legionio 1.6.24 → 1.6.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02c65a88cb7cdf1a90b60cc3fe150983d9f3aa7b465344ab63a2e9128327b943
-  data.tar.gz: ff0aa83e8b72dc3452b0d11f08006ddd3cee4d831f99213da2bb65f153f17963
+  metadata.gz: 8fcd30078f57fd92474d887714ed4ba5a49ed262c50dd9bcde5301e682299d21
+  data.tar.gz: 6bee493acba0acc9199fe9c53cb3f844b64498012e7123cf9b8a4cd46bbf0bbe
 SHA512:
-  metadata.gz: 7b6b41d1f383380ef4c7d6a01b6ca4bc6eb595afc7a3674544d25afb6d88a6fae37f1fefd94542a1bc801e40d18c966b3de8832fea5b6c08c410125a7e08f45f
-  data.tar.gz: 6dc2552ec0839432ab21c3664973c78b9ae9c392749758fb8422a35637c5cf9c7c3bf3219594d7b5c82e474e0e6cbe2e286f059de4429aabee660bbe94d058bb
+  metadata.gz: 2e96c7c7dc687503efb94dda27a1e57aad86b3f05cb6844ab12b603bc20b4c22a155755e2578ed4cca576b9bfd3b3c102b0fc2ce558d5a7ea283dc12f16e02f2
+  data.tar.gz: ef81be962e9a9228945babcab90e1222e1efa85b3a94b4ceff38d52f02048538ef4471cb03ca3d3fa2e52bb8b3bc391dce0773e57559fdd7f950940cc6ee157b

data/CHANGELOG.md

@@ -2,6 +2,20 @@
 
 ## [Unreleased]
 
+## [1.6.25] - 2026-03-28
+
+### Added
+- `Legion::Extensions::Absorbers::Dispatch`: module-function dispatch pipeline — `dispatch(input, context:)`, depth limiting, cycle detection via ancestor_chain, `dispatch_children`, `extract_urls`, thread-safe `@dispatched` registry
+- `Legion::Extensions::Absorbers::PatternMatcher`: URL/file pattern registry — `register(absorber_class)`, `resolve(input)`, priority-ordered matching, `reset!`
+- `Legion::Extensions::Absorbers::Transport`: v3.0 AMQP topology — `publish_absorb_request`, `build_message`, `lex_name_from_absorber_class`, `absorber_name_from_class`; exchanges named `lex.{lex_name}`, routing keys `lex.{lex_name}.absorbers.{name}.absorb`
+- `Legion::Extensions::Absorbers::Base`: updated with `TokenRevocationError`, `TokenUnavailableError`, and `with_token(provider:, &block)` helper for OAuth-gated absorbers
+- `Legion::Extensions::Absorbers::Matchers::File`: file-path pattern matcher using `File.fnmatch`
+- `Legion::Auth::OauthCallback`: ephemeral TCP server for OAuth redirect callback — `wait_for_callback`, `parse_callback`; per-port lifecycle
+- `Legion::Auth::TokenManager`: `TokenExpiredError`, `mark_revoked!`, `revoked?` for token lifecycle and revocation detection
+- `Legion::CLI::ConnectCommand`: `legion connect microsoft`, `legion connect github`, `legion connect status`, `legion connect disconnect` — browser OAuth flow entry points registered as `legion connect` subcommand
+- Chat URL detection: `Session#check_for_absorbable_urls` auto-dispatches matched URLs after each user message
+- `spec/integration/absorber_pipeline_spec.rb`: 12-example end-to-end integration spec covering PatternMatcher resolution, Dispatch routing, transport suppression in lite mode, absorber → Apollo.ingest pipeline, depth/cycle guards
+
 ## [1.6.24] - 2026-03-28
 
 ### Added

data/lib/legion/auth/oauth_callback.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'socket'
+require 'timeout'
+require 'uri'
+
+module Legion
+  module Auth
+    class OauthCallback
+      DEFAULT_TIMEOUT = 120
+      LOCALHOST       = '127.0.0.1'
+
+      attr_reader :port, :redirect_uri
+
+      def initialize(timeout: DEFAULT_TIMEOUT)
+        @timeout  = timeout
+        @server   = TCPServer.new(LOCALHOST, 0)
+        @port     = @server.addr[1]
+        @redirect_uri = "http://#{LOCALHOST}:#{@port}/callback"
+      end
+
+      def wait_for_callback
+        Timeout.timeout(@timeout) do
+          client = @server.accept
+          request_line = client.gets
+          parse_callback(request_line, client)
+        end
+      ensure
+        @server.close rescue nil # rubocop:disable Style/RescueModifier
+      end
+
+      def close
+        @server.close rescue nil # rubocop:disable Style/RescueModifier
+      end
+
+      private
+
+      def parse_callback(request_line, client)
+        send_response(client)
+        return {} unless request_line&.start_with?('GET')
+
+        path = request_line.split[1] || ''
+        query_string = path.split('?', 2)[1] || ''
+        params = URI.decode_www_form(query_string).to_h
+        params.transform_keys(&:to_sym)
+      end
+
+      def send_response(client)
+        body = '<html><body><h1>Authorization complete.</h1><p>You may close this window.</p></body></html>'
+        client.puts 'HTTP/1.1 200 OK'
+        client.puts 'Content-Type: text/html'
+        client.puts "Content-Length: #{body.bytesize}"
+        client.puts 'Connection: close'
+        client.puts
+        client.puts body
+      rescue Errno::ECONNRESET, Errno::EPIPE, IOError
+        nil
+      ensure
+        client.close rescue nil # rubocop:disable Style/RescueModifier
+      end
+    end
+  end
+end

data/lib/legion/auth/token_manager.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require 'time'
+
+module Legion
+  module Auth
+    class TokenManager
+      class TokenExpiredError < StandardError
+      end
+
+      def initialize(provider:)
+        @provider = provider
+      end
+
+      def token_valid?
+        access_token = secret[:"#{@provider}_access_token"]
+        return false unless access_token
+
+        expires_at_str = secret[:"#{@provider}_token_expires_at"]
+        return false unless expires_at_str
+
+        expires_at = Time.parse(expires_at_str)
+        ttl = secret[:"#{@provider}_token_ttl"]
+
+        expires_at > if ttl
+                       Time.now + (ttl * 0.25)
+                     else
+                       Time.now + 300
+                     end
+      end
+
+      def store_tokens(access_token:, expires_in:, refresh_token: nil, scope: nil)
+        secret[:"#{@provider}_access_token"]     = access_token
+        secret[:"#{@provider}_refresh_token"]    = refresh_token if refresh_token
+        secret[:"#{@provider}_token_ttl"]        = expires_in
+        secret[:"#{@provider}_token_scope"]      = scope if scope
+        secret[:"#{@provider}_token_expires_at"] = (Time.now + expires_in).iso8601
+      end
+
+      def ensure_valid_token
+        return secret[:"#{@provider}_access_token"] if token_valid?
+
+        refresh_access_token
+      end
+
+      def revoked?
+        secret[:"#{@provider}_token_revoked"] == true
+      end
+
+      def mark_revoked!
+        secret[:"#{@provider}_token_revoked"] = true
+      end
+
+      private
+
+      def secret
+        @secret ||= begin
+          if defined?(Legion::Extensions::Helpers::SecretAccessor)
+            Legion::Extensions::Helpers::SecretAccessor.new(lex_name: 'auth')
+          else
+            {}
+          end
+        rescue StandardError
+          {}
+        end
+      end
+
+      def refresh_access_token
+        # Will be implemented when OAuth2 callback server is wired in Task 2.2
+        nil
+      end
+    end
+  end
+end

data/lib/legion/cli/chat/session.rb

@@ -39,6 +39,7 @@ module Legion
 
         def send_message(message, on_tool_call: nil, on_tool_result: nil, &block)
           check_budget!
+          check_for_absorbable_urls(message)
 
           @stats[:messages_sent] += 1
           @turn += 1
@@ -102,6 +103,21 @@ module Legion
                 format('Budget exceeded: $%<cost>.4f spent of $%<limit>.2f limit',
                        cost: cost, limit: @budget_usd)
         end
+
+        def check_for_absorbable_urls(text)
+          return unless defined?(Legion::Extensions::Absorbers::Dispatch)
+          return unless defined?(Legion::Extensions::Absorbers::PatternMatcher)
+
+          urls = Legion::Extensions::Absorbers::Dispatch.extract_urls(text.to_s)
+          return if urls.empty?
+
+          urls.each do |url|
+            absorber = Legion::Extensions::Absorbers::PatternMatcher.resolve(url)
+            next unless absorber
+
+            Legion::Extensions::Absorbers::Dispatch.dispatch(url, context: { conversation_id: object_id.to_s })
+          end
+        end
       end
     end
   end

data/lib/legion/cli/connect_command.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'thor'
+
+module Legion
+  module CLI
+    class ConnectCommand < Thor
+      namespace :connect
+
+      PROVIDERS = %w[microsoft github google].freeze
+
+      desc 'microsoft', 'Connect a Microsoft account (OAuth2 delegated auth)'
+      method_option :tenant_id,  type: :string, desc: 'Azure tenant ID'
+      method_option :client_id,  type: :string, desc: 'Application client ID'
+      method_option :scope,      type: :string, default: 'Calendars.Read OnlineMeetings.Read',
+                                 desc: 'OAuth2 scopes (space-separated)'
+      method_option :no_browser, type: :boolean, default: false, desc: 'Print URL instead of launching browser'
+      def microsoft
+        require 'legion/auth/token_manager'
+        manager = Legion::Auth::TokenManager.new(provider: :microsoft)
+
+        if manager.token_valid?
+          say 'Already connected to Microsoft. Use --force to reconnect.', :green
+          return
+        end
+
+        say 'Connecting to Microsoft...', :blue
+        say 'OAuth2 browser flow not yet implemented. Use `legion auth teams` for Teams-specific auth.', :yellow
+      end
+
+      desc 'github', 'Connect a GitHub account (OAuth2 device flow)'
+      method_option :client_id, type: :string, desc: 'GitHub OAuth App client ID'
+      def github
+        say 'GitHub connection not yet implemented.', :yellow
+      end
+
+      desc 'status', 'Show connection status for all providers'
+      def status
+        require 'legion/auth/token_manager'
+
+        PROVIDERS.each do |provider|
+          manager = Legion::Auth::TokenManager.new(provider: provider.to_sym)
+          if manager.token_valid?
+            say "  #{provider}: connected", :green
+          elsif manager.revoked?
+            say "  #{provider}: revoked", :red
+          else
+            say "  #{provider}: not connected", :yellow
+          end
+        end
+      end
+
+      desc 'disconnect PROVIDER', 'Disconnect a provider account'
+      def disconnect(provider)
+        unless PROVIDERS.include?(provider)
+          say "Unknown provider: #{provider}. Valid: #{PROVIDERS.join(', ')}", :red
+          return
+        end
+
+        say "Disconnected #{provider} account.", :green
+      end
+    end
+  end
+end

data/lib/legion/cli.rb

@@ -60,8 +60,9 @@ module Legion
     autoload :Interactive, 'legion/cli/interactive'
     autoload :Docs,        'legion/cli/docs_command'
     autoload :Failover,    'legion/cli/failover_command'
-    autoload :AbsorbCommand, 'legion/cli/absorb_command'
-    autoload :Apollo,        'legion/cli/apollo_command'
+    autoload :AbsorbCommand,   'legion/cli/absorb_command'
+    autoload :ConnectCommand,  'legion/cli/connect_command'
+    autoload :Apollo,          'legion/cli/apollo_command'
     autoload :TraceCommand, 'legion/cli/trace_command'
     autoload :Features,     'legion/cli/features_command'
     autoload :Debug,        'legion/cli/debug_command'
@@ -280,6 +281,9 @@ module Legion
       desc 'absorb SUBCOMMAND', 'Absorb content from external sources'
       subcommand 'absorb', AbsorbCommand
 
+      desc 'connect PROVIDER', 'Connect external accounts via OAuth2'
+      subcommand 'connect', ConnectCommand
+
       desc 'broker SUBCOMMAND', 'RabbitMQ broker management (stats, cleanup)'
       subcommand 'broker', Legion::CLI::Broker
 

data/lib/legion/extensions/absorbers/base.rb

@@ -8,6 +8,12 @@ module Legion
       class Base
         extend Legion::Extensions::Definitions
 
+        class TokenRevocationError < StandardError
+        end
+
+        class TokenUnavailableError < StandardError
+        end
+
         attr_accessor :job_id, :runners
 
         class << self
@@ -67,8 +73,28 @@ module Legion
           Legion::Logging.info("absorb[#{job_id}] #{"#{percent}% " if percent}#{message}")
         end
 
+        def with_token(provider:)
+          raise TokenUnavailableError, "#{provider} token not available" unless token_manager_for(provider).token_valid?
+          raise TokenRevocationError, "#{provider} token has been revoked" if token_manager_for(provider).revoked?
+
+          token = token_manager_for(provider).ensure_valid_token
+          raise TokenUnavailableError, "#{provider} token refresh failed" unless token
+
+          yield token
+        rescue Legion::Auth::TokenManager::TokenExpiredError => e
+          raise TokenUnavailableError, e.message
+        end
+
         private
 
+        def token_manager_for(provider)
+          @token_managers ||= {}
+          @token_managers[provider] ||= begin
+            require 'legion/auth/token_manager'
+            Legion::Auth::TokenManager.new(provider: provider)
+          end
+        end
+
         def chunker_available?
           defined?(Legion::Extensions::Knowledge::Helpers::Chunker)
         end

data/lib/legion/extensions/absorbers/dispatch.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'uri'
+require_relative 'pattern_matcher'
+
+module Legion
+  module Extensions
+    module Absorbers
+      module Dispatch
+        @dispatched = []
+        @mutex = Mutex.new
+
+        module_function
+
+        def dispatch(input, context: {})
+          context = default_context.merge(context)
+
+          return { status: :depth_exceeded, input: input } if context[:depth] >= context[:max_depth]
+
+          source_key = normalize_source_key(input)
+          return { status: :cycle_detected, input: input } if context[:ancestor_chain]&.any? { |a| a.include?(source_key) }
+
+          absorber_class = PatternMatcher.resolve(input)
+          return nil unless absorber_class
+
+          absorb_id = "absorb:#{SecureRandom.uuid}"
+
+          record = {
+            absorb_id:      absorb_id,
+            input:          input,
+            absorber_class: absorber_class.name,
+            context:        context.merge(
+              ancestor_chain: (context[:ancestor_chain] || []) + [absorb_id]
+            ),
+            status:         :dispatched,
+            dispatched_at:  Time.now.utc.iso8601
+          }
+
+          publish_to_transport(absorber_class, input, record) if transport_available?
+
+          @mutex.synchronize { @dispatched << record }
+          record
+        end
+
+        def dispatch_children(children, parent_context:)
+          children.map do |child|
+            child_context = parent_context.merge(
+              depth:            parent_context[:depth] + 1,
+              parent_absorb_id: parent_context[:absorb_id]
+            )
+            dispatch(child[:url] || child[:file_path], context: child_context)
+          end
+        end
+
+        def dispatched
+          @mutex.synchronize { @dispatched.dup }
+        end
+
+        def reset_dispatched!
+          @mutex.synchronize { @dispatched.clear }
+        end
+
+        def default_context
+          {
+            depth:            0,
+            max_depth:        max_depth_setting,
+            ancestor_chain:   [],
+            conversation_id:  nil,
+            requested_by:     nil,
+            parent_absorb_id: nil
+          }
+        end
+
+        def max_depth_setting
+          return 5 unless defined?(Legion::Settings)
+
+          Legion::Settings[:absorbers]&.dig(:max_depth) || 5
+        end
+
+        def normalize_source_key(input)
+          input.to_s.gsub(%r{^https?://}, '').gsub(/[?#].*/, '')
+        end
+
+        def transport_available?
+          defined?(Legion::Transport) &&
+            Legion::Transport.respond_to?(:connected?) &&
+            Legion::Transport.connected?
+        end
+
+        def publish_to_transport(absorber_class, _input, record)
+          require_relative 'transport'
+          Transport.publish_absorb_request(absorber_class: absorber_class, record: record)
+        end
+
+        def extract_urls(text)
+          URI.extract(text, %w[http https]).uniq
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/absorbers/matchers/file.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module Legion
+  module Extensions
+    module Absorbers
+      module Matchers
+        class File < Base
+          def self.match?(pattern, input)
+            return false unless input.is_a?(::String)
+
+            ::File.fnmatch(pattern, input, ::File::FNM_PATHNAME | ::File::FNM_DOTMATCH)
+          end
+
+          def self.type
+            :file
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/absorbers/transport.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module Legion
+  module Extensions
+    module Absorbers
+      module Transport
+        module_function
+
+        def publish_absorb_request(absorber_class:, record:)
+          lex  = lex_name_from_absorber_class(absorber_class)
+          name = absorber_name_from_class(absorber_class)
+          msg  = build_message(lex_name: lex, absorber_name: name, record: record)
+          return msg unless transport_connected?
+
+          exchange = Legion::Transport::Exchange.new(msg[:exchange], type: :topic, durable: true)
+          exchange.publish(
+            Legion::JSON.dump(msg[:payload]),
+            routing_key:  msg[:routing_key],
+            content_type: 'application/json',
+            message_id:   record[:absorb_id]
+          )
+          msg
+        end
+
+        def build_message(lex_name:, absorber_name:, record:)
+          input = record[:input].to_s
+          {
+            exchange:    "lex.#{lex_name}",
+            routing_key: "lex.#{lex_name}.absorbers.#{absorber_name}.absorb",
+            payload:     {
+              type:      'absorb.request',
+              version:   '1.0',
+              id:        SecureRandom.uuid,
+              absorb_id: record[:absorb_id],
+              timestamp: Time.now.utc.iso8601,
+              url:       input.start_with?('http') ? input : nil,
+              file_path: input.start_with?('http') ? nil : input,
+              context:   record[:context],
+              metadata:  record[:metadata] || {}
+            }
+          }
+        end
+
+        def lex_name_from_absorber_class(klass)
+          name = klass.name.to_s
+          # Legion::Extensions::MicrosoftTeams::Absorbers::Meeting -> microsoft_teams
+          # Lex::Example::Absorbers::Content -> example
+          m = name.match(/Legion::Extensions::(\w+)::Absorbers::/) ||
+              name.match(/Lex::(\w+)::Absorbers::/)
+          return 'unknown' unless m
+
+          m[1].gsub(/([A-Z])/, '_\1').sub(/^_/, '').downcase
+        end
+
+        def absorber_name_from_class(klass)
+          klass.name.to_s.split('::').last
+               .gsub(/([A-Z])/, '_\1').sub(/^_/, '').downcase
+        end
+
+        def transport_connected?
+          defined?(Legion::Transport) &&
+            Legion::Transport.respond_to?(:connected?) &&
+            Legion::Transport.connected?
+        end
+      end
+    end
+  end
+end

data/lib/legion/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Legion
-  VERSION = '1.6.24'
+  VERSION = '1.6.25'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legionio
 version: !ruby/object:Gem::Version
-  version: 1.6.24
+  version: 1.6.25
 platform: ruby
 authors:
 - Esity
@@ -507,6 +507,8 @@ files:
 - lib/legion/audit/cold_storage.rb
 - lib/legion/audit/hash_chain.rb
 - lib/legion/audit/siem_export.rb
+- lib/legion/auth/oauth_callback.rb
+- lib/legion/auth/token_manager.rb
 - lib/legion/capacity/model.rb
 - lib/legion/catalog.rb
 - lib/legion/chat/notification_bridge.rb
@@ -595,6 +597,7 @@ files:
 - lib/legion/cli/config_command.rb
 - lib/legion/cli/config_import.rb
 - lib/legion/cli/config_scaffold.rb
+- lib/legion/cli/connect_command.rb
 - lib/legion/cli/connection.rb
 - lib/legion/cli/cost/data_client.rb
 - lib/legion/cli/cost_command.rb
@@ -749,9 +752,12 @@ files:
 - lib/legion/extensions.rb
 - lib/legion/extensions/absorbers.rb
 - lib/legion/extensions/absorbers/base.rb
+- lib/legion/extensions/absorbers/dispatch.rb
 - lib/legion/extensions/absorbers/matchers/base.rb
+- lib/legion/extensions/absorbers/matchers/file.rb
 - lib/legion/extensions/absorbers/matchers/url.rb
 - lib/legion/extensions/absorbers/pattern_matcher.rb
+- lib/legion/extensions/absorbers/transport.rb
 - lib/legion/extensions/actors/absorber_dispatch.rb
 - lib/legion/extensions/actors/base.rb
 - lib/legion/extensions/actors/defaults.rb