcase) if user
+          user
+        end
+      end
+    end
+  end
+end

data/lib/decision_agent/auth/password_reset_manager.rb

@@ -0,0 +1,57 @@
+module DecisionAgent
+  module Auth
+    class PasswordResetManager
+      def initialize
+        @tokens = {}
+        @mutex = Mutex.new
+        @cleanup_interval = 300 # 5 minutes
+        @last_cleanup = Time.now
+      end
+
+      def create_token(user_id, expires_in: 3600)
+        token = PasswordResetToken.new(user_id: user_id, expires_in: expires_in)
+        @mutex.synchronize do
+          @tokens[token.token] = token
+          cleanup_expired_tokens
+        end
+        token
+      end
+
+      def get_token(token_string)
+        @mutex.synchronize do
+          token = @tokens[token_string]
+          return nil unless token
+          return nil if token.expired?
+
+          token
+        end
+      end
+
+      def delete_token(token_string)
+        @mutex.synchronize do
+          @tokens.delete(token_string)
+        end
+      end
+
+      def delete_user_tokens(user_id)
+        @mutex.synchronize do
+          @tokens.delete_if { |_token_string, token| token.user_id == user_id }
+        end
+      end
+
+      def cleanup_expired_tokens
+        now = Time.now
+        return if (now - @last_cleanup) < @cleanup_interval
+
+        @tokens.delete_if { |_token_string, token| token.expired? }
+        @last_cleanup = now
+      end
+
+      def count
+        @mutex.synchronize do
+          @tokens.size
+        end
+      end
+    end
+  end
+end

data/lib/decision_agent/auth/password_reset_token.rb

@@ -0,0 +1,33 @@
+require "securerandom"
+
+module DecisionAgent
+  module Auth
+    class PasswordResetToken
+      attr_reader :token, :user_id, :created_at, :expires_at
+
+      def initialize(user_id:, expires_in: 3600)
+        @token = SecureRandom.hex(32)
+        @user_id = user_id
+        @created_at = Time.now.utc
+        @expires_at = @created_at + expires_in
+      end
+
+      def expired?
+        Time.now.utc > @expires_at
+      end
+
+      def valid?
+        !expired?
+      end
+
+      def to_h
+        {
+          token: @token,
+          user_id: @user_id,
+          created_at: @created_at.iso8601,
+          expires_at: @expires_at.iso8601
+        }
+      end
+    end
+  end
+end

data/lib/decision_agent/auth/permission.rb

@@ -0,0 +1,29 @@
+module DecisionAgent
+  module Auth
+    class Permission
+      PERMISSIONS = {
+        read: "Read access to rules and versions",
+        write: "Create and modify rules",
+        delete: "Delete rules and versions",
+        approve: "Approve rule changes",
+        deploy: "Deploy rule versions",
+        manage_users: "Manage users and roles",
+        audit: "Access audit logs"
+      }.freeze
+
+      class << self
+        def all
+          PERMISSIONS.keys
+        end
+
+        def exists?(permission)
+          PERMISSIONS.key?(permission.to_sym)
+        end
+
+        def description_for(permission)
+          PERMISSIONS[permission.to_sym]
+        end
+      end
+    end
+  end
+end

data/lib/decision_agent/auth/permission_checker.rb

@@ -0,0 +1,43 @@
+module DecisionAgent
+  module Auth
+    class PermissionChecker
+      attr_reader :adapter
+
+      def initialize(adapter: nil)
+        @adapter = adapter || DefaultAdapter.new
+      end
+
+      def can?(user, permission, resource = nil)
+        @adapter.can?(user, permission, resource)
+      end
+
+      def require_permission!(user, permission, resource = nil)
+        raise PermissionDeniedError, "User does not have permission: #{permission}" unless can?(user, permission, resource)
+
+        true
+      end
+
+      def has_role?(user, role)
+        @adapter.has_role?(user, role)
+      end
+
+      def require_role!(user, role)
+        raise PermissionDeniedError, "User does not have role: #{role}" unless has_role?(user, role)
+
+        true
+      end
+
+      def active?(user)
+        @adapter.active?(user)
+      end
+
+      def user_id(user)
+        @adapter.user_id(user)
+      end
+
+      def user_email(user)
+        @adapter.user_email(user)
+      end
+    end
+  end
+end