legion-data 1.7.3 → 1.8.0

data/lib/legion/data/migrations/090_create_llm_registry_events.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:llm_registry_events) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      String :provider, size: 128
+      String :model_key, size: 255
+      String :event_type, size: 128, null: false
+      String :status, size: 64, null: false
+      String :reason, text: true
+      DateTime :recorded_at
+      DateTime :inserted_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      index :uuid
+      index %i[provider model_key]
+      index :event_type
+      index :status
+      index :recorded_at
+    end
+  end
+end

data/lib/legion/data/migrations/091_create_portable_identity_providers.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:portable_identity_providers) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      String :name, size: 255, null: false, unique: true
+      String :provider_type, size: 64, null: false
+      String :facing, size: 32, null: false
+      Integer :priority, null: false, default: 100
+      Integer :trust_weight, null: false, default: 50
+      String :source, size: 64, null: false, default: 'gem'
+      TrueClass :enabled, null: false, default: true
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      index :uuid
+      index :name
+      index :provider_type
+      index :enabled
+    end
+
+    create_table(:portable_identity_provider_capabilities) do
+      primary_key :id
+      foreign_key :provider_id, :portable_identity_providers, null: false, on_delete: :cascade
+      String :capability_key, size: 128, null: false
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      unique %i[provider_id capability_key]
+      index :provider_id
+      index :capability_key
+    end
+  end
+end

data/lib/legion/data/migrations/092_create_portable_identity_principals.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:portable_identity_principals) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      String :canonical_name, size: 255, null: false
+      String :kind, size: 64, null: false
+      String :employee_key, size: 255
+      String :display_name, size: 255
+      TrueClass :active, null: false, default: true
+      DateTime :last_seen_at
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      unique %i[canonical_name kind]
+      index :uuid
+      index :canonical_name
+      index :kind
+      index :employee_key
+      index :active
+    end
+  end
+end

data/lib/legion/data/migrations/093_create_portable_identities.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:portable_identities) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      foreign_key :principal_id, :portable_identity_principals, null: false, on_delete: :cascade
+      foreign_key :provider_id, :portable_identity_providers, null: false, on_delete: :cascade
+      String :provider_identity_key, size: 255, null: false
+      String :profile_ciphertext, text: true
+      TrueClass :active, null: false, default: true
+      DateTime :last_authenticated_at
+      String :account_type, size: 64, null: false, default: 'primary'
+      String :qualifier, size: 255
+      TrueClass :is_default, null: false, default: false
+      String :link_evidence, text: true
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      unique %i[principal_id provider_id provider_identity_key]
+      index :uuid
+      index :principal_id
+      index :provider_id
+      index :provider_identity_key
+      index %i[provider_id provider_identity_key]
+      index :active
+      index :is_default
+    end
+  end
+end

data/lib/legion/data/migrations/094_create_portable_identity_groups.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:portable_identity_groups) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      String :name, size: 255, null: false, unique: true
+      String :source, size: 64, null: false, default: 'ldap'
+      String :description, text: true
+      TrueClass :active, null: false, default: true
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      index :uuid
+      index :name
+      index :source
+      index :active
+    end
+  end
+end

data/lib/legion/data/migrations/095_create_portable_identity_group_memberships.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:portable_identity_group_memberships) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      foreign_key :principal_id, :portable_identity_principals, null: false, on_delete: :cascade
+      foreign_key :group_id, :portable_identity_groups, null: false, on_delete: :cascade
+      String :status, size: 32, null: false, default: 'active'
+      String :discovered_by, size: 255, null: false
+      Integer :trust_weight, null: false, default: 50
+      DateTime :expires_at
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      unique %i[principal_id group_id discovered_by]
+      index :uuid
+      index :principal_id
+      index :group_id
+      index :status
+      index %i[principal_id status]
+    end
+  end
+end

data/lib/legion/data/migrations/096_create_portable_identity_audit_log.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:portable_identity_audit_log) do
+      primary_key :id
+      String :uuid, size: 36, null: false, unique: true
+      foreign_key :principal_id, :portable_identity_principals, on_delete: :set_null
+      foreign_key :identity_id, :portable_identities, on_delete: :set_null
+      String :provider_name, size: 255, null: false
+      String :event_type, size: 128, null: false
+      String :trust_level, size: 64
+      String :detail_payload, text: true
+      String :node_ref, size: 255
+      String :session_ref, size: 255
+      DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+
+      index :uuid
+      index :principal_id
+      index :identity_id
+      index :event_type
+      index :created_at
+      index %i[principal_id event_type created_at]
+    end
+  end
+end

data/lib/legion/data/migrations/097_add_llm_dispatch_fields.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    alter_table(:llm_message_inference_requests) do
+      add_column :operation, String, size: 64, null: false, default: 'chat'
+      add_column :correlation_id, String, size: 64
+      add_column :idempotency_key, String, size: 128
+    end
+
+    alter_table(:llm_message_inference_responses) do
+      add_column :provider_instance, String, size: 128
+      add_column :dispatch_path, String, size: 32
+    end
+  end
+end

data/lib/legion/data/model.rb

@@ -14,7 +14,17 @@ module Legion
           %w[extension function relationship chain task runner node setting digital_worker
              apollo_entry apollo_relation apollo_expertise apollo_access_log audit_log
              audit_record identity_provider principal identity identity_group
-             identity_group_membership identity_audit_log extract_step_timing]
+             identity_group_membership identity_audit_log extract_step_timing
+             identity/identity identity/principal identity/providers identity/group
+             identity/group_memberships identity/audit_log
+             apollo/entries apollo/relation apollo/access_log apollo/expertise
+             apollo/operation
+             rbac/role_assignments rbac/runner_grants rbac/cross_team_grants
+             llm/conversation llm/message llm/message_inference_request
+             llm/message_inference_response llm/route_attempt
+             llm/message_inference_metric llm/tool_call llm/tool_call_attempt
+             llm/conversation_compaction llm/policy_evaluation
+             llm/security_event llm/registry_event]
         end
 
         def load

data/lib/legion/data/models/apollo/access_log.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Apollo::ModelHelpers.table_available?(:apollo_access_log)
+
+module Legion
+  module Data
+    module Model
+      module Apollo
+        class AccessLog < Sequel::Model(:apollo_access_log)
+          many_to_one :entry, class: 'Legion::Data::Model::Apollo::Entry', key: :entry_id
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo/entries.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Apollo::ModelHelpers.table_available?(:apollo_entries)
+
+module Legion
+  module Data
+    module Model
+      module Apollo
+        class Entry < Sequel::Model(:apollo_entries)
+          one_to_many :outgoing_relations, class: 'Legion::Data::Model::Apollo::Relation',
+                                           key:   :from_entry_id
+          one_to_many :incoming_relations, class: 'Legion::Data::Model::Apollo::Relation',
+                                           key:   :to_entry_id
+          one_to_many :access_logs, class: 'Legion::Data::Model::Apollo::AccessLog',
+                                    key:   :entry_id
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo/expertise.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Apollo::ModelHelpers.table_available?(:apollo_expertise)
+
+module Legion
+  module Data
+    module Model
+      module Apollo
+        class Expertise < Sequel::Model(:apollo_expertise)
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo/model_helpers.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Legion
+  module Data
+    module Model
+      module Apollo
+        module ModelHelpers
+          def self.table_available?(table_name)
+            Legion::Data::Connection.sequel&.table_exists?(table_name)
+          rescue StandardError
+            false
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo/operation.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Apollo::ModelHelpers.table_available?(:apollo_operations)
+
+module Legion
+  module Data
+    module Model
+      module Apollo
+        class Operation < Sequel::Model(:apollo_operations)
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo/relation.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Apollo::ModelHelpers.table_available?(:apollo_relations)
+
+module Legion
+  module Data
+    module Model
+      module Apollo
+        class Relation < Sequel::Model(:apollo_relations)
+          many_to_one :from_entry, class: 'Legion::Data::Model::Apollo::Entry', key: :from_entry_id
+          many_to_one :to_entry, class: 'Legion::Data::Model::Apollo::Entry', key: :to_entry_id
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/function.rb

@@ -11,6 +11,7 @@ module Legion
         many_to_one :runner
         one_to_many :trigger_relationships, class: 'Legion::Data::Model::Relationship', key: :trigger_id
         one_to_many :action_relationships, class: 'Legion::Data::Model::Relationship', key: :action_id
+        one_to_many :tasks
 
         def embedding_vector
           return nil unless embedding

data/lib/legion/data/models/identity/audit_log.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Identity::ModelHelpers.table_available?(:portable_identity_audit_log)
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        class AuditLog < Sequel::Model(:portable_identity_audit_log)
+          include ModelHelpers
+
+          many_to_one :principal, class: 'Legion::Data::Model::Identity::Principal'
+          many_to_one :identity, class: 'Legion::Data::Model::Identity::Identity'
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity/group.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Identity::ModelHelpers.table_available?(:portable_identity_groups)
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        class Group < Sequel::Model(:portable_identity_groups)
+          include ModelHelpers
+
+          one_to_many :memberships, class: 'Legion::Data::Model::Identity::GroupMembership', key: :group_id
+          many_to_many :principals,
+                       class:      'Legion::Data::Model::Identity::Principal',
+                       join_table: :portable_identity_group_memberships,
+                       left_key:   :group_id,
+                       right_key:  :principal_id
+
+          def self.lookup_columns
+            %i[id uuid name]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity/group_memberships.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Identity::ModelHelpers.table_available?(:portable_identity_group_memberships)
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        class GroupMembership < Sequel::Model(:portable_identity_group_memberships)
+          include ModelHelpers
+
+          many_to_one :principal, class: 'Legion::Data::Model::Identity::Principal'
+          many_to_one :group, class: 'Legion::Data::Model::Identity::Group'
+
+          def expired?
+            status == 'expired' || (expires_at && Time.now >= expires_at)
+          end
+
+          def stale?
+            status == 'stale'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity/identity.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Identity::ModelHelpers.table_available?(:portable_identities)
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        class Identity < Sequel::Model(:portable_identities)
+          include ModelHelpers
+
+          many_to_one :principal, class: 'Legion::Data::Model::Identity::Principal'
+          many_to_one :provider, class: 'Legion::Data::Model::Identity::Provider', key: :provider_id
+
+          def self.lookup_columns
+            %i[id uuid provider_identity_key]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity/model_helpers.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        module ModelHelpers
+          def self.included(model)
+            model.extend(ClassMethods)
+          end
+
+          def self.table_available?(table_name)
+            Legion::Data::Connection.sequel&.table_exists?(table_name)
+          rescue StandardError
+            false
+          end
+
+          module ClassMethods
+            def lookup(value)
+              lookup_by_columns(value, lookup_columns)
+            end
+
+            def lookup_by_columns(value, lookup_columns)
+              normalized = normalize_lookup_value(value)
+              return if normalized.nil?
+
+              lookup_columns.each do |column|
+                next unless columns.include?(column)
+
+                query_value = lookup_query_value(column, normalized)
+                next if query_value == :skip
+
+                record = where(column => query_value).first
+                return record if record
+              end
+
+              nil
+            end
+
+            private
+
+            def lookup_columns
+              %i[id uuid name]
+            end
+
+            def normalize_lookup_value(value)
+              normalized = value.is_a?(String) ? value.strip : value
+              return if normalized.respond_to?(:empty?) && normalized.empty?
+
+              normalized
+            end
+
+            def lookup_query_value(column, value)
+              case column
+              when :id
+                return value.to_i if integer_lookup_value?(value)
+                return value.to_s if uuid_lookup_value?(value) && !columns.include?(:uuid)
+
+                :skip
+              when :uuid
+                uuid_lookup_value?(value) ? value.to_s : :skip
+              else
+                value.to_s
+              end
+            end
+
+            def integer_lookup_value?(value)
+              value.is_a?(Integer) || value.to_s.match?(/\A\d+\z/)
+            end
+
+            def uuid_lookup_value?(value)
+              value.to_s.match?(/\A[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\z/i)
+            end
+          end
+
+          def before_create
+            self[:uuid] ||= SecureRandom.uuid if self.class.columns.include?(:uuid)
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity/principal.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Identity::ModelHelpers.table_available?(:portable_identity_principals)
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        class Principal < Sequel::Model(:portable_identity_principals)
+          include ModelHelpers
+
+          one_to_many :identities, class: 'Legion::Data::Model::Identity::Identity'
+          one_to_many :group_memberships, class: 'Legion::Data::Model::Identity::GroupMembership'
+          many_to_many :groups,
+                       class:      'Legion::Data::Model::Identity::Group',
+                       join_table: :portable_identity_group_memberships,
+                       left_key:   :principal_id,
+                       right_key:  :group_id
+
+          def self.lookup_columns
+            %i[id uuid canonical_name employee_key]
+          end
+
+          def active_groups
+            group_memberships_dataset
+              .where(status: 'active')
+              .eager(:group)
+              .all
+              .map(&:group)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity/providers.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative 'model_helpers'
+
+return unless Legion::Data::Model::Identity::ModelHelpers.table_available?(:portable_identity_providers)
+
+module Legion
+  module Data
+    module Model
+      class Identity
+        class Provider < Sequel::Model(:portable_identity_providers)
+          include ModelHelpers
+
+          one_to_many :identities, class: 'Legion::Data::Model::Identity::Identity', key: :provider_id
+          one_to_many :capabilities,
+                      class: 'Legion::Data::Model::Identity::ProviderCapability',
+                      key:   :provider_id
+
+          def self.lookup_columns
+            %i[id uuid name]
+          end
+
+          def parsed_capabilities
+            capabilities_dataset.select_map(:capability_key)
+          end
+        end
+
+        class ProviderCapability < Sequel::Model(:portable_identity_provider_capabilities)
+          many_to_one :provider, class: 'Legion::Data::Model::Identity::Provider'
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/identity.rb

@@ -1,14 +1,22 @@
 # frozen_string_literal: true
 
+require_relative 'identity/model_helpers'
+
 return unless Legion::Data::Connection.adapter == :postgres
 
 module Legion
   module Data
     module Model
       class Identity < Sequel::Model(:identities)
+        include ModelHelpers
+
         many_to_one :principal, class: 'Legion::Data::Model::Principal'
         many_to_one :provider, class: 'Legion::Data::Model::IdentityProvider', key: :provider_id
 
+        def self.lookup_columns
+          %i[id uuid provider_identity_key provider_identity]
+        end
+
         if defined?(Legion::Data::Encryption::SequelPlugin)
           plugin Legion::Data::Encryption::SequelPlugin
           encrypted_column :profile

data/lib/legion/data/models/identity_group.rb

@@ -1,12 +1,25 @@
 # frozen_string_literal: true
 
+require_relative 'identity/model_helpers'
+
 return unless Legion::Data::Connection.adapter == :postgres
 
 module Legion
   module Data
     module Model
       class IdentityGroup < Sequel::Model(:identity_groups)
+        include Identity::ModelHelpers
+
         one_to_many :memberships, class: 'Legion::Data::Model::IdentityGroupMembership', key: :group_id
+        many_to_many :principals,
+                     class:      'Legion::Data::Model::Principal',
+                     join_table: :identity_group_memberships,
+                     left_key:   :group_id,
+                     right_key:  :principal_id
+
+        def self.lookup_columns
+          %i[id uuid name]
+        end
       end
     end
   end