legionio 1.4.14 → 1.4.43

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0927bca374a6df75ab9a1e75067219af7205291a694defff2fa356fe2b330bf3'
-  data.tar.gz: 1c3171e36c3447a104889d556df53596e611b4965d60abb08d4e91fe5c50a996
+  metadata.gz: 51e90ef95b551c27c044e9f9dac0d784a529d4947835ec0d6501276f73281fb9
+  data.tar.gz: 533c1b9813327e486e33cb2c1d657907248517deb15935c68616a095be699280
 SHA512:
-  metadata.gz: 4bba3556ee1380f6b61aaa14263dbcccb4340428237f0203cbed9d7090d1cf95e811109b75ebf14e1a1bd3767640ad805e2dee4b4d5711352aa7becd528bf259
-  data.tar.gz: 243d79f20efa83d65b41a6e39f3953aee765369f37aa30caa6b85d16cb0baeab95e46628a443c45b082f233925c3ba413734c5e8aa45146c3827e9f367597ae7
+  metadata.gz: 298d051c13e5e658eb572971863a7039d3c08bd168b40b2e6806a3139ccae7261ff29c916bb84ab34fd2fea6c2e6905615f8689e80f5a415feafe75cbf0f56c5
+  data.tar.gz: 1f0005c08f21b456e5d64923020e662efbe88a714514ad7bd27b59caa0efc05676551f8b87a150d0226aa1bc9237681d0688bb6b42f1430624ea5ba81e420903

data/.rubocop.yml

@@ -35,6 +35,8 @@ Metrics/BlockLength:
     - 'lib/legion/cli/swarm_command.rb'
     - 'lib/legion/cli/gaia_command.rb'
     - 'lib/legion/cli/schedule_command.rb'
+    - 'lib/legion/cli/update_command.rb'
+    - 'lib/legion/api/auth.rb'
 
 Metrics/AbcSize:
   Max: 60

data/CHANGELOG.md

@@ -1,9 +1,239 @@
 # Legion Changelog
 
+## [1.4.43] - 2026-03-17
+
+### Fixed
+- Auth token exchange route used `Legion::Settings.dig` which doesn't exist — replaced with bracket access
+- Auth spec required `legion/rbac` gem directly — replaced with inline stub for standalone test execution
+
+## [1.4.42] - 2026-03-17
+
+### Added
+- `POST /api/auth/token`: Entra ID token exchange endpoint (validates external JWT via JWKS, maps claims via EntraClaimsMapper, issues Legion token)
+
+## [1.4.41] - 2026-03-17
+
+### Added
+- `Legion::CLI::LexTemplates`: extension template registry (basic, llm-agent, service-integration, scheduled-task, webhook-handler)
+- `Legion::Docs::SiteGenerator`: documentation site generation from existing markdown files
+
+## [1.4.40] - 2026-03-17
+
+### Added
+- `Legion::Guardrails`: embedding similarity and RAG relevancy safety checks
+- `Legion::Context`: session/user tracking with thread-local `SessionContext`
+- `Legion::Catalog`: AI catalog registration for MCP tools and workers
+
+## [1.4.39] - 2026-03-17
+
+### Added
+- `Legion::Webhooks`: outbound webhook dispatcher with HMAC-SHA256 signing
+- Webhook registration, delivery tracking, and dead letter queue
+- API routes: `GET/POST/DELETE /api/webhooks`
+
+## [1.4.38] - 2026-03-17
+
+### Added
+- `Legion::Isolation`: per-agent data and tool access enforcement with thread-local context
+- `Isolation::Context`: tool allowlist, data filter, and risk tier per agent
+
+## [1.4.37] - 2026-03-17
+
+### Added
+- `POST /api/channels/teams/webhook`: Bot Framework activity delivery to GAIA sensory buffer
+
+## [1.4.36] - 2026-03-17
+
+### Added
+- `Audit::HashChain`: SHA-256 hash chain for tamper-evident audit records
+- `Audit::SiemExport`: SIEM-compatible JSON and NDJSON export with integrity metadata
+- `Audit::HashChain.verify_chain` validates hash chain between records
+
+## [1.4.35] - 2026-03-17
+
+### Added
+- `Chat::Team`: multi-user context tracking with thread-local user, env detection
+- `Chat::ProgressBar`: progress indicator for long-running operations with ETA
+- `legion notebook read/export`: Jupyter notebook reading and export (markdown/script)
+
+## [1.4.34] - 2026-03-17
+
+### Added
+- `Legion::Registry`: central extension metadata store with search, risk tier filtering, AIRB status
+- `Legion::Sandbox`: capability-based extension sandboxing with enforcement toggle
+- `Legion::Registry::SecurityScanner`: naming convention, checksum, and gemspec metadata validation
+- `legion marketplace`: CLI for search, info, list, scan operations
+
+## [1.4.33] - 2026-03-17
+
+### Added
+- `legion cost summary`: overall cost summary (today/week/month)
+- `legion cost worker <id>`: per-worker cost breakdown
+- `legion cost top`: top cost consumers ranked by spend
+- `legion cost export`: export cost data as JSON or CSV
+- `Legion::CLI::CostData::Client`: API client for cost data retrieval
+
+### Fixed
+- `Connection.resolve_config_dir` spec now correctly stubs `~/.legionio/settings` path
+
+## [1.4.32] - 2026-03-17
+
+### Fixed
+- `NotificationBridge` missing `require_relative 'notification_queue'` causing `NameError` on `legion chat`
+
+## [1.4.31] - 2026-03-16
+
+### Added
+- Skills system: `.legion/skills/` and `~/.legionio/skills/` YAML frontmatter markdown files
+- `Legion::Chat::Skills`: discovery, parsing, and find for skill files
+- `/skill-name` invocation in chat resolves user-defined skills
+- `legion skill list`, `legion skill show`, `legion skill create`, `legion skill run` CLI subcommands
+
+## [1.4.30] - 2026-03-16
+
+### Added
+- `MCP::Auth`: token-based MCP authentication (JWT + API key)
+- `MCP::ToolGovernance`: risk-tier-aware tool filtering and invocation audit
+- `MCP.server_for(token:)` builds identity-scoped MCP server instances
+- HTTP transport auth: Bearer token validation with 401 response on failure
+- MCP settings: `mcp.auth.enabled`, `mcp.auth.allowed_api_keys`, `mcp.governance.enabled`, `mcp.governance.tool_risk_tiers`
+
+## [1.4.29] - 2026-03-16
+
+### Added
+- `legion init`: one-command workspace setup with environment detection
+- `InitHelpers::EnvironmentDetector`: checks for RabbitMQ, database, Vault, Redis, git, existing config
+- `InitHelpers::ConfigGenerator`: ERB template-based config generation, `.legion/` workspace scaffolding
+- `--local` flag for zero-dependency development mode
+- `--force` flag to overwrite existing config files
+
+## [1.4.28] - 2026-03-16
+
+### Added
+- `Legion::Telemetry` module: opt-in OpenTelemetry tracing with `with_span` wrapper
+- `setup_telemetry` in Service: initializes OTel SDK with OTLP exporter when `telemetry.enabled: true`
+- `sanitize_attributes` helper for safe OTel attribute conversion
+- `record_exception` helper for span error recording
+
+## [1.4.27] - 2026-03-16
+
+### Added
+- `legion update` CLI command: updates all Legion gems (`legionio`, `legion-*`, `lex-*`) using the current Ruby's gem binary
+- `--dry-run` flag to check available updates without installing
+- `--json` flag for machine-readable output
+- Updates install into the running Ruby's GEM_HOME (safe for Homebrew bundled installs)
+
+## [1.4.26] - 2026-03-16
+
+### Added
+- `Legion::Metrics` module: opt-in Prometheus metrics via `prometheus-client` gem
+- `GET /metrics` endpoint returning Prometheus text-format output
+- 9 metrics: uptime, active_workers, tasks_total, tasks_per_second, error_rate, consent_violations, llm_requests, llm_tokens
+- Event-driven counters + pull-based gauge refresh on scrape
+- `/metrics` added to Auth middleware SKIP_PATHS
+- Wired into Service startup and shutdown
+
+## [1.4.25] - 2026-03-16
+
+### Added
+- `Legion::Chat::NotificationQueue`: thread-safe priority queue for background notifications
+- `Legion::Chat::NotificationBridge`: event-driven bridge matching Legion events to chat notifications
+- Chat REPL displays pending notifications before each prompt (critical in red, info in yellow)
+- Configurable notification patterns via `chat.notifications.patterns` setting
+
+## [1.4.24] - 2026-03-16
+
+### Added
+- `Legion::Audit.recent_for` — query audit records by principal and time window
+- `Legion::Audit.count_for` — count audit records by principal and time window
+- `Legion::Audit.failure_count_for` / `success_count_for` — convenience wrappers
+- `Legion::Audit.resources_for` — distinct resources invoked by a principal
+- `Legion::Audit.recent` — most recent N records with optional filters
+- All query methods return safe defaults (`[]` or `0`) when legion-data is unavailable
+
+## [1.4.23] - 2026-03-16
+
+### Added
+- `Middleware::BodyLimit`: request body size limit (1MB max, returns 413)
+- `API::Validators` helper module: `validate_required!`, `validate_string_length!`, `validate_enum!`, `validate_uuid!`, `validate_integer!`
+- Ingress payload validation: 512KB size limit, runner_class/function format checks
+
+### Security
+- Ingress validates runner_class format before `Kernel.const_get` to prevent arbitrary constant resolution
+- Ingress validates function format before `.send` to prevent method injection
+
+## [1.4.22] - 2026-03-16
+
+### Added
+- `Legion::Alerts`: configurable alerting rules engine with event pattern matching
+- `Alerts::Engine`: count-based conditions, cooldown deduplication, multi-channel dispatch
+- 4 default rules: consent_violation, extinction_trigger, error_spike, budget_exceeded
+- Channel dispatch: events (via `Legion::Events`), log (via `Legion::Logging`), webhook
+- Settings: `alerts.enabled`, `alerts.rules`
+- Wired into `Service` startup (opt-in via `alerts.enabled: true`)
+
+## [1.4.21] - 2026-03-16
+
+### Added
+- `Middleware::ApiVersion`: rewrites `/api/v1/` paths to `/api/` for future versioned API support
+- Deprecation headers (`Deprecation`, `Sunset`, `Link`) on unversioned `/api/` paths
+- `X-API-Version` request header set for versioned paths
+- Skip paths: `/api/health`, `/api/ready`, `/api/openapi.json`, `/metrics`
+
+## [1.4.20] - 2026-03-16
+
+### Added
+- `Middleware::RateLimit`: sliding-window rate limiting with per-IP, per-agent, per-tenant tiers
+- In-memory store (default) with lazy reap; distributed store via `Legion::Cache` when available
+- Standard headers: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`, `Retry-After` (429 only)
+- Skip paths: `/api/health`, `/api/ready`, `/api/metrics`, `/api/openapi.json`
+
+## [1.4.19] - 2026-03-16
+
+### Added
+- Local development mode: `LEGION_LOCAL=true` env var or `local_mode: true` in settings
+- Auto-configures in-memory transport, mock Vault, and dev settings
+
+## [1.4.18] - 2026-03-16
+
+### Added
+- `legion config scaffold` auto-detects environment variables and enables providers
+- Detects: AWS_BEARER_TOKEN_BEDROCK, ANTHROPIC_API_KEY, OPENAI_API_KEY, GEMINI_API_KEY, VAULT_TOKEN, RABBITMQ_USER/PASSWORD
+- Detects running Ollama on localhost:11434
+- First detected LLM provider becomes the default; credentials use `env://` references
+- JSON output includes `detected` array for automation
+
+## [1.4.17] - 2026-03-16
+
+### Added
+- `Legion::Audit` publisher module for immutable audit logging via AMQP
+- Audit hook in `Runner.run` records every runner execution (event_type, duration, status)
+- Audit hook in `DigitalWorker::Lifecycle.transition!` records state transitions
+- `GET /api/audit` endpoint with filters (event_type, principal_id, source, status, since, until)
+- `GET /api/audit/verify` endpoint for hash chain integrity verification
+- `legion audit list` and `legion audit verify` CLI commands
+- Silent degradation: audit never interferes with normal operation (triple guard + rescue)
+
+## [1.4.16] - 2026-03-16
+
+### Added
+- `legion worker create NAME` CLI command: provisions digital worker in bootstrap state with DB record + optional Vault secret storage
+
+## [1.4.15] - 2026-03-16
+
+### Added
+- RAI invariant #2: Ingress.run calls Registry.validate_execution! when worker_id is present
+- Unregistered or inactive workers are blocked with structured error (no exception propagation)
+- Registration check fires before RBAC authorization (registration precedes permission)
+
 ## [1.4.14] - 2026-03-16
 
 ### Added
 - Optional RBAC integration via legion-rbac gem (`if defined?(Legion::Rbac)` guards)
+- `GET /api/workers/:id/health` endpoint returns worker health status with node metrics
+- `health_status` query filter on `GET /api/workers`
+- Thread-safe local worker tracking in `DigitalWorker::Registry` for heartbeat reporting
+- `Legion::DigitalWorker.active_local_ids` delegate method
 - `setup_rbac` lifecycle hook in Service (after setup_data)
 - `authorize_execution!` guard in Ingress for task execution
 - Rack middleware registration in API when legion-rbac loaded

data/CLAUDE.md

@@ -9,7 +9,7 @@ The primary gem for the LegionIO framework. An extensible async job engine for s
 
 **GitHub**: https://github.com/LegionIO/LegionIO
 **Gem**: `legionio`
-**Version**: 1.4.13
+**Version**: 1.4.36
 **License**: Apache-2.0
 **Docker**: `legionio/legion`
 **Ruby**: >= 3.4
@@ -274,6 +274,7 @@ legion
   worker
     list [-s status] [-t risk_tier]
     show <id>
+    create <name> --entra_app_id ID --owner_msid EMAIL --extension NAME [--team T] [--client_secret S]
     pause <id>
     activate <id>
     retire <id>
@@ -468,10 +469,22 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
 | `lib/legion/api/token.rb` | Token: JWT token issuance endpoint |
 | `lib/legion/api/openapi.rb` | OpenAPI: `Legion::API::OpenAPI.spec` / `.to_json`; also served at `GET /api/openapi.json` |
 | `lib/legion/api/oauth.rb` | OAuth: `GET /api/oauth/microsoft_teams/callback` — receives delegated OAuth redirect and stores tokens |
+| `lib/legion/audit.rb` | Audit logging: AMQP publish + query layer (recent_for, count_for, resources_for, recent) backed by AuditLog model |
+| `lib/legion/alerts.rb` | Configurable alerting rules engine: pattern matching, count conditions, cooldown dedup |
+| `lib/legion/telemetry.rb` | Opt-in OpenTelemetry tracing: `with_span` wrapper, `sanitize_attributes`, `record_exception` |
+| `lib/legion/metrics.rb` | Opt-in Prometheus metrics: event-driven counters, pull-based gauges, `prometheus-client` guarded |
+| `lib/legion/api/metrics.rb` | `GET /metrics` Prometheus text-format endpoint with gauge refresh |
+| `lib/legion/chat/notification_queue.rb` | Thread-safe priority queue for background notifications (critical/info/debug) |
+| `lib/legion/chat/notification_bridge.rb` | Event-driven bridge: matches Legion events to chat notifications via fnmatch patterns |
 | `lib/legion/api/middleware/auth.rb` | Auth: JWT Bearer auth middleware (real token validation, skip paths for health/ready) |
+| `lib/legion/api/middleware/api_version.rb` | ApiVersion: rewrites `/api/v1/` to `/api/`, adds Deprecation/Sunset headers on unversioned paths |
+| `lib/legion/api/middleware/body_limit.rb` | BodyLimit: request body size limit (1MB max, returns 413) |
+| `lib/legion/api/middleware/rate_limit.rb` | RateLimit: sliding-window rate limiting with per-IP/agent/tenant tiers |
 | **MCP** | |
-| `lib/legion/mcp.rb` | Entry point: `Legion::MCP.server` singleton factory |
-| `lib/legion/mcp/server.rb` | MCP::Server builder, TOOL_CLASSES array, instructions |
+| `lib/legion/mcp.rb` | Entry point: `Legion::MCP.server` singleton factory, `server_for(token:)` |
+| `lib/legion/mcp/auth.rb` | MCP authentication: JWT + API key verification |
+| `lib/legion/mcp/tool_governance.rb` | Risk-tier tool filtering and invocation audit |
+| `lib/legion/mcp/server.rb` | MCP::Server builder, TOOL_CLASSES array, governance-aware build |
 | `lib/legion/digital_worker.rb` | DigitalWorker module entry point |
 | `lib/legion/digital_worker/lifecycle.rb` | Worker state machine |
 | `lib/legion/digital_worker/registry.rb` | In-process worker registry |
@@ -495,7 +508,7 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
 | `lib/legion/cli/config_scaffold.rb` | `legion config scaffold` — generates starter JSON config files per subsystem |
 | `lib/legion/cli/generate_command.rb` | `legion generate` subcommands (runner, actor, exchange, queue, message) |
 | `lib/legion/cli/mcp_command.rb` | `legion mcp` subcommand (stdio + HTTP transports) |
-| `lib/legion/cli/worker_command.rb` | `legion worker` subcommands (list, show, pause, retire, terminate, activate, costs) |
+| `lib/legion/cli/worker_command.rb` | `legion worker` subcommands (list, show, create, pause, retire, terminate, activate, costs) |
 | `lib/legion/cli/coldstart_command.rb` | `legion coldstart` subcommands (ingest, preview, status) |
 | `lib/legion/cli/chat_command.rb` | `legion chat` — interactive AI REPL + headless prompt mode |
 | `lib/legion/cli/chat/session.rb` | Chat session: multi-turn conversation, streaming, tool use |
@@ -553,6 +566,8 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
 | `API::Routes::Relationships` | Fully implemented (backed by legion-data migration 013) |
 | `API::Routes::Chains` | 501 stub - no data model |
 | `API::Middleware::Auth` | JWT Bearer auth middleware — real token validation and API key (`X-API-Key` header) auth both implemented |
+| `MCP::Auth` | JWT + API key authentication for MCP server (HTTP transport) |
+| `MCP::ToolGovernance` | Risk-tier tool filtering + audit — disabled by default, opt-in via settings |
 | `legion-data` chains/relationships models | Not yet implemented |
 
 ## Rubocop Notes
@@ -566,7 +581,7 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
 
 ```bash
 bundle install
-bundle exec rspec       # 880 examples, 0 failures
+bundle exec rspec       # 1088 examples, 0 failures
 bundle exec rubocop     # 0 offenses
 ```
 

data/README.md

@@ -176,6 +176,7 @@ AI-as-labor with governance, risk tiers, and cost tracking:
 ```bash
 legion worker list                  # list workers
 legion worker show <id>             # worker detail
+legion worker create <name>         # register new worker (bootstrap state)
 legion worker pause <id>            # pause / activate / retire
 legion worker costs --days 30       # cost report
 ```
@@ -205,9 +206,11 @@ legion schedule list
 ```bash
 legion config show              # resolved config (redacted)
 legion config validate          # verify settings + subsystem health
-legion config scaffold          # generate starter config files
+legion config scaffold          # generate starter config files (auto-detects env vars)
 ```
 
+`config scaffold` auto-detects environment variables (`ANTHROPIC_API_KEY`, `AWS_BEARER_TOKEN_BEDROCK`, `OPENAI_API_KEY`, `GEMINI_API_KEY`, `VAULT_TOKEN`, `RABBITMQ_USER`/`PASSWORD`) and a running Ollama instance, enabling providers and setting `env://` references automatically.
+
 Settings load from the first directory found: `/etc/legionio/` → `~/legionio/` → `./settings/`
 
 ### Diagnostics
@@ -220,6 +223,15 @@ legion doctor --json            # machine-readable output
 
 Checks Ruby version, bundle status, config files, RabbitMQ, database, cache, Vault, extensions, PID files, and permissions. Exits 1 if any check fails.
 
+### Updating
+
+```bash
+legion update                   # update all legion gems in-place
+legion update --dry-run         # check what's available without installing
+```
+
+Uses the same Ruby that `legion` is running from — safe for Homebrew installs (updates go into the bundled gem directory, not your system Ruby).
+
 All commands support `--json` for structured output and `--no-color` to strip ANSI codes.
 
 ## REST API

data/lib/legion/alerts.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module Legion
+  module Alerts
+    AlertRule = Struct.new(:name, :event_pattern, :condition, :severity, :channels, :cooldown_seconds)
+
+    DEFAULT_RULES = [
+      { name: 'consent_violation', event_pattern: 'governance.consent_violation', severity: 'critical',
+        channels: %w[events log], cooldown_seconds: 300 },
+      { name: 'extinction_trigger', event_pattern: 'extinction.*', severity: 'critical',
+        channels: %w[events log], cooldown_seconds: 0 },
+      { name: 'error_spike', event_pattern: 'runner.failure',
+        condition: { count_threshold: 10, window_seconds: 60 }, severity: 'warning',
+        channels: %w[events log], cooldown_seconds: 300 },
+      { name: 'budget_exceeded', event_pattern: 'finops.budget_exceeded', severity: 'warning',
+        channels: %w[events log], cooldown_seconds: 3600 }
+    ].freeze
+
+    class Engine
+      attr_reader :rules
+
+      def initialize(rules: [])
+        @rules = rules.map { |r| r.is_a?(AlertRule) ? r : AlertRule.new(**r.transform_keys(&:to_sym)) }
+        @counters = {}
+        @last_fired = {}
+      end
+
+      def evaluate(event_name, payload = {})
+        fired = []
+        @rules.each do |rule|
+          next unless event_matches?(event_name, rule.event_pattern)
+          next unless condition_met?(rule, event_name)
+          next if in_cooldown?(rule)
+
+          fire_alert(rule, event_name, payload)
+          fired << rule.name
+        end
+        fired
+      end
+
+      private
+
+      def event_matches?(name, pattern)
+        File.fnmatch?(pattern, name)
+      end
+
+      def condition_met?(rule, event_name)
+        cond = rule.condition
+        return true unless cond.is_a?(Hash)
+
+        key = "#{rule.name}:#{event_name}"
+        @counters[key] ||= { count: 0, window_start: Time.now }
+
+        window = cond[:window_seconds] || 60
+        @counters[key] = { count: 0, window_start: Time.now } if Time.now - @counters[key][:window_start] > window
+
+        @counters[key][:count] += 1
+        @counters[key][:count] >= (cond[:count_threshold] || 1)
+      end
+
+      def in_cooldown?(rule)
+        last = @last_fired[rule.name]
+        return false unless last
+
+        Time.now - last < (rule.cooldown_seconds || 0)
+      end
+
+      def fire_alert(rule, event_name, payload)
+        @last_fired[rule.name] = Time.now
+        alert = { rule: rule.name, event: event_name, severity: rule.severity,
+                  payload: payload, fired_at: Time.now.utc }
+
+        (rule.channels || []).each do |channel|
+          case channel.to_sym
+          when :events
+            Legion::Events.emit('alert.fired', alert) if defined?(Legion::Events)
+          when :log
+            Legion::Logging.warn "[alert] #{rule.name}: #{event_name} (#{rule.severity})" if defined?(Legion::Logging)
+          when :webhook
+            Legion::Webhooks.dispatch('alert.fired', alert) if defined?(Legion::Webhooks)
+          end
+        end
+      end
+    end
+
+    class << self
+      def setup
+        rules = load_rules
+        @engine = Engine.new(rules: rules)
+        register_listener
+        Legion::Logging.debug "Alerts: #{rules.size} rules loaded" if defined?(Legion::Logging)
+      end
+
+      attr_reader :engine
+
+      def reset!
+        @engine = nil
+      end
+
+      private
+
+      def load_rules
+        custom = begin
+          Legion::Settings[:alerts][:rules]
+        rescue StandardError
+          nil
+        end
+        custom && !custom.empty? ? custom : DEFAULT_RULES
+      end
+
+      def register_listener
+        return unless defined?(Legion::Events)
+
+        Legion::Events.on('*') do |event_name, **payload|
+          @engine&.evaluate(event_name, payload)
+        end
+      end
+    end
+  end
+end

data/lib/legion/api/audit.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module Audit
+        def self.registered(app)
+          app.get '/api/audit' do
+            require_data!
+            dataset = Legion::Data::Model::AuditLog.order(Sequel.desc(:id))
+            dataset = dataset.where(event_type: params[:event_type])     if params[:event_type]
+            dataset = dataset.where(principal_id: params[:principal_id]) if params[:principal_id]
+            dataset = dataset.where(source: params[:source])             if params[:source]
+            dataset = dataset.where(status: params[:status])             if params[:status]
+            dataset = dataset.where { created_at >= Time.parse(params[:since]) } if params[:since]
+            dataset = dataset.where { created_at <= Time.parse(params[:until]) } if params[:until]
+            json_collection(dataset)
+          end
+
+          app.get '/api/audit/verify' do
+            require_data!
+            halt 503, json_error('unavailable', 'lex-audit is not loaded', status_code: 503) unless defined?(Legion::Extensions::Audit::Runners::Audit)
+
+            runner = Object.new.extend(Legion::Extensions::Audit::Runners::Audit)
+            result = runner.verify
+            json_response(result)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/api/auth.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module Auth
+        def self.registered(app)
+          register_token_exchange(app)
+        end
+
+        def self.register_token_exchange(app) # rubocop:disable Metrics/MethodLength
+          app.post '/api/auth/token' do
+            body = parse_request_body
+            grant_type = body[:grant_type]
+            subject_token = body[:subject_token]
+
+            unless grant_type == 'urn:ietf:params:oauth:grant-type:token-exchange'
+              halt 400, json_error('unsupported_grant_type', 'expected urn:ietf:params:oauth:grant-type:token-exchange',
+                                   status_code: 400)
+            end
+
+            halt 400, json_error('missing_subject_token', 'subject_token is required', status_code: 400) unless subject_token
+
+            unless defined?(Legion::Crypt::JWT) && Legion::Crypt::JWT.respond_to?(:verify_with_jwks)
+              halt 501, json_error('jwks_validation_not_available', 'legion-crypt JWKS support not loaded',
+                                   status_code: 501)
+            end
+
+            rbac_settings = (Legion::Settings[:rbac].is_a?(Hash) && Legion::Settings[:rbac][:entra]) || {}
+            tenant_id = rbac_settings[:tenant_id]
+            halt 500, json_error('entra_tenant_not_configured', 'rbac.entra.tenant_id not set', status_code: 500) unless tenant_id
+
+            jwks_url = "https://login.microsoftonline.com/#{tenant_id}/discovery/v2.0/keys"
+            issuer = "https://login.microsoftonline.com/#{tenant_id}/v2.0"
+
+            begin
+              entra_claims = Legion::Crypt::JWT.verify_with_jwks(
+                subject_token, jwks_url: jwks_url, issuers: [issuer]
+              )
+            rescue Legion::Crypt::JWT::ExpiredTokenError
+              halt 401, json_error('token_expired', 'Entra token has expired', status_code: 401)
+            rescue Legion::Crypt::JWT::InvalidTokenError => e
+              halt 401, json_error('invalid_token', e.message, status_code: 401)
+            rescue Legion::Crypt::JWT::Error => e
+              halt 502, json_error('identity_provider_unavailable', e.message, status_code: 502)
+            end
+
+            unless defined?(Legion::Rbac::EntraClaimsMapper)
+              halt 501, json_error('claims_mapper_not_available', 'legion-rbac EntraClaimsMapper not loaded',
+                                   status_code: 501)
+            end
+
+            mapped = Legion::Rbac::EntraClaimsMapper.map_claims(
+              entra_claims,
+              role_map:     rbac_settings[:role_map] || Legion::Rbac::EntraClaimsMapper::DEFAULT_ROLE_MAP,
+              group_map:    rbac_settings[:group_map] || {},
+              default_role: rbac_settings[:default_role] || 'worker'
+            )
+
+            ttl = 28_800
+            token = Legion::API::Token.issue_human_token(
+              msid: mapped[:sub], name: mapped[:name],
+              roles: mapped[:roles], ttl: ttl
+            )
+
+            json_response({
+                            access_token: token,
+                            token_type:   'Bearer',
+                            expires_in:   ttl,
+                            roles:        mapped[:roles],
+                            team:         mapped[:team]
+                          })
+          end
+        end
+
+        class << self
+          private :register_token_exchange
+        end
+      end
+    end
+  end
+end

data/lib/legion/api/gaia.rb

@@ -12,6 +12,28 @@ module Legion
               json_response({ started: false }, status_code: 503)
             end
           end
+
+          app.post '/api/channels/teams/webhook' do
+            body = request.body.read
+            activity = Legion::JSON.load(body)
+
+            adapter = Routes::Gaia.teams_adapter
+            halt 503, json_response({ error: 'teams adapter not available' }, status_code: 503) unless adapter
+
+            input_frame = adapter.translate_inbound(activity)
+            Legion::Gaia.sensory_buffer&.push(input_frame) if defined?(Legion::Gaia)
+
+            json_response({ status: 'accepted', frame_id: input_frame&.id })
+          end
+        end
+
+        def self.teams_adapter
+          return nil unless defined?(Legion::Gaia) && Legion::Gaia.respond_to?(:channel_registry)
+          return nil unless Legion::Gaia.channel_registry
+
+          Legion::Gaia.channel_registry.adapter_for(:teams)
+        rescue StandardError
+          nil
         end
       end
     end

data/lib/legion/api/metrics.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module Metrics
+        def self.registered(app)
+          app.get '/metrics' do
+            unless defined?(Legion::Metrics) && Legion::Metrics.available?
+              content_type 'text/plain'
+              halt 404, 'prometheus-client gem not available'
+            end
+
+            Legion::Metrics.refresh_gauges
+            content_type 'text/plain; version=0.0.4; charset=utf-8'
+            Legion::Metrics.render
+          end
+        end
+      end
+    end
+  end
+end