RubyGems - legion-data - Versions diffs - 1.8.6 → 1.8.8 - Mend

legion-data 1.8.6 → 1.8.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edd18502b1d95a3863975b1144fa9b53cbc1a51d6306f20d2e02cb6b316d488c
-  data.tar.gz: eae1da697b4296e99898852da936a7247791e39e11e2d70fa0d64403e02145d6
+  metadata.gz: 60b8f26149494282c49455aedc216eebf0db867fa359dea9404ca44d09ad9815
+  data.tar.gz: 4da8dfdb277d9ceda6807543f58c2804ae71f938056cff7f8bcd366c4bad9cae
 SHA512:
-  metadata.gz: da91b8a4a865c22dc85853f725eddaacbae069b4550ceebb38cf44cc07ec57c8c29fe0bdabccd0b542a677893af2c6622ac12ae43c8fcb395ae955627729e4f8
-  data.tar.gz: ff3630c3f7f33082ccef8f6b9c30be34e0d0b222c443ad6ff146963b3655d8c4239fa683293954a9fd1f95c8d476a3536b30304289e3c1b476c5c3536ded5297
+  metadata.gz: ef647d212100c659d28847879153403ac1dd42c55c0cb9b1529fd1e17d73f029a912d23988f6701e59e4b25d326b8512cd89f0291bcc52a9e492e6fd4c85b055
+  data.tar.gz: '018844cceb163d4100cffcfa8ea1ed06b916889ca14111e9ca8398d9c3d2a045c9e9c4d73f735e8c22f681ccc834c23f732d08d68303973251c60085f5013c1b'

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,18 @@
 # Legion::Data Changelog
+## [1.8.8] - 2026-05-20
+### Added
+- `Legion::Data::Connection.reconnect_with_fresh_creds` — updates Sequel's internal connection opts with fresh credentials from `Legion::Settings[:data][:creds]` and reconnects the pool. Called by `LeaseManager#trigger_postgresql_reconnect` after Vault dynamic PostgreSQL lease rotation.
+### Fixed
+- Vault dynamic PostgreSQL credential rotation: after lease expiry, connections would fail with `PG::ConnectionBad: role "v-legionio-node-..." does not exist` because Sequel retained the original (revoked) credentials in `@opts`. The legacy fallback (`disconnect` + `test_connection`) was insufficient since it doesn't update stored credentials.
+## [1.8.7] - 2026-05-17
+### Added
+- Migrations 103-114: adds standardized identity columns (`access_scope`, `identity_principal_id`, `identity_id`, `identity_canonical_name`) to all 12 LLM lifecycle tables. Tables that already carried identity columns under legacy names (`principal_id`/`identity_id` on `llm_conversations`, `caller_principal_id`/`caller_identity_id` on `llm_message_inference_requests`) receive only `access_scope` and `identity_canonical_name` — existing columns are not renamed. Each table is its own migration with full `access_scope` index and partial `identity_principal_id` index.
 ## [1.8.6] - 2026-05-15
 ### Added

data/lib/legion/data/connection.rb CHANGED Viewed

@@ -267,6 +267,36 @@ module Legion
           log.info 'Legion::Data connection closed'
         end
+        def reconnect_with_fresh_creds
+          return false unless @sequel
+          return false if adapter == :sqlite
+          fresh_creds = Legion::Settings[:data][:creds]
+          return false unless fresh_creds.is_a?(Hash)
+          new_user = fresh_creds[:user] || fresh_creds[:username]
+          new_pass = fresh_creds[:password]
+          unless new_user && new_pass
+            log.error('reconnect_with_fresh_creds: no user/password in Settings[:data][:creds]')
+            return false
+          end
+          old_user = @sequel.opts[:user]
+          @sequel.opts[:user] = new_user
+          @sequel.opts[:password] = new_pass
+          @sequel.disconnect
+          @sequel.test_connection
+          log.info("reconnect_with_fresh_creds: rotated credentials (#{old_user} → #{new_user})")
+          true
+        rescue StandardError => e
+          handle_exception(e, level: :error, handled: true, operation: :reconnect_with_fresh_creds,
+                           old_user: old_user, new_user: new_user)
+          false
+        end
         def connect_with_replicas
           return unless adapter == :postgres

data/lib/legion/data/migrations/103_add_llm_conversations_identity_columns.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+# llm_conversations already has principal_id and identity_id (077).
+# Add only the two missing standardized columns: access_scope and identity_canonical_name.
+# Existing columns are NOT renamed — they are in active use by lex-llm-ledger.
+Sequel.migration do
+  up do
+    alter_table(:llm_conversations) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_conversations_access_scope
+    end
+  end
+  down do
+    alter_table(:llm_conversations) do
+      drop_index :access_scope, name: :idx_conversations_access_scope
+      drop_column :access_scope
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/104_add_llm_messages_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_messages) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_messages_access_scope
+      add_index :identity_principal_id, name:  :idx_messages_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_messages) do
+      drop_index :identity_principal_id, name: :idx_messages_identity_principal_id
+      drop_index :access_scope, name: :idx_messages_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/105_add_llm_message_inference_requests_identity_columns.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+# llm_message_inference_requests already has caller_principal_id and caller_identity_id (079).
+# Add only the two missing standardized columns: access_scope and identity_canonical_name.
+# Existing columns are NOT renamed — they are in active use by lex-llm-ledger.
+Sequel.migration do
+  up do
+    alter_table(:llm_message_inference_requests) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_inference_requests_access_scope
+    end
+  end
+  down do
+    alter_table(:llm_message_inference_requests) do
+      drop_index :access_scope, name: :idx_inference_requests_access_scope
+      drop_column :access_scope
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/106_add_llm_message_inference_responses_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_message_inference_responses) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_message_inference_responses_access_scope
+      add_index :identity_principal_id, name:  :idx_message_inference_responses_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_message_inference_responses) do
+      drop_index :identity_principal_id, name: :idx_message_inference_responses_identity_principal_id
+      drop_index :access_scope, name: :idx_message_inference_responses_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/107_add_llm_route_attempts_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_route_attempts) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_route_attempts_access_scope
+      add_index :identity_principal_id, name:  :idx_route_attempts_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_route_attempts) do
+      drop_index :identity_principal_id, name: :idx_route_attempts_identity_principal_id
+      drop_index :access_scope, name: :idx_route_attempts_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/108_add_llm_message_inference_metrics_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_message_inference_metrics) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_message_inference_metrics_access_scope
+      add_index :identity_principal_id, name:  :idx_message_inference_metrics_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_message_inference_metrics) do
+      drop_index :identity_principal_id, name: :idx_message_inference_metrics_identity_principal_id
+      drop_index :access_scope, name: :idx_message_inference_metrics_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/109_add_llm_tool_calls_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_tool_calls) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_tool_calls_access_scope
+      add_index :identity_principal_id, name:  :idx_tool_calls_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_tool_calls) do
+      drop_index :identity_principal_id, name: :idx_tool_calls_identity_principal_id
+      drop_index :access_scope, name: :idx_tool_calls_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/110_add_llm_tool_call_attempts_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_tool_call_attempts) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_tool_call_attempts_access_scope
+      add_index :identity_principal_id, name:  :idx_tool_call_attempts_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_tool_call_attempts) do
+      drop_index :identity_principal_id, name: :idx_tool_call_attempts_identity_principal_id
+      drop_index :access_scope, name: :idx_tool_call_attempts_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/111_add_llm_conversation_compactions_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_conversation_compactions) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_conversation_compactions_access_scope
+      add_index :identity_principal_id, name:  :idx_conversation_compactions_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_conversation_compactions) do
+      drop_index :identity_principal_id, name: :idx_conversation_compactions_identity_principal_id
+      drop_index :access_scope, name: :idx_conversation_compactions_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/112_add_llm_policy_evaluations_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_policy_evaluations) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_policy_evaluations_access_scope
+      add_index :identity_principal_id, name:  :idx_policy_evaluations_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_policy_evaluations) do
+      drop_index :identity_principal_id, name: :idx_policy_evaluations_identity_principal_id
+      drop_index :access_scope, name: :idx_policy_evaluations_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/113_add_llm_security_events_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_security_events) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_security_events_access_scope
+      add_index :identity_principal_id, name:  :idx_security_events_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_security_events) do
+      drop_index :identity_principal_id, name: :idx_security_events_identity_principal_id
+      drop_index :access_scope, name: :idx_security_events_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/114_add_llm_registry_events_identity_columns.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_registry_events) do
+      add_column :access_scope, String, size: 20, null: false, default: 'global'
+      add_column :identity_principal_id, Integer, null: true
+      add_column :identity_id, Integer, null: true
+      add_column :identity_canonical_name, String, size: 255, null: true
+      add_index :access_scope, name: :idx_registry_events_access_scope
+      add_index :identity_principal_id, name:  :idx_registry_events_identity_principal_id,
+                                        where: Sequel.negate(identity_principal_id: nil)
+    end
+  end
+  down do
+    alter_table(:llm_registry_events) do
+      drop_index :identity_principal_id, name: :idx_registry_events_identity_principal_id
+      drop_index :access_scope, name: :idx_registry_events_access_scope
+      drop_column :access_scope
+      drop_column :identity_principal_id
+      drop_column :identity_id
+      drop_column :identity_canonical_name
+    end
+  end
+end

data/lib/legion/data/migrations/115_add_runtime_caller_columns.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+Sequel.migration do
+  up do
+    alter_table(:llm_message_inference_requests) do
+      add_column :runtime_caller_class, String, size: 255, null: true, index: true
+      add_column :runtime_caller_client, String, size: 255, null: true
+    end
+  end
+  down do
+    alter_table(:llm_message_inference_requests) do
+      drop_index :runtime_caller_class
+      drop_column :runtime_caller_class
+      drop_column :runtime_caller_client
+    end
+  end
+end

data/lib/legion/data/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Legion
   module Data
-    VERSION = '1.8.6'
+    VERSION = '1.8.8'
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legion-data
 version: !ruby/object:Gem::Version
-  version: 1.8.6
+  version: 1.8.8
 platform: ruby
 authors:
 - Esity
@@ -249,6 +249,19 @@ files:
 - lib/legion/data/migrations/100_create_apollo_entries_sqlite.rb
 - lib/legion/data/migrations/101_add_apollo_identity_and_access_scope.rb
 - lib/legion/data/migrations/102_add_apollo_access_scope_and_identity_indexes.rb
+- lib/legion/data/migrations/103_add_llm_conversations_identity_columns.rb
+- lib/legion/data/migrations/104_add_llm_messages_identity_columns.rb
+- lib/legion/data/migrations/105_add_llm_message_inference_requests_identity_columns.rb
+- lib/legion/data/migrations/106_add_llm_message_inference_responses_identity_columns.rb
+- lib/legion/data/migrations/107_add_llm_route_attempts_identity_columns.rb
+- lib/legion/data/migrations/108_add_llm_message_inference_metrics_identity_columns.rb
+- lib/legion/data/migrations/109_add_llm_tool_calls_identity_columns.rb
+- lib/legion/data/migrations/110_add_llm_tool_call_attempts_identity_columns.rb
+- lib/legion/data/migrations/111_add_llm_conversation_compactions_identity_columns.rb
+- lib/legion/data/migrations/112_add_llm_policy_evaluations_identity_columns.rb
+- lib/legion/data/migrations/113_add_llm_security_events_identity_columns.rb
+- lib/legion/data/migrations/114_add_llm_registry_events_identity_columns.rb
+- lib/legion/data/migrations/115_add_runtime_caller_columns.rb
 - lib/legion/data/model.rb
 - lib/legion/data/models/apollo/access_log.rb
 - lib/legion/data/models/apollo/entries.rb