legionio 1.9.28 → 1.9.29

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 166725a37cf7c1d479070df9c3a19a53ec6fa915e1fe29b9e881358136392dc5
-  data.tar.gz: '09fe43d7158d9fea1439f820c231efeb25a3a1766b3c988411504f28cdbabf1d'
+  metadata.gz: 952eb59489faed844f57a13d5fb71a10d4f6e737b3af38f96cc9ab7beec5a9da
+  data.tar.gz: e8af435fd6f5caa5324f678c45a38d7c8bde94a801a80c8380032f43d9721fbf
 SHA512:
-  metadata.gz: 424b1f6992f9bce5ae26fa0f09c986ee9bf961a9beccf64d3498f3db651747bbcab3ef8bb6ee25f45cdfc6c1df9e0ddd031132a253b334edeba1a63b2a1532cd
-  data.tar.gz: 2462fd9c2277a81b381f4b91c3674930606e6c80460d708c36d252a7a2a7e1475f9b397daa3d55c2c8b17b1c33dbb50eb2ceec7acd0dd3abfe59376d4913ef0a
+  metadata.gz: 1cd3acf9f4e8af3da0db483123afbeb5b9c8b69430dbaf538474523a3d5fb02aa8e5fd9ac262244a61ed1f9a0ed7add934bdc59ecdd239a3cd8621ddbdec02e4
+  data.tar.gz: dc7a8cc98adcd63d75419cc29d88f025539185fc2c9254d9c9a1b8abdeaeadc1ff7e3e1481de1352e398a63826c74e41975f8c13708e462a6dcebb35fd97ef4b

data/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 ## [Unreleased]
 
+## [1.9.29] - 2026-05-11
+
+### Fixed
+- `Subscription#activate` now checks `channel.open?` before calling `subscribe_with`; if closed, it re-prepares once and retries, preventing silent activation failures when a channel is closed between prepare and activate.
+- `Transport` mixin now guards `auto_create_dlx_exchange` and `auto_create_dlx_queue` with a `remote_invocable?` check — non-remote extensions no longer attempt to create dead-letter exchanges and queues they never use.
+- DLX exchange type corrected from `fanout` to `topic` for consistency with the rest of the exchange topology.
+- Identity resolver DB persistence now uses Sequel models (`Identity::Provider`, `Identity::Principal`, `Identity::Identity`, `Identity::AuditLog`) instead of raw `Legion::Data.db` dataset calls that didn't exist on the module.
+- Identity audit API endpoint now references correct column names (`detail_payload`, `node_ref`, `session_ref`) matching the schema.
+- Fixed `LeaseRenewer#log_renewal_failure` to fall back to `$stderr` when `Legion::Logging` is not yet loaded, matching the original contract.
+- Fixed `Legion::Service#log_privacy_mode_status`, `#shutdown_component`, and TLS-fallback logging specs to assert against `emit_tagged` (the actual dispatch path used by `Legion::Logging::Helper`) rather than `Legion::Logging.warn/info` directly.
+- Fixed `Cluster::Leader` boot integration spec to stub `Legion::Settings[:logging]` so `log` helper initialization does not raise on unexpectedly-received arguments.
+
+### Changed
+- Added `remote_invocable_extension?` helper to the `Transport` module; returns `lex_class.remote_invocable?` when available, `true` otherwise.
+- Refactored `Identity::Resolver#persist_to_db` into extracted helpers (`upsert_providers`, `upsert_principal`, `upsert_identities`, `upsert_single_identity`) to reduce method complexity and improve readability.
+- Replaced hand-rolled `log_warn`/`log_debug` methods in `Identity::Resolver`, `Identity::Broker`, and `Identity::LeaseRenewer` with `include Legion::Logging::Helper` and standard `log.debug`/`log.warn` calls.
+- Added debug logging throughout `Identity::Resolver` for registration, resolution, auth racing, binding, and DB persistence.
+- LLM inference API now passes `instance` and `tier` routing hints from request body through to `Legion::LLM::Inference::Request`.
+
 ## [1.9.28] - 2026-05-08
 
 ### Fixed

data/lib/legion/api/identity_audit.rb

@@ -35,8 +35,8 @@ module Legion
             records = dataset.order(Sequel.desc(:created_at)).limit(100).all
             json_collection(records.map do |r|
               { id: r.id, event_type: r.event_type, provider_name: r.provider_name,
-                trust_level: r.trust_level, detail: r.detail,
-                node_id: r.node_id, session_id: r.session_id, created_at: r.created_at }
+                trust_level: r.trust_level, detail_payload: r.detail_payload,
+                node_ref: r.node_ref, session_ref: r.session_ref, created_at: r.created_at }
             end)
           end
         end

data/lib/legion/api/llm.rb

@@ -268,16 +268,23 @@ module Legion
                          end
 
             caller_metadata = body[:metadata].is_a?(Hash) ? body[:metadata] : {}
+            instance = body[:instance]
+            tier     = body[:tier]
             request_args = {
               messages:        messages,
               system:          body[:system],
-              routing:         { provider: provider, model: model },
+              routing:         { provider: provider, model: model, instance: instance }.compact,
               caller:          caller_ctx,
               conversation_id: body[:conversation_id],
               metadata:        caller_metadata.merge(requested_tools: requested_tools),
               stream:          streaming,
               cache:           { strategy: :default, cacheable: true }
             }
+            if tier
+              halt 400, Legion::JSON.dump({ error: 'invalid tier' }) unless tier.is_a?(String)
+              halt 400, Legion::JSON.dump({ error: 'invalid tier' }) unless %w[local fleet auto].include?(tier)
+              request_args[:extra] = { tier: tier.to_sym }
+            end
             request_args[:tools] = tool_classes if tools_present
 
             req = Legion::LLM::Inference::Request.build(**request_args)

data/lib/legion/cli/setup_command.rb

@@ -55,10 +55,27 @@ module Legion
           description: 'LLM routing and provider integration (no cognitive stack)',
           gems:        %w[
             legion-llm lex-llm lex-llm-anthropic lex-llm-azure-foundry
-            lex-llm-bedrock lex-llm-gemini lex-llm-ledger lex-llm-mlx
+            lex-llm-bedrock lex-llm-gemini lex-llm-mlx
             lex-llm-ollama lex-llm-openai lex-llm-vertex lex-llm-vllm
           ]
         },
+        gaia:     {
+          description: 'Cognitive coordination engine + agentic extensions (GAIA stack)',
+          gems:        %w[
+            legion-gaia
+            lex-agentic-affect lex-agentic-attention lex-agentic-defense
+            lex-agentic-executive lex-agentic-homeostasis lex-agentic-inference
+            lex-agentic-integration lex-agentic-language lex-agentic-learning
+            lex-agentic-memory lex-agentic-self lex-agentic-social
+            lex-synapse lex-mind-growth lex-tick
+          ]
+        },
+        identity: {
+          description: 'Identity and access management (RBAC + identity providers)',
+          gems:        %w[
+            legion-rbac lex-identity-system lex-identity-kerberos
+          ]
+        },
         channels: {
           description: 'Channel adapters for chat platforms',
           gems:        %w[lex-slack lex-microsoft_teams]
@@ -153,6 +170,18 @@ module Legion
         install_pack(:llm)
       end
 
+      desc 'gaia', 'Install cognitive coordination engine and agentic extensions (GAIA stack)'
+      option :dry_run, type: :boolean, default: false, desc: 'Show what would be installed without installing'
+      def gaia
+        install_pack(:gaia)
+      end
+
+      desc 'identity', 'Install identity and access management (RBAC + identity providers)'
+      option :dry_run, type: :boolean, default: false, desc: 'Show what would be installed without installing'
+      def identity
+        install_pack(:identity)
+      end
+
       desc 'channels', 'Install channel adapters (Slack, Teams)'
       option :dry_run, type: :boolean, default: false, desc: 'Show what would be installed without installing'
       def channels
@@ -494,6 +523,14 @@ module Legion
             puts '  Next steps:'
             puts '    legion chat           # interactive AI conversation'
             puts '    legion llm status     # check provider connectivity'
+          when :gaia
+            puts '  Next steps:'
+            puts '    legion start          # start daemon with cognitive stack'
+            puts '    legion start --lite   # single-process, no external services'
+          when :identity
+            puts '  Next steps:'
+            puts '    Configure RBAC in settings: {"rbac": {"enabled": true}}'
+            puts '    legion start          # start daemon with identity services'
           when :channels
             puts '  Next steps:'
             puts '    Configure channels in settings: {"gaia": {"channels": {"slack": {"enabled": true}}}}'

data/lib/legion/extensions/actors/subscription.rb

@@ -110,7 +110,20 @@ module Legion
             log.warn "[Subscription] skipping activate for #{lex_name}/#{runner_name}: no consumer (prepare failed?)"
             return
           end
-          @queue.subscribe_with(@consumer)
+
+          if @queue.channel.open?
+            @queue.subscribe_with(@consumer)
+          else
+            log.warn "[Subscription] channel closed before activate for #{lex_name}/#{runner_name}, re-preparing"
+            prepare
+            if @consumer && @queue.channel.open?
+              @queue.subscribe_with(@consumer)
+            else
+              log.error "[Subscription] re-prepare failed for #{lex_name}/#{runner_name}, skipping activate"
+              return
+            end
+          end
+
           log.info "[Subscription] activated: #{lex_name}/#{runner_name} (consumer registered)"
         end
 

data/lib/legion/extensions/transport.rb

@@ -71,6 +71,8 @@ module Legion
       end
 
       def auto_create_dlx_exchange
+        return unless remote_invocable_extension?
+
         dlx = if transport_class::Exchanges.const_defined?('Dlx', false)
                 transport_class::Exchanges::Dlx
               else
@@ -89,6 +91,7 @@ module Legion
       end
 
       def auto_create_dlx_queue
+        return unless remote_invocable_extension?
         return if transport_class::Queues.const_defined?('Dlx', false)
 
         special_name = default_exchange.new.exchange_name
@@ -207,6 +210,12 @@ module Legion
       def additional_e_to_q
         []
       end
+
+      def remote_invocable_extension?
+        return lex_class.remote_invocable? if lex_class.respond_to?(:remote_invocable?)
+
+        true
+      end
     end
   end
 end

data/lib/legion/identity/broker.rb

@@ -10,6 +10,8 @@ module Legion
       AUDIT_DROP_LOG_INTERVAL = 100
 
       class << self
+        include Legion::Logging::Helper
+
         def token_for(provider_name, qualifier: nil, for_context: nil, purpose: nil, context: nil)
           name = provider_name.to_sym
           resolved = resolve_qualifier(name, qualifier: qualifier, for_context: for_context)
@@ -235,7 +237,7 @@ module Legion
 
           if audit_queue.size >= AUDIT_QUEUE_MAX
             drops = (@audit_drops ||= Concurrent::AtomicFixnum.new(0)).increment
-            log_warn("Audit queue full, dropping event (total drops: #{drops})") if (drops % AUDIT_DROP_LOG_INTERVAL).zero?
+            log.warn("Audit queue full, dropping event (total drops: #{drops})") if (drops % AUDIT_DROP_LOG_INTERVAL).zero?
           else
             audit_queue.push(event)
           end
@@ -289,7 +291,7 @@ module Legion
             nil
           end
         rescue StandardError => e
-          log_warn("Broker.db_groups failed: #{e.message}")
+          log.warn("Broker.db_groups failed: #{e.message}")
           []
         end
 
@@ -298,14 +300,6 @@ module Legion
             Legion::Data.respond_to?(:connected?) &&
             Legion::Data.connected?
         end
-
-        def log_warn(message)
-          if defined?(Legion::Logging) && Legion::Logging.respond_to?(:warn)
-            Legion::Logging.warn("[Identity::Broker] #{message}")
-          else
-            $stderr.puts "[Identity::Broker] #{message}" # rubocop:disable Style/StderrPuts
-          end
-        end
       end
 
       # Initialize atomics at module definition time

data/lib/legion/identity/lease_renewer.rb

@@ -5,6 +5,8 @@ require 'concurrent'
 module Legion
   module Identity
     class LeaseRenewer
+      include Legion::Logging::Helper
+
       attr_reader :provider_name, :provider
 
       BACKOFF_SLEEP  = 5
@@ -70,11 +72,10 @@ module Legion
       end
 
       def log_renewal_failure(error)
-        message = "[LeaseRenewer][#{@provider_name}] renewal failed: #{error.message}"
-        if defined?(Legion::Logging) && Legion::Logging.respond_to?(:warn)
-          Legion::Logging.warn(message)
+        if defined?(Legion::Logging)
+          log.warn("renewal failed: #{error.message}")
         else
-          $stderr.puts message # rubocop:disable Style/StderrPuts
+          $stderr.puts "[LeaseRenewer][#{@provider_name}] renewal failed: #{error.message}" # rubocop:disable Style/StderrPuts
         end
       end
     end

data/lib/legion/identity/resolver.rb

@@ -13,25 +13,34 @@ module Legion
       TIMEOUT_SECONDS = 5
 
       class << self
+        include Legion::Logging::Helper
+
         def register(provider)
           return if @providers.any? { |p| p.provider_name == provider.provider_name }
 
+          log.debug("register: #{provider.provider_name} type=#{provider.provider_type} trust=#{provider.trust_level}")
           @providers << provider
         end
 
         def resolve!(timeout: TIMEOUT_SECONDS)
+          log.debug("resolve!: starting with #{@providers.size} providers, timeout=#{timeout}s")
           drain_pending_registrations
 
           auth_providers, profile_providers, fallback_providers = partition_providers
+          log.debug("resolve!: partitioned auth=#{auth_providers.map(&:provider_name)} " \
+                    "profile=#{profile_providers.map(&:provider_name)} " \
+                    "fallback=#{fallback_providers.map(&:provider_name)}")
 
           winning_provider, winning_result, provider_results = resolve_auth(auth_providers, timeout: timeout)
 
           if winning_provider.nil?
+            log.debug('resolve!: no auth winner, trying fallback providers')
             winning_provider, winning_result, fallback_results = resolve_auth(fallback_providers, timeout: timeout)
             provider_results.merge!(fallback_results) if fallback_results
           end
 
           unless winning_provider
+            log.debug('resolve!: no provider resolved, identity unresolved')
             @resolved.make_false
             @composite.set(nil)
             return nil
@@ -40,8 +49,10 @@ module Legion
           canonical = winning_result[:canonical_name]
           trust_level = winning_provider.trust_level
           source = winning_provider.provider_name
+          log.debug("resolve!: winner=#{source} canonical=#{canonical} trust=#{trust_level}")
 
           profile_data = resolve_profiles(profile_providers, canonical, timeout: timeout)
+          log.debug("resolve!: profiles resolved groups=#{profile_data[:groups].size} profile_keys=#{profile_data[:profile].keys}")
 
           composite = assemble_composite(
             provider_results, profile_data,
@@ -51,6 +62,7 @@ module Legion
           )
 
           bind_and_persist(winning_provider, composite, trust_level)
+          log.debug("resolve!: complete canonical=#{composite[:canonical_name]} providers=#{composite[:providers].keys}")
           composite
         end
 
@@ -58,6 +70,8 @@ module Legion
           current = @composite.get
           return unless current
 
+          log.debug("upgrade!: provider=#{provider.provider_name} trust=#{provider.trust_level} current_canonical=#{current[:canonical_name]}")
+
           new_trust = provider.trust_level
           new_canonical = result[:canonical_name] || current[:canonical_name]
           canonical_changed = new_canonical != current[:canonical_name]
@@ -109,6 +123,7 @@ module Legion
 
           persist_identity_json(new_canonical, updated[:kind]) unless new_trust == :unverified
 
+          log.debug("upgrade!: complete canonical=#{new_canonical} trust=#{effective_trust} canonical_changed=#{canonical_changed}")
           updated
         end
 
@@ -145,6 +160,7 @@ module Legion
           pending = Legion::Identity.pending_registrations
           return if pending.nil? || pending.empty?
 
+          log.debug("drain_pending_registrations: draining #{pending.size} pending providers")
           drained = []
           drained << pending.shift until pending.empty?
           drained.each { |p| register(p) }
@@ -172,6 +188,7 @@ module Legion
         def resolve_auth(auth_providers, timeout:)
           return [nil, nil, {}] if auth_providers.empty?
 
+          log.debug("resolve_auth: racing #{auth_providers.map(&:provider_name)} timeout=#{timeout}s")
           futures = auth_providers.map do |provider|
             Concurrent::Promises.future { provider.resolve }
           end
@@ -179,10 +196,13 @@ module Legion
           deadline = ::Process.clock_gettime(::Process::CLOCK_MONOTONIC) + timeout
           provider_results = {}
           auth_providers.zip(futures).each do |provider, future|
+            result = nil
             remaining = deadline - ::Process.clock_gettime(::Process::CLOCK_MONOTONIC)
             future.wait(remaining.positive? ? remaining : 0)
             result = future.value(0) if future.resolved?
             status = auth_future_status(future, result)
+            log.debug("resolve_auth: #{provider.provider_name} status=#{status}" \
+                      "#{" canonical=#{result[:canonical_name]}" if status == :resolved}")
 
             provider_results[provider.provider_name] = {
               status:      status,
@@ -195,6 +215,7 @@ module Legion
 
           resolved_entries = provider_results.select { |_, v| v[:status] == :resolved }
           if resolved_entries.empty?
+            log.debug('resolve_auth: no providers resolved')
             [nil, nil, provider_results]
           else
             winner_name = resolved_entries.min_by do |_, v|
@@ -202,6 +223,7 @@ module Legion
               [-p.priority, p.trust_weight]
             end&.first
 
+            log.debug("resolve_auth: winner=#{winner_name}")
             winner_info = provider_results[winner_name]
             [winner_info[:provider], winner_info[:result], provider_results]
           end
@@ -302,11 +324,13 @@ module Legion
         end
 
         def bind_and_persist(winning_provider, composite, trust_level)
+          log.debug("bind_and_persist: binding provider=#{winning_provider.provider_name} trust=#{trust_level}")
           Legion::Identity::Process.bind!(winning_provider, composite) if defined?(Legion::Identity::Process)
 
           if defined?(Legion::Settings) && Legion::Settings.respond_to?(:loader) && Legion::Settings.loader.respond_to?(:settings)
             Legion::Settings.loader.settings[:client] ||= {}
             Legion::Settings.loader.settings[:client][:name] = Legion::Identity::Process.queue_prefix
+            log.debug("bind_and_persist: client name set to #{Legion::Identity::Process.queue_prefix}")
           end
 
           persist_to_db(composite)
@@ -314,72 +338,26 @@ module Legion
 
           @composite.set(composite)
           @resolved.make_true
+          log.debug('bind_and_persist: resolved=true')
         end
 
-        def persist_to_db(composite) # rubocop:disable Metrics/MethodLength
-          return unless defined?(Legion::Data) && Legion::Data.respond_to?(:connected?) && Legion::Data.connected?
-
-          now = Time.now.utc
-          db = Legion::Data.db
-
-          composite[:providers]&.each_key do |name|
-            db[:identity_providers].insert_conflict(
-              target: :name,
-              update: { updated_at: now }
-            ).insert(
-              uuid:          SecureRandom.uuid,
-              name:          name.to_s,
-              provider_type: 'authenticate',
-              facing:        'both',
-              source:        'resolver',
-              enabled:       true,
-              created_at:    now,
-              updated_at:    now
-            )
+        def persist_to_db(composite)
+          unless defined?(Legion::Data) && Legion::Data.respond_to?(:connected?) && Legion::Data.connected?
+            log.debug('persist_to_db: skipped — Legion::Data not connected')
+            return
           end
 
-          db[:identity_principals].insert_conflict(
-            target: %i[canonical_name kind],
-            update: { last_seen_at: now, updated_at: now }
-          ).insert(
-            uuid:           SecureRandom.uuid,
-            canonical_name: composite[:canonical_name],
-            kind:           composite[:kind].to_s,
-            active:         true,
-            last_seen_at:   now,
-            created_at:     now,
-            updated_at:     now
-          )
-
-          principal_row = db[:identity_principals].where(
-            canonical_name: composite[:canonical_name], kind: composite[:kind].to_s
-          ).first
-          principal_id = principal_row[:id] if principal_row
-
-          composite[:aliases]&.each do |provider_name, identities|
-            provider_row = db[:identity_providers].where(name: provider_name.to_s).first
-            next unless provider_row
+          log.debug("persist_to_db: persisting canonical=#{composite[:canonical_name]} providers=#{composite[:providers]&.keys}")
+          now            = Time.now.utc
+          provider_model = Legion::Data::Model::Identity::Provider
+          audit_model    = Legion::Data::Model::Identity::AuditLog
 
-            Array(identities).each do |ident|
-              db[:identities].insert_conflict(
-                target: %i[principal_id provider_id provider_identity_key],
-                update: { last_authenticated_at: now, updated_at: now }
-              ).insert(
-                uuid:                  SecureRandom.uuid,
-                principal_id:          principal_id,
-                provider_id:           provider_row[:id],
-                provider_identity_key: ident,
-                active:                true,
-                last_authenticated_at: now,
-                created_at:            now,
-                updated_at:            now
-              )
-            end
-          end
+          upsert_providers(composite, provider_model, now)
+          principal = upsert_principal(composite, now)
+          upsert_identities(composite, provider_model, principal, now)
 
-          db[:identity_audit_log].insert(
-            uuid:           SecureRandom.uuid,
-            principal_id:   principal_id,
+          audit_model.create(
+            principal_id:   principal.id,
             event_type:     'identity.resolved',
             provider_name:  composite[:source].to_s,
             trust_level:    composite[:trust]&.to_s,
@@ -392,11 +370,79 @@ module Legion
               }
             ),
             node_ref:       composite[:node_id],
-            session_ref:    @session_id,
-            created_at:     now
+            session_ref:    @session_id
           )
         rescue StandardError => e
-          log_warn("DB persistence failed: #{e.message}")
+          log.warn("DB persistence failed: #{e.message}")
+        end
+
+        def upsert_providers(composite, provider_model, now)
+          composite[:providers]&.each_key do |name|
+            existing = provider_model.where(name: name.to_s).first
+            if existing
+              existing.update(updated_at: now)
+            else
+              provider_model.create(
+                name:          name.to_s,
+                provider_type: 'authenticate',
+                facing:        'both',
+                source:        'resolver',
+                enabled:       true
+              )
+            end
+          end
+        end
+
+        def upsert_principal(composite, now)
+          principal_model = Legion::Data::Model::Identity::Principal
+          principal = principal_model.where(
+            canonical_name: composite[:canonical_name],
+            kind:           composite[:kind].to_s
+          ).first
+
+          if principal
+            principal.update(last_seen_at: now, updated_at: now)
+            principal
+          else
+            principal_model.create(
+              canonical_name: composite[:canonical_name],
+              kind:           composite[:kind].to_s,
+              active:         true,
+              last_seen_at:   now
+            )
+          end
+        end
+
+        def upsert_identities(composite, provider_model, principal, now)
+          identity_model = Legion::Data::Model::Identity::Identity
+          composite[:aliases]&.each do |provider_name, identities|
+            provider_row = provider_model.where(name: provider_name.to_s).first
+            next unless provider_row
+
+            Array(identities).each do |ident|
+              upsert_single_identity(identity_model, principal, provider_row, ident, now)
+            end
+          end
+        end
+
+        def upsert_single_identity(identity_model, principal, provider_row, ident, now)
+          existing = identity_model.where(
+            principal_id:          principal.id,
+            provider_id:           provider_row.id,
+            provider_identity_key: ident
+          ).first
+
+          if existing
+            existing.update(last_authenticated_at: now, updated_at: now)
+          else
+            identity_model.create(
+              principal_id:          principal.id,
+              provider_id:           provider_row.id,
+              provider_identity_key: ident,
+              active:                true,
+              last_authenticated_at: now
+            )
+          end
         end
 
         def persist_identity_json(canonical_name, kind)
@@ -412,7 +458,7 @@ module Legion
                  end
           File.write(path, json)
         rescue StandardError => e
-          log_warn("identity.json write failed: #{e.message}")
+          log.warn("identity.json write failed: #{e.message}")
         end
 
         def handle_canonical_change(old_canonical, new_canonical, _composite)
@@ -424,25 +470,15 @@ module Legion
 
           return unless defined?(Legion::Data) && Legion::Data.respond_to?(:connected?) && Legion::Data.connected?
 
-          old_row = Legion::Data.db[:identity_principals].where(canonical_name: old_canonical).first
-          Legion::Data.db[:identity_audit_log].insert(
-            uuid:           SecureRandom.uuid,
-            principal_id:   old_row&.dig(:id),
+          old_principal = Legion::Data::Model::Identity::Principal.where(canonical_name: old_canonical).first
+          Legion::Data::Model::Identity::AuditLog.create(
+            principal_id:   old_principal&.id,
             event_type:     'identity.canonical_changed',
             provider_name:  'resolver',
-            detail_payload: Legion::JSON.dump({ old: old_canonical, new: new_canonical }),
-            created_at:     Time.now
+            detail_payload: Legion::JSON.dump({ old: old_canonical, new: new_canonical })
           )
         rescue StandardError => e
-          log_warn("canonical change handling failed: #{e.message}")
-        end
-
-        def log_warn(message)
-          if defined?(Legion::Logging) && Legion::Logging.respond_to?(:warn)
-            Legion::Logging.warn("[Identity::Resolver] #{message}")
-          else
-            $stderr.puts "[Identity::Resolver] #{message}" # rubocop:disable Style/StderrPuts
-          end
+          log.warn("canonical change handling failed: #{e.message}")
         end
       end
 

data/lib/legion/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Legion
-  VERSION = '1.9.28'
+  VERSION = '1.9.29'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legionio
 version: !ruby/object:Gem::Version
-  version: 1.9.28
+  version: 1.9.29
 platform: ruby
 authors:
 - Esity