legionio 1.6.31 → 1.6.32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 56ff571f5c8480be8a6e783549dd9cd377805dd5590e0e07a7fa60f2f0da39da
-  data.tar.gz: 6d6251a3b04602caffb8e76b12fc1677c7caf1981a5e7f9cd73c1bea52bf97d6
+  metadata.gz: 382eadc81bfd7449fe1d3d8c5c9e833795cb17deaab9d6b00c04a0d10508ad88
+  data.tar.gz: c3df12bdc9300f8c1cf4ace607b623140286c78c7615b35f774809c5ecb7e53e
 SHA512:
-  metadata.gz: 9b40b7e385bfa89fd4642ea18bc0bc014ba6407dc182f3ffbb8462963e45c9afffa0471015cda08a77c78ad71eabb31709cfe69a967653ae531c3457e5b90419
-  data.tar.gz: c6fa233e90846bf0296f1f9ba3adf171d9ccfa34d224de96fcd721e1e013218c3cfc778988a80d661d57a93ca1002a1b57ffba0a75033aa40b657b1f92c2e9f3
+  metadata.gz: eb50b2ab0354df1dbcf053bb6794944ec29265c482bc274dafdc2c42a288e0349a187d07ff5172ad36ed203729a6714e5c2a9601e032c3592e1f8df22276ce39
+  data.tar.gz: c0a172f265bd7bf5e07bf34460d7f9a5b7be2b872c11e21f5de47e7354a67a0e4e425a7b3ef70d9bc9b54c61ccb920f820ab9b33ab059a38ff9977f0852f560d

data/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 ## [Unreleased]
 
+## [1.6.32] - 2026-03-28
+
+### Added
+- `POST /api/logs` endpoint (`Routes::Logs`) — accepts `error`/`warn` level messages from CLI, normalizes with server-side metadata (timestamp, node, legion_versions, ruby_version, pid), computes `error_fingerprint` via `EventBuilder.fingerprint` when `exception_class` is present, and publishes to the `legion.logging` exchange with routing key `legion.logging.exception.{level}.cli.{source}` or `legion.logging.log.{level}.cli.{source}`
+- `Legion::CLI::ErrorForwarder` module — fire-and-forget HTTP helper that POSTs CLI errors/warnings to the daemon API; silently swallows all failures so daemon unavailability never crashes the CLI
+- `ErrorForwarder.forward_error` wired into both rescue blocks in `CLI::Main.start` (fires before `exit(1)`)
+
 ## [1.6.31] - 2026-03-28
 
 ### Fixed

data/lib/legion/api/absorbers.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module Absorbers
+        def self.registered(app)
+          app.get '/api/absorbers' do
+            patterns = Legion::Extensions::Absorbers::PatternMatcher.list
+            items = patterns.map do |p|
+              {
+                type:           p[:type],
+                value:          p[:value],
+                priority:       p[:priority],
+                description:    p[:description],
+                absorber_class: p[:absorber_class]&.name
+              }
+            end
+            json_response(items)
+          end
+
+          app.get '/api/absorbers/resolve' do
+            input = params[:url] || params[:input]
+            halt 400, json_error('missing_param', 'url parameter is required') unless input
+
+            absorber = Legion::Extensions::Absorbers::PatternMatcher.resolve(input)
+            json_response({
+                            input:    input,
+                            match:    !absorber.nil?,
+                            absorber: absorber&.name
+                          })
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/api/auth_teams.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module AuthTeams
+        # In-memory pending auth states (state -> { verifier:, created_at:, result: })
+        @pending = {}
+        @mutex = Mutex.new
+
+        class << self
+          attr_reader :pending, :mutex
+        end
+
+        def self.registered(app)
+          register_store_helper(app)
+          register_authorize(app)
+          register_status(app)
+          register_callback(app)
+        end
+
+        def self.register_authorize(app)
+          app.post '/api/auth/teams/authorize' do
+            teams_settings = Legion::Settings[:microsoft_teams] || {}
+            auth_settings = teams_settings[:auth] || {}
+
+            tenant_id = teams_settings[:tenant_id] || auth_settings[:tenant_id]
+            client_id = teams_settings[:client_id] || auth_settings[:client_id]
+
+            halt 422, json_error('missing_config', 'microsoft_teams.tenant_id and client_id required', status_code: 422) unless tenant_id && client_id
+
+            body = parse_request_body
+            delegated = auth_settings[:delegated] || {}
+            scopes = body[:scopes] || delegated[:scopes] ||
+                     'OnlineMeetings.Read OnlineMeetingTranscript.Read.All offline_access'
+
+            state = SecureRandom.hex(32)
+            verifier = SecureRandom.urlsafe_base64(32)
+            challenge = Base64.urlsafe_encode64(
+              Digest::SHA256.digest(verifier), padding: false
+            )
+
+            port = Legion::Settings.dig(:api, :port) || 4567
+            redirect_uri = "http://127.0.0.1:#{port}/api/auth/teams/callback"
+
+            authorize_url = "https://login.microsoftonline.com/#{tenant_id}/oauth2/v2.0/authorize?" \
+                            "client_id=#{client_id}&response_type=code&redirect_uri=#{::URI.encode_www_form_component(redirect_uri)}" \
+                            "&scope=#{::URI.encode_www_form_component(scopes)}" \
+                            "&state=#{state}&code_challenge=#{challenge}&code_challenge_method=S256"
+
+            AuthTeams.mutex.synchronize do
+              AuthTeams.pending[state] = { verifier: verifier, created_at: Time.now, result: nil,
+                                           tenant_id: tenant_id, client_id: client_id,
+                                           redirect_uri: redirect_uri, scopes: scopes }
+            end
+
+            json_response({ authorize_url: authorize_url, state: state })
+          end
+        end
+
+        def self.register_status(app)
+          app.get '/api/auth/teams/status' do
+            state = params[:state]
+            halt 422, json_error('missing_state', 'state parameter required', status_code: 422) unless state
+
+            entry = AuthTeams.mutex.synchronize { AuthTeams.pending[state] }
+            halt 404, json_error('unknown_state', 'no pending auth for this state', status_code: 404) unless entry
+
+            if entry[:result]
+              AuthTeams.mutex.synchronize { AuthTeams.pending.delete(state) }
+              json_response(entry[:result])
+            else
+              json_response({ authenticated: false, waiting: true })
+            end
+          end
+        end
+
+        def self.register_callback(app)
+          app.get '/api/auth/teams/callback' do
+            code = params[:code]
+            state = params[:state]
+            error = params[:error]
+
+            entry = AuthTeams.mutex.synchronize { AuthTeams.pending[state] }
+
+            if error || !entry
+              msg = error || 'unknown state'
+              AuthTeams.mutex.synchronize { entry[:result] = { authenticated: false, error: msg } } if entry
+              content_type :html
+              return '<html><body><h2>Authentication failed.</h2><p>You can close this tab.</p></body></html>'
+            end
+
+            # Exchange code for token
+            require 'net/http'
+            token_uri = ::URI.parse("https://login.microsoftonline.com/#{entry[:tenant_id]}/oauth2/v2.0/token")
+            token_response = ::Net::HTTP.post_form(token_uri, {
+                                                     'client_id'     => entry[:client_id],
+                                                     'grant_type'    => 'authorization_code',
+                                                     'code'          => code,
+                                                     'redirect_uri'  => entry[:redirect_uri],
+                                                     'code_verifier' => entry[:verifier],
+                                                     'scope'         => entry[:scopes]
+                                                   })
+
+            token_body = Legion::JSON.load(token_response.body)
+
+            if token_body[:access_token]
+              # Store token via TokenCache if available
+              store_teams_token(token_body, entry[:scopes])
+              AuthTeams.mutex.synchronize { entry[:result] = { authenticated: true } }
+              content_type :html
+              '<html><body><h2>Authentication successful!</h2><p>You can close this tab.</p></body></html>'
+            else
+              err = token_body[:error_description] || token_body[:error] || 'token exchange failed'
+              Legion::Logging.error "Teams OAuth token exchange failed: #{err}" if defined?(Legion::Logging)
+              AuthTeams.mutex.synchronize { entry[:result] = { authenticated: false, error: err } }
+              content_type :html
+              "<html><body><h2>Authentication failed.</h2><p>#{err}</p></body></html>"
+            end
+          rescue StandardError => e
+            Legion::Logging.error "Teams OAuth callback error: #{e.message}" if defined?(Legion::Logging)
+            AuthTeams.mutex.synchronize { entry[:result] = { authenticated: false, error: e.message } } if entry
+            content_type :html
+            '<html><body><h2>Authentication error.</h2><p>Check daemon logs.</p></body></html>'
+          end
+        end
+
+        module TeamsTokenHelper
+          def store_teams_token(token_body, scopes)
+            require 'legion/extensions/microsoft_teams/helpers/token_cache'
+            cache = Legion::Extensions::MicrosoftTeams::Helpers::TokenCache.new
+            cache.store_delegated_token(
+              access_token:  token_body[:access_token],
+              refresh_token: token_body[:refresh_token],
+              expires_in:    token_body[:expires_in] || 3600,
+              scopes:        scopes
+            )
+            cache.save_to_vault
+            Legion::Logging.info 'Teams delegated token stored' if defined?(Legion::Logging)
+          rescue StandardError => e
+            Legion::Logging.warn "Failed to store Teams token: #{e.message}" if defined?(Legion::Logging)
+          end
+        end
+
+        def self.register_store_helper(app)
+          app.helpers TeamsTokenHelper
+        end
+
+        class << self
+          private :register_authorize, :register_status, :register_callback, :register_store_helper
+        end
+      end
+    end
+  end
+end

data/lib/legion/api/logs.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module Legion
+  class API < Sinatra::Base
+    module Routes
+      module Logs
+        VALID_LEVELS = %w[error warn].freeze
+
+        def self.registered(app)
+          register_ingest(app)
+        end
+
+        def self.register_ingest(app)
+          app.post '/api/logs' do
+            body = parse_request_body
+            Legion::API::Routes::Logs.validate_log_request!(self, body)
+
+            level   = body[:level].to_s
+            source  = body[:source].to_s.then { |s| s.empty? ? 'unknown' : s }
+            payload = Legion::API::Routes::Logs.build_log_payload(body, level, source)
+            key     = Legion::API::Routes::Logs.routing_key_for(body, level, source)
+
+            Legion::Transport::Messages::Dynamic.new(
+              exchange: 'legion.logging', routing_key: key, **payload
+            ).publish
+
+            json_response({ published: true, routing_key: key }, status_code: 201)
+          rescue StandardError => e
+            Legion::Logging.error "API POST /api/logs: #{e.class} - #{e.message}" if defined?(Legion::Logging)
+            halt 500, json_error('publish_error', e.message, status_code: 500)
+          end
+        end
+
+        def self.validate_log_request!(ctx, body)
+          unless VALID_LEVELS.include?(body[:level].to_s)
+            Legion::Logging.warn 'API POST /api/logs returned 422: level must be error or warn' if defined?(Legion::Logging)
+            ctx.halt 422, ctx.json_error('invalid_level', 'level must be "error" or "warn"', status_code: 422)
+          end
+
+          return unless body[:message].to_s.strip.empty?
+
+          Legion::Logging.warn 'API POST /api/logs returned 422: message is required' if defined?(Legion::Logging)
+          ctx.halt 422, ctx.json_error('missing_field', 'message is required', status_code: 422)
+        end
+
+        def self.build_log_payload(body, level, source)
+          payload = {
+            level:           level,
+            message:         body[:message].to_s,
+            timestamp:       Time.now.utc.iso8601(3),
+            node:            Legion::Settings[:client][:name],
+            legion_versions: Legion::Logging::EventBuilder.send(:legion_versions),
+            ruby_version:    "#{RUBY_VERSION} #{RUBY_PLATFORM}",
+            pid:             ::Process.pid,
+            component_type:  body[:component_type].to_s.then { |t| t.empty? ? 'cli' : t },
+            source:          source
+          }
+          payload[:exception_class] = body[:exception_class] if body[:exception_class]
+          payload[:backtrace]       = body[:backtrace]        if body[:backtrace]
+          payload[:command]         = body[:command]          if body[:command]
+          payload[:error_fingerprint] = fingerprint_for(body, payload) if body[:exception_class]
+          payload
+        end
+
+        def self.fingerprint_for(body, payload)
+          Legion::Logging::EventBuilder.fingerprint(
+            exception_class: body[:exception_class].to_s,
+            message:         body[:message].to_s,
+            caller_file:     '',
+            caller_line:     0,
+            caller_function: '',
+            gem_name:        '',
+            component_type:  payload[:component_type],
+            backtrace:       Array(body[:backtrace])
+          )
+        end
+
+        def self.routing_key_for(body, level, source)
+          kind = body[:exception_class] ? 'exception' : 'log'
+          "legion.logging.#{kind}.#{level}.cli.#{source}"
+        end
+
+        class << self
+          private :register_ingest, :fingerprint_for
+        end
+      end
+    end
+  end
+end

data/lib/legion/api.rb

@@ -26,6 +26,7 @@ require_relative 'api/gaia'
 require_relative 'api/openapi'
 require_relative 'api/rbac'
 require_relative 'api/auth'
+require_relative 'api/auth_teams'
 require_relative 'api/auth_worker'
 require_relative 'api/auth_human'
 require_relative 'api/auth_saml'
@@ -44,7 +45,9 @@ require_relative 'api/apollo'
 require_relative 'api/costs'
 require_relative 'api/traces'
 require_relative 'api/stats'
+require_relative 'api/absorbers'
 require_relative 'api/codegen'
+require_relative 'api/logs'
 require_relative 'api/router'
 require_relative 'api/library_routes'
 require_relative 'api/sync_dispatch'
@@ -152,6 +155,7 @@ module Legion
     register Routes::Gaia unless router.library_names.include?('gaia')
     register Routes::Rbac unless router.library_names.include?('rbac')
     register Routes::Auth
+    register Routes::AuthTeams
     register Routes::AuthWorker
     register Routes::AuthHuman
     register Routes::AuthSaml
@@ -169,7 +173,9 @@ module Legion
     register Routes::Costs
     register Routes::Traces
     register Routes::Stats
+    register Routes::Absorbers
     register Routes::Codegen
+    register Routes::Logs
     register Routes::GraphQL if defined?(Routes::GraphQL)
 
     use Legion::API::Middleware::RequestLogger

data/lib/legion/cli/absorb_command.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-require 'legion/extensions/absorbers'
-require 'legion/extensions/absorbers/pattern_matcher'
-require 'legion/extensions/actors/absorber_dispatch'
+require 'net/http'
+require 'uri'
+require 'json'
 
 module Legion
   module CLI
@@ -18,6 +18,10 @@ module Legion
       option :scope, type: :string, default: 'global', desc: 'Knowledge scope (global/local/all)'
       def url(input_url)
         Connection.ensure_settings
+        require 'legion/extensions/absorbers'
+        require 'legion/extensions/absorbers/pattern_matcher'
+        require 'legion/extensions/actors/absorber_dispatch'
+
         out = formatter
         result = Legion::Extensions::Actors::AbsorberDispatch.dispatch(
           input:   input_url,
@@ -36,9 +40,8 @@ module Legion
 
       desc 'list', 'List registered absorber patterns'
       def list
-        Connection.ensure_settings
         out = formatter
-        patterns = Legion::Extensions::Absorbers::PatternMatcher.list
+        patterns = fetch_absorbers
 
         if options[:json]
           out.json(patterns.map { |p| { type: p[:type], value: p[:value], description: p[:description] } })
@@ -56,14 +59,13 @@ module Legion
 
       desc 'resolve URL', 'Show which absorber would handle a URL (dry run)'
       def resolve(input_url)
-        Connection.ensure_settings
         out = formatter
-        absorber = Legion::Extensions::Absorbers::PatternMatcher.resolve(input_url)
+        result = fetch_resolve(input_url)
 
         if options[:json]
-          out.json({ input: input_url, absorber: absorber&.name, match: !absorber.nil? })
-        elsif absorber
-          out.success("#{input_url} -> #{absorber.name}")
+          out.json(result)
+        elsif result[:match]
+          out.success("#{input_url} -> #{result[:absorber]}")
         else
           out.warn("No absorber registered for: #{input_url}")
         end
@@ -73,6 +75,41 @@ module Legion
         def formatter
           @formatter ||= Output::Formatter.new(json: options[:json], color: !options[:no_color])
         end
+
+        def api_port
+          Connection.ensure_settings
+          api_settings = Legion::Settings[:api]
+          (api_settings.is_a?(Hash) && api_settings[:port]) || 4567
+        rescue StandardError
+          4567
+        end
+
+        def api_get(path)
+          uri = URI("http://127.0.0.1:#{api_port}#{path}")
+          response = Net::HTTP.get_response(uri)
+          unless response.is_a?(Net::HTTPSuccess)
+            formatter.error("API returned #{response.code} for #{path}")
+            raise SystemExit, 1
+          end
+          body = ::JSON.parse(response.body, symbolize_names: true)
+          body[:data]
+        rescue Errno::ECONNREFUSED
+          formatter.error('Daemon not running. Start with: legionio start')
+          raise SystemExit, 1
+        rescue SystemExit
+          raise
+        rescue StandardError => e
+          formatter.error("API request failed: #{e.message}")
+          raise SystemExit, 1
+        end
+
+        def fetch_absorbers
+          api_get('/api/absorbers')
+        end
+
+        def fetch_resolve(input_url)
+          api_get("/api/absorbers/resolve?url=#{URI.encode_www_form_component(input_url)}")
+        end
       end
     end
   end

data/lib/legion/cli/auth_command.rb

@@ -20,58 +20,61 @@ module Legion
       method_option :scopes,     type: :string, desc: 'OAuth scopes to request'
       def teams
         out = formatter
-        require 'legion/settings'
-        Legion::Settings.load unless Legion::Settings.instance_variable_get(:@loader)
+        Connection.ensure_settings
 
-        auth_settings = Legion::Settings.dig(:microsoft_teams, :auth) || {}
-        delegated = auth_settings[:delegated] || {}
+        port = begin
+          Legion::Settings.dig(:api, :port) || 4567
+        rescue StandardError
+          4567
+        end
+
+        out.header('Microsoft Teams Authentication')
 
-        tenant_id = options[:tenant_id] || auth_settings[:tenant_id]
-        client_id = options[:client_id] || auth_settings[:client_id]
-        scopes    = options[:scopes] || delegated[:scopes] ||
-                    'OnlineMeetings.Read OnlineMeetingTranscript.Read.All offline_access'
+        require 'net/http'
+        require 'legion/json'
 
-        unless tenant_id && client_id
-          out.error('Missing tenant_id or client_id. Set in settings or pass --tenant-id and --client-id')
+        # Ask the daemon for the authorize URL
+        uri = ::URI.parse("http://127.0.0.1:#{port}/api/auth/teams/authorize")
+        params = {}
+        params[:scopes] = options[:scopes] if options[:scopes]
+        response = ::Net::HTTP.post(uri, Legion::JSON.dump(params), 'Content-Type' => 'application/json')
+        parsed = Legion::JSON.load(response.body)
+
+        unless response.code.to_i == 200 && parsed.dig(:data, :authorize_url)
+          error_msg = parsed.dig(:error, :message) || "HTTP #{response.code}"
+          out.error("Daemon returned: #{error_msg}")
           raise SystemExit, 1
         end
 
-        require 'legion/extensions/microsoft_teams/helpers/browser_auth'
-        browser_auth = Legion::Extensions::MicrosoftTeams::Helpers::BrowserAuth.new(
-          tenant_id: tenant_id,
-          client_id: client_id,
-          scopes:    scopes
-        )
+        url = parsed[:data][:authorize_url]
+        out.info('Opening browser for Microsoft login...')
+        system('open', url) || out.warn("Open this URL manually:\n  #{url}")
+        out.info('Waiting for callback on daemon...')
+
+        # Poll daemon for auth result
+        poll_uri = ::URI.parse("http://127.0.0.1:#{port}/api/auth/teams/status?state=#{parsed.dig(:data, :state)}")
+        30.times do
+          sleep 2
+          poll_response = ::Net::HTTP.get_response(poll_uri)
+          poll_data = Legion::JSON.load(poll_response.body)
+
+          if poll_data.dig(:data, :authenticated)
+            out.success('Authentication successful! Token stored by daemon.')
+            return
+          end
 
-        out.header('Microsoft Teams Authentication')
-        result = browser_auth.authenticate
+          next unless poll_data.dig(:data, :error)
 
-        if result[:error]
-          out.error("Authentication failed: #{result[:error]} - #{result[:description]}")
+          out.error("Authentication failed: #{poll_data[:data][:error]}")
           raise SystemExit, 1
         end
 
-        body = result[:result]
-        out.success('Authentication successful!')
-
-        require 'legion/extensions/microsoft_teams/helpers/token_cache'
-        cache = Legion::Extensions::MicrosoftTeams::Helpers::TokenCache.new
-        cache.store_delegated_token(
-          access_token:  body['access_token'],
-          refresh_token: body['refresh_token'],
-          expires_in:    body['expires_in'] || 3600,
-          scopes:        scopes
-        )
-
-        if cache.save_to_vault
-          out.success('Token saved to Vault')
-        else
-          out.warn('Could not save token to Vault (Vault may not be connected)')
-        end
-
-        return unless options[:json]
-
-        out.json({ authenticated: true, scopes: scopes, expires_in: body['expires_in'] })
+        out.error('Timed out waiting for authentication (60s)')
+        raise SystemExit, 1
+      rescue Errno::ECONNREFUSED
+        out = formatter
+        out.error('Daemon not running. Start it first: legionio start')
+        raise SystemExit, 1
       end
 
       desc 'kerberos', 'Authenticate using Kerberos TGT from your workstation'

data/lib/legion/cli/connect_command.rb

@@ -16,16 +16,8 @@ module Legion
                                  desc: 'OAuth2 scopes (space-separated)'
       method_option :no_browser, type: :boolean, default: false, desc: 'Print URL instead of launching browser'
       def microsoft
-        require 'legion/auth/token_manager'
-        manager = Legion::Auth::TokenManager.new(provider: :microsoft)
-
-        if manager.token_valid?
-          say 'Already connected to Microsoft. Use --force to reconnect.', :green
-          return
-        end
-
-        say 'Connecting to Microsoft...', :blue
-        say 'OAuth2 browser flow not yet implemented. Use `legion auth teams` for Teams-specific auth.', :yellow
+        say 'Delegating to Teams OAuth2 browser auth...', :blue
+        Legion::CLI::Auth.start(['teams'] + ARGV.select { |a| a.start_with?('--') })
       end
 
       desc 'github', 'Connect a GitHub account (OAuth2 device flow)'

data/lib/legion/cli/error_forwarder.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+module Legion
+  module CLI
+    module ErrorForwarder
+      module_function
+
+      def forward_error(exception, command: nil)
+        payload = {
+          level:           'error',
+          message:         exception.message.to_s,
+          exception_class: exception.class.name,
+          backtrace:       Array(exception.backtrace).first(10),
+          component_type:  'cli',
+          source:          ::File.basename($PROGRAM_NAME)
+        }
+        payload[:command] = command if command
+        post_to_daemon(payload)
+      rescue StandardError
+        # silently swallow — forwarding must never crash the CLI
+      end
+
+      def forward_warning(message, command: nil)
+        payload = {
+          level:          'warn',
+          message:        message.to_s,
+          component_type: 'cli',
+          source:         ::File.basename($PROGRAM_NAME)
+        }
+        payload[:command] = command if command
+        post_to_daemon(payload)
+      rescue StandardError
+        # silently swallow — forwarding must never crash the CLI
+      end
+
+      def post_to_daemon(payload)
+        port = daemon_port
+        uri  = URI("http://localhost:#{port}/api/logs")
+
+        http              = Net::HTTP.new(uri.host, uri.port)
+        http.open_timeout = 2
+        http.read_timeout = 2
+
+        request      = Net::HTTP::Post.new(uri.path, 'Content-Type' => 'application/json')
+        request.body = ::JSON.generate(payload)
+
+        http.request(request)
+      rescue StandardError
+        nil
+      end
+
+      def daemon_port
+        require 'legion/settings'
+        Legion::Settings.load unless Legion::Settings.instance_variable_get(:@loader)
+        api_settings = Legion::Settings[:api]
+        (api_settings.is_a?(Hash) && api_settings[:port]) || 4567
+      rescue StandardError
+        4567
+      end
+    end
+  end
+end

data/lib/legion/cli.rb

@@ -6,6 +6,7 @@ require 'legion/cli/error'
 require 'legion/cli/error_handler'
 require 'legion/cli/output'
 require 'legion/cli/connection'
+require 'legion/cli/error_forwarder'
 
 module Legion
   module CLI
@@ -92,12 +93,14 @@ module Legion
         Legion::Logging.error("CLI::Main.start CLI error: #{e.message}") if defined?(Legion::Logging)
         formatter = Output::Formatter.new(json: given_args.include?('--json'), color: !given_args.include?('--no-color'))
         ErrorHandler.format_error(e, formatter)
+        ErrorForwarder.forward_error(e, command: given_args.join(' '))
         exit(1)
       rescue StandardError => e
         Legion::Logging.error("CLI::Main.start unexpected error: #{e.message}") if defined?(Legion::Logging)
         wrapped = ErrorHandler.wrap(e)
         formatter = Output::Formatter.new(json: given_args.include?('--json'), color: !given_args.include?('--no-color'))
         ErrorHandler.format_error(wrapped, formatter)
+        ErrorForwarder.forward_error(e, command: given_args.join(' '))
         exit(1)
       end
 
@@ -282,6 +285,9 @@ module Legion
       desc 'absorb SUBCOMMAND', 'Absorb content from external sources'
       subcommand 'absorb', AbsorbCommand
 
+      desc 'auth SUBCOMMAND', 'Authenticate with external services (Teams, Kerberos)'
+      subcommand 'auth', Auth
+
       desc 'connect PROVIDER', 'Connect external accounts via OAuth2'
       subcommand 'connect', ConnectCommand
 

data/lib/legion/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Legion
-  VERSION = '1.6.31'
+  VERSION = '1.6.32'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legionio
 version: !ruby/object:Gem::Version
-  version: 1.6.31
+  version: 1.6.32
 platform: ruby
 authors:
 - Esity
@@ -438,12 +438,14 @@ files:
 - lib/legion.rb
 - lib/legion/alerts.rb
 - lib/legion/api.rb
+- lib/legion/api/absorbers.rb
 - lib/legion/api/acp.rb
 - lib/legion/api/apollo.rb
 - lib/legion/api/audit.rb
 - lib/legion/api/auth.rb
 - lib/legion/api/auth_human.rb
 - lib/legion/api/auth_saml.rb
+- lib/legion/api/auth_teams.rb
 - lib/legion/api/auth_worker.rb
 - lib/legion/api/capacity.rb
 - lib/legion/api/catalog.rb
@@ -471,6 +473,7 @@ files:
 - lib/legion/api/lex_dispatch.rb
 - lib/legion/api/library_routes.rb
 - lib/legion/api/llm.rb
+- lib/legion/api/logs.rb
 - lib/legion/api/marketplace.rb
 - lib/legion/api/metrics.rb
 - lib/legion/api/middleware/api_version.rb
@@ -623,6 +626,7 @@ files:
 - lib/legion/cli/doctor/vault_check.rb
 - lib/legion/cli/doctor_command.rb
 - lib/legion/cli/error.rb
+- lib/legion/cli/error_forwarder.rb
 - lib/legion/cli/error_handler.rb
 - lib/legion/cli/eval_command.rb
 - lib/legion/cli/failover_command.rb