legion-llm 0.8.2 → 0.8.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f4cfb7a48671fc213ac771f1a54ba51d32ef66347322f7dfe689c191aac985b
-  data.tar.gz: 76b803cf30c5ab6530e1d0a8e6cc11b63336f28742250a1b998a3f2e15436606
+  metadata.gz: 9d36acc38aded21eee645009a3bf41e8a0214aff728ee3179becbede3bc70528
+  data.tar.gz: 301984dc9000a53f88036fb5672faf616b0cc1d45c898462999133e976555d51
 SHA512:
-  metadata.gz: 8923f72f753ea79dc46d2d91e876b910fb586e1aa1f77cac8a2b6e6a6dfb462d7793ae186bbd625f2dd6d29ee14f359369c248320b4f7a73801b81eb6567af80
-  data.tar.gz: d540dffa079681b3cb593cb294c813b697a41a47fb24ee15bbe48c507605551e476fc34dbfed9ef94d00321eecc778b074a6d04e85261d5daa992dc84bb6fa04
+  metadata.gz: 49c479b427f77ee4aa0b1c59f9fca8fa3d9947f68ebc05de298158766744b1c2877696603c97baf82be7144d2f97c6d23cd3d0856358316ac4fddf908a7561c2
+  data.tar.gz: 84e6095b475be225de975deac022a7587af8f9a4cae13950a85be9149803bed8dc689cf2cacb0f6d5abc5114edacc8eb8f94df66e23f76f09cd98ebc3a014d51

data/CHANGELOG.md

@@ -1,5 +1,96 @@
 # Legion LLM Changelog
 
+## [0.8.13] - 2026-04-22
+
+### Fixed
+- Escalation loop now feeds `Router.health_tracker` with an `:error` signal on every failure so the circuit breaker trips when a provider is consistently down — auth failures, rate limits, and general errors all count.
+- `AuthError` and `PrivacyModeError` in escalation are logged with `handled: true` so they appear in logs as gracefully-handled failures rather than uncaught exceptions.
+- `RateLimitError` in escalation is handled the same way (was previously re-raised, aborting the entire chain).
+- Extracted `attempt_escalation` and `record_escalation_failure` from `run_provider_call_with_escalation` to keep the method within Rubocop length limits and make each responsibility clear.
+
+### Changed
+- `CodexConfigLoader`: refactored to extract `read_config` helper (eliminates duplicate file-exist checks in `load` and `read_token`); added `read_openai_api_key` and `read_openai_credential` accessors for the multi-source credential probing chain.
+
+## [0.8.12] - 2026-04-22
+
+### Changed
+- `ClaudeConfigLoader`: `settings_path` and `config_path` are now read from `Legion::LLM.settings.dig(:claude_cli, ...)` instead of hardcoded constants, making both paths configurable. `SECRET_URI_PATTERN` remains a constant — it's a protocol definition, not a runtime knob. Corresponding settings keys added to `Legion::LLM::Settings.claude_cli_defaults`.
+
+## [0.8.11] - 2026-04-22
+
+### Added
+- Multi-source credential detection for all providers: `credential_available_for?` checks resolved env vars, not raw `env://` URI strings, so providers aren't falsely auto-enabled when the env var is unset.
+- `probe_provider_credentials`: when multiple API keys exist for a provider (e.g. both `OPENAI_API_KEY` and `CODEX_API_KEY`), each candidate is tested in order and the first working key is committed; provider is disabled if all fail.
+- `probe_via_model_list`: uses `RubyLLM::Provider.list_models` (a cheap GET with no token cost) to validate credentials before falling back to a lightweight chat probe.
+- `recover_openai_with_codex`: automatically attempts Codex bearer-token fallback when all direct OpenAI keys fail.
+
+### Fixed
+- `configure_bedrock`/`configure_anthropic`/`configure_openai`: use `resolve_setting_reference` to unwrap `env://` placeholders before passing to RubyLLM config, preventing "key not found" errors when env var is absent.
+- `ClaudeConfigLoader.apply_api_keys`: removed early-return pattern that prevented Bedrock bearer token import from running when no OpenAI key was found.
+
+## [0.8.10] - 2026-04-22
+
+### Changed
+- `compliance_defaults`: `classification_scan` and `encrypt_audit` default to `false`; classification is opt-in, audit encryption is opt-in.
+- `tool_trigger_defaults`: `scan_depth` raised to `10` (was `2`), `tool_limit` raised to `50` (was `10`).
+- `trigger_match.rb`: hardcoded `|| 2` fallback updated to `|| 10` to match new setting default.
+
+## [0.8.9] - 2026-04-22
+
+### Fixed
+- Classification spec: wholesale `Legion::Settings[:llm] = {...}` replacements converted to key-level writes (`[:llm][:default_provider] = :x`) to prevent wiping sibling settings.
+- Audit `encrypt?` specs: updated to test toggle behavior (`false` by default, `true` when `encrypt_audit` setting is enabled) instead of expecting always-on.
+- Trigger match spec: updated scan_depth expectation and before-block to match new defaults.
+
+## [0.8.8] - 2026-04-22
+
+### Changed
+- `Legion::LLM.settings` now calls `Legion::Settings[:llm]` directly — dead `const_defined?('Settings')` branch and `Settings.default` fallback removed. No explicit `require 'legion/settings'` is needed in `llm.rb` because `legion-settings` is a gemspec dependency and is always activated by Bundler before `legion-llm` is required.
+- `settings.rb` bootstrap call simplified from a guarded `begin/rescue` block to a direct `Legion::Settings.merge_settings(...)` call for the same reason.
+
+## [0.8.7] - 2026-04-22
+
+### Changed
+- Eliminated scattered constants and duplicate settings files across the codebase:
+  - `Skills::Settings` module deleted — defaults moved into `Legion::LLM::Settings.skills_defaults`; `Skills.start` no longer calls `Settings.apply` (merge happens at load time via the standard settings bootstrap)
+  - `Fleet::Dispatcher` `DEFAULT_TIMEOUT`/`TIMEOUTS` constants removed — `resolve_timeout` now reads directly from `Legion::LLM.settings.dig(:routing, :tiers, :fleet, :timeouts, ...)`; dead `defined?(Legion::Settings)` guard removed
+  - `Call::Embeddings` `PROVIDER_EMBEDDING_MODELS`, `TARGET_DIMENSION`, `OLLAMA_CONTEXT_CHARS`, `OLLAMA_DEFAULT_CONTEXT_CHARS`, `PREFIX_REGISTRY` constants removed — replaced with `target_dimension`/`embedding_settings` helpers reading from `settings[:embedding]`; `embedding_settings` corrected to use `Legion::LLM.settings` instead of bare `Legion::Settings.dig(:llm, :embedding)`
+  - `Cache::Response` `DEFAULT_TTL`, `SPOOL_THRESHOLD`, `SPOOL_DIR` constants removed — replaced with private `default_ttl`/`spool_threshold`/`spool_dir` helpers reading from `settings[:prompt_caching][:response_cache]`
+- `Settings.embedding_defaults` expanded: added `anthropic`/`gemini` to `provider_models`, added `ollama_context_chars`, `ollama_default_context_chars`, `prefix_registry`
+- `Settings.prompt_caching_defaults.response_cache` gains `spool_threshold_bytes: 8MB`
+
+## [0.8.6] - 2026-04-22
+
+### Changed
+- `Legion::LLM::Settings` is now the canonical module — content moved from `Legion::LLM::Config::Settings` directly into `lib/legion/llm/settings.rb`. The `Config::Settings` indirection and `lib/legion/llm/config/settings.rb` are removed. `service.rb` and any external callers using `Legion::LLM::Settings.default` continue to work unchanged.
+
+## [0.8.5] - 2026-04-22
+
+### Fixed
+- All compliance settings now have explicit defaults defined in `Config::Settings.compliance_defaults` (merged under `llm.compliance`): `classification_scan`, `encrypt_audit`, `phi_block_cloud`, `cloud_providers`, `redact_pii`, `redaction_placeholder`, `strict_hipaa`, `default_level`. Previously these keys were read via `dig` with no guaranteed defaults.
+- `Steps::Classification` now reads compliance settings via `Legion::LLM.settings.dig(:compliance, ...)` (consistent with all other llm settings) instead of bare `Legion::Settings.dig(:compliance, ...)` which targeted the wrong path.
+- Removed dead `defined?(Legion::Settings)` guards in `Steps::Classification` — `legion-settings` is a hard dependency and is always present.
+
+## [0.8.4] - 2026-04-22
+
+### Fixed
+- `Inference::Executor` now normalizes content-blocks arrays (`[{type: "text", text: "..."}]`) to a plain string before passing to `session.ask`. Previously the raw array was forwarded to RubyLLM, which serialized it as `{ type: 'text', text: [{...}] }` — an invalid Anthropic API payload causing HTTP 400 on every request when the Interlink sends structured content blocks.
+
+### Added
+- Audit encryption is now configurable: set `llm.compliance.encrypt_audit: true` in settings to encrypt payloads on the `llm.audit` exchange. Defaults to `false` (plaintext). Applies to `PromptEvent`, `ToolEvent`, and `SkillEvent`.
+
+## [0.8.3] - 2026-04-22
+
+### Fixed
+- `EscalationEvent#routing_key` was called as a class-level DSL on load, raising `NoMethodError` and preventing `LLM::Transport.load_all` from completing. Converted to instance method to match all other message classes.
+- Spec stub for `Legion::Transport::Message` also used the class-level DSL pattern, masking this bug. Updated to instance method.
+
+## [0.8.2] - 2026-04-22
+
+### Fixed
+- `Escalation` exchange used class-level `exchange_name`/`exchange_type` DSL which doesn't exist on `Legion::Transport::Exchange`, raising `NoMethodError` at require time. Converted to instance methods `exchange_name` / `default_type`.
+- `Legion::Settings[:llm][:connected]` writes were hitting an ephemeral overlay-merged hash copy; switched to `Legion::Settings.loader.settings[:llm][:connected]` to persist through restarts.
+
 ## [0.8.0] - 2026-04-21
 
 ### Changed

data/CLAUDE.md

@@ -186,21 +186,27 @@ Note: Backward-compat aliases live in lib/legion/llm/compat.rb (const_missing-ba
 
 ### Routing Architecture
 
-Three-tier dispatch model. Local-first avoids unnecessary network hops; fleet offloads to shared hardware via Transport; cloud is the fallback for frontier models.
+Five-tier dispatch model. Local-first avoids unnecessary network hops; fleet offloads to shared hardware via Transport; openai_compat routes to user-configured gateways; cloud handles managed cloud providers; frontier is the fallback for direct frontier model providers.
 
 ```
-┌─────────────────────────────────────────────────────────┐
-│              Legion::LLM Router (per-node)               │
-│                                                          │
-│  Tier 1: LOCAL  → Ollama on this machine (direct HTTP)   │
-│          Zero network overhead, no Transport              │
-│                                                          │
-│  Tier 2: FLEET  → Ollama on Mac Studios / GPU servers    │
-│          Via Fleet::Dispatcher RPC over AMQP             │
-│                                                          │
-│  Tier 3: CLOUD  → Bedrock / Anthropic / OpenAI / Gemini │
-│          Existing provider API calls                     │
-└─────────────────────────────────────────────────────────┘
+┌──────────────────────────────────────────────────────────────┐
+│               Legion::LLM Router (per-node)                   │
+│                                                               │
+│  Tier 1: LOCAL        → Ollama on this machine (direct HTTP)  │
+│          Zero network overhead, no Transport                   │
+│                                                               │
+│  Tier 2: FLEET        → Ollama on Mac Studios / GPU servers   │
+│          Via Fleet::Dispatcher RPC over AMQP                  │
+│                                                               │
+│  Tier 3: OPENAI_COMPAT → User-configured OpenAI-spec gateways│
+│          UAIS, Kong AI, custom endpoints                      │
+│                                                               │
+│  Tier 4: CLOUD        → Bedrock, Azure, Gemini/Vertex AI     │
+│          Managed cloud provider API calls                     │
+│                                                               │
+│  Tier 5: FRONTIER     → Anthropic, OpenAI direct              │
+│          Direct API calls to frontier model providers          │
+└──────────────────────────────────────────────────────────────┘
 ```
 
 ### Routing Resolution Flow
@@ -392,9 +398,12 @@ Nested under `Legion::Settings[:llm][:routing]`:
 |-----|------|---------|-------------|
 | `enabled` | Boolean | `false` | Enable routing (opt-in) |
 | `default_intent` | Hash | `{ privacy: 'normal', capability: 'moderate', cost: 'normal' }` | Defaults merged into every intent |
+| `tier_priority` | Array | `%w[local fleet openai_compat cloud frontier]` | Ordered tier preference for routing |
 | `tiers.local` | Hash | `{ provider: 'ollama' }` | Local tier config |
 | `tiers.fleet` | Hash | `{ queue: 'llm.inference', timeout_seconds: 30 }` | Fleet tier config |
-| `tiers.cloud` | Hash | `{ providers: ['bedrock', 'anthropic'] }` | Cloud tier config |
+| `tiers.openai_compat` | Hash | `{ gateways: [] }` | User-configured OpenAI-compatible gateways |
+| `tiers.cloud` | Hash | `{ providers: ['bedrock', 'azure', 'gemini'] }` | Managed cloud provider API calls |
+| `tiers.frontier` | Hash | `{ providers: ['anthropic', 'openai'] }` | Direct API frontier providers |
 | `health.window_seconds` | Integer | `300` | Rolling window for latency tracking |
 | `health.circuit_breaker.failure_threshold` | Integer | `3` | Consecutive failures before circuit opens |
 | `health.circuit_breaker.cooldown_seconds` | Integer | `60` | Seconds before circuit transitions to half_open |
@@ -426,7 +435,7 @@ Each rule is a hash with:
 
 | Dimension | Values | Default | Effect |
 |-----------|--------|---------|--------|
-| `privacy` | `:strict`, `:normal` | `:normal` | `:strict` -> never cloud (via `never_cloud` constraint rules) |
+| `privacy` | `:strict`, `:normal` | `:normal` | `:strict` -> never external (via `never_external` constraint rules, blocks cloud + frontier + openai_compat) |
 | `capability` | `:basic`, `:moderate`, `:reasoning` | `:moderate` | Higher prefers larger/cloud models |
 | `cost` | `:minimize`, `:normal` | `:normal` | `:minimize` prefers local/fleet |
 

data/lib/legion/llm/cache/response.rb

@@ -10,28 +10,21 @@ module Legion
       module Response
         extend Legion::Logging::Helper
 
-        DEFAULT_TTL      = 300
-        SPOOL_THRESHOLD  = 8 * 1024 * 1024 # 8 MB
-        SPOOL_DIR        = File.expand_path('~/.legionio/data/spool/llm_responses').freeze
-
         module_function
 
-        # Sets status to :pending for a new request.
-        def init_request(request_id, ttl: DEFAULT_TTL)
+        def init_request(request_id, ttl: default_ttl)
           cache_set(status_key(request_id), 'pending', ttl)
         end
 
-        # Writes response, meta, and marks status as :done.
-        def complete(request_id, response:, meta:, ttl: DEFAULT_TTL)
+        def complete(request_id, response:, meta:, ttl: default_ttl)
           write_response(request_id, response, ttl)
-          cache_set(meta_key(request_id), ::JSON.dump(meta), ttl)
+          cache_set(meta_key(request_id), Legion::JSON.dump(meta), ttl)
           cache_set(status_key(request_id), 'done', ttl)
         end
 
-        # Writes error details and marks status as :error.
-        def fail_request(request_id, code:, message:, ttl: DEFAULT_TTL)
+        def fail_request(request_id, code:, message:, ttl: default_ttl)
           log.warn("ResponseCache fail_request request_id=#{request_id} code=#{code} message=#{message}")
-          payload = ::JSON.dump({ code: code, message: message })
+          payload = Legion::JSON.dump({ code: code, message: message })
           cache_set(error_key(request_id), payload, ttl)
           cache_set(status_key(request_id), 'error', ttl)
         end
@@ -67,9 +60,7 @@ module Legion
           ::JSON.parse(raw, symbolize_names: true)
         end
 
-        # Blocking poll. Returns { status: :done, response:, meta: },
-        # { status: :error, error: }, or { status: :timeout }.
-        def poll(request_id, timeout: DEFAULT_TTL, interval: 0.1)
+        def poll(request_id, timeout: default_ttl, interval: 0.1)
           deadline = ::Process.clock_gettime(::Process::CLOCK_MONOTONIC) + timeout
 
           loop do
@@ -124,18 +115,21 @@ module Legion
           Legion::Cache.set(key, value, ttl)
         end
 
-        private_class_method def self.spool_dir
-          configured = if defined?(Legion::Settings) && Legion::Settings.respond_to?(:dig)
-                         Legion::Settings.dig(:llm, :prompt_caching, :response_cache, :spool_dir)
-                       end
-          configured = configured.to_s.strip
-          return SPOOL_DIR if configured.empty?
+        private_class_method def self.default_ttl
+          Legion::LLM.settings.dig(:prompt_caching, :response_cache, :ttl_seconds) || 300
+        end
 
-          File.expand_path(configured)
+        private_class_method def self.spool_threshold
+          Legion::LLM.settings.dig(:prompt_caching, :response_cache, :spool_threshold_bytes) || (8 * 1024 * 1024)
+        end
+
+        private_class_method def self.spool_dir
+          configured = Legion::LLM.settings.dig(:prompt_caching, :response_cache, :spool_dir).to_s.strip
+          configured.empty? ? File.expand_path('~/.legionio/data/spool/llm_responses') : File.expand_path(configured)
         end
 
         private_class_method def self.write_response(request_id, response_text, ttl)
-          if response_text.bytesize > SPOOL_THRESHOLD
+          if response_text.bytesize > spool_threshold
             log.warn("ResponseCache spool overflow request_id=#{request_id} bytes=#{response_text.bytesize}")
             FileUtils.mkdir_p(spool_dir)
             path = File.join(spool_dir, "#{request_id}.txt")

data/lib/legion/llm/call/claude_config_loader.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 require 'legion/logging/helper'
 module Legion
   module LLM
@@ -7,28 +9,79 @@ module Legion
       module ClaudeConfigLoader
         extend Legion::Logging::Helper
 
-        CLAUDE_SETTINGS = File.expand_path('~/.claude/settings.json')
-        CLAUDE_CONFIG   = File.expand_path('~/.claude.json')
+        SECRET_URI_PATTERN = %r{\A(?:env|vault|lease)://}
 
         module_function
 
+        def claude_settings_path
+          File.expand_path(Legion::LLM.settings.dig(:claude_cli, :settings_path) || '~/.claude/settings.json')
+        end
+
+        def claude_config_path
+          File.expand_path(Legion::LLM.settings.dig(:claude_cli, :config_path) || '~/.claude.json')
+        end
+
         def load
-          config = read_json(CLAUDE_SETTINGS).merge(read_json(CLAUDE_CONFIG))
+          config = merged_config
           return if config.empty?
 
           apply_claude_config(config)
         end
 
+        def merged_config
+          read_json(claude_settings_path).merge(read_json(claude_config_path))
+        end
+
         def read_json(path)
           return {} unless File.exist?(path)
 
-          require 'json'
           ::JSON.parse(File.read(path), symbolize_names: true)
         rescue StandardError => e
           handle_exception(e, level: :debug)
           {}
         end
 
+        def anthropic_api_key
+          config = merged_config
+          first_present(
+            config[:anthropicApiKey],
+            config.dig(:env, :ANTHROPIC_API_KEY)
+          )
+        end
+
+        def openai_api_key
+          config = merged_config
+          first_present(
+            config[:openaiApiKey],
+            config.dig(:env, :OPENAI_API_KEY),
+            config.dig(:env, :CODEX_API_KEY)
+          )
+        end
+
+        def bedrock_bearer_token
+          env = read_json(claude_settings_path)[:env]
+          return nil unless env.is_a?(Hash)
+
+          direct = first_present(env[:AWS_BEARER_TOKEN_BEDROCK], env['AWS_BEARER_TOKEN_BEDROCK'])
+          return direct if direct
+
+          match = env.find do |key, value|
+            name = key.to_s.upcase
+            next false unless name.include?('AWS')
+            next false unless name.include?('BEARER')
+            next false unless name.include?('TOKEN')
+            next false unless name.include?('BEDROCK')
+
+            !normalize_secret(value).nil?
+          end
+          normalize_secret(match&.last)
+        end
+
+        def oauth_account_available?
+          oauth = read_json(claude_config_path)[:oauthAccount]
+          oauth.is_a?(Hash) && oauth.any? { |_k, value| !normalize_secret(value).nil? }
+        end
+
         def apply_claude_config(config)
           apply_api_keys(config)
           apply_model_preference(config)
@@ -38,15 +91,23 @@ module Legion
           llm = Legion::LLM.settings
           providers = llm[:providers]
 
-          if config[:anthropicApiKey] && providers.dig(:anthropic, :api_key).nil?
-            providers[:anthropic][:api_key] = config[:anthropicApiKey]
+          anthropic_key = first_present(config[:anthropicApiKey], config.dig(:env, :ANTHROPIC_API_KEY))
+          if anthropic_key && !setting_has_usable_credential?(providers.dig(:anthropic, :api_key))
+            providers[:anthropic][:api_key] = anthropic_key
             log.debug 'Imported Anthropic API key from Claude CLI config'
           end
 
-          return unless config[:openaiApiKey] && providers.dig(:openai, :api_key).nil?
+          openai_key = first_present(config[:openaiApiKey], config.dig(:env, :OPENAI_API_KEY), config.dig(:env, :CODEX_API_KEY))
+          if openai_key && !setting_has_usable_credential?(providers.dig(:openai, :api_key))
+            providers[:openai][:api_key] = openai_key
+            log.debug 'Imported OpenAI API key from Claude CLI config'
+          end
+
+          bedrock_token = bedrock_bearer_token
+          return unless bedrock_token && !setting_has_usable_credential?(providers.dig(:bedrock, :bearer_token))
 
-          providers[:openai][:api_key] = config[:openaiApiKey]
-          log.debug 'Imported OpenAI API key from Claude CLI config'
+          providers[:bedrock][:bearer_token] = bedrock_token
+          log.debug 'Imported Bedrock bearer token from Claude settings.json env section'
         end
 
         def apply_model_preference(config)
@@ -59,6 +120,52 @@ module Legion
           llm[:default_model] = model
           log.debug "Imported model preference from Claude CLI config: #{model}"
         end
+
+        def setting_has_usable_credential?(value)
+          !resolve_setting_reference(value).nil?
+        end
+
+        def resolve_setting_reference(value)
+          case value
+          when Array
+            value.each do |entry|
+              resolved = resolve_setting_reference(entry)
+              return resolved unless resolved.nil?
+            end
+            nil
+          when String
+            resolved = normalize_secret(value)
+            return nil if resolved.nil?
+
+            if resolved.start_with?('env://')
+              env_name = resolved.sub('env://', '')
+              return normalize_secret(ENV.fetch(env_name, nil))
+            end
+            return nil if resolved.match?(SECRET_URI_PATTERN)
+
+            resolved
+          else
+            normalize_secret(value)
+          end
+        end
+
+        def first_present(*values)
+          values.each do |value|
+            normalized = normalize_secret(value)
+            return normalized unless normalized.nil?
+          end
+          nil
+        end
+
+        def normalize_secret(value)
+          return nil if value.nil?
+          return value unless value.is_a?(String)
+
+          normalized = value.strip
+          return nil if normalized.empty?
+
+          normalized
+        end
       end
     end
   end

data/lib/legion/llm/call/codex_config_loader.rb

@@ -15,18 +15,14 @@ module Legion
         module_function
 
         def load
-          return unless File.exist?(CODEX_AUTH)
-
-          config = read_json(CODEX_AUTH)
+          config = read_config
           return if config.empty?
 
           apply_codex_config(config)
         end
 
         def read_token
-          return nil unless File.exist?(CODEX_AUTH)
-
-          config = read_json(CODEX_AUTH)
+          config = read_config
           return nil if config.empty?
           return nil unless config[:auth_mode] == 'chatgpt'
 
@@ -37,6 +33,29 @@ module Legion
           token
         end
 
+        def read_openai_api_key
+          config = read_config
+          return nil if config.empty?
+
+          key = config[:OPENAI_API_KEY] || config[:openai_api_key]
+          return nil unless key.is_a?(String)
+
+          key = key.strip
+          return nil if key.empty?
+
+          key
+        end
+
+        def read_openai_credential
+          read_token || read_openai_api_key
+        end
+
+        def read_config
+          return {} unless File.exist?(CODEX_AUTH)
+
+          read_json(CODEX_AUTH)
+        end
+
         def read_json(path)
           ::JSON.parse(File.read(path), symbolize_names: true)
         rescue StandardError => e

data/lib/legion/llm/call/embeddings.rb

@@ -9,30 +9,6 @@ module Legion
       module Embeddings
         extend Legion::Logging::Helper
 
-        PROVIDER_EMBEDDING_MODELS = {
-          bedrock:   'amazon.titan-embed-text-v2:0',
-          anthropic: nil,
-          openai:    'text-embedding-3-small',
-          gemini:    'text-embedding-004',
-          azure:     'text-embedding-3-small',
-          ollama:    'mxbai-embed-large'
-        }.freeze
-
-        TARGET_DIMENSION = 1024
-
-        OLLAMA_CONTEXT_CHARS = {
-          'mxbai-embed-large'      => 1400,
-          'bge-large'              => 1400,
-          'snowflake-arctic-embed' => 1400,
-          'nomic-embed-text'       => 24_000
-        }.freeze
-        OLLAMA_DEFAULT_CONTEXT_CHARS = 1400
-
-        PREFIX_REGISTRY = {
-          'nomic-embed-text'  => { document: 'search_document: ', query: 'search_query: ' },
-          'mxbai-embed-large' => { query: 'Represent this sentence for searching relevant passages: ' }
-        }.freeze
-
         class << self
           def generate(text:, model: nil, provider: nil, dimensions: nil, task: :document)
             return { vector: nil, model: model, provider: provider, error: 'LLM not started' } unless LLM.started?
@@ -117,7 +93,7 @@ module Legion
           end
 
           def build_opts(model, provider, dimensions)
-            target_dim = enforce_dimension? ? TARGET_DIMENSION : dimensions
+            target_dim = enforce_dimension? ? target_dimension : dimensions
             opts = { model: model }
             opts[:provider]   = provider if provider
             opts[:dimensions] = target_dim if target_dim && provider&.to_sym == :openai
@@ -145,10 +121,11 @@ module Legion
           end
 
           def enforce_dimensions(vector, _provider)
-            return vector if vector.size == TARGET_DIMENSION
-            return vector.first(TARGET_DIMENSION) if vector.size > TARGET_DIMENSION
+            dim = target_dimension
+            return vector if vector.size == dim
+            return vector.first(dim) if vector.size > dim
 
-            "got #{vector.size}, need #{TARGET_DIMENSION} (provider cannot upscale)"
+            "got #{vector.size}, need #{dim} (provider cannot upscale)"
           end
 
           def handle_embed_failure(error, text:, failed_provider:, failed_model:)
@@ -210,9 +187,6 @@ module Legion
             pm = models[provider&.to_sym] || models[provider.to_s]
             return pm.to_s if pm
 
-            provider_default = PROVIDER_EMBEDDING_MODELS[provider&.to_sym] if provider
-            return provider_default if provider_default
-
             'text-embedding-3-small'
           end
 
@@ -220,7 +194,8 @@ module Legion
             return text unless prefix_injection_enabled?
 
             base_model = model.to_s.split(':').first
-            prefixes   = PREFIX_REGISTRY[base_model]
+            registry   = embedding_settings[:prefix_registry] || {}
+            prefixes   = registry[base_model]
             return text unless prefixes
 
             prefix = prefixes[task.to_sym]
@@ -279,12 +254,16 @@ module Legion
           end
 
           def embedding_settings
-            Legion::Settings.dig(:llm, :embedding) || {}
+            Legion::LLM.settings[:embedding] || {}
           rescue StandardError => e
             handle_exception(e, level: :debug, operation: 'llm.embeddings.embedding_settings')
             {}
           end
 
+          def target_dimension
+            embedding_settings[:dimension] || 1024
+          end
+
           def generate_ollama(text:, model:)
             ctx_max = nil
             ctx_max = ollama_context_chars(model)
@@ -359,8 +338,9 @@ module Legion
           end
 
           def ollama_context_chars(model)
-            base = model.to_s.split(':').first
-            OLLAMA_CONTEXT_CHARS[base] || OLLAMA_DEFAULT_CONTEXT_CHARS
+            base     = model.to_s.split(':').first
+            context  = embedding_settings[:ollama_context_chars] || {}
+            context[base] || embedding_settings[:ollama_default_context_chars] || 1400
           end
 
           # ── Azure OpenAI (direct HTTP with SNI, bypasses ruby_llm) ──
@@ -416,7 +396,7 @@ module Legion
             req['Content-Type'] = 'application/json'
             req['api-key'] = api_key
             body = { input: input }
-            body[:dimensions] = dimensions || TARGET_DIMENSION
+            body[:dimensions] = dimensions || target_dimension
             req.body = ::JSON.dump(body)
 
             response = http.request(req)