legionio 1.4.86 → 1.4.87

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4776d93816eb13deabef22f7d9f64bb295eafc950a451f8654b2003ff3497d8
-  data.tar.gz: dcdb4ea6755f1af00d1f8a6576301d183c85fd8336b41cdf2b500bcbe967225b
+  metadata.gz: a9ecd48fa743747aea34dee8175be57e1280ca6f6b65b84687ec315506694263
+  data.tar.gz: 5301e5709b614c062d71ef04ef27fc582490dd7b7ce83e8f3fe4d6a3509801d2
 SHA512:
-  metadata.gz: a1df3d9b78226fca48cc9349d8ef9ecb6381aedc32316785bccd9e9faeb3c64bff5b2516ea5645bae6f129cd7367a6b8781e6c5f54ab11f0a016e4fb0e0447f7
-  data.tar.gz: 1ecfd8644f19a22492b611051c7a35ff2ba4af2930d10cdc731fde944d60e9bc458ab776cef02f665eb7e54a3e114bf8f86ce70f9cf807c04f88e0fe0384db07
+  metadata.gz: 2032e446fc6e104e56db67b9afb116b3587d56da1414bddc42e23c4f3562901825f36fad0fcf74014f48f3c3f0a6438de0ecc4cf0ca38601d3ef088baf534f7b
+  data.tar.gz: a609212ab03b9ff708f7f805f8d312c6b0e724d939bbdc52d5abde40127f525c1c2a47fed10ad2289010c2643a393c68ea9c6155ed2cda72b2f0f8f754bdb16b

data/.rubocop.yml

@@ -41,6 +41,7 @@ Metrics/BlockLength:
     - 'lib/legion/api/auth_human.rb'
     - 'lib/legion/cli/auth_command.rb'
     - 'lib/legion/cli/detect_command.rb'
+    - 'lib/legion/api/acp.rb'
 
 Metrics/AbcSize:
   Max: 60

data/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Legion Changelog
 
+## [1.4.87] - 2026-03-20
+
+### Added
+- OpenInference OTel span instrumentation (Ingress TOOL spans, Subscription CHAIN spans)
+- SafetyMetrics sliding window module with 4 default alert rules
+- Fingerprint mixin for actor skip-if-unchanged optimization
+
 ## [1.4.86] - 2026-03-20
 
 ### Added
@@ -44,6 +51,10 @@
 ## [1.4.81] - 2026-03-20
 
 ### Added
+- Fingerprint mixin for actor skip-if-unchanged optimization (`Legion::Extensions::Actors::Fingerprint`)
+- SHA256-based `skip_or_run` gate: skips execution when `fingerprint_source` is stable
+- Fingerprint integrated into `Every` and `Poll` actors via `include Fingerprint`
+- Extracted `poll_cycle` method from Poll actor for clean separation of timer vs logic
 - `legion eval experiments` subcommand: list all experiment runs with status and summary
 - `legion eval promote --experiment NAME --tag TAG` subcommand: tag a prompt version for production via lex-prompt
 - `legion eval compare --run1 NAME --run2 NAME` subcommand: side-by-side diff of two experiment runs
@@ -52,6 +63,12 @@
 ## [1.4.80] - 2026-03-20
 
 ### Added
+- OpenInference OTel span helpers (LLM, EMBEDDING, TOOL, CHAIN, EVALUATOR, AGENT)
+- SafetyMetrics sliding window module for behavioral monitoring
+- 4 safety alert rules (action burst, scope escalation spike, probe detected, confidence collapse)
+- OpenInference TOOL spans in Ingress.run
+- OpenInference CHAIN spans in Subscription actor dispatch
+- SafetyMetrics wired into service boot sequence
 - `legion eval run` CLI subcommand for CI/CD threshold-based eval gating
 - `--dataset`, `--threshold`, `--evaluator`, `--exit-code` options on `eval run`
 - JSON report output to stdout with per-row scores, summary, and timestamp

data/lib/legion/alerts.rb

@@ -13,7 +13,18 @@ module Legion
         condition: { count_threshold: 10, window_seconds: 60 }, severity: 'warning',
         channels: %w[events log], cooldown_seconds: 300 },
       { name: 'budget_exceeded', event_pattern: 'finops.budget_exceeded', severity: 'warning',
-        channels: %w[events log], cooldown_seconds: 3600 }
+        channels: %w[events log], cooldown_seconds: 3600 },
+      { name: 'safety_action_burst', event_pattern: 'ingress.received',
+        condition: { count_threshold: 100, window_seconds: 60 }, severity: 'warning',
+        channels: %w[events log], cooldown_seconds: 300 },
+      { name: 'safety_scope_escalation_spike', event_pattern: 'rbac.deny',
+        condition: { count_threshold: 5, window_seconds: 300 }, severity: 'critical',
+        channels: %w[events log], cooldown_seconds: 300 },
+      { name: 'safety_probe_detected', event_pattern: 'privatecore.probe_detected', severity: 'critical',
+        channels: %w[events log], cooldown_seconds: 0 },
+      { name: 'safety_confidence_collapse', event_pattern: 'synapse.confidence_update',
+        condition: { count_threshold: 3, window_seconds: 300 }, severity: 'warning',
+        channels: %w[events log], cooldown_seconds: 300 }
     ].freeze
 
     class Engine

data/lib/legion/api/acp.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module Acp
+        def self.registered(app)
+          app.get '/.well-known/agent.json' do
+            card = build_agent_card
+            content_type :json
+            Legion::JSON.dump(card)
+          end
+
+          app.post '/api/acp/tasks' do
+            body = parse_request_body
+            payload = (body[:input] || {}).transform_keys(&:to_sym)
+
+            result = Legion::Ingress.run(
+              payload:      payload,
+              runner_class: body[:runner_class],
+              function:     body[:function],
+              source:       'acp'
+            )
+
+            json_response({ task_id: result[:task_id], status: 'queued' }, status_code: 202)
+          end
+
+          app.get '/api/acp/tasks/:id' do
+            task = find_task(params[:id])
+            halt 404, json_error(404, 'Task not found') unless task
+
+            json_response({
+                            task_id:      task[:id],
+                            status:       translate_status(task[:status]),
+                            output:       { data: task[:result] },
+                            created_at:   task[:created_at]&.to_s,
+                            completed_at: task[:completed_at]&.to_s
+                          })
+          end
+
+          app.delete '/api/acp/tasks/:id' do
+            halt 501, json_error(501, 'Task cancellation not implemented')
+          end
+        end
+      end
+    end
+
+    helpers do
+      def build_agent_card
+        name = begin
+          Legion::Settings[:client][:name]
+        rescue StandardError
+          'legion'
+        end
+        port = begin
+          settings.port || 4567
+        rescue StandardError
+          4567
+        end
+        {
+          name:               name,
+          description:        'LegionIO digital worker',
+          url:                "http://#{request.host}:#{port}/api/acp",
+          version:            '2.0',
+          protocol:           'acp/1.0',
+          capabilities:       discover_capabilities,
+          authentication:     { schemes: ['bearer'] },
+          defaultInputModes:  ['text/plain', 'application/json'],
+          defaultOutputModes: ['text/plain', 'application/json']
+        }
+      end
+
+      def discover_capabilities
+        if defined?(Legion::Extensions::Mesh::Helpers::Registry)
+          Legion::Extensions::Mesh::Helpers::Registry.new.capabilities.keys.map(&:to_s)
+        else
+          []
+        end
+      rescue StandardError
+        []
+      end
+
+      def find_task(id)
+        return nil unless defined?(Legion::Data)
+
+        Legion::Data::Model::Task[id.to_i]&.values
+      rescue StandardError
+        nil
+      end
+
+      def translate_status(status)
+        case status&.to_s
+        when /completed/ then 'completed'
+        when /exception|failed/ then 'failed'
+        when /queued|scheduled/ then 'queued'
+        else 'in_progress'
+        end
+      end
+    end
+  end
+end

data/lib/legion/api.rb

@@ -37,6 +37,7 @@ require_relative 'api/catalog'
 require_relative 'api/org_chart'
 require_relative 'api/workflow'
 require_relative 'api/governance'
+require_relative 'api/acp'
 
 module Legion
   class API < Sinatra::Base
@@ -118,6 +119,7 @@ module Legion
     register Routes::ExtensionCatalog
     register Routes::OrgChart
     register Routes::Governance
+    register Routes::Acp
 
     use Legion::Rbac::Middleware if defined?(Legion::Rbac::Middleware)
 

data/lib/legion/extensions/actors/every.rb

@@ -1,16 +1,18 @@
 # frozen_string_literal: true
 
 require_relative 'base'
+require_relative 'fingerprint'
 
 module Legion
   module Extensions
     module Actors
       class Every
         include Legion::Extensions::Actors::Base
+        include Legion::Extensions::Actors::Fingerprint
 
         def initialize(**_opts)
           @timer = Concurrent::TimerTask.new(execution_interval: time, run_now: run_now?) do
-            use_runner? ? runner : manual
+            skip_or_run { use_runner? ? runner : manual }
           end
 
           @timer.execute

data/lib/legion/extensions/actors/fingerprint.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module Legion
+  module Extensions
+    module Actors
+      module Fingerprint
+        def skip_if_unchanged?
+          false
+        end
+
+        def fingerprint_source
+          bucket = respond_to?(:time) ? time.to_i : 60
+          bucket = 1 if bucket < 1
+          (Time.now.utc.to_i / bucket).to_s
+        end
+
+        def compute_fingerprint
+          Digest::SHA256.hexdigest(fingerprint_source.to_s)
+        end
+
+        def unchanged?
+          return false if @last_fingerprint.nil?
+
+          compute_fingerprint == @last_fingerprint
+        end
+
+        def store_fingerprint!
+          @last_fingerprint = compute_fingerprint
+        end
+
+        def skip_or_run
+          if skip_if_unchanged? && unchanged?
+            Legion::Logging.debug "#{self.class} skipped: fingerprint unchanged (#{@last_fingerprint[0, 8]}...)"
+            return
+          end
+
+          yield
+          store_fingerprint!
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/actors/poll.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'base'
+require_relative 'fingerprint'
 require 'time'
 
 module Legion
@@ -8,38 +9,13 @@ module Legion
     module Actors
       class Poll
         include Legion::Extensions::Actors::Base
+        include Legion::Extensions::Actors::Fingerprint
 
-        def initialize # rubocop:disable Metrics/AbcSize
+        def initialize
           log.debug "Starting timer for #{self.class} with #{{ execution_interval: time, run_now: run_now?,
 check_subtask: check_subtask? }}"
           @timer = Concurrent::TimerTask.new(execution_interval: time, run_now: run_now?) do
-            t1 = Time.now
-            log.debug "Running #{self.class}"
-            old_result = Legion::Cache.get(cache_name)
-            log.debug "Cached value for #{self.class}: #{old_result}"
-            results = Legion::JSON.load(Legion::JSON.dump(manual))
-            Legion::Cache.set(cache_name, results, time * 2)
-
-            unless old_result.nil?
-              results[:diff] = Hashdiff.diff(results, old_result, numeric_tolerance: 0.0, array_path: false) do |_path, obj1, obj2|
-                if int_percentage_normalize.positive? && obj1.is_a?(Integer) && obj2.is_a?(Integer)
-                  obj1.between?(obj2 * (1 - int_percentage_normalize), obj2 * (1 + int_percentage_normalize))
-                end
-              end
-              results[:changed] = results[:diff].any?
-
-              Legion::Logging.info results[:diff] if results[:changed]
-              Legion::Transport::Messages::CheckSubtask.new(runner_class: runner_class.to_s,
-                                                            function:     runner_function,
-                                                            result:       results,
-                                                            type:         'poll_result',
-                                                            polling:      true).publish
-            end
-
-            sleep_time = 1 - (Time.now - t1)
-            sleep(sleep_time) if sleep_time.positive?
-            log.debug("#{self.class} result: #{results}")
-            results
+            skip_or_run { poll_cycle }
           rescue StandardError => e
             Legion::Logging.fatal e.message
             Legion::Logging.fatal e.backtrace
@@ -50,6 +26,39 @@ check_subtask: check_subtask? }}"
           Legion::Logging.error e.backtrace
         end
 
+        def poll_cycle
+          t1 = Time.now
+          log.debug "Running #{self.class}"
+          old_result = Legion::Cache.get(cache_name)
+          log.debug "Cached value for #{self.class}: #{old_result}"
+          results = Legion::JSON.load(Legion::JSON.dump(manual))
+          Legion::Cache.set(cache_name, results, time * 2)
+
+          unless old_result.nil?
+            results[:diff] = Hashdiff.diff(results, old_result, numeric_tolerance: 0.0, array_path: false) do |_path, obj1, obj2|
+              if int_percentage_normalize.positive? && obj1.is_a?(Integer) && obj2.is_a?(Integer)
+                obj1.between?(obj2 * (1 - int_percentage_normalize), obj2 * (1 + int_percentage_normalize))
+              end
+            end
+            results[:changed] = results[:diff].any?
+
+            Legion::Logging.info results[:diff] if results[:changed]
+            Legion::Transport::Messages::CheckSubtask.new(runner_class: runner_class.to_s,
+                                                          function:     runner_function,
+                                                          result:       results,
+                                                          type:         'poll_result',
+                                                          polling:      true).publish
+          end
+
+          sleep_time = 1 - (Time.now - t1)
+          sleep(sleep_time) if sleep_time.positive?
+          log.debug("#{self.class} result: #{results}")
+          results
+        rescue StandardError => e
+          Legion::Logging.fatal e.message
+          Legion::Logging.fatal e.backtrace
+        end
+
         def cache_name
           "#{lex_name}_#{runner_name}"
         end

data/lib/legion/extensions/actors/subscription.rb

@@ -111,14 +111,11 @@ module Legion
             delivery_info = rmq_message.first
 
             message = process_message(payload, metadata, delivery_info)
+            fn = find_function(message)
             if use_runner?
-              Legion::Runner.run(**message,
-                                 runner_class:  runner_class,
-                                 function:      find_function(message),
-                                 check_subtask: check_subtask?,
-                                 generate_task: generate_task?)
+              dispatch_runner(message, runner_class, fn, check_subtask?, generate_task?)
             else
-              runner_class.send(find_function(message), **message)
+              runner_class.send(fn, **message)
             end
             @queue.acknowledge(delivery_info.delivery_tag) if manual_ack
 
@@ -131,6 +128,24 @@ module Legion
             @queue.reject(delivery_info.delivery_tag) if manual_ack
           end
         end
+
+        private
+
+        def dispatch_runner(message, runner_cls, function, check_subtask, generate_task)
+          run_block = lambda {
+            Legion::Runner.run(**message,
+                               runner_class:  runner_cls,
+                               function:      function,
+                               check_subtask: check_subtask,
+                               generate_task: generate_task)
+          }
+
+          if defined?(Legion::Telemetry::OpenInference)
+            Legion::Telemetry::OpenInference.chain_span(type: 'task_chain') { |_span| run_block.call }
+          else
+            run_block.call
+          end
+        end
       end
     end
   end

data/lib/legion/ingress.rb

@@ -73,13 +73,21 @@ module Legion
 
         Legion::Events.emit('ingress.received', runner_class: rc.to_s, function: fn, source: source)
 
-        Legion::Runner.run(
-          runner_class:  rc,
-          function:      fn,
-          check_subtask: check_subtask,
-          generate_task: generate_task,
-          **message
-        )
+        runner_block = lambda {
+          Legion::Runner.run(
+            runner_class:  rc,
+            function:      fn,
+            check_subtask: check_subtask,
+            generate_task: generate_task,
+            **message
+          )
+        }
+
+        if defined?(Legion::Telemetry::OpenInference)
+          Legion::Telemetry::OpenInference.tool_span(name: "#{rc}.#{fn}", parameters: message) { |_span| runner_block.call }
+        else
+          runner_block.call
+        end
       rescue PayloadTooLarge => e
         { success: false, status: 'task.blocked', error: { code: 'payload_too_large', message: e.message } }
       rescue InvalidRunnerClass => e

data/lib/legion/service.rb

@@ -11,7 +11,7 @@ module Legion
       base.freeze
     end
 
-    def initialize(transport: true, cache: true, data: true, supervision: true, extensions: true, # rubocop:disable Metrics/ParameterLists
+    def initialize(transport: true, cache: true, data: true, supervision: true, extensions: true, # rubocop:disable Metrics/ParameterLists,Metrics/MethodLength
                    crypt: true, api: true, llm: true, gaia: true, log_level: 'info', http_port: nil)
       setup_logging(log_level: log_level)
       Legion::Logging.debug('Starting Legion::Service')
@@ -58,6 +58,7 @@ module Legion
       end
 
       setup_telemetry
+      setup_safety_metrics
       setup_supervision if supervision
 
       if extensions
@@ -286,6 +287,15 @@ module Legion
       Legion::Logging.warn "OpenTelemetry setup failed: #{e.message}"
     end
 
+    def setup_safety_metrics
+      require_relative 'telemetry/safety_metrics'
+      Legion::Telemetry::SafetyMetrics.start
+    rescue LoadError
+      nil
+    rescue StandardError => e
+      Legion::Logging.debug "[safety_metrics] setup skipped: #{e.message}" if defined?(Legion::Logging)
+    end
+
     def setup_supervision
       require 'legion/supervision'
       @supervision = Legion::Supervision.setup

data/lib/legion/telemetry/open_inference.rb

@@ -0,0 +1,177 @@
+# frozen_string_literal: true
+
+module Legion
+  module Telemetry
+    module OpenInference
+      DEFAULT_TRUNCATE = 4096
+
+      module_function
+
+      def open_inference_enabled?
+        return false unless Legion::Telemetry.enabled?
+
+        settings = begin
+          Legion::Settings.dig(:telemetry, :open_inference)
+        rescue StandardError
+          {}
+        end
+        settings.is_a?(Hash) ? settings.fetch(:enabled, true) : true
+      rescue StandardError
+        false
+      end
+
+      def include_io?
+        settings = begin
+          Legion::Settings.dig(:telemetry, :open_inference)
+        rescue StandardError
+          {}
+        end
+        settings.is_a?(Hash) ? settings.fetch(:include_input_output, true) : true
+      rescue StandardError
+        true
+      end
+
+      def truncate_limit
+        settings = begin
+          Legion::Settings.dig(:telemetry, :open_inference)
+        rescue StandardError
+          {}
+        end
+        settings.is_a?(Hash) ? settings.fetch(:truncate_values_at, DEFAULT_TRUNCATE) : DEFAULT_TRUNCATE
+      rescue StandardError
+        DEFAULT_TRUNCATE
+      end
+
+      def llm_span(model:, provider: nil, invocation_params: {}, input: nil)
+        unless open_inference_enabled?
+          return yield(nil) if block_given?
+
+          return
+        end
+
+        attrs = base_attrs('LLM').merge('llm.model_name' => model)
+        attrs['llm.provider'] = provider if provider
+        attrs['llm.invocation_parameters'] = invocation_params.to_json unless invocation_params.empty?
+        attrs['input.value'] = truncate_value(input.to_s) if input && include_io?
+
+        Legion::Telemetry.with_span("llm.#{model}", kind: :client, attributes: attrs) do |span|
+          result = yield(span)
+          annotate_llm_result(span, result) if span
+          result
+        end
+      end
+
+      def embedding_span(model:, dimensions: nil, &)
+        unless open_inference_enabled?
+          return yield(nil) if block_given?
+
+          return
+        end
+
+        attrs = base_attrs('EMBEDDING').merge('embedding.model_name' => model)
+        attrs['embedding.dimensions'] = dimensions if dimensions
+
+        Legion::Telemetry.with_span("embedding.#{model}", kind: :client, attributes: attrs, &)
+      end
+
+      def tool_span(name:, parameters: {})
+        unless open_inference_enabled?
+          return yield(nil) if block_given?
+
+          return
+        end
+
+        attrs = base_attrs('TOOL').merge('tool.name' => name)
+        attrs['tool.parameters'] = parameters.to_json unless parameters.empty?
+
+        Legion::Telemetry.with_span("tool.#{name}", kind: :internal, attributes: attrs) do |span|
+          result = yield(span)
+          annotate_output(span, result) if span && include_io?
+          result
+        end
+      end
+
+      def chain_span(type: 'task_chain', relationship_id: nil, &)
+        unless open_inference_enabled?
+          return yield(nil) if block_given?
+
+          return
+        end
+
+        attrs = base_attrs('CHAIN').merge('chain.type' => type)
+        attrs['chain.relationship_id'] = relationship_id if relationship_id
+
+        Legion::Telemetry.with_span("chain.#{type}", kind: :internal, attributes: attrs, &)
+      end
+
+      def evaluator_span(template:)
+        unless open_inference_enabled?
+          return yield(nil) if block_given?
+
+          return
+        end
+
+        attrs = base_attrs('EVALUATOR').merge('eval.template' => template)
+
+        Legion::Telemetry.with_span("eval.#{template}", kind: :internal, attributes: attrs) do |span|
+          result = yield(span)
+          annotate_eval_result(span, result) if span && result.is_a?(Hash)
+          result
+        end
+      end
+
+      def agent_span(name:, mode: nil, phase_count: nil, budget_ms: nil, &)
+        unless open_inference_enabled?
+          return yield(nil) if block_given?
+
+          return
+        end
+
+        attrs = base_attrs('AGENT').merge('agent.name' => name)
+        attrs['agent.mode'] = mode.to_s if mode
+        attrs['agent.phase_count'] = phase_count if phase_count
+        attrs['agent.budget_ms'] = budget_ms if budget_ms
+
+        Legion::Telemetry.with_span("agent.#{name}", kind: :internal, attributes: attrs, &)
+      end
+
+      def truncate_value(str, max: nil)
+        limit = max || truncate_limit
+        str.length > limit ? str[0...limit] : str
+      end
+
+      def base_attrs(kind)
+        { 'openinference.span.kind' => kind }
+      end
+
+      def annotate_llm_result(span, result)
+        return unless span.respond_to?(:set_attribute) && result.is_a?(Hash)
+
+        span.set_attribute('llm.token_count.prompt', result[:input_tokens]) if result[:input_tokens]
+        span.set_attribute('llm.token_count.completion', result[:output_tokens]) if result[:output_tokens]
+        span.set_attribute('output.value', truncate_value(result[:content].to_s)) if include_io? && result[:content]
+      rescue StandardError
+        nil
+      end
+
+      def annotate_output(span, result)
+        return unless span.respond_to?(:set_attribute)
+
+        val = result.is_a?(Hash) ? result.to_json : result.to_s
+        span.set_attribute('output.value', truncate_value(val))
+      rescue StandardError
+        nil
+      end
+
+      def annotate_eval_result(span, result)
+        return unless span.respond_to?(:set_attribute)
+
+        span.set_attribute('eval.score', result[:score]) if result[:score]
+        span.set_attribute('eval.passed', result[:passed]) unless result[:passed].nil?
+        span.set_attribute('eval.explanation', result[:explanation]) if result[:explanation]
+      rescue StandardError
+        nil
+      end
+    end
+  end
+end

data/lib/legion/telemetry/safety_metrics.rb

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+
+module Legion
+  module Telemetry
+    class SlidingWindow
+      def initialize(window_seconds)
+        @window = window_seconds
+        @entries = []
+        @mutex = Mutex.new
+      end
+
+      def push(**entry)
+        @mutex.synchronize do
+          @entries << entry.merge(at: Time.now)
+          prune!
+        end
+      end
+
+      def count
+        @mutex.synchronize do
+          prune!
+          @entries.size
+        end
+      end
+
+      def count_for(**filters)
+        @mutex.synchronize do
+          prune!
+          @entries.count { |e| filters.all? { |k, v| e[k] == v } }
+        end
+      end
+
+      def entries_matching(**filters)
+        @mutex.synchronize do
+          prune!
+          @entries.select { |e| filters.all? { |k, v| e[k] == v } }
+        end
+      end
+
+      private
+
+      def prune!
+        cutoff = Time.now - @window
+        @entries.reject! { |e| e[:at] < cutoff }
+      end
+    end
+
+    module SafetyMetrics
+      WINDOWS = {
+        actions:    60,
+        failures:   300,
+        successes:  300,
+        confidence: 300
+      }.freeze
+
+      module_function
+
+      def start
+        return unless safety_enabled?
+
+        init_windows
+        register_prometheus_metrics
+        subscribe_events
+      end
+
+      def init_windows
+        @windows = WINDOWS.transform_values { |secs| SlidingWindow.new(secs) }
+      end
+
+      def subscribe_events
+        return unless defined?(Legion::Events)
+
+        Legion::Events.on('ingress.received') { |e| record_action(**e) }
+        Legion::Events.on('runner.failure')               { |e| record_failure(**e) }
+        Legion::Events.on('runner.success')               { |e| record_success(**e) }
+        Legion::Events.on('rbac.deny')                    { |e| record_escalation(**e) }
+        Legion::Events.on('governance.consent_violation') { |e| record_governance(**e) }
+        Legion::Events.on('privatecore.probe_detected')   { |e| record_probe(**e) }
+        Legion::Events.on('synapse.confidence_update')    { |e| record_confidence(**e) }
+      end
+
+      def record_action(agent_id: 'unknown', **)
+        @windows[:actions]&.push(agent: agent_id)
+      end
+
+      def record_failure(agent_id: 'unknown', **)
+        @windows[:failures]&.push(agent: agent_id, type: :failure)
+      end
+
+      def record_success(agent_id: 'unknown', **)
+        @windows[:successes]&.push(agent: agent_id, type: :success)
+      end
+
+      def record_escalation(agent_id: 'unknown', **) # rubocop:disable Lint/UnusedMethodArgument
+        @escalation_count = (@escalation_count || 0) + 1
+      end
+
+      def record_governance(**)
+        @governance_count = (@governance_count || 0) + 1
+      end
+
+      def record_probe(**)
+        @probe_count = (@probe_count || 0) + 1
+      end
+
+      def record_confidence(agent_id: 'unknown', delta: 0.0, **)
+        @windows[:confidence]&.push(agent: agent_id, delta: delta)
+      end
+
+      def actions_per_minute(agent_id)
+        @windows[:actions]&.count_for(agent: agent_id) || 0
+      end
+
+      def tool_failure_ratio(agent_id)
+        fails = @windows[:failures]&.count_for(agent: agent_id) || 0
+        successes = @windows[:successes]&.count_for(agent: agent_id) || 0
+        total = fails + successes
+        total.zero? ? 0.0 : fails.to_f / total
+      end
+
+      def confidence_drift(agent_id)
+        entries = @windows[:confidence]&.entries_matching(agent: agent_id) || []
+        return 0.0 if entries.empty?
+
+        entries.sum { |e| e[:delta] || 0.0 } / entries.size
+      end
+
+      def scope_escalation_total
+        @escalation_count || 0
+      end
+
+      def governance_override_total
+        @governance_count || 0
+      end
+
+      def probe_detection_total
+        @probe_count || 0
+      end
+
+      def safety_enabled?
+        Legion::Settings.dig(:telemetry, :safety, :enabled)
+      rescue StandardError
+        false
+      end
+
+      def register_prometheus_metrics
+        return unless defined?(Legion::Metrics) && Legion::Metrics.respond_to?(:register_gauge)
+
+        Legion::Metrics.register_gauge(:legion_safety_actions_per_minute,
+                                       'Runner invocations per agent per minute')
+        Legion::Metrics.register_gauge(:legion_safety_tool_failure_ratio,
+                                       'Tool failure percentage over 5m window')
+        Legion::Metrics.register_gauge(:legion_safety_confidence_drift,
+                                       'Rate of confidence decrease across synapses')
+        Legion::Metrics.register_counter(:legion_safety_scope_escalation_total,
+                                         'Denied access attempts')
+        Legion::Metrics.register_counter(:legion_safety_governance_override_total,
+                                         'Governance constraint violations')
+        Legion::Metrics.register_counter(:legion_safety_probe_detection_total,
+                                         'Detected prompt injection probes')
+      rescue StandardError
+        nil
+      end
+    end
+  end
+end

data/lib/legion/telemetry.rb

@@ -2,6 +2,9 @@
 
 module Legion
   module Telemetry
+    autoload :OpenInference, 'legion/telemetry/open_inference'
+    autoload :SafetyMetrics, 'legion/telemetry/safety_metrics'
+
     module_function
 
     def otel_available?

data/lib/legion/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Legion
-  VERSION = '1.4.86'
+  VERSION = '1.4.87'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legionio
 version: !ruby/object:Gem::Version
-  version: 1.4.86
+  version: 1.4.87
 platform: ruby
 authors:
 - Esity
@@ -353,6 +353,7 @@ files:
 - lib/legion.rb
 - lib/legion/alerts.rb
 - lib/legion/api.rb
+- lib/legion/api/acp.rb
 - lib/legion/api/audit.rb
 - lib/legion/api/auth.rb
 - lib/legion/api/auth_human.rb
@@ -549,6 +550,7 @@ files:
 - lib/legion/extensions/actors/base.rb
 - lib/legion/extensions/actors/defaults.rb
 - lib/legion/extensions/actors/every.rb
+- lib/legion/extensions/actors/fingerprint.rb
 - lib/legion/extensions/actors/loop.rb
 - lib/legion/extensions/actors/nothing.rb
 - lib/legion/extensions/actors/once.rb
@@ -596,6 +598,8 @@ files:
 - lib/legion/service.rb
 - lib/legion/supervision.rb
 - lib/legion/telemetry.rb
+- lib/legion/telemetry/open_inference.rb
+- lib/legion/telemetry/safety_metrics.rb
 - lib/legion/tenant_context.rb
 - lib/legion/tenants.rb
 - lib/legion/trace_search.rb