RubyGems - legate - Versions diffs - 0.1.0 - Mend

legate 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

checksums.yaml +7 -0
data/LICENSE +21 -0
data/README.md +345 -0
data/bin/legate +13 -0
data/examples/00_quickstart.rb +51 -0
data/examples/01_simple_agent.rb +105 -0
data/examples/02_multi_tool_agent.rb +140 -0
data/examples/03_custom_tool.rb +93 -0
data/examples/04_agent_instructions.rb +84 -0
data/examples/05_state_and_sessions.rb +91 -0
data/examples/06_callbacks.rb +186 -0
data/examples/07_async_jobs.rb +112 -0
data/examples/08_loop_agent.rb +197 -0
data/examples/09_sequential_workflow.rb +40 -0
data/examples/10_parallel_workflow.rb +34 -0
data/examples/11_agent_delegation.rb +24 -0
data/examples/12_http_client_tool.rb +156 -0
data/examples/13_authentication.rb +220 -0
data/examples/14_mcp_client.rb +154 -0
data/examples/15_mcp_server.rb +79 -0
data/examples/16_webhooks.rb +91 -0
data/examples/README_sequential_agents.md +164 -0
data/examples/advanced/auth/cookie_auth_tool.rb +146 -0
data/examples/advanced/auth/custom_auth_flows_example.rb +626 -0
data/examples/advanced/auth/excon_middleware.rb +317 -0
data/examples/advanced/auth/excon_middleware_auth.rb +399 -0
data/examples/advanced/auth/fiber_auth_example.rb +281 -0
data/examples/advanced/auth/fiber_oidc_example.rb +403 -0
data/examples/advanced/auth/httpbin_bearer_tool.rb +159 -0
data/examples/advanced/auth/oauth2_auth.rb +419 -0
data/examples/advanced/auth/oidc_auth.rb +514 -0
data/examples/advanced/auth/openweather_api.rb +251 -0
data/examples/advanced/auth/openweather_tool.rb +153 -0
data/examples/advanced/auth/query_param_middleware_test.rb +138 -0
data/examples/advanced/auth/service_account.rb +135 -0
data/examples/advanced/auth/test_with_httpbin.rb +202 -0
data/examples/advanced/auth/token_lifecycle_example.rb +428 -0
data/examples/advanced/callback_monitoring.rb +679 -0
data/examples/advanced/mas/fixed_delegation_example.rb +191 -0
data/examples/advanced/mas/loop_workflow.rb +28 -0
data/examples/advanced/mas/mock_planner.rb +77 -0
data/examples/advanced/mas/proper_delegation_example.rb +276 -0
data/examples/advanced/mcp/legate_mcp_server_resource_example.rb +182 -0
data/examples/advanced/mcp/mcp_resource_server_example.rb +309 -0
data/examples/advanced/mcp/mcp_server_async.rb +76 -0
data/examples/advanced/mcp/mcp_server_async_tools.rb +122 -0
data/examples/advanced/mcp/mcp_server_legate_agent.rb +95 -0
data/examples/advanced/mcp/mcp_server_rack.rb +89 -0
data/examples/advanced/random_calculator.rb +104 -0
data/examples/advanced/sleep_agent.rb +153 -0
data/examples/advanced/webhooks/webhook_e2e_runner.rb +110 -0
data/examples/advanced/webhooks/webhook_receiver_agent.rb +58 -0
data/examples/advanced/workflows/task_refinement_loop_agent.rb +278 -0
data/examples/advanced/workflows/travel_planner_auto_sequential.rb +444 -0
data/examples/advanced/workflows/travel_planner_parallel.rb +656 -0
data/examples/advanced/workflows/travel_planner_sequential.rb +512 -0
data/examples/tools/oauth2_example.rb +136 -0
data/examples/tools/sleepy_tool.rb +42 -0
data/lib/legate/activity_log.rb +71 -0
data/lib/legate/agent.rb +959 -0
data/lib/legate/agent_code_generator.rb +185 -0
data/lib/legate/agent_definition.rb +812 -0
data/lib/legate/agentic/decision.rb +49 -0
data/lib/legate/agentic/loop.rb +134 -0
data/lib/legate/agentic.rb +5 -0
data/lib/legate/agents/loop_agent.rb +248 -0
data/lib/legate/agents/parallel_agent.rb +163 -0
data/lib/legate/agents/sequential_agent.rb +190 -0
data/lib/legate/agents.rb +14 -0
data/lib/legate/auth/config.rb +148 -0
data/lib/legate/auth/coordinator.rb +218 -0
data/lib/legate/auth/coordinators/oauth2_coordinator.rb +99 -0
data/lib/legate/auth/coordinators/oidc_coordinator.rb +68 -0
data/lib/legate/auth/coordinators/service_account_coordinator.rb +122 -0
data/lib/legate/auth/credential.rb +157 -0
data/lib/legate/auth/encryption.rb +108 -0
data/lib/legate/auth/error.rb +94 -0
data/lib/legate/auth/exchanged_credential.rb +180 -0
data/lib/legate/auth/excon_middleware.rb +285 -0
data/lib/legate/auth/http_client_utils.rb +364 -0
data/lib/legate/auth/manager.rb +531 -0
data/lib/legate/auth/manager_store.rb +394 -0
data/lib/legate/auth/middleware_factory.rb +290 -0
data/lib/legate/auth/runner.rb +279 -0
data/lib/legate/auth/scheme.rb +125 -0
data/lib/legate/auth/schemes/api_key.rb +212 -0
data/lib/legate/auth/schemes/google_service_account.rb +108 -0
data/lib/legate/auth/schemes/http_bearer.rb +98 -0
data/lib/legate/auth/schemes/oauth2.rb +396 -0
data/lib/legate/auth/schemes/openid_connect.rb +346 -0
data/lib/legate/auth/schemes/service_account.rb +388 -0
data/lib/legate/auth/schemes.rb +40 -0
data/lib/legate/auth/token_manager.rb +362 -0
data/lib/legate/auth/token_store.rb +86 -0
data/lib/legate/auth/tool_context_extension.rb +97 -0
data/lib/legate/auth/tool_integration.rb +188 -0
data/lib/legate/auth/url_guard.rb +81 -0
data/lib/legate/auth.rb +453 -0
data/lib/legate/callbacks/callback_context.rb +71 -0
data/lib/legate/cli/agent_commands.rb +950 -0
data/lib/legate/cli/auth_commands.rb +520 -0
data/lib/legate/cli/base_command.rb +24 -0
data/lib/legate/cli/deployment_commands.rb +934 -0
data/lib/legate/cli/output_helper.rb +108 -0
data/lib/legate/cli/session_commands.rb +138 -0
data/lib/legate/cli/skaffold_commands.rb +223 -0
data/lib/legate/cli/tool_commands.rb +261 -0
data/lib/legate/cli/web_commands.rb +182 -0
data/lib/legate/cli.rb +40 -0
data/lib/legate/configuration/webhooks.rb +113 -0
data/lib/legate/configuration.rb +39 -0
data/lib/legate/definition_store.rb +23 -0
data/lib/legate/errors.rb +118 -0
data/lib/legate/event.rb +161 -0
data/lib/legate/gemini_ai_beta_patch.rb +39 -0
data/lib/legate/generators/agent_generator.rb +412 -0
data/lib/legate/generators/code_validator.rb +48 -0
data/lib/legate/generators/legate/install_generator.rb +35 -0
data/lib/legate/generators/legate/templates/create_legate_tables.rb.tt +36 -0
data/lib/legate/generators/legate/templates/initializer.rb +18 -0
data/lib/legate/generators/runtime_tool_loader.rb +76 -0
data/lib/legate/generators/tool_generator.rb +408 -0
data/lib/legate/generators.rb +11 -0
data/lib/legate/global_definition_registry.rb +506 -0
data/lib/legate/global_tool_manager.rb +135 -0
data/lib/legate/llm/adapter.rb +69 -0
data/lib/legate/llm/gemini.rb +172 -0
data/lib/legate/llm/ollama.rb +80 -0
data/lib/legate/llm.rb +34 -0
data/lib/legate/mcp/client.rb +320 -0
data/lib/legate/mcp/connection/sse.rb +292 -0
data/lib/legate/mcp/connection/stdio.rb +273 -0
data/lib/legate/mcp/connection_manager.rb +103 -0
data/lib/legate/mcp/server/legate_agent_adapter.rb +170 -0
data/lib/legate/mcp/server/legate_direct_agent_adapter.rb +140 -0
data/lib/legate/mcp/server/legate_tool_adapter.rb +119 -0
data/lib/legate/mcp/tool_wrapper.rb +138 -0
data/lib/legate/mcp/util/schema_converter.rb +134 -0
data/lib/legate/mcp.rb +23 -0
data/lib/legate/plan_executor.rb +375 -0
data/lib/legate/planner.rb +839 -0
data/lib/legate/rails/railtie.rb +43 -0
data/lib/legate/rails.rb +9 -0
data/lib/legate/redaction.rb +32 -0
data/lib/legate/session.rb +299 -0
data/lib/legate/session_service/active_record.rb +300 -0
data/lib/legate/session_service/base.rb +68 -0
data/lib/legate/session_service/event_broadcast.rb +74 -0
data/lib/legate/session_service/in_memory.rb +188 -0
data/lib/legate/tool/metadata_dsl.rb +122 -0
data/lib/legate/tool.rb +276 -0
data/lib/legate/tool_code_generator.rb +103 -0
data/lib/legate/tool_context.rb +350 -0
data/lib/legate/tool_loader.rb +39 -0
data/lib/legate/tool_registry.rb +73 -0
data/lib/legate/tool_result.rb +61 -0
data/lib/legate/tools/agent_tool.rb +187 -0
data/lib/legate/tools/base/http_client.rb +319 -0
data/lib/legate/tools/base/safe_url.rb +56 -0
data/lib/legate/tools/base_async_job_tool.rb +91 -0
data/lib/legate/tools/calculator.rb +89 -0
data/lib/legate/tools/cat_facts.rb +81 -0
data/lib/legate/tools/check_job_status_tool.rb +48 -0
data/lib/legate/tools/current_time_tool.rb +64 -0
data/lib/legate/tools/echo.rb +43 -0
data/lib/legate/tools/http_request_tool.rb +105 -0
data/lib/legate/tools/random_number_tool.rb +64 -0
data/lib/legate/tools/read_webpage_tool.rb +92 -0
data/lib/legate/tools/sleepy_tool.rb +74 -0
data/lib/legate/tools/webhook_tool.rb +146 -0
data/lib/legate/version.rb +5 -0
data/lib/legate/web/app.rb +984 -0
data/lib/legate/web/public/css/main.css +4980 -0
data/lib/legate/web/public/images/favicon-256.png +0 -0
data/lib/legate/web/public/images/favicon-32.png +0 -0
data/lib/legate/web/public/images/legate-logo-dark.png +0 -0
data/lib/legate/web/public/images/legate-logo-light.png +0 -0
data/lib/legate/web/public/js/legate.js +616 -0
data/lib/legate/web/public/styles/main.scss +4402 -0
data/lib/legate/web/routes/agent_authentication_routes.rb +530 -0
data/lib/legate/web/routes/agent_definition_routes.rb +803 -0
data/lib/legate/web/routes/agent_generator_routes.rb +80 -0
data/lib/legate/web/routes/agent_interaction_routes.rb +734 -0
data/lib/legate/web/routes/agent_runtime_routes.rb +323 -0
data/lib/legate/web/routes/api_routes.rb +56 -0
data/lib/legate/web/routes/authentication_routes.rb +1541 -0
data/lib/legate/web/routes/core_routes.rb +111 -0
data/lib/legate/web/routes/documentation_routes.rb +220 -0
data/lib/legate/web/routes/tool_generator_routes.rb +81 -0
data/lib/legate/web/routes/tools_ui_routes.rb +207 -0
data/lib/legate/web/sass_compiler.rb +73 -0
data/lib/legate/web/views/_active_session_info.slim +25 -0
data/lib/legate/web/views/_activity_list.slim +55 -0
data/lib/legate/web/views/_agent_card.slim +56 -0
data/lib/legate/web/views/_agent_generator_modal.slim +382 -0
data/lib/legate/web/views/_agent_status_controls.slim +71 -0
data/lib/legate/web/views/_agent_tool_table.slim +74 -0
data/lib/legate/web/views/_chat_message.slim +95 -0
data/lib/legate/web/views/_display_agent_configuration.slim +26 -0
data/lib/legate/web/views/_display_agent_description.slim +11 -0
data/lib/legate/web/views/_display_agent_fallback.slim +15 -0
data/lib/legate/web/views/_display_agent_hierarchy.slim +93 -0
data/lib/legate/web/views/_display_agent_instruction.slim +17 -0
data/lib/legate/web/views/_display_agent_mcp.slim +13 -0
data/lib/legate/web/views/_display_agent_model.slim +17 -0
data/lib/legate/web/views/_display_agent_name.slim +42 -0
data/lib/legate/web/views/_display_agent_output_key.slim +26 -0
data/lib/legate/web/views/_display_agent_type.slim +65 -0
data/lib/legate/web/views/_edit_agent_configuration.slim +74 -0
data/lib/legate/web/views/_edit_agent_description.slim +16 -0
data/lib/legate/web/views/_edit_agent_fallback.slim +25 -0
data/lib/legate/web/views/_edit_agent_hierarchy.slim +98 -0
data/lib/legate/web/views/_edit_agent_instruction.slim +49 -0
data/lib/legate/web/views/_edit_agent_mcp.slim +33 -0
data/lib/legate/web/views/_edit_agent_model.slim +23 -0
data/lib/legate/web/views/_edit_agent_output_key.slim +36 -0
data/lib/legate/web/views/_edit_agent_tools.slim +40 -0
data/lib/legate/web/views/_edit_agent_type.slim +67 -0
data/lib/legate/web/views/_session_error.slim +4 -0
data/lib/legate/web/views/_skeleton.slim +69 -0
data/lib/legate/web/views/_tool_card.slim +9 -0
data/lib/legate/web/views/_tool_generator_modal.slim +311 -0
data/lib/legate/web/views/agent.slim +436 -0
data/lib/legate/web/views/agent_auth.slim +562 -0
data/lib/legate/web/views/agents.slim +369 -0
data/lib/legate/web/views/auth.slim +112 -0
data/lib/legate/web/views/auth_credential_detail.slim +327 -0
data/lib/legate/web/views/auth_credentials.slim +261 -0
data/lib/legate/web/views/auth_debug.slim +94 -0
data/lib/legate/web/views/auth_mapping_detail.slim +151 -0
data/lib/legate/web/views/auth_mapping_new.slim +123 -0
data/lib/legate/web/views/auth_mappings.slim +120 -0
data/lib/legate/web/views/auth_scheme_detail.slim +274 -0
data/lib/legate/web/views/auth_schemes.slim +259 -0
data/lib/legate/web/views/auth_test.slim +418 -0
data/lib/legate/web/views/chat.slim +192 -0
data/lib/legate/web/views/docs_index.slim +105 -0
data/lib/legate/web/views/docs_show.slim +105 -0
data/lib/legate/web/views/error_404.slim +5 -0
data/lib/legate/web/views/index.slim +148 -0
data/lib/legate/web/views/layout.slim +144 -0
data/lib/legate/web/views/tool_detail.slim +87 -0
data/lib/legate/web/views/tools.slim +50 -0
data/lib/legate/web/webhook_listener.rb +367 -0
data/lib/legate/web.rb +9 -0
data/lib/legate.rb +220 -0
data/public/docs/advanced/callbacks.md +828 -0
data/public/docs/advanced/mcp_schema_conversion.md +59 -0
data/public/docs/authentication/api_reference/config.md +210 -0
data/public/docs/authentication/api_reference/credential.md +246 -0
data/public/docs/authentication/api_reference/encryption.md +218 -0
data/public/docs/authentication/api_reference/exchanged_credential.md +271 -0
data/public/docs/authentication/api_reference/excon_middleware.md +175 -0
data/public/docs/authentication/api_reference/index.md +30 -0
data/public/docs/authentication/api_reference/scheme.md +250 -0
data/public/docs/authentication/api_reference/schemes/api_key.md +175 -0
data/public/docs/authentication/api_reference/schemes/google_service_account.md +221 -0
data/public/docs/authentication/api_reference/schemes/http_bearer.md +169 -0
data/public/docs/authentication/api_reference/schemes/oauth2.md +343 -0
data/public/docs/authentication/api_reference/schemes/oidc.md +73 -0
data/public/docs/authentication/api_reference/schemes/openid_connect.md +311 -0
data/public/docs/authentication/api_reference/schemes/service_account.md +287 -0
data/public/docs/authentication/api_reference/token_manager.md +221 -0
data/public/docs/authentication/api_reference/token_store.md +146 -0
data/public/docs/authentication/api_reference/tool_context_extension.md +166 -0
data/public/docs/authentication/guides/api_key.md +190 -0
data/public/docs/authentication/guides/bearer.md +172 -0
data/public/docs/authentication/guides/configuration.md +255 -0
data/public/docs/authentication/guides/custom_flow.md +523 -0
data/public/docs/authentication/guides/index.md +24 -0
data/public/docs/authentication/guides/migration.md +435 -0
data/public/docs/authentication/guides/oauth2.md +252 -0
data/public/docs/authentication/guides/oidc.md +241 -0
data/public/docs/authentication/guides/overview.md +155 -0
data/public/docs/authentication/guides/secure_storage.md +301 -0
data/public/docs/authentication/guides/service_account.md +228 -0
data/public/docs/authentication/guides/token_lifecycle.md +295 -0
data/public/docs/authentication/guides/web_ui_integration.md +504 -0
data/public/docs/authentication/index.md +58 -0
data/public/docs/authentication/troubleshooting/credential_storage.md +550 -0
data/public/docs/authentication/troubleshooting/environment_variables.md +540 -0
data/public/docs/authentication/troubleshooting/index.md +11 -0
data/public/docs/authentication/troubleshooting/oauth2_issues.md +220 -0
data/public/docs/authentication/troubleshooting/oidc_issues.md +412 -0
data/public/docs/authentication/troubleshooting/token_refresh.md +338 -0
data/public/docs/cli/legate_cli_usage.md +363 -0
data/public/docs/core_concepts/legate_agent_lifecycle.md +124 -0
data/public/docs/core_concepts/legate_architecture_overview.md +110 -0
data/public/docs/core_concepts/legate_configuration.md +116 -0
data/public/docs/core_concepts/legate_definition_store.md +102 -0
data/public/docs/core_concepts/legate_planner.md +94 -0
data/public/docs/core_concepts/legate_session_service.md +104 -0
data/public/docs/error_handling/legate_error_handling.md +122 -0
data/public/docs/examples.md +199 -0
data/public/docs/getting_started.md +111 -0
data/public/docs/guides/agentic_agents.md +137 -0
data/public/docs/guides/ai_code_generators.md +437 -0
data/public/docs/guides/auto_loading.md +326 -0
data/public/docs/guides/configuring_agent_webhooks.md +219 -0
data/public/docs/guides/http_client_usage.md +264 -0
data/public/docs/guides/llm_providers.md +137 -0
data/public/docs/guides/mcp_client_integration.md +232 -0
data/public/docs/guides/mcp_server_exposure.md +206 -0
data/public/docs/guides/rails_integration.md +128 -0
data/public/docs/guides/sending_outbound_webhooks.md +227 -0
data/public/docs/guides/streaming.md +112 -0
data/public/docs/guides/webhooks.md +288 -0
data/public/docs/introduction.md +51 -0
data/public/docs/multi_agent_systems/advanced_features.md +57 -0
data/public/docs/multi_agent_systems/agent_delegation.md +190 -0
data/public/docs/multi_agent_systems/agent_hierarchy.md +49 -0
data/public/docs/multi_agent_systems/state_management.md +47 -0
data/public/docs/multi_agent_systems/workflow_agents.md +72 -0
data/public/docs/tools/legate_built_in_tools.md +332 -0
data/public/docs/tools/legate_tools_and_registry.md +263 -0
data/public/docs/web_ui/legate_web_ui.md +137 -0
metadata +823 -0

data/lib/legate/auth/manager.rb ADDED Viewed

@@ -0,0 +1,531 @@
+# File: lib/legate/auth/manager.rb
+# frozen_string_literal: true
+require 'singleton'
+require_relative '../errors'
+require_relative 'error'
+require_relative 'credential'
+require_relative 'manager_store'
+require_relative 'schemes/api_key'
+require_relative 'schemes/http_bearer'
+require_relative 'schemes/oauth2'
+require_relative 'schemes/openid_connect'
+require_relative 'schemes/service_account'
+require_relative 'schemes/google_service_account'
+module Legate
+  module Auth
+    # The AuthManager is a singleton that manages authentication schemes and credentials.
+    # It provides a centralized registry for authentication schemes and credentials,
+    # as well as methods for finding the appropriate scheme and credential for a given URL.
+    class Manager
+      include Singleton
+      # @return [Legate::Auth::ManagerStore::RedisStore, Legate::Auth::ManagerStore::InMemoryStore, nil]
+      attr_reader :store
+      # Read access to the registered schemes/credentials/url-mappings. Exposed so
+      # callers (e.g. the web routes) don't reach in via instance_variable_get.
+      # @return [Hash{Symbol => Legate::Auth::Scheme}]
+      attr_reader :schemes
+      # @return [Hash{Symbol => Legate::Auth::Credential}]
+      attr_reader :credentials
+      # @return [Array<Hash>]
+      attr_reader :url_mappings
+      def initialize
+        @schemes = {}
+        @credentials = {}
+        @url_mappings = []
+        @store = nil
+        @loaded_from_store = false
+        # Register built-in schemes
+        register_default_schemes
+      end
+      # Set the persistence store and load existing data
+      # @param store [Legate::Auth::ManagerStore::RedisStore, Legate::Auth::ManagerStore::InMemoryStore]
+      # @param load_immediately [Boolean] Whether to load data from store immediately (default: true)
+      def set_store(store, load_immediately: true)
+        @store = store
+        load_from_store if load_immediately && store&.available?
+      end
+      # Load all schemes, credentials, and URL mappings from the store
+      # @return [Boolean] true if successful
+      def load_from_store
+        return false unless @store&.available?
+        return true if @loaded_from_store # Don't reload if already loaded
+        Legate.logger&.info('Loading authentication configuration from store...')
+        # Load credentials first (schemes might depend on them for URL mappings)
+        load_credentials_from_store
+        # Load schemes (will overwrite defaults with stored config)
+        load_schemes_from_store
+        # Load URL mappings
+        load_url_mappings_from_store
+        @loaded_from_store = true
+        Legate.logger&.info('Authentication configuration loaded from store.')
+        true
+      rescue StandardError => e
+        Legate.logger&.error("Failed to load auth config from store: #{e.message}")
+        false
+      end
+      # Force reload from store (useful after external changes)
+      def reload_from_store
+        @loaded_from_store = false
+        load_from_store
+      end
+      # Register an authentication scheme
+      # @param scheme [Legate::Auth::Scheme] The scheme to register
+      # @param name [Symbol, String] Optional name for the scheme (defaults to scheme type)
+      # @param persist [Boolean] Whether to persist to store (default: true)
+      # @return [Symbol] The name the scheme was registered under
+      def register_scheme(scheme, name = nil, persist: true)
+        raise ArgumentError, 'Scheme must be an Legate::Auth::Scheme' unless scheme.is_a?(Legate::Auth::Scheme)
+        # Use scheme type as name if not provided
+        name ||= scheme.scheme_type
+        name = name.to_sym
+        @schemes[name] = scheme
+        # Persist to store if available and persistence is enabled
+        @store&.save_scheme(name, scheme) if persist && @store&.available?
+        name
+      end
+      # Unregister/delete a scheme
+      # @param name [Symbol, String] The scheme name
+      # @param persist [Boolean] Whether to persist the deletion (default: true)
+      # @return [Boolean] true if deleted
+      def unregister_scheme(name, persist: true)
+        name = name.to_sym
+        deleted = @schemes.delete(name)
+        @store&.delete_scheme(name) if persist && deleted && @store&.available?
+        !deleted.nil?
+      end
+      # Register a credential
+      # @param credential [Legate::Auth::Credential] The credential to register
+      # @param name [Symbol, String] The name to register the credential under
+      # @param persist [Boolean] Whether to persist to store (default: true)
+      # @return [Symbol] The name the credential was registered under
+      def register_credential(credential, name, persist: true)
+        raise ArgumentError, 'Credential must be an Legate::Auth::Credential' unless credential.is_a?(Legate::Auth::Credential)
+        raise ArgumentError, 'Name must be provided' if name.nil?
+        name = name.to_sym
+        @credentials[name] = credential
+        # Persist to store if available and persistence is enabled
+        @store&.save_credential(name, credential) if persist && @store&.available?
+        name
+      end
+      # Unregister/delete a credential
+      # @param name [Symbol, String] The credential name
+      # @param persist [Boolean] Whether to persist the deletion (default: true)
+      # @return [Boolean] true if deleted
+      def unregister_credential(name, persist: true)
+        name = name.to_sym
+        deleted = @credentials.delete(name)
+        @store&.delete_credential(name) if persist && deleted && @store&.available?
+        !deleted.nil?
+      end
+      # Register a URL mapping to a scheme and credential
+      # @param url_pattern [String, Regexp] The URL pattern to match
+      # @param scheme_name [Symbol, String] The name of the scheme to use
+      # @param credential_name [Symbol, String] The name of the credential to use
+      # @param persist [Boolean] Whether to persist to store (default: true)
+      def register_url_mapping(url_pattern, scheme_name, credential_name, persist: true)
+        scheme_name = scheme_name.to_sym
+        credential_name = credential_name.to_sym
+        raise ArgumentError, "Unknown scheme: #{scheme_name}" unless @schemes.key?(scheme_name)
+        raise ArgumentError, "Unknown credential: #{credential_name}" unless @credentials.key?(credential_name)
+        @url_mappings << {
+          pattern: url_pattern,
+          scheme_name: scheme_name,
+          credential_name: credential_name
+        }
+        # Persist all URL mappings to store
+        @store&.save_url_mappings(@url_mappings) if persist && @store&.available?
+      end
+      # Remove a URL mapping by index
+      # @param index [Integer] The index of the mapping to remove
+      # @param persist [Boolean] Whether to persist the deletion (default: true)
+      # @return [Boolean] true if removed
+      def remove_url_mapping(index, persist: true)
+        return false if index < 0 || index >= @url_mappings.size
+        @url_mappings.delete_at(index)
+        # Persist all URL mappings to store
+        @store&.save_url_mappings(@url_mappings) if persist && @store&.available?
+        true
+      end
+      # Replaces the full set of URL mappings and persists them. Used by the web
+      # UI, which manages a richer mapping shape (pattern/priority/active) than
+      # register_url_mapping and edits the array in place before saving.
+      # @param mappings [Array<Hash>] the new mapping set
+      # @param persist [Boolean] whether to persist (default: true)
+      # @return [Array<Hash>] the stored mappings
+      def replace_url_mappings(mappings, persist: true)
+        @url_mappings = mappings
+        @store&.save_url_mappings(@url_mappings) if persist && @store&.available?
+        @url_mappings
+      end
+      # Get a registered scheme
+      # @param name [Symbol, String] The name of the scheme
+      # @return [Legate::Auth::Scheme, nil] The scheme or nil if not found
+      def get_scheme(name)
+        @schemes[name.to_sym]
+      end
+      # Get a registered credential
+      # @param name [Symbol, String] The name of the credential
+      # @return [Legate::Auth::Credential, nil] The credential or nil if not found
+      def get_credential(name)
+        @credentials[name.to_sym]
+      end
+      # Find a scheme by type without requiring credentials
+      # @param scheme_type [Symbol, String] The scheme type to find
+      # @return [Legate::Auth::Scheme, nil] The scheme or nil if not found
+      def find_scheme(scheme_type)
+        scheme_sym = scheme_type.to_sym
+        # Try to find by exact scheme_type match first
+        scheme = @schemes.values.find { |s| s.scheme_type == scheme_sym }
+        # If not found by scheme_type, try to find by registration name
+        # This handles cases like :oidc -> OpenIDConnect where scheme_type is :openid_connect
+        scheme ||= @schemes[scheme_sym]
+        # Special mappings for backward compatibility and aliases
+        if scheme.nil?
+          scheme_mappings = {
+            oidc: :openid_connect,
+            openid_connect: :oidc
+          }
+          # Try the mapped scheme type
+          mapped_type = scheme_mappings[scheme_sym]
+          if mapped_type
+            scheme = @schemes.values.find { |s| s.scheme_type == mapped_type } ||
+                     @schemes[mapped_type]
+          end
+        end
+        scheme
+      end
+      # Find the appropriate scheme and credential for a URL
+      # @param url [String] The URL to find a scheme and credential for
+      # @param scheme_type [Symbol, nil] Optional scheme type to filter by
+      # @param credential_name [Symbol, String, nil] Optional credential name to use
+      # @return [Array<Legate::Auth::Scheme, Legate::Auth::Credential>, nil] The scheme and credential, or nil if not found
+      def find_scheme_and_credential(url: nil, scheme_type: nil, credential_name: nil)
+        # Case 1: Direct credential and matching scheme specified
+        if credential_name
+          credential = get_credential(credential_name)
+          return nil unless credential
+          if scheme_type
+            # Find scheme of the specified type
+            scheme = @schemes.values.find { |s| s.scheme_type == scheme_type.to_sym }
+            return [scheme, credential] if scheme
+          else
+            # Try to find a compatible scheme for this credential
+            scheme = find_compatible_scheme(credential)
+            return [scheme, credential] if scheme
+          end
+        end
+        # Case 2: URL matching
+        if url
+          found_mapping = @url_mappings.find do |mapping|
+            pattern = mapping[:pattern]
+            # Check if URL matches the pattern
+            (pattern.is_a?(Regexp) && url =~ pattern) ||
+              (pattern.is_a?(String) && url.include?(pattern))
+          end
+          if found_mapping
+            scheme = get_scheme(found_mapping[:scheme_name])
+            credential = get_credential(found_mapping[:credential_name])
+            # Skip if we're filtering by scheme_type and it doesn't match
+            return nil if scheme_type && scheme.scheme_type != scheme_type.to_sym
+            return [scheme, credential] if scheme && credential
+          end
+          # No matching URL mapping found, if a URL was provided and no mapping matched
+          # but scheme_type was specified, we shouldn't continue to Case 3
+          return nil if scheme_type && url
+        end
+        # Case 3: Just trying to find by scheme_type with any credential
+        if scheme_type
+          scheme_sym = scheme_type.to_sym
+          # Try to find by exact scheme_type match first
+          scheme = @schemes.values.find { |s| s.scheme_type == scheme_sym }
+          # If not found by scheme_type, try to find by registration name
+          # This handles cases like :oidc -> OpenIDConnect where scheme_type is :openid_connect
+          scheme ||= @schemes[scheme_sym]
+          # Special mappings for backward compatibility and aliases
+          if scheme.nil?
+            scheme_mappings = {
+              oidc: :openid_connect,
+              openid_connect: :oidc
+            }
+            # Try the mapped scheme type
+            mapped_type = scheme_mappings[scheme_sym]
+            if mapped_type
+              scheme = @schemes.values.find { |s| s.scheme_type == mapped_type } ||
+                       @schemes[mapped_type]
+            end
+          end
+          return nil unless scheme
+          # Find any compatible credential
+          @credentials.each_value do |cred|
+            return [scheme, cred] if credential_compatible_with_scheme?(cred, scheme)
+          end
+        end
+        nil
+      end
+      private
+      # Register the default built-in schemes
+      def register_default_schemes
+        register_scheme(Legate::Auth::Schemes::ApiKey.new, :api_key)
+        register_scheme(Legate::Auth::Schemes::HTTPBearer.new, :http_bearer)
+        # Set default values for OAuth2 and other schemes regardless of environment
+        oauth2 = Legate::Auth::Schemes::OAuth2.new(
+          authorization_url: 'https://example.com/oauth/authorize',
+          token_url: 'https://example.com/oauth/token'
+        )
+        register_scheme(oauth2, :oauth2)
+        oidc = Legate::Auth::Schemes::OpenIDConnect.new(
+          authorization_url: 'https://example.com/oidc/authorize',
+          token_url: 'https://example.com/oidc/token'
+        )
+        register_scheme(oidc, :oidc)
+        # Set test environment before creating service account schemes
+        # This allows the schemes to be created without requiring real credentials
+        original_env = ENV['RSPEC_ENV']
+        ENV['RSPEC_ENV'] = 'test'
+        begin
+          service_account = Legate::Auth::Schemes::ServiceAccount.new(
+            token_url: 'https://example.com/token'
+          )
+          register_scheme(service_account, :service_account)
+          google_service_account = Legate::Auth::Schemes::GoogleServiceAccount.new(
+            scopes: ['https://www.googleapis.com/auth/cloud-platform']
+          )
+          register_scheme(google_service_account, :google_service_account)
+        ensure
+          # Restore original environment
+          if original_env
+            ENV['RSPEC_ENV'] = original_env
+          else
+            ENV.delete('RSPEC_ENV')
+          end
+        end
+      end
+      # Find a compatible scheme for a credential
+      # @param credential [Legate::Auth::Credential] The credential
+      # @return [Legate::Auth::Scheme, nil] A compatible scheme or nil
+      def find_compatible_scheme(credential)
+        @schemes.each_value do |scheme|
+          return scheme if credential_compatible_with_scheme?(credential, scheme)
+        end
+        nil
+      end
+      # Check if a credential is compatible with a scheme
+      # @param credential [Legate::Auth::Credential] The credential
+      # @param scheme [Legate::Auth::Scheme] The scheme
+      # @return [Boolean] True if compatible
+      def credential_compatible_with_scheme?(credential, scheme)
+        scheme_type = scheme.scheme_type
+        case scheme_type
+        when :api_key
+          credential[:api_key, resolve_env: false]
+        when :http_bearer
+          # Check for bearer token or basic auth credentials
+          credential[:bearer_token, resolve_env: false] ||
+            (credential[:username, resolve_env: false] && credential[:password, resolve_env: false])
+        when :oauth2, :oidc, :openid_connect
+          credential[:client_id, resolve_env: false] &&
+            credential[:client_secret, resolve_env: false]
+        when :service_account, :google_service_account
+          # For service accounts, check for either service_account_key or individual fields
+          credential[:service_account_key, resolve_env: false] ||
+            (credential[:client_email, resolve_env: false] &&
+             credential[:private_key, resolve_env: false])
+        when :basic
+          credential[:username, resolve_env: false] &&
+            credential[:password, resolve_env: false]
+        else
+          false
+        end
+      end
+      # Load credentials from store
+      def load_credentials_from_store
+        return unless @store&.available?
+        stored_credentials = @store.load_all_credentials
+        stored_credentials.each do |name, data|
+          credential = deserialize_credential(data)
+          @credentials[name] = credential if credential
+        rescue StandardError => e
+          Legate.logger&.warn("Failed to load credential '#{name}': #{e.message}")
+        end
+        Legate.logger&.debug("Loaded #{stored_credentials.size} credentials from store")
+      end
+      # Load schemes from store
+      def load_schemes_from_store
+        return unless @store&.available?
+        stored_schemes = @store.load_all_schemes
+        stored_schemes.each do |name, data|
+          scheme = deserialize_scheme(data)
+          @schemes[name] = scheme if scheme
+        rescue StandardError => e
+          Legate.logger&.warn("Failed to load scheme '#{name}': #{e.message}")
+        end
+        Legate.logger&.debug("Loaded #{stored_schemes.size} schemes from store")
+      end
+      # Load URL mappings from store
+      def load_url_mappings_from_store
+        return unless @store&.available?
+        @url_mappings = @store.load_url_mappings
+        Legate.logger&.debug("Loaded #{@url_mappings.size} URL mappings from store")
+      end
+      # Deserialize a credential from stored data
+      # @param data [Hash] The stored credential data
+      # @return [Legate::Auth::Credential, nil]
+      def deserialize_credential(data)
+        return nil unless data && data[:auth_type]
+        auth_type = data[:auth_type].to_sym
+        attributes = data.reject { |k, _| k == :auth_type }
+        Legate::Auth::Credential.new(auth_type: auth_type, **attributes)
+      rescue StandardError => e
+        Legate.logger&.warn("Failed to deserialize credential: #{e.message}")
+        nil
+      end
+      # Deserialize a scheme from stored data
+      # @param data [Hash] The stored scheme data
+      # @return [Legate::Auth::Scheme, nil]
+      def deserialize_scheme(data)
+        return nil unless data && data[:scheme_type]
+        scheme_type = data[:scheme_type].to_sym
+        case scheme_type
+        when :api_key
+          Legate::Auth::Schemes::ApiKey.new(
+            header_name: data[:header_name],
+            query_param_name: data[:query_param_name],
+            location: data[:location]&.to_sym
+          )
+        when :http_bearer
+          Legate::Auth::Schemes::HTTPBearer.new
+        when :oauth2
+          Legate::Auth::Schemes::OAuth2.new(
+            authorization_url: data[:authorization_url] || 'https://example.com/oauth/authorize',
+            token_url: data[:token_url] || 'https://example.com/oauth/token',
+            scopes: data[:scopes],
+            use_pkce: data[:use_pkce],
+            revocation_url: data[:revocation_url]
+          )
+        when :openid_connect, :oidc
+          Legate::Auth::Schemes::OpenIDConnect.new(
+            authorization_url: data[:authorization_url] || 'https://example.com/oidc/authorize',
+            token_url: data[:token_url] || 'https://example.com/oidc/token',
+            scopes: data[:scopes],
+            use_pkce: data[:use_pkce],
+            revocation_url: data[:revocation_url]
+          )
+        when :service_account
+          # Temporarily set test env to allow scheme creation without real credentials
+          original_env = ENV['RSPEC_ENV']
+          ENV['RSPEC_ENV'] = 'test'
+          begin
+            Legate::Auth::Schemes::ServiceAccount.new(
+              token_url: data[:token_url] || 'https://example.com/token'
+            )
+          ensure
+            original_env ? ENV['RSPEC_ENV'] = original_env : ENV.delete('RSPEC_ENV')
+          end
+        when :google_service_account
+          original_env = ENV['RSPEC_ENV']
+          ENV['RSPEC_ENV'] = 'test'
+          begin
+            Legate::Auth::Schemes::GoogleServiceAccount.new(
+              scopes: data[:scopes] || ['https://www.googleapis.com/auth/cloud-platform']
+            )
+          ensure
+            original_env ? ENV['RSPEC_ENV'] = original_env : ENV.delete('RSPEC_ENV')
+          end
+        else
+          Legate.logger&.warn("Unknown scheme type: #{scheme_type}")
+          nil
+        end
+      rescue StandardError => e
+        Legate.logger&.warn("Failed to deserialize scheme: #{e.message}")
+        nil
+      end
+    end
+  end
+end