RubyGems - decision_agent - Versions diffs - 0.1.4 → 0.1.7 - Mend

decision_agent 0.1.4 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

checksums.yaml +4 -4
data/README.md +83 -232
data/bin/decision_agent +1 -1
data/lib/decision_agent/ab_testing/ab_testing_agent.rb +46 -10
data/lib/decision_agent/agent.rb +5 -3
data/lib/decision_agent/auth/access_audit_logger.rb +122 -0
data/lib/decision_agent/auth/authenticator.rb +127 -0
data/lib/decision_agent/auth/password_reset_manager.rb +57 -0
data/lib/decision_agent/auth/password_reset_token.rb +33 -0
data/lib/decision_agent/auth/permission.rb +29 -0
data/lib/decision_agent/auth/permission_checker.rb +43 -0
data/lib/decision_agent/auth/rbac_adapter.rb +278 -0
data/lib/decision_agent/auth/rbac_config.rb +51 -0
data/lib/decision_agent/auth/role.rb +56 -0
data/lib/decision_agent/auth/session.rb +33 -0
data/lib/decision_agent/auth/session_manager.rb +57 -0
data/lib/decision_agent/auth/user.rb +70 -0
data/lib/decision_agent/context.rb +24 -4
data/lib/decision_agent/decision.rb +10 -3
data/lib/decision_agent/dsl/condition_evaluator.rb +378 -1
data/lib/decision_agent/dsl/schema_validator.rb +8 -1
data/lib/decision_agent/errors.rb +38 -0
data/lib/decision_agent/evaluation.rb +10 -3
data/lib/decision_agent/evaluation_validator.rb +8 -13
data/lib/decision_agent/monitoring/dashboard_server.rb +1 -0
data/lib/decision_agent/monitoring/metrics_collector.rb +17 -5
data/lib/decision_agent/testing/batch_test_importer.rb +373 -0
data/lib/decision_agent/testing/batch_test_runner.rb +244 -0
data/lib/decision_agent/testing/test_coverage_analyzer.rb +191 -0
data/lib/decision_agent/testing/test_result_comparator.rb +235 -0
data/lib/decision_agent/testing/test_scenario.rb +42 -0
data/lib/decision_agent/version.rb +10 -1
data/lib/decision_agent/versioning/activerecord_adapter.rb +1 -1
data/lib/decision_agent/versioning/file_storage_adapter.rb +96 -28
data/lib/decision_agent/web/middleware/auth_middleware.rb +45 -0
data/lib/decision_agent/web/middleware/permission_middleware.rb +94 -0
data/lib/decision_agent/web/public/app.js +184 -29
data/lib/decision_agent/web/public/batch_testing.html +640 -0
data/lib/decision_agent/web/public/index.html +38 -10
data/lib/decision_agent/web/public/login.html +298 -0
data/lib/decision_agent/web/public/users.html +679 -0
data/lib/decision_agent/web/server.rb +873 -7
data/lib/decision_agent.rb +52 -0
data/lib/generators/decision_agent/install/templates/README +1 -1
data/lib/generators/decision_agent/install/templates/rule_version.rb +1 -1
data/spec/ab_testing/ab_test_assignment_spec.rb +253 -0
data/spec/ab_testing/ab_test_manager_spec.rb +282 -0
data/spec/ab_testing/ab_testing_agent_spec.rb +481 -0
data/spec/ab_testing/storage/adapter_spec.rb +64 -0
data/spec/ab_testing/storage/memory_adapter_spec.rb +485 -0
data/spec/advanced_operators_spec.rb +1003 -0
data/spec/agent_spec.rb +40 -0
data/spec/audit_adapters_spec.rb +18 -0
data/spec/auth/access_audit_logger_spec.rb +394 -0
data/spec/auth/authenticator_spec.rb +112 -0
data/spec/auth/password_reset_spec.rb +294 -0
data/spec/auth/permission_checker_spec.rb +207 -0
data/spec/auth/permission_spec.rb +73 -0
data/spec/auth/rbac_adapter_spec.rb +550 -0
data/spec/auth/rbac_config_spec.rb +82 -0
data/spec/auth/role_spec.rb +51 -0
data/spec/auth/session_manager_spec.rb +172 -0
data/spec/auth/session_spec.rb +112 -0
data/spec/auth/user_spec.rb +130 -0
data/spec/context_spec.rb +43 -0
data/spec/decision_agent_spec.rb +96 -0
data/spec/decision_spec.rb +423 -0
data/spec/dsl/condition_evaluator_spec.rb +774 -0
data/spec/evaluation_spec.rb +364 -0
data/spec/evaluation_validator_spec.rb +165 -0
data/spec/monitoring/metrics_collector_spec.rb +220 -2
data/spec/monitoring/storage/activerecord_adapter_spec.rb +153 -1
data/spec/monitoring/storage/base_adapter_spec.rb +61 -0
data/spec/performance_optimizations_spec.rb +486 -0
data/spec/spec_helper.rb +23 -0
data/spec/testing/batch_test_importer_spec.rb +693 -0
data/spec/testing/batch_test_runner_spec.rb +307 -0
data/spec/testing/test_coverage_analyzer_spec.rb +292 -0
data/spec/testing/test_result_comparator_spec.rb +392 -0
data/spec/testing/test_scenario_spec.rb +113 -0
data/spec/versioning/adapter_spec.rb +156 -0
data/spec/versioning_spec.rb +253 -0
data/spec/web/middleware/auth_middleware_spec.rb +133 -0
data/spec/web/middleware/permission_middleware_spec.rb +247 -0
data/spec/web_ui_rack_spec.rb +1705 -0
metadata +103 -11
data/spec/examples.txt +0 -612

data/spec/agent_spec.rb CHANGED Viewed

@@ -48,6 +48,46 @@ RSpec.describe DecisionAgent::Agent do
       expect(agent.scoring_strategy).to be_a(DecisionAgent::Scoring::WeightedAverage)
       expect(agent.audit_adapter).to be_a(DecisionAgent::Audit::NullAdapter)
     end
+    it "enables validation by default in non-production environments" do
+      evaluator = DecisionAgent::Evaluators::StaticEvaluator.new(decision: "approve")
+      original_env = ENV.fetch("RAILS_ENV", nil)
+      ENV["RAILS_ENV"] = "development"
+      agent = DecisionAgent::Agent.new(evaluators: [evaluator])
+      # Validation should be enabled (we can't directly test this, but we can test behavior)
+      # If validation is enabled, invalid evaluations would raise errors
+      expect(agent).to be_a(DecisionAgent::Agent)
+      ENV["RAILS_ENV"] = original_env
+    end
+    it "disables validation in production by default" do
+      evaluator = DecisionAgent::Evaluators::StaticEvaluator.new(decision: "approve")
+      original_env = ENV.fetch("RAILS_ENV", nil)
+      ENV["RAILS_ENV"] = "production"
+      agent = DecisionAgent::Agent.new(evaluators: [evaluator])
+      expect(agent).to be_a(DecisionAgent::Agent)
+      ENV["RAILS_ENV"] = original_env
+    end
+    it "allows explicit validation control" do
+      evaluator = DecisionAgent::Evaluators::StaticEvaluator.new(decision: "approve")
+      agent_with_validation = DecisionAgent::Agent.new(
+        evaluators: [evaluator],
+        validate_evaluations: true
+      )
+      expect(agent_with_validation).to be_a(DecisionAgent::Agent)
+      agent_without_validation = DecisionAgent::Agent.new(
+        evaluators: [evaluator],
+        validate_evaluations: false
+      )
+      expect(agent_without_validation).to be_a(DecisionAgent::Agent)
+    end
   end
   describe "#decide" do

data/spec/audit_adapters_spec.rb CHANGED Viewed

@@ -1,6 +1,24 @@
 require "spec_helper"
 RSpec.describe "Audit Adapters" do
+  describe DecisionAgent::Audit::Adapter do
+    it "raises NotImplementedError when record is called" do
+      adapter = DecisionAgent::Audit::Adapter.new
+      decision = DecisionAgent::Decision.new(
+        decision: "approve",
+        confidence: 0.8,
+        explanations: [],
+        evaluations: [],
+        audit_payload: {}
+      )
+      context = DecisionAgent::Context.new({ user: "alice" })
+      expect do
+        adapter.record(decision, context)
+      end.to raise_error(NotImplementedError, /Subclasses must implement #record/)
+    end
+  end
   describe DecisionAgent::Audit::NullAdapter do
     it "implements record method without side effects" do
       adapter = DecisionAgent::Audit::NullAdapter.new

data/spec/auth/access_audit_logger_spec.rb ADDED Viewed

@@ -0,0 +1,394 @@
+require "spec_helper"
+RSpec.describe DecisionAgent::Auth::AccessAuditLogger do
+  let(:adapter) { DecisionAgent::Audit::InMemoryAccessAdapter.new }
+  let(:logger) { DecisionAgent::Auth::AccessAuditLogger.new(adapter: adapter) }
+  describe "#log_authentication" do
+    it "logs successful login" do
+      logger.log_authentication(
+        "login",
+        user_id: "user123",
+        email: "test@example.com",
+        success: true
+      )
+      logs = adapter.all_logs
+      expect(logs.size).to eq(1)
+      expect(logs.first[:event_type]).to eq("login")
+      expect(logs.first[:user_id]).to eq("user123")
+      expect(logs.first[:success]).to be true
+    end
+    it "logs failed login" do
+      logger.log_authentication(
+        "login",
+        user_id: nil,
+        email: "test@example.com",
+        success: false,
+        reason: "Invalid password"
+      )
+      logs = adapter.all_logs
+      expect(logs.size).to eq(1)
+      expect(logs.first[:success]).to be false
+      expect(logs.first[:reason]).to eq("Invalid password")
+    end
+  end
+  describe "#log_permission_check" do
+    it "logs permission check" do
+      logger.log_permission_check(
+        user_id: "user123",
+        permission: :write,
+        resource_type: "rule",
+        resource_id: "rule456",
+        granted: true
+      )
+      logs = adapter.all_logs
+      expect(logs.size).to eq(1)
+      expect(logs.first[:event_type]).to eq("permission_check")
+      expect(logs.first[:permission]).to eq("write")
+      expect(logs.first[:granted]).to be true
+    end
+  end
+  describe "#log_access" do
+    it "logs access event" do
+      logger.log_access(
+        user_id: "user123",
+        action: "create",
+        resource_type: "rule",
+        resource_id: "rule456",
+        success: true
+      )
+      logs = adapter.all_logs
+      expect(logs.size).to eq(1)
+      expect(logs.first[:event_type]).to eq("access")
+      expect(logs.first[:action]).to eq("create")
+    end
+  end
+  describe "#query" do
+    before do
+      logger.log_authentication("login", user_id: "user1", email: "user1@example.com", success: true)
+      logger.log_authentication("login", user_id: "user2", email: "user2@example.com", success: true)
+      logger.log_permission_check(user_id: "user1", permission: :write, granted: true)
+    end
+    it "filters by user_id" do
+      logs = logger.query(user_id: "user1")
+      expect(logs.size).to eq(2)
+      expect(logs.all? { |log| log[:user_id] == "user1" }).to be true
+    end
+    it "filters by event_type" do
+      logs = logger.query(event_type: "login")
+      expect(logs.size).to eq(2)
+      expect(logs.all? { |log| log[:event_type] == "login" }).to be true
+    end
+    it "filters by start_time" do
+      start_time = Time.now.utc - 3600
+      logger.log_authentication("login", user_id: "user3", email: "user3@example.com", success: true)
+      logs = logger.query(start_time: start_time)
+      expect(logs.size).to be >= 1
+    end
+    it "limits results" do
+      logs = logger.query(limit: 2)
+      expect(logs.size).to eq(2)
+    end
+    it "filters by end_time" do
+      end_time = Time.now.utc + 3600
+      logs = logger.query(end_time: end_time)
+      expect(logs.size).to eq(3) # All logs are before end_time
+    end
+    it "filters by start_time and end_time together" do
+      start_time = Time.now.utc - 1800
+      end_time = Time.now.utc + 1800
+      logs = logger.query(start_time: start_time, end_time: end_time)
+      expect(logs.size).to be >= 0
+    end
+    it "handles string timestamps" do
+      start_time = (Time.now.utc - 3600).iso8601
+      logs = logger.query(start_time: start_time)
+      expect(logs).to be_an(Array)
+    end
+    it "returns logs in reverse order (most recent first)" do
+      # Clear any existing logs first
+      adapter.clear
+      logger.log_authentication("test1", user_id: "user1", email: "user1@example.com", success: true)
+      sleep(0.01) # Ensure different timestamps
+      logger.log_authentication("test2", user_id: "user1", email: "user1@example.com", success: true)
+      logs = logger.query(user_id: "user1")
+      expect(logs.size).to eq(2)
+      expect(logs.first[:event_type]).to eq("test2")
+      expect(logs.last[:event_type]).to eq("test1")
+    end
+  end
+  describe "#log_authentication" do
+    it "includes timestamp in log entry" do
+      logger.log_authentication("login", user_id: "user1", email: "user1@example.com", success: true)
+      logs = adapter.all_logs
+      expect(logs.first[:timestamp]).to be_a(String)
+      expect { Time.parse(logs.first[:timestamp]) }.not_to raise_error
+    end
+    it "includes ip_address field (nil by default)" do
+      logger.log_authentication("login", user_id: "user1", email: "user1@example.com", success: true)
+      logs = adapter.all_logs
+      expect(logs.first[:ip_address]).to be_nil
+    end
+    it "converts event_type to string" do
+      logger.log_authentication(:login, user_id: "user1", email: "user1@example.com", success: true)
+      logs = adapter.all_logs
+      expect(logs.first[:event_type]).to eq("login")
+    end
+  end
+  describe "#log_permission_check" do
+    it "includes all fields in log entry" do
+      logger.log_permission_check(
+        user_id: "user123",
+        permission: :write,
+        resource_type: "rule",
+        resource_id: "rule456",
+        granted: false
+      )
+      logs = adapter.all_logs
+      log = logs.first
+      expect(log[:event_type]).to eq("permission_check")
+      expect(log[:user_id]).to eq("user123")
+      expect(log[:permission]).to eq("write")
+      expect(log[:resource_type]).to eq("rule")
+      expect(log[:resource_id]).to eq("rule456")
+      expect(log[:granted]).to be false
+      expect(log[:timestamp]).to be_a(String)
+    end
+    it "handles nil resource_type and resource_id" do
+      logger.log_permission_check(
+        user_id: "user123",
+        permission: :read,
+        granted: true
+      )
+      logs = adapter.all_logs
+      log = logs.first
+      expect(log[:resource_type]).to be_nil
+      expect(log[:resource_id]).to be_nil
+    end
+  end
+  describe "#log_access" do
+    it "includes all fields in log entry" do
+      logger.log_access(
+        user_id: "user123",
+        action: "delete",
+        resource_type: "version",
+        resource_id: "version789",
+        success: false
+      )
+      logs = adapter.all_logs
+      log = logs.first
+      expect(log[:event_type]).to eq("access")
+      expect(log[:user_id]).to eq("user123")
+      expect(log[:action]).to eq("delete")
+      expect(log[:resource_type]).to eq("version")
+      expect(log[:resource_id]).to eq("version789")
+      expect(log[:success]).to be false
+    end
+    it "converts action to string" do
+      logger.log_access(user_id: "user1", action: :create, success: true)
+      logs = adapter.all_logs
+      expect(logs.first[:action]).to eq("create")
+    end
+  end
+  describe "adapter attribute" do
+    it "returns the configured adapter" do
+      custom_adapter = double("CustomAdapter")
+      logger = DecisionAgent::Auth::AccessAuditLogger.new(adapter: custom_adapter)
+      expect(logger.adapter).to eq(custom_adapter)
+    end
+  end
+end
+# Test for InMemoryAccessAdapter - class is nested inside AccessAuditLogger
+# but may not be directly accessible. Testing through AccessAuditLogger instead.
+RSpec.describe DecisionAgent::Auth::AccessAuditLogger do
+  describe "InMemoryAccessAdapter integration" do
+    let(:logger) { DecisionAgent::Auth::AccessAuditLogger.new }
+    it "uses InMemoryAccessAdapter by default" do
+      expect(logger.adapter).to be_a(DecisionAgent::Audit::InMemoryAccessAdapter)
+    rescue NameError
+      # If class is not directly accessible, test through logger interface
+      logger.log_authentication("test", user_id: "user1")
+      logs = logger.adapter.all_logs
+      expect(logs.size).to eq(1)
+    end
+  end
+end
+RSpec.describe DecisionAgent::Audit::InMemoryAccessAdapter do
+  let(:adapter) { described_class.new }
+  describe "#initialize" do
+    it "initializes with empty logs" do
+      expect(adapter.all_logs).to eq([])
+    end
+  end
+  describe "#record_access" do
+    it "stores log entry" do
+      log_entry = { event_type: "test", user_id: "user1", timestamp: Time.now.utc.iso8601 }
+      adapter.record_access(log_entry)
+      expect(adapter.all_logs.size).to eq(1)
+    end
+    it "stores duplicate of log entry" do
+      log_entry = { event_type: "test", user_id: "user1", timestamp: Time.now.utc.iso8601 }
+      adapter.record_access(log_entry)
+      log_entry[:modified] = true
+      expect(adapter.all_logs.first[:modified]).to be_nil
+    end
+    it "is thread-safe" do
+      threads = []
+      10.times do |i|
+        threads << Thread.new do
+          10.times do
+            adapter.record_access({ event_type: "test", user_id: "user#{i}", timestamp: Time.now.utc.iso8601 })
+          end
+        end
+      end
+      threads.each(&:join)
+      expect(adapter.all_logs.size).to eq(100)
+    end
+  end
+  describe "#query_access_logs" do
+    before do
+      adapter.record_access({ event_type: "login", user_id: "user1", timestamp: (Time.now.utc - 7200).iso8601 })
+      adapter.record_access({ event_type: "login", user_id: "user2", timestamp: (Time.now.utc - 3600).iso8601 })
+      adapter.record_access({ event_type: "logout", user_id: "user1", timestamp: Time.now.utc.iso8601 })
+    end
+    it "filters by user_id" do
+      logs = adapter.query_access_logs(user_id: "user1")
+      expect(logs.size).to eq(2)
+      expect(logs.all? { |log| log[:user_id] == "user1" }).to be true
+    end
+    it "filters by event_type" do
+      logs = adapter.query_access_logs(event_type: "login")
+      expect(logs.size).to eq(2)
+      expect(logs.all? { |log| log[:event_type] == "login" }).to be true
+    end
+    it "filters by start_time" do
+      start_time = Time.now.utc - 1800
+      logs = adapter.query_access_logs(start_time: start_time)
+      expect(logs.size).to eq(1)
+    end
+    it "filters by end_time" do
+      end_time = Time.now.utc - 1800
+      logs = adapter.query_access_logs(end_time: end_time)
+      expect(logs.size).to eq(2)
+    end
+    it "limits results" do
+      logs = adapter.query_access_logs(limit: 1)
+      expect(logs.size).to eq(1)
+    end
+    it "handles string timestamps" do
+      start_time = (Time.now.utc - 1800).iso8601
+      logs = adapter.query_access_logs(start_time: start_time)
+      expect(logs).to be_an(Array)
+    end
+    it "returns results in reverse order" do
+      logs = adapter.query_access_logs
+      expect(logs.first[:event_type]).to eq("logout")
+      expect(logs.last[:event_type]).to eq("login")
+    end
+    it "is thread-safe" do
+      threads = []
+      5.times do
+        threads << Thread.new do
+          adapter.query_access_logs(user_id: "user1")
+        end
+      end
+      threads.each(&:join)
+      # Should not raise errors
+      expect(adapter.query_access_logs.size).to eq(3)
+    end
+  end
+  describe "#all_logs" do
+    it "returns copy of logs" do
+      adapter.record_access({ event_type: "test", timestamp: Time.now.utc.iso8601 })
+      logs1 = adapter.all_logs
+      logs2 = adapter.all_logs
+      expect(logs1).not_to be(logs2)
+      logs1 << { modified: true }
+      expect(adapter.all_logs.size).to eq(1)
+    end
+  end
+  describe "#clear" do
+    it "clears all logs" do
+      adapter.record_access({ event_type: "test", timestamp: Time.now.utc.iso8601 })
+      expect(adapter.all_logs.size).to eq(1)
+      adapter.clear
+      expect(adapter.all_logs.size).to eq(0)
+    end
+    it "is thread-safe" do
+      adapter.record_access({ event_type: "test", timestamp: Time.now.utc.iso8601 })
+      threads = []
+      5.times do
+        threads << Thread.new do
+          adapter.clear
+        end
+      end
+      threads.each(&:join)
+      expect(adapter.all_logs.size).to eq(0)
+    end
+  end
+end
+RSpec.describe DecisionAgent::Audit::AccessAdapter do
+  let(:adapter) { described_class.new }
+  describe "#record_access" do
+    it "raises NotImplementedError" do
+      expect { adapter.record_access({}) }.to raise_error(NotImplementedError, /must implement #record_access/)
+    end
+  end
+  describe "#query_access_logs" do
+    it "raises NotImplementedError" do
+      expect { adapter.query_access_logs({}) }.to raise_error(NotImplementedError, /must implement #query_access_logs/)
+    end
+  end
+end

data/spec/auth/authenticator_spec.rb ADDED Viewed

@@ -0,0 +1,112 @@
+require "spec_helper"
+RSpec.describe DecisionAgent::Auth::Authenticator do
+  let(:authenticator) { DecisionAgent::Auth::Authenticator.new }
+  describe "#create_user" do
+    it "creates a new user" do
+      user = authenticator.create_user(
+        email: "test@example.com",
+        password: "password123"
+      )
+      expect(user.email).to eq("test@example.com")
+      expect(user.id).to be_a(String)
+    end
+    it "creates a user with roles" do
+      user = authenticator.create_user(
+        email: "admin@example.com",
+        password: "password123",
+        roles: %i[admin editor]
+      )
+      expect(user.roles).to include(:admin, :editor)
+    end
+  end
+  describe "#login" do
+    before do
+      authenticator.create_user(
+        email: "test@example.com",
+        password: "password123"
+      )
+    end
+    it "returns a session for valid credentials" do
+      session = authenticator.login("test@example.com", "password123")
+      expect(session).to be_a(DecisionAgent::Auth::Session)
+      expect(session.user_id).to be_a(String)
+    end
+    it "returns nil for invalid email" do
+      session = authenticator.login("wrong@example.com", "password123")
+      expect(session).to be_nil
+    end
+    it "returns nil for invalid password" do
+      session = authenticator.login("test@example.com", "wrongpassword")
+      expect(session).to be_nil
+    end
+    it "returns nil for inactive user" do
+      user = authenticator.find_user_by_email("test@example.com")
+      user.active = false
+      session = authenticator.login("test@example.com", "password123")
+      expect(session).to be_nil
+    end
+  end
+  describe "#logout" do
+    it "deletes the session" do
+      authenticator.create_user(
+        email: "test@example.com",
+        password: "password123"
+      )
+      session = authenticator.login("test@example.com", "password123")
+      token = session.token
+      authenticator.logout(token)
+      expect(authenticator.authenticate(token)).to be_nil
+    end
+  end
+  describe "#authenticate" do
+    it "returns user and session for valid token" do
+      authenticator.create_user(
+        email: "test@example.com",
+        password: "password123"
+      )
+      session = authenticator.login("test@example.com", "password123")
+      result = authenticator.authenticate(session.token)
+      expect(result).to be_a(Hash)
+      expect(result[:user]).to be_a(DecisionAgent::Auth::User)
+      expect(result[:session]).to be_a(DecisionAgent::Auth::Session)
+    end
+    it "returns nil for invalid token" do
+      result = authenticator.authenticate("invalid_token")
+      expect(result).to be_nil
+    end
+    it "returns nil for expired session" do
+      authenticator.create_user(
+        email: "test@example.com",
+        password: "password123"
+      )
+      session = authenticator.login("test@example.com", "password123")
+      # Manually expire the session
+      session.instance_variable_set(:@expires_at, Time.now.utc - 1)
+      result = authenticator.authenticate(session.token)
+      expect(result).to be_nil
+    end
+  end
+end