legionio 1.4.14 → 1.4.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -0
- data/CHANGELOG.md +132 -0
- data/CLAUDE.md +14 -3
- data/README.md +13 -1
- data/lib/legion/alerts.rb +120 -0
- data/lib/legion/api/audit.rb +32 -0
- data/lib/legion/api/metrics.rb +22 -0
- data/lib/legion/api/middleware/api_version.rb +42 -0
- data/lib/legion/api/middleware/auth.rb +1 -1
- data/lib/legion/api/middleware/body_limit.rb +31 -0
- data/lib/legion/api/middleware/rate_limit.rb +167 -0
- data/lib/legion/api/validators.rb +44 -0
- data/lib/legion/api/workers.rb +22 -1
- data/lib/legion/api.rb +8 -0
- data/lib/legion/audit.rb +89 -0
- data/lib/legion/chat/notification_bridge.rb +80 -0
- data/lib/legion/chat/notification_queue.rb +43 -0
- data/lib/legion/cli/audit_command.rb +66 -0
- data/lib/legion/cli/chat_command.rb +24 -0
- data/lib/legion/cli/config_scaffold.rb +90 -2
- data/lib/legion/cli/init/config_generator.rb +55 -0
- data/lib/legion/cli/init/environment_detector.rb +65 -0
- data/lib/legion/cli/init_command.rb +58 -0
- data/lib/legion/cli/templates/core.json.erb +14 -0
- data/lib/legion/cli/update_command.rb +134 -0
- data/lib/legion/cli/worker_command.rb +77 -0
- data/lib/legion/cli.rb +12 -0
- data/lib/legion/digital_worker/lifecycle.rb +17 -0
- data/lib/legion/digital_worker/registry.rb +12 -0
- data/lib/legion/digital_worker.rb +6 -0
- data/lib/legion/ingress.rb +40 -0
- data/lib/legion/metrics.rb +117 -0
- data/lib/legion/runner.rb +21 -1
- data/lib/legion/service.rb +75 -0
- data/lib/legion/telemetry.rb +65 -0
- data/lib/legion/version.rb +1 -1
- metadata +19 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b82509c414c56ab775cbaa5879a5312e9d3fd69226eadae308c52f5cba2bff25
|
|
4
|
+
data.tar.gz: c82590fb0283ee9db793c5b18751dbba8eb51c209351e2674a2ac542e875b718
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eff59d6453668b41bfa4047f77db11d02dc3fadacd59801d94fc1a7ec4af14598e30d817e0f075631b087a195e1715a68744a0e399fec728c0d426d8b3dc20e6
|
|
7
|
+
data.tar.gz: 10f935f6b10a6db5ef4df40e84a487b5fac01a10bc4789a3eca257aed77294a804309eccca224c70b5a3b082de5e0338408464a2dacb1fc353ef43fa54e128fd
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,9 +1,141 @@
|
|
|
1
1
|
# Legion Changelog
|
|
2
2
|
|
|
3
|
+
## [1.4.29] - 2026-03-16
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
- `legion init`: one-command workspace setup with environment detection
|
|
7
|
+
- `InitHelpers::EnvironmentDetector`: checks for RabbitMQ, database, Vault, Redis, git, existing config
|
|
8
|
+
- `InitHelpers::ConfigGenerator`: ERB template-based config generation, `.legion/` workspace scaffolding
|
|
9
|
+
- `--local` flag for zero-dependency development mode
|
|
10
|
+
- `--force` flag to overwrite existing config files
|
|
11
|
+
|
|
12
|
+
## [1.4.28] - 2026-03-16
|
|
13
|
+
|
|
14
|
+
### Added
|
|
15
|
+
- `Legion::Telemetry` module: opt-in OpenTelemetry tracing with `with_span` wrapper
|
|
16
|
+
- `setup_telemetry` in Service: initializes OTel SDK with OTLP exporter when `telemetry.enabled: true`
|
|
17
|
+
- `sanitize_attributes` helper for safe OTel attribute conversion
|
|
18
|
+
- `record_exception` helper for span error recording
|
|
19
|
+
|
|
20
|
+
## [1.4.27] - 2026-03-16
|
|
21
|
+
|
|
22
|
+
### Added
|
|
23
|
+
- `legion update` CLI command: updates all Legion gems (`legionio`, `legion-*`, `lex-*`) using the current Ruby's gem binary
|
|
24
|
+
- `--dry-run` flag to check available updates without installing
|
|
25
|
+
- `--json` flag for machine-readable output
|
|
26
|
+
- Updates install into the running Ruby's GEM_HOME (safe for Homebrew bundled installs)
|
|
27
|
+
|
|
28
|
+
## [1.4.26] - 2026-03-16
|
|
29
|
+
|
|
30
|
+
### Added
|
|
31
|
+
- `Legion::Metrics` module: opt-in Prometheus metrics via `prometheus-client` gem
|
|
32
|
+
- `GET /metrics` endpoint returning Prometheus text-format output
|
|
33
|
+
- 9 metrics: uptime, active_workers, tasks_total, tasks_per_second, error_rate, consent_violations, llm_requests, llm_tokens
|
|
34
|
+
- Event-driven counters + pull-based gauge refresh on scrape
|
|
35
|
+
- `/metrics` added to Auth middleware SKIP_PATHS
|
|
36
|
+
- Wired into Service startup and shutdown
|
|
37
|
+
|
|
38
|
+
## [1.4.25] - 2026-03-16
|
|
39
|
+
|
|
40
|
+
### Added
|
|
41
|
+
- `Legion::Chat::NotificationQueue`: thread-safe priority queue for background notifications
|
|
42
|
+
- `Legion::Chat::NotificationBridge`: event-driven bridge matching Legion events to chat notifications
|
|
43
|
+
- Chat REPL displays pending notifications before each prompt (critical in red, info in yellow)
|
|
44
|
+
- Configurable notification patterns via `chat.notifications.patterns` setting
|
|
45
|
+
|
|
46
|
+
## [1.4.24] - 2026-03-16
|
|
47
|
+
|
|
48
|
+
### Added
|
|
49
|
+
- `Legion::Audit.recent_for` — query audit records by principal and time window
|
|
50
|
+
- `Legion::Audit.count_for` — count audit records by principal and time window
|
|
51
|
+
- `Legion::Audit.failure_count_for` / `success_count_for` — convenience wrappers
|
|
52
|
+
- `Legion::Audit.resources_for` — distinct resources invoked by a principal
|
|
53
|
+
- `Legion::Audit.recent` — most recent N records with optional filters
|
|
54
|
+
- All query methods return safe defaults (`[]` or `0`) when legion-data is unavailable
|
|
55
|
+
|
|
56
|
+
## [1.4.23] - 2026-03-16
|
|
57
|
+
|
|
58
|
+
### Added
|
|
59
|
+
- `Middleware::BodyLimit`: request body size limit (1MB max, returns 413)
|
|
60
|
+
- `API::Validators` helper module: `validate_required!`, `validate_string_length!`, `validate_enum!`, `validate_uuid!`, `validate_integer!`
|
|
61
|
+
- Ingress payload validation: 512KB size limit, runner_class/function format checks
|
|
62
|
+
|
|
63
|
+
### Security
|
|
64
|
+
- Ingress validates runner_class format before `Kernel.const_get` to prevent arbitrary constant resolution
|
|
65
|
+
- Ingress validates function format before `.send` to prevent method injection
|
|
66
|
+
|
|
67
|
+
## [1.4.22] - 2026-03-16
|
|
68
|
+
|
|
69
|
+
### Added
|
|
70
|
+
- `Legion::Alerts`: configurable alerting rules engine with event pattern matching
|
|
71
|
+
- `Alerts::Engine`: count-based conditions, cooldown deduplication, multi-channel dispatch
|
|
72
|
+
- 4 default rules: consent_violation, extinction_trigger, error_spike, budget_exceeded
|
|
73
|
+
- Channel dispatch: events (via `Legion::Events`), log (via `Legion::Logging`), webhook
|
|
74
|
+
- Settings: `alerts.enabled`, `alerts.rules`
|
|
75
|
+
- Wired into `Service` startup (opt-in via `alerts.enabled: true`)
|
|
76
|
+
|
|
77
|
+
## [1.4.21] - 2026-03-16
|
|
78
|
+
|
|
79
|
+
### Added
|
|
80
|
+
- `Middleware::ApiVersion`: rewrites `/api/v1/` paths to `/api/` for future versioned API support
|
|
81
|
+
- Deprecation headers (`Deprecation`, `Sunset`, `Link`) on unversioned `/api/` paths
|
|
82
|
+
- `X-API-Version` request header set for versioned paths
|
|
83
|
+
- Skip paths: `/api/health`, `/api/ready`, `/api/openapi.json`, `/metrics`
|
|
84
|
+
|
|
85
|
+
## [1.4.20] - 2026-03-16
|
|
86
|
+
|
|
87
|
+
### Added
|
|
88
|
+
- `Middleware::RateLimit`: sliding-window rate limiting with per-IP, per-agent, per-tenant tiers
|
|
89
|
+
- In-memory store (default) with lazy reap; distributed store via `Legion::Cache` when available
|
|
90
|
+
- Standard headers: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`, `Retry-After` (429 only)
|
|
91
|
+
- Skip paths: `/api/health`, `/api/ready`, `/api/metrics`, `/api/openapi.json`
|
|
92
|
+
|
|
93
|
+
## [1.4.19] - 2026-03-16
|
|
94
|
+
|
|
95
|
+
### Added
|
|
96
|
+
- Local development mode: `LEGION_LOCAL=true` env var or `local_mode: true` in settings
|
|
97
|
+
- Auto-configures in-memory transport, mock Vault, and dev settings
|
|
98
|
+
|
|
99
|
+
## [1.4.18] - 2026-03-16
|
|
100
|
+
|
|
101
|
+
### Added
|
|
102
|
+
- `legion config scaffold` auto-detects environment variables and enables providers
|
|
103
|
+
- Detects: AWS_BEARER_TOKEN_BEDROCK, ANTHROPIC_API_KEY, OPENAI_API_KEY, GEMINI_API_KEY, VAULT_TOKEN, RABBITMQ_USER/PASSWORD
|
|
104
|
+
- Detects running Ollama on localhost:11434
|
|
105
|
+
- First detected LLM provider becomes the default; credentials use `env://` references
|
|
106
|
+
- JSON output includes `detected` array for automation
|
|
107
|
+
|
|
108
|
+
## [1.4.17] - 2026-03-16
|
|
109
|
+
|
|
110
|
+
### Added
|
|
111
|
+
- `Legion::Audit` publisher module for immutable audit logging via AMQP
|
|
112
|
+
- Audit hook in `Runner.run` records every runner execution (event_type, duration, status)
|
|
113
|
+
- Audit hook in `DigitalWorker::Lifecycle.transition!` records state transitions
|
|
114
|
+
- `GET /api/audit` endpoint with filters (event_type, principal_id, source, status, since, until)
|
|
115
|
+
- `GET /api/audit/verify` endpoint for hash chain integrity verification
|
|
116
|
+
- `legion audit list` and `legion audit verify` CLI commands
|
|
117
|
+
- Silent degradation: audit never interferes with normal operation (triple guard + rescue)
|
|
118
|
+
|
|
119
|
+
## [1.4.16] - 2026-03-16
|
|
120
|
+
|
|
121
|
+
### Added
|
|
122
|
+
- `legion worker create NAME` CLI command: provisions digital worker in bootstrap state with DB record + optional Vault secret storage
|
|
123
|
+
|
|
124
|
+
## [1.4.15] - 2026-03-16
|
|
125
|
+
|
|
126
|
+
### Added
|
|
127
|
+
- RAI invariant #2: Ingress.run calls Registry.validate_execution! when worker_id is present
|
|
128
|
+
- Unregistered or inactive workers are blocked with structured error (no exception propagation)
|
|
129
|
+
- Registration check fires before RBAC authorization (registration precedes permission)
|
|
130
|
+
|
|
3
131
|
## [1.4.14] - 2026-03-16
|
|
4
132
|
|
|
5
133
|
### Added
|
|
6
134
|
- Optional RBAC integration via legion-rbac gem (`if defined?(Legion::Rbac)` guards)
|
|
135
|
+
- `GET /api/workers/:id/health` endpoint returns worker health status with node metrics
|
|
136
|
+
- `health_status` query filter on `GET /api/workers`
|
|
137
|
+
- Thread-safe local worker tracking in `DigitalWorker::Registry` for heartbeat reporting
|
|
138
|
+
- `Legion::DigitalWorker.active_local_ids` delegate method
|
|
7
139
|
- `setup_rbac` lifecycle hook in Service (after setup_data)
|
|
8
140
|
- `authorize_execution!` guard in Ingress for task execution
|
|
9
141
|
- Rack middleware registration in API when legion-rbac loaded
|
data/CLAUDE.md
CHANGED
|
@@ -9,7 +9,7 @@ The primary gem for the LegionIO framework. An extensible async job engine for s
|
|
|
9
9
|
|
|
10
10
|
**GitHub**: https://github.com/LegionIO/LegionIO
|
|
11
11
|
**Gem**: `legionio`
|
|
12
|
-
**Version**: 1.4.
|
|
12
|
+
**Version**: 1.4.29
|
|
13
13
|
**License**: Apache-2.0
|
|
14
14
|
**Docker**: `legionio/legion`
|
|
15
15
|
**Ruby**: >= 3.4
|
|
@@ -274,6 +274,7 @@ legion
|
|
|
274
274
|
worker
|
|
275
275
|
list [-s status] [-t risk_tier]
|
|
276
276
|
show <id>
|
|
277
|
+
create <name> --entra_app_id ID --owner_msid EMAIL --extension NAME [--team T] [--client_secret S]
|
|
277
278
|
pause <id>
|
|
278
279
|
activate <id>
|
|
279
280
|
retire <id>
|
|
@@ -468,7 +469,17 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
|
|
|
468
469
|
| `lib/legion/api/token.rb` | Token: JWT token issuance endpoint |
|
|
469
470
|
| `lib/legion/api/openapi.rb` | OpenAPI: `Legion::API::OpenAPI.spec` / `.to_json`; also served at `GET /api/openapi.json` |
|
|
470
471
|
| `lib/legion/api/oauth.rb` | OAuth: `GET /api/oauth/microsoft_teams/callback` — receives delegated OAuth redirect and stores tokens |
|
|
472
|
+
| `lib/legion/audit.rb` | Audit logging: AMQP publish + query layer (recent_for, count_for, resources_for, recent) backed by AuditLog model |
|
|
473
|
+
| `lib/legion/alerts.rb` | Configurable alerting rules engine: pattern matching, count conditions, cooldown dedup |
|
|
474
|
+
| `lib/legion/telemetry.rb` | Opt-in OpenTelemetry tracing: `with_span` wrapper, `sanitize_attributes`, `record_exception` |
|
|
475
|
+
| `lib/legion/metrics.rb` | Opt-in Prometheus metrics: event-driven counters, pull-based gauges, `prometheus-client` guarded |
|
|
476
|
+
| `lib/legion/api/metrics.rb` | `GET /metrics` Prometheus text-format endpoint with gauge refresh |
|
|
477
|
+
| `lib/legion/chat/notification_queue.rb` | Thread-safe priority queue for background notifications (critical/info/debug) |
|
|
478
|
+
| `lib/legion/chat/notification_bridge.rb` | Event-driven bridge: matches Legion events to chat notifications via fnmatch patterns |
|
|
471
479
|
| `lib/legion/api/middleware/auth.rb` | Auth: JWT Bearer auth middleware (real token validation, skip paths for health/ready) |
|
|
480
|
+
| `lib/legion/api/middleware/api_version.rb` | ApiVersion: rewrites `/api/v1/` to `/api/`, adds Deprecation/Sunset headers on unversioned paths |
|
|
481
|
+
| `lib/legion/api/middleware/body_limit.rb` | BodyLimit: request body size limit (1MB max, returns 413) |
|
|
482
|
+
| `lib/legion/api/middleware/rate_limit.rb` | RateLimit: sliding-window rate limiting with per-IP/agent/tenant tiers |
|
|
472
483
|
| **MCP** | |
|
|
473
484
|
| `lib/legion/mcp.rb` | Entry point: `Legion::MCP.server` singleton factory |
|
|
474
485
|
| `lib/legion/mcp/server.rb` | MCP::Server builder, TOOL_CLASSES array, instructions |
|
|
@@ -495,7 +506,7 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
|
|
|
495
506
|
| `lib/legion/cli/config_scaffold.rb` | `legion config scaffold` — generates starter JSON config files per subsystem |
|
|
496
507
|
| `lib/legion/cli/generate_command.rb` | `legion generate` subcommands (runner, actor, exchange, queue, message) |
|
|
497
508
|
| `lib/legion/cli/mcp_command.rb` | `legion mcp` subcommand (stdio + HTTP transports) |
|
|
498
|
-
| `lib/legion/cli/worker_command.rb` | `legion worker` subcommands (list, show, pause, retire, terminate, activate, costs) |
|
|
509
|
+
| `lib/legion/cli/worker_command.rb` | `legion worker` subcommands (list, show, create, pause, retire, terminate, activate, costs) |
|
|
499
510
|
| `lib/legion/cli/coldstart_command.rb` | `legion coldstart` subcommands (ingest, preview, status) |
|
|
500
511
|
| `lib/legion/cli/chat_command.rb` | `legion chat` — interactive AI REPL + headless prompt mode |
|
|
501
512
|
| `lib/legion/cli/chat/session.rb` | Chat session: multi-turn conversation, streaming, tool use |
|
|
@@ -566,7 +577,7 @@ rack-test, rake, rspec, rubocop, rubocop-rspec, simplecov
|
|
|
566
577
|
|
|
567
578
|
```bash
|
|
568
579
|
bundle install
|
|
569
|
-
bundle exec rspec #
|
|
580
|
+
bundle exec rspec # 997 examples, 0 failures
|
|
570
581
|
bundle exec rubocop # 0 offenses
|
|
571
582
|
```
|
|
572
583
|
|
data/README.md
CHANGED
|
@@ -176,6 +176,7 @@ AI-as-labor with governance, risk tiers, and cost tracking:
|
|
|
176
176
|
```bash
|
|
177
177
|
legion worker list # list workers
|
|
178
178
|
legion worker show <id> # worker detail
|
|
179
|
+
legion worker create <name> # register new worker (bootstrap state)
|
|
179
180
|
legion worker pause <id> # pause / activate / retire
|
|
180
181
|
legion worker costs --days 30 # cost report
|
|
181
182
|
```
|
|
@@ -205,9 +206,11 @@ legion schedule list
|
|
|
205
206
|
```bash
|
|
206
207
|
legion config show # resolved config (redacted)
|
|
207
208
|
legion config validate # verify settings + subsystem health
|
|
208
|
-
legion config scaffold # generate starter config files
|
|
209
|
+
legion config scaffold # generate starter config files (auto-detects env vars)
|
|
209
210
|
```
|
|
210
211
|
|
|
212
|
+
`config scaffold` auto-detects environment variables (`ANTHROPIC_API_KEY`, `AWS_BEARER_TOKEN_BEDROCK`, `OPENAI_API_KEY`, `GEMINI_API_KEY`, `VAULT_TOKEN`, `RABBITMQ_USER`/`PASSWORD`) and a running Ollama instance, enabling providers and setting `env://` references automatically.
|
|
213
|
+
|
|
211
214
|
Settings load from the first directory found: `/etc/legionio/` → `~/legionio/` → `./settings/`
|
|
212
215
|
|
|
213
216
|
### Diagnostics
|
|
@@ -220,6 +223,15 @@ legion doctor --json # machine-readable output
|
|
|
220
223
|
|
|
221
224
|
Checks Ruby version, bundle status, config files, RabbitMQ, database, cache, Vault, extensions, PID files, and permissions. Exits 1 if any check fails.
|
|
222
225
|
|
|
226
|
+
### Updating
|
|
227
|
+
|
|
228
|
+
```bash
|
|
229
|
+
legion update # update all legion gems in-place
|
|
230
|
+
legion update --dry-run # check what's available without installing
|
|
231
|
+
```
|
|
232
|
+
|
|
233
|
+
Uses the same Ruby that `legion` is running from — safe for Homebrew installs (updates go into the bundled gem directory, not your system Ruby).
|
|
234
|
+
|
|
223
235
|
All commands support `--json` for structured output and `--no-color` to strip ANSI codes.
|
|
224
236
|
|
|
225
237
|
## REST API
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Legion
|
|
4
|
+
module Alerts
|
|
5
|
+
AlertRule = Struct.new(:name, :event_pattern, :condition, :severity, :channels, :cooldown_seconds)
|
|
6
|
+
|
|
7
|
+
DEFAULT_RULES = [
|
|
8
|
+
{ name: 'consent_violation', event_pattern: 'governance.consent_violation', severity: 'critical',
|
|
9
|
+
channels: %w[events log], cooldown_seconds: 300 },
|
|
10
|
+
{ name: 'extinction_trigger', event_pattern: 'extinction.*', severity: 'critical',
|
|
11
|
+
channels: %w[events log], cooldown_seconds: 0 },
|
|
12
|
+
{ name: 'error_spike', event_pattern: 'runner.failure',
|
|
13
|
+
condition: { count_threshold: 10, window_seconds: 60 }, severity: 'warning',
|
|
14
|
+
channels: %w[events log], cooldown_seconds: 300 },
|
|
15
|
+
{ name: 'budget_exceeded', event_pattern: 'finops.budget_exceeded', severity: 'warning',
|
|
16
|
+
channels: %w[events log], cooldown_seconds: 3600 }
|
|
17
|
+
].freeze
|
|
18
|
+
|
|
19
|
+
class Engine
|
|
20
|
+
attr_reader :rules
|
|
21
|
+
|
|
22
|
+
def initialize(rules: [])
|
|
23
|
+
@rules = rules.map { |r| r.is_a?(AlertRule) ? r : AlertRule.new(**r.transform_keys(&:to_sym)) }
|
|
24
|
+
@counters = {}
|
|
25
|
+
@last_fired = {}
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def evaluate(event_name, payload = {})
|
|
29
|
+
fired = []
|
|
30
|
+
@rules.each do |rule|
|
|
31
|
+
next unless event_matches?(event_name, rule.event_pattern)
|
|
32
|
+
next unless condition_met?(rule, event_name)
|
|
33
|
+
next if in_cooldown?(rule)
|
|
34
|
+
|
|
35
|
+
fire_alert(rule, event_name, payload)
|
|
36
|
+
fired << rule.name
|
|
37
|
+
end
|
|
38
|
+
fired
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
private
|
|
42
|
+
|
|
43
|
+
def event_matches?(name, pattern)
|
|
44
|
+
File.fnmatch?(pattern, name)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def condition_met?(rule, event_name)
|
|
48
|
+
cond = rule.condition
|
|
49
|
+
return true unless cond.is_a?(Hash)
|
|
50
|
+
|
|
51
|
+
key = "#{rule.name}:#{event_name}"
|
|
52
|
+
@counters[key] ||= { count: 0, window_start: Time.now }
|
|
53
|
+
|
|
54
|
+
window = cond[:window_seconds] || 60
|
|
55
|
+
@counters[key] = { count: 0, window_start: Time.now } if Time.now - @counters[key][:window_start] > window
|
|
56
|
+
|
|
57
|
+
@counters[key][:count] += 1
|
|
58
|
+
@counters[key][:count] >= (cond[:count_threshold] || 1)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def in_cooldown?(rule)
|
|
62
|
+
last = @last_fired[rule.name]
|
|
63
|
+
return false unless last
|
|
64
|
+
|
|
65
|
+
Time.now - last < (rule.cooldown_seconds || 0)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def fire_alert(rule, event_name, payload)
|
|
69
|
+
@last_fired[rule.name] = Time.now
|
|
70
|
+
alert = { rule: rule.name, event: event_name, severity: rule.severity,
|
|
71
|
+
payload: payload, fired_at: Time.now.utc }
|
|
72
|
+
|
|
73
|
+
(rule.channels || []).each do |channel|
|
|
74
|
+
case channel.to_sym
|
|
75
|
+
when :events
|
|
76
|
+
Legion::Events.emit('alert.fired', alert) if defined?(Legion::Events)
|
|
77
|
+
when :log
|
|
78
|
+
Legion::Logging.warn "[alert] #{rule.name}: #{event_name} (#{rule.severity})" if defined?(Legion::Logging)
|
|
79
|
+
when :webhook
|
|
80
|
+
Legion::Webhooks.dispatch('alert.fired', alert) if defined?(Legion::Webhooks)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
class << self
|
|
87
|
+
def setup
|
|
88
|
+
rules = load_rules
|
|
89
|
+
@engine = Engine.new(rules: rules)
|
|
90
|
+
register_listener
|
|
91
|
+
Legion::Logging.debug "Alerts: #{rules.size} rules loaded" if defined?(Legion::Logging)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
attr_reader :engine
|
|
95
|
+
|
|
96
|
+
def reset!
|
|
97
|
+
@engine = nil
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
private
|
|
101
|
+
|
|
102
|
+
def load_rules
|
|
103
|
+
custom = begin
|
|
104
|
+
Legion::Settings[:alerts][:rules]
|
|
105
|
+
rescue StandardError
|
|
106
|
+
nil
|
|
107
|
+
end
|
|
108
|
+
custom && !custom.empty? ? custom : DEFAULT_RULES
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
def register_listener
|
|
112
|
+
return unless defined?(Legion::Events)
|
|
113
|
+
|
|
114
|
+
Legion::Events.on('*') do |event_name, **payload|
|
|
115
|
+
@engine&.evaluate(event_name, payload)
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Legion
|
|
4
|
+
class API < Sinatra::Base
|
|
5
|
+
module Routes
|
|
6
|
+
module Audit
|
|
7
|
+
def self.registered(app)
|
|
8
|
+
app.get '/api/audit' do
|
|
9
|
+
require_data!
|
|
10
|
+
dataset = Legion::Data::Model::AuditLog.order(Sequel.desc(:id))
|
|
11
|
+
dataset = dataset.where(event_type: params[:event_type]) if params[:event_type]
|
|
12
|
+
dataset = dataset.where(principal_id: params[:principal_id]) if params[:principal_id]
|
|
13
|
+
dataset = dataset.where(source: params[:source]) if params[:source]
|
|
14
|
+
dataset = dataset.where(status: params[:status]) if params[:status]
|
|
15
|
+
dataset = dataset.where { created_at >= Time.parse(params[:since]) } if params[:since]
|
|
16
|
+
dataset = dataset.where { created_at <= Time.parse(params[:until]) } if params[:until]
|
|
17
|
+
json_collection(dataset)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
app.get '/api/audit/verify' do
|
|
21
|
+
require_data!
|
|
22
|
+
halt 503, json_error('unavailable', 'lex-audit is not loaded', status_code: 503) unless defined?(Legion::Extensions::Audit::Runners::Audit)
|
|
23
|
+
|
|
24
|
+
runner = Object.new.extend(Legion::Extensions::Audit::Runners::Audit)
|
|
25
|
+
result = runner.verify
|
|
26
|
+
json_response(result)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Legion
|
|
4
|
+
class API < Sinatra::Base
|
|
5
|
+
module Routes
|
|
6
|
+
module Metrics
|
|
7
|
+
def self.registered(app)
|
|
8
|
+
app.get '/metrics' do
|
|
9
|
+
unless defined?(Legion::Metrics) && Legion::Metrics.available?
|
|
10
|
+
content_type 'text/plain'
|
|
11
|
+
halt 404, 'prometheus-client gem not available'
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
Legion::Metrics.refresh_gauges
|
|
15
|
+
content_type 'text/plain; version=0.0.4; charset=utf-8'
|
|
16
|
+
Legion::Metrics.render
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'sinatra/base'
|
|
4
|
+
|
|
5
|
+
module Legion
|
|
6
|
+
class API < Sinatra::Base
|
|
7
|
+
module Middleware
|
|
8
|
+
class ApiVersion
|
|
9
|
+
SKIP_PATHS = %w[/api/health /api/ready /api/openapi.json /metrics].freeze
|
|
10
|
+
|
|
11
|
+
def initialize(app)
|
|
12
|
+
@app = app
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def call(env)
|
|
16
|
+
path = env['PATH_INFO']
|
|
17
|
+
|
|
18
|
+
if path.start_with?('/api/v1/')
|
|
19
|
+
env['PATH_INFO'] = path.sub('/api/v1/', '/api/')
|
|
20
|
+
env['HTTP_X_API_VERSION'] = '1'
|
|
21
|
+
@app.call(env)
|
|
22
|
+
elsif path.start_with?('/api/') && !skip_path?(path)
|
|
23
|
+
status, headers, body = @app.call(env)
|
|
24
|
+
headers['Deprecation'] = 'true'
|
|
25
|
+
headers['Sunset'] = (Time.now + (180 * 86_400)).httpdate
|
|
26
|
+
successor = path.sub('/api/', '/api/v1/')
|
|
27
|
+
headers['Link'] = "<#{successor}>; rel=\"successor-version\""
|
|
28
|
+
[status, headers, body]
|
|
29
|
+
else
|
|
30
|
+
@app.call(env)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
|
|
36
|
+
def skip_path?(path)
|
|
37
|
+
SKIP_PATHS.any? { |skip| path.start_with?(skip) }
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -4,7 +4,7 @@ module Legion
|
|
|
4
4
|
class API < Sinatra::Base
|
|
5
5
|
module Middleware
|
|
6
6
|
class Auth
|
|
7
|
-
SKIP_PATHS = %w[/api/health /api/ready /api/openapi.json].freeze
|
|
7
|
+
SKIP_PATHS = %w[/api/health /api/ready /api/openapi.json /metrics].freeze
|
|
8
8
|
AUTH_HEADER = 'HTTP_AUTHORIZATION'
|
|
9
9
|
BEARER_PATTERN = /\ABearer\s+(.+)\z/i
|
|
10
10
|
API_KEY_HEADER = 'HTTP_X_API_KEY'
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'sinatra/base'
|
|
4
|
+
|
|
5
|
+
module Legion
|
|
6
|
+
class API < Sinatra::Base
|
|
7
|
+
module Middleware
|
|
8
|
+
class BodyLimit
|
|
9
|
+
MAX_BODY_SIZE = 1_048_576 # 1MB
|
|
10
|
+
|
|
11
|
+
def initialize(app, max_size: MAX_BODY_SIZE)
|
|
12
|
+
@app = app
|
|
13
|
+
@max_size = max_size
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def call(env)
|
|
17
|
+
content_length = env['CONTENT_LENGTH'].to_i
|
|
18
|
+
if content_length > @max_size
|
|
19
|
+
body = Legion::JSON.dump({
|
|
20
|
+
error: { code: 'payload_too_large',
|
|
21
|
+
message: "request body exceeds #{@max_size} bytes" },
|
|
22
|
+
meta: { timestamp: Time.now.utc.iso8601 }
|
|
23
|
+
})
|
|
24
|
+
return [413, { 'content-type' => 'application/json' }, [body]]
|
|
25
|
+
end
|
|
26
|
+
@app.call(env)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,167 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'sinatra/base'
|
|
4
|
+
require 'concurrent-ruby'
|
|
5
|
+
|
|
6
|
+
module Legion
|
|
7
|
+
class API < Sinatra::Base
|
|
8
|
+
module Middleware
|
|
9
|
+
class RateLimit
|
|
10
|
+
SKIP_PATHS = %w[/api/health /api/ready /api/metrics /api/openapi.json].freeze
|
|
11
|
+
WINDOW_SIZE = 60
|
|
12
|
+
|
|
13
|
+
class MemoryStore
|
|
14
|
+
def initialize
|
|
15
|
+
@counters = Concurrent::Hash.new
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def increment(key, window)
|
|
19
|
+
composite = "#{key}:#{window}"
|
|
20
|
+
@counters[composite] = (@counters[composite] || 0) + 1
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def count(key, window)
|
|
24
|
+
@counters["#{key}:#{window}"] || 0
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def reap!
|
|
28
|
+
cutoff = (Time.now.to_i / WINDOW_SIZE * WINDOW_SIZE) - (WINDOW_SIZE * 2)
|
|
29
|
+
@counters.each_key do |k|
|
|
30
|
+
window = k.split(':').last.to_i
|
|
31
|
+
@counters.delete(k) if window < cutoff
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
class CacheStore
|
|
37
|
+
def increment(key, window)
|
|
38
|
+
cache_key = "legion:ratelimit:#{key}:#{window}"
|
|
39
|
+
current = Legion::Cache.get(cache_key).to_i
|
|
40
|
+
Legion::Cache.set(cache_key, current + 1, ttl: 120)
|
|
41
|
+
current + 1
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def count(key, window)
|
|
45
|
+
Legion::Cache.get("legion:ratelimit:#{key}:#{window}").to_i
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def reap!; end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def initialize(app, **opts)
|
|
52
|
+
@app = app
|
|
53
|
+
@enabled = opts.fetch(:enabled, true)
|
|
54
|
+
@limits = {
|
|
55
|
+
per_ip: opts.fetch(:per_ip, 60),
|
|
56
|
+
per_agent: opts.fetch(:per_agent, 300),
|
|
57
|
+
per_tenant: opts.fetch(:per_tenant, 3000)
|
|
58
|
+
}
|
|
59
|
+
@store = select_store
|
|
60
|
+
@reap_counter = 0
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def call(env)
|
|
64
|
+
return @app.call(env) unless @enabled
|
|
65
|
+
return @app.call(env) if skip_path?(env['PATH_INFO'])
|
|
66
|
+
|
|
67
|
+
result = check_limits(env)
|
|
68
|
+
if result[:limited]
|
|
69
|
+
rate_limit_response(result)
|
|
70
|
+
else
|
|
71
|
+
status, headers, body = @app.call(env)
|
|
72
|
+
[status, headers.merge(rate_limit_headers(result)), body]
|
|
73
|
+
end
|
|
74
|
+
rescue StandardError
|
|
75
|
+
@app.call(env)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
private
|
|
79
|
+
|
|
80
|
+
def select_store
|
|
81
|
+
if defined?(Legion::Cache) && Legion::Cache.respond_to?(:connected?) && Legion::Cache.connected?
|
|
82
|
+
CacheStore.new
|
|
83
|
+
else
|
|
84
|
+
MemoryStore.new
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def skip_path?(path)
|
|
89
|
+
SKIP_PATHS.any? { |p| path.start_with?(p) }
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def current_window
|
|
93
|
+
Time.now.to_i / WINDOW_SIZE * WINDOW_SIZE
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def check_limits(env)
|
|
97
|
+
window = current_window
|
|
98
|
+
reset_at = window + WINDOW_SIZE
|
|
99
|
+
most_restrictive = { limited: false, limit: 0, remaining: 0, reset: reset_at }
|
|
100
|
+
|
|
101
|
+
ip = env['REMOTE_ADDR'] || 'unknown'
|
|
102
|
+
ip_count = @store.increment("ip:#{ip}", window)
|
|
103
|
+
update_most_restrictive(most_restrictive, ip_count, @limits[:per_ip], reset_at)
|
|
104
|
+
|
|
105
|
+
worker_id = env['legion.worker_id']
|
|
106
|
+
if worker_id
|
|
107
|
+
agent_count = @store.increment("agent:#{worker_id}", window)
|
|
108
|
+
update_most_restrictive(most_restrictive, agent_count, @limits[:per_agent], reset_at)
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
owner_msid = env['legion.owner_msid']
|
|
112
|
+
if owner_msid
|
|
113
|
+
tenant_count = @store.increment("tenant:#{owner_msid}", window)
|
|
114
|
+
update_most_restrictive(most_restrictive, tenant_count, @limits[:per_tenant], reset_at)
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
lazy_reap!
|
|
118
|
+
most_restrictive
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
def update_most_restrictive(result, count, limit, reset_at)
|
|
122
|
+
remaining = [limit - count, 0].max
|
|
123
|
+
if count > limit
|
|
124
|
+
result[:limited] = true
|
|
125
|
+
result[:limit] = limit
|
|
126
|
+
result[:remaining] = 0
|
|
127
|
+
result[:reset] = reset_at
|
|
128
|
+
elsif result[:limit].zero? || remaining < result[:remaining]
|
|
129
|
+
result[:limit] = limit
|
|
130
|
+
result[:remaining] = remaining
|
|
131
|
+
result[:reset] = reset_at
|
|
132
|
+
end
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
def lazy_reap!
|
|
136
|
+
@reap_counter += 1
|
|
137
|
+
return unless @reap_counter >= 100
|
|
138
|
+
|
|
139
|
+
@reap_counter = 0
|
|
140
|
+
@store.reap!
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
def rate_limit_headers(result)
|
|
144
|
+
{
|
|
145
|
+
'X-RateLimit-Limit' => result[:limit].to_s,
|
|
146
|
+
'X-RateLimit-Remaining' => result[:remaining].to_s,
|
|
147
|
+
'X-RateLimit-Reset' => result[:reset].to_s
|
|
148
|
+
}
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
def rate_limit_response(result)
|
|
152
|
+
retry_after = [result[:reset] - Time.now.to_i, 1].max
|
|
153
|
+
body = Legion::JSON.dump({
|
|
154
|
+
error: { code: 'rate_limit_exceeded',
|
|
155
|
+
message: "Rate limit exceeded. Try again after #{retry_after} seconds." },
|
|
156
|
+
meta: { timestamp: Time.now.utc.iso8601 }
|
|
157
|
+
})
|
|
158
|
+
headers = rate_limit_headers(result).merge(
|
|
159
|
+
'content-type' => 'application/json',
|
|
160
|
+
'Retry-After' => retry_after.to_s
|
|
161
|
+
)
|
|
162
|
+
[429, headers, [body]]
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
end
|
|
167
|
+
end
|