fluyenta-ruby 0.1.14

data/lib/brainzlab/utilities/rate_limiter.rb

@@ -0,0 +1,230 @@
+# frozen_string_literal: true
+
+module BrainzLab
+  module Utilities
+    # Rate limiter with support for sliding window and token bucket algorithms
+    # Integrates with Flux for metrics tracking
+    #
+    # @example Basic usage
+    #   limiter = BrainzLab::Utilities::RateLimiter.new(
+    #     key: "api:user:123",
+    #     limit: 100,
+    #     window: 60  # seconds
+    #   )
+    #
+    #   if limiter.allow?
+    #     # proceed with request
+    #   else
+    #     # rate limited
+    #   end
+    #
+    # @example With block
+    #   BrainzLab::Utilities::RateLimiter.throttle("api:user:#{user.id}", limit: 100, window: 60) do
+    #     # this block runs only if not rate limited
+    #   end
+    #
+    class RateLimiter
+      attr_reader :key, :limit, :window, :remaining, :reset_at
+
+      def initialize(key:, limit:, window:, store: nil)
+        @key = key
+        @limit = limit
+        @window = window
+        @store = store || default_store
+        @remaining = limit
+        @reset_at = Time.now + window
+      end
+
+      # Check if request is allowed (doesn't consume a token)
+      def allowed?
+        count, = get_current_count
+        count < @limit
+      end
+
+      # Check and consume a token
+      def allow?
+        count, reset = increment
+        @remaining = [@limit - count, 0].max
+        @reset_at = reset
+
+        allowed = count <= @limit
+
+        # Track metrics
+        track_attempt(allowed)
+
+        allowed
+      end
+
+      # Alias for allow?
+      def throttle?
+        !allow?
+      end
+
+      # Get current usage info
+      def status
+        count, reset = get_current_count
+        {
+          key: @key,
+          limit: @limit,
+          remaining: [@limit - count, 0].max,
+          reset_at: reset,
+          used: count
+        }
+      end
+
+      # Reset the rate limit for this key
+      def reset!
+        @store.delete(@key)
+        @remaining = @limit
+        @reset_at = Time.now + @window
+      end
+
+      # Class method for quick throttling
+      def self.throttle(key, limit:, window:, store: nil)
+        limiter = new(key: key, limit: limit, window: window, store: store)
+
+        if limiter.allow?
+          yield if block_given?
+          true
+        else
+          false
+        end
+      end
+
+      # Check rate limit without incrementing
+      def self.allowed?(key, limit:, window:, store: nil)
+        limiter = new(key: key, limit: limit, window: window, store: store)
+        limiter.allowed?
+      end
+
+      private
+
+      def default_store
+        @default_store ||= MemoryStore.new
+      end
+
+      def get_current_count
+        current_bucket
+        data = @store.get(@key) || { buckets: {}, created_at: Time.now.to_i }
+
+        # Clean old buckets
+        cutoff = Time.now.to_i - @window
+        data[:buckets].delete_if { |k, _| k.to_i < cutoff }
+
+        count = data[:buckets].values.sum
+        reset = Time.at(Time.now.to_i + @window - (Time.now.to_i % @window))
+
+        [count, reset]
+      end
+
+      def increment
+        bucket = current_bucket
+        data = @store.get(@key) || { buckets: {}, created_at: Time.now.to_i }
+
+        # Clean old buckets
+        cutoff = Time.now.to_i - @window
+        data[:buckets].delete_if { |k, _| k.to_i < cutoff }
+
+        # Increment current bucket
+        data[:buckets][bucket] ||= 0
+        data[:buckets][bucket] += 1
+
+        # Store with TTL
+        @store.set(@key, data, ttl: @window * 2)
+
+        count = data[:buckets].values.sum
+        reset = Time.at(Time.now.to_i + @window - (Time.now.to_i % @window))
+
+        [count, reset]
+      end
+
+      def current_bucket
+        # Use 1-second buckets for sliding window
+        Time.now.to_i.to_s
+      end
+
+      def track_attempt(allowed)
+        return unless BrainzLab.configuration.flux_effectively_enabled?
+
+        if allowed
+          BrainzLab::Flux.increment('rate_limiter.allowed', tags: { key: sanitize_key(@key) })
+        else
+          BrainzLab::Flux.increment('rate_limiter.denied', tags: { key: sanitize_key(@key) })
+        end
+      end
+
+      def sanitize_key(key)
+        # Remove user-specific identifiers for aggregation
+        key.gsub(/:\d+/, ':*').gsub(/:[a-f0-9-]{36}/, ':*')
+      end
+
+      # Simple in-memory store (for development/single-instance)
+      class MemoryStore
+        def initialize
+          @data = {}
+          @mutex = Mutex.new
+        end
+
+        def get(key)
+          @mutex.synchronize do
+            entry = @data[key]
+            return nil unless entry
+            return nil if entry[:expires_at] && Time.now > entry[:expires_at]
+
+            entry[:value]
+          end
+        end
+
+        def set(key, value, ttl: nil)
+          @mutex.synchronize do
+            @data[key] = {
+              value: value,
+              expires_at: ttl ? Time.now + ttl : nil
+            }
+          end
+        end
+
+        def delete(key)
+          @mutex.synchronize do
+            @data.delete(key)
+          end
+        end
+
+        def clear!
+          @mutex.synchronize do
+            @data.clear
+          end
+        end
+      end
+
+      # Redis store adapter
+      class RedisStore
+        def initialize(redis)
+          @redis = redis
+        end
+
+        def get(key)
+          data = @redis.get("brainzlab:ratelimit:#{key}")
+          return nil unless data
+
+          JSON.parse(data, symbolize_names: true)
+        rescue StandardError
+          nil
+        end
+
+        def set(key, value, ttl: nil)
+          full_key = "brainzlab:ratelimit:#{key}"
+          if ttl
+            @redis.setex(full_key, ttl, value.to_json)
+          else
+            @redis.set(full_key, value.to_json)
+          end
+        end
+
+        def delete(key)
+          @redis.del("brainzlab:ratelimit:#{key}")
+        end
+      end
+    end
+  end
+end

data/lib/brainzlab/utilities.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require_relative 'utilities/rate_limiter'
+require_relative 'utilities/circuit_breaker'
+require_relative 'utilities/health_check'
+require_relative 'utilities/log_formatter'
+
+module BrainzLab
+  module Utilities
+    # All utilities are auto-loaded from their respective files
+    # Access them via:
+    #   BrainzLab::Utilities::RateLimiter
+    #   BrainzLab::Utilities::CircuitBreaker
+    #   BrainzLab::Utilities::HealthCheck
+    #   BrainzLab::Utilities::LogFormatter
+  end
+end

data/lib/brainzlab/vault/cache.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+module BrainzLab
+  module Vault
+    class Cache
+      def initialize(ttl = 300)
+        @ttl = ttl
+        @store = {}
+        @mutex = Mutex.new
+      end
+
+      def get(key)
+        @mutex.synchronize do
+          entry = @store[key]
+          return nil unless entry
+          return nil if expired?(entry)
+
+          entry[:value]
+        end
+      end
+
+      def set(key, value)
+        @mutex.synchronize do
+          @store[key] = {
+            value: value,
+            expires_at: Time.now + @ttl
+          }
+        end
+        value
+      end
+
+      def has?(key)
+        @mutex.synchronize do
+          entry = @store[key]
+          return false unless entry
+          return false if expired?(entry)
+
+          true
+        end
+      end
+
+      def delete(key)
+        @mutex.synchronize do
+          @store.delete(key)
+        end
+      end
+
+      def delete_pattern(pattern)
+        @mutex.synchronize do
+          regex = Regexp.new(pattern.gsub('*', '.*'))
+          @store.delete_if { |k, _| k.match?(regex) }
+        end
+      end
+
+      def clear!
+        @mutex.synchronize do
+          @store.clear
+        end
+      end
+
+      def size
+        @mutex.synchronize do
+          cleanup_expired!
+          @store.size
+        end
+      end
+
+      private
+
+      def expired?(entry)
+        entry[:expires_at] < Time.now
+      end
+
+      def cleanup_expired!
+        now = Time.now
+        @store.delete_if { |_, entry| entry[:expires_at] < now }
+      end
+    end
+  end
+end

data/lib/brainzlab/vault/client.rb

@@ -0,0 +1,216 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'json'
+require 'uri'
+
+module BrainzLab
+  module Vault
+    class Client
+      def initialize(config)
+        @config = config
+        @base_url = config.vault_url || 'https://vault.brainzlab.ai'
+      end
+
+      def get(key, environment:)
+        response = request(
+          :get,
+          "/api/v1/secrets/#{CGI.escape(key)}",
+          headers: { 'X-Vault-Environment' => environment }
+        )
+
+        return nil unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        data[:value]
+      rescue StandardError => e
+        log_error('get', e)
+        nil
+      end
+
+      def set(key, value, environment:, description: nil, note: nil)
+        body = {
+          key: key,
+          value: value,
+          description: description,
+          note: note
+        }.compact
+
+        response = request(
+          :post,
+          '/api/v1/secrets',
+          headers: { 'X-Vault-Environment' => environment },
+          body: body
+        )
+
+        response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPCreated)
+      rescue StandardError => e
+        log_error('set', e)
+        false
+      end
+
+      def list(environment:)
+        response = request(
+          :get,
+          '/api/v1/secrets',
+          headers: { 'X-Vault-Environment' => environment }
+        )
+
+        return [] unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        data[:secrets] || []
+      rescue StandardError => e
+        log_error('list', e)
+        []
+      end
+
+      def delete(key)
+        response = request(:delete, "/api/v1/secrets/#{CGI.escape(key)}")
+        response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPNoContent)
+      rescue StandardError => e
+        log_error('delete', e)
+        false
+      end
+
+      def export(environment:, format:)
+        params = { format: format }
+        response = request(
+          :get,
+          '/api/v1/sync/export',
+          headers: { 'X-Vault-Environment' => environment },
+          params: params
+        )
+
+        return {} unless response.is_a?(Net::HTTPSuccess)
+
+        case format
+        when :json
+          data = JSON.parse(response.body, symbolize_names: true)
+          data[:secrets] || {}
+        else
+          response.body
+        end
+      rescue StandardError => e
+        log_error('export', e)
+        format == :json ? {} : ''
+      end
+
+      def provision(project_id:, app_name:)
+        response = request(
+          :post,
+          '/api/v1/projects/provision',
+          body: { project_id: project_id, app_name: app_name },
+          use_service_key: true
+        )
+
+        response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPCreated)
+      rescue StandardError => e
+        log_error('provision', e)
+        false
+      end
+
+      # Get all provider keys for the current project
+      # Returns a hash of provider => decrypted_key
+      def get_provider_keys
+        response = request(:get, '/api/v1/provider_keys/bulk')
+
+        return {} unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        # Convert to simple hash: { openai: "sk-...", anthropic: "sk-..." }
+        keys = {}
+        (data[:keys] || []).each do |key_data|
+          keys[key_data[:provider].to_sym] = key_data[:key]
+        end
+        keys
+      rescue StandardError => e
+        log_error('get_provider_keys', e)
+        {}
+      end
+
+      # Get a specific provider key
+      def get_provider_key(provider:, model_type: 'llm')
+        response = request(
+          :get,
+          '/api/v1/provider_keys/resolve',
+          params: { provider: provider, model_type: model_type }
+        )
+
+        return nil unless response.is_a?(Net::HTTPSuccess)
+
+        data = JSON.parse(response.body, symbolize_names: true)
+        data[:key]
+      rescue StandardError => e
+        log_error('get_provider_key', e)
+        nil
+      end
+
+      private
+
+      def request(method, path, headers: {}, body: nil, params: nil, use_service_key: false)
+        uri = URI.parse("#{@base_url}#{path}")
+
+        uri.query = URI.encode_www_form(params) if params
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == 'https'
+        http.open_timeout = 10
+        http.read_timeout = 30
+
+        request = case method
+                  when :get
+                    Net::HTTP::Get.new(uri)
+                  when :post
+                    Net::HTTP::Post.new(uri)
+                  when :put
+                    Net::HTTP::Put.new(uri)
+                  when :delete
+                    Net::HTTP::Delete.new(uri)
+                  end
+
+        # Set headers
+        request['Content-Type'] = 'application/json'
+        request['Accept'] = 'application/json'
+
+        if use_service_key
+          request['X-Service-Key'] = @config.vault_master_key || @config.secret_key
+        else
+          auth_key = @config.vault_api_key || @config.secret_key
+          request['Authorization'] = "Bearer #{auth_key}" if auth_key
+        end
+
+        headers.each { |k, v| request[k] = v }
+
+        # Set body
+        request.body = body.to_json if body
+
+        http.request(request)
+      end
+
+      def log_error(operation, error)
+        structured_error = ErrorHandler.wrap(error, service: 'Vault', operation: operation)
+        BrainzLab.debug_log("[Vault::Client] #{operation} failed: #{structured_error.message}")
+
+        # Call on_error callback if configured
+        if @config.on_error
+          @config.on_error.call(structured_error, { service: 'Vault', operation: operation })
+        end
+      end
+
+      def handle_response_error(response, operation)
+        return if response.is_a?(Net::HTTPSuccess) || response.is_a?(Net::HTTPCreated) || response.is_a?(Net::HTTPNoContent)
+
+        structured_error = ErrorHandler.from_response(response, service: 'Vault', operation: operation)
+        BrainzLab.debug_log("[Vault::Client] #{operation} failed: #{structured_error.message}")
+
+        # Call on_error callback if configured
+        if @config.on_error
+          @config.on_error.call(structured_error, { service: 'Vault', operation: operation })
+        end
+
+        structured_error
+      end
+    end
+  end
+end

data/lib/brainzlab/vault/provisioner.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module BrainzLab
+  module Vault
+    class Provisioner
+      def initialize(config)
+        @config = config
+        @provisioned = false
+      end
+
+      def ensure_project!
+        return if @provisioned
+        return unless @config.vault_auto_provision
+        return unless valid_auth?
+
+        @provisioned = true
+
+        # Try to provision with Platform project ID
+        project_id = detect_project_id
+        return unless project_id
+
+        client = Client.new(@config)
+        client.provision(
+          project_id: project_id,
+          app_name: @config.app_name || @config.service
+        )
+
+        BrainzLab.debug_log("[Vault::Provisioner] Project provisioned: #{project_id}")
+      rescue StandardError => e
+        BrainzLab.debug_log("[Vault::Provisioner] Provisioning failed: #{e.message}")
+      end
+
+      private
+
+      def valid_auth?
+        key = @config.vault_api_key || @config.vault_master_key || @config.secret_key
+        !key.nil? && !key.empty?
+      end
+
+      def detect_project_id
+        # Try environment variable first
+        return ENV['BRAINZLAB_PROJECT_ID'] if ENV['BRAINZLAB_PROJECT_ID']
+
+        # Could also detect from Platform API if we have a secret key
+        nil
+      end
+    end
+  end
+end