lex-audit 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b363a68ca7a515b7b211d3a324e46a9d35ba91a8178f2a2008d745c8094cd918
|
|
4
|
+
data.tar.gz: efe87365ce00e0d08d1c9e1325349dff0d469ab9cb16cc5ee626343814595a3b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d155317671aaa668ca614ac2c88fd5352dcd46122130ead220395d5e143f5a71480013f588559d6cf200a7ab19364aeb707f5d1ecb9b0da369c21b013ac9e62b
|
|
7
|
+
data.tar.gz: 99652b938a051f9cc1354400daf4841a64f12c792509993d73f38ce1f1a7c32a28b82e1c540461169dec5395e8633be273de08a0998dbf0de37c3b08748d0acd
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.1.3] - 2026-03-22
|
|
4
|
+
|
|
5
|
+
### Changed
|
|
6
|
+
- Add legion-cache, legion-crypt, legion-data, legion-json, legion-logging, legion-settings, legion-transport as runtime dependencies
|
|
7
|
+
- Replace direct Legion::JSON.dump calls with json_dump helper in runners/audit.rb and runners/approval_queue.rb
|
|
8
|
+
- Replace Legion::Logging.warn guarded call with log.warn helper in runners/approval_queue.rb
|
|
9
|
+
- Add Helpers::Lex include to runners/approval_queue.rb
|
|
10
|
+
- Update spec_helper with real sub-gem helper stubs (legion/transport full load)
|
|
11
|
+
- Update spec files to remove hand-rolled Legion::JSON stubs (real gem loaded via spec_helper)
|
|
12
|
+
- Update messages/audit_spec.rb validate tests to match real Transport::Message initialize behavior
|
|
13
|
+
|
|
14
|
+
## [0.1.2] - 2026-03-21
|
|
15
|
+
|
|
16
|
+
### Added
|
|
17
|
+
- context_snapshot field for working memory state capture in audit entries
|
|
18
|
+
- context_snapshot included in SHA-256 hash chain for tamper evidence
|
|
19
|
+
- Backward-compatible verify with mixed snapshot/non-snapshot records
|
|
20
|
+
|
|
3
21
|
## [0.1.1] - 2026-03-20
|
|
4
22
|
|
|
5
23
|
### Added
|
data/lex-audit.gemspec
CHANGED
|
@@ -28,6 +28,14 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
end
|
|
29
29
|
spec.require_paths = ['lib']
|
|
30
30
|
|
|
31
|
+
spec.add_dependency 'legion-cache', '>= 1.3.11'
|
|
32
|
+
spec.add_dependency 'legion-crypt', '>= 1.4.9'
|
|
33
|
+
spec.add_dependency 'legion-data', '>= 1.4.17'
|
|
34
|
+
spec.add_dependency 'legion-json', '>= 1.2.1'
|
|
35
|
+
spec.add_dependency 'legion-logging', '>= 1.3.2'
|
|
36
|
+
spec.add_dependency 'legion-settings', '>= 1.3.14'
|
|
37
|
+
spec.add_dependency 'legion-transport', '>= 1.3.9'
|
|
38
|
+
|
|
31
39
|
spec.add_development_dependency 'rake'
|
|
32
40
|
spec.add_development_dependency 'rspec'
|
|
33
41
|
spec.add_development_dependency 'rubocop'
|
|
@@ -5,16 +5,12 @@ module Legion
|
|
|
5
5
|
module Audit
|
|
6
6
|
module Runners
|
|
7
7
|
module ApprovalQueue
|
|
8
|
+
include Legion::Extensions::Helpers::Lex if defined?(Legion::Extensions::Helpers::Lex)
|
|
8
9
|
extend self
|
|
9
10
|
|
|
10
11
|
def submit(approval_type:, payload:, requester_id:, tenant_id: nil, **)
|
|
11
12
|
define_approval_queue_model
|
|
12
|
-
json_payload =
|
|
13
|
-
Legion::JSON.dump({ data: payload })
|
|
14
|
-
else
|
|
15
|
-
require 'json'
|
|
16
|
-
::JSON.dump({ data: payload })
|
|
17
|
-
end
|
|
13
|
+
json_payload = json_dump({ data: payload })
|
|
18
14
|
|
|
19
15
|
record = Legion::Extensions::Audit::Runners::ApprovalQueue::ApprovalQueue.create(
|
|
20
16
|
approval_type: approval_type,
|
|
@@ -93,7 +89,7 @@ module Legion
|
|
|
93
89
|
detail: { approval_type: record.approval_type, approval_id: record.id }
|
|
94
90
|
).publish
|
|
95
91
|
rescue StandardError => e
|
|
96
|
-
|
|
92
|
+
log.warn "[audit] failed to publish #{event_type}: #{e.message}"
|
|
97
93
|
end
|
|
98
94
|
end
|
|
99
95
|
end
|
|
@@ -16,25 +16,29 @@ module Legion
|
|
|
16
16
|
prev_hash = prev ? prev.record_hash : GENESIS_HASH
|
|
17
17
|
|
|
18
18
|
created_at = opts[:created_at] ? Time.parse(opts[:created_at].to_s) : Time.now.utc
|
|
19
|
+
snapshot_json = opts[:context_snapshot] ? json_dump(opts[:context_snapshot]) : nil
|
|
20
|
+
|
|
19
21
|
content = "#{prev_hash}|#{event_type}|#{principal_id}|#{action}|#{resource}|#{created_at.utc.iso8601}"
|
|
22
|
+
content = "#{content}|#{snapshot_json}" if snapshot_json
|
|
20
23
|
record_hash = Digest::SHA256.hexdigest(content)
|
|
21
24
|
|
|
22
|
-
detail_json = opts[:detail] ?
|
|
25
|
+
detail_json = opts[:detail] ? json_dump(opts[:detail]) : nil
|
|
23
26
|
|
|
24
27
|
record = Legion::Data::Model::AuditLog.create(
|
|
25
|
-
event_type:
|
|
26
|
-
principal_id:
|
|
27
|
-
principal_type:
|
|
28
|
-
action:
|
|
29
|
-
resource:
|
|
30
|
-
source:
|
|
31
|
-
node:
|
|
32
|
-
status:
|
|
33
|
-
duration_ms:
|
|
34
|
-
detail:
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
28
|
+
event_type: event_type,
|
|
29
|
+
principal_id: principal_id,
|
|
30
|
+
principal_type: opts[:principal_type] || 'system',
|
|
31
|
+
action: action,
|
|
32
|
+
resource: resource,
|
|
33
|
+
source: opts[:source] || 'unknown',
|
|
34
|
+
node: opts[:node] || 'unknown',
|
|
35
|
+
status: opts[:status] || 'success',
|
|
36
|
+
duration_ms: opts[:duration_ms],
|
|
37
|
+
detail: detail_json,
|
|
38
|
+
context_snapshot: snapshot_json,
|
|
39
|
+
record_hash: record_hash,
|
|
40
|
+
prev_hash: prev_hash,
|
|
41
|
+
created_at: created_at
|
|
38
42
|
)
|
|
39
43
|
|
|
40
44
|
{ success: true, audit_id: record.id, record_hash: record_hash }
|
|
@@ -50,6 +54,7 @@ module Legion
|
|
|
50
54
|
|
|
51
55
|
dataset.each do |record|
|
|
52
56
|
content = "#{prev_hash}|#{record.event_type}|#{record.principal_id}|#{record.action}|#{record.resource}|#{record.created_at.utc.iso8601}"
|
|
57
|
+
content = "#{content}|#{record.context_snapshot}" if record.respond_to?(:context_snapshot) && record.context_snapshot
|
|
53
58
|
expected = Digest::SHA256.hexdigest(content)
|
|
54
59
|
unless record.record_hash == expected
|
|
55
60
|
broken_at = record.id
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lex-audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Esity
|
|
@@ -9,6 +9,104 @@ bindir: bin
|
|
|
9
9
|
cert_chain: []
|
|
10
10
|
date: 1980-01-02 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
|
+
- !ruby/object:Gem::Dependency
|
|
13
|
+
name: legion-cache
|
|
14
|
+
requirement: !ruby/object:Gem::Requirement
|
|
15
|
+
requirements:
|
|
16
|
+
- - ">="
|
|
17
|
+
- !ruby/object:Gem::Version
|
|
18
|
+
version: 1.3.11
|
|
19
|
+
type: :runtime
|
|
20
|
+
prerelease: false
|
|
21
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
22
|
+
requirements:
|
|
23
|
+
- - ">="
|
|
24
|
+
- !ruby/object:Gem::Version
|
|
25
|
+
version: 1.3.11
|
|
26
|
+
- !ruby/object:Gem::Dependency
|
|
27
|
+
name: legion-crypt
|
|
28
|
+
requirement: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: 1.4.9
|
|
33
|
+
type: :runtime
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: 1.4.9
|
|
40
|
+
- !ruby/object:Gem::Dependency
|
|
41
|
+
name: legion-data
|
|
42
|
+
requirement: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - ">="
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: 1.4.17
|
|
47
|
+
type: :runtime
|
|
48
|
+
prerelease: false
|
|
49
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - ">="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: 1.4.17
|
|
54
|
+
- !ruby/object:Gem::Dependency
|
|
55
|
+
name: legion-json
|
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: 1.2.1
|
|
61
|
+
type: :runtime
|
|
62
|
+
prerelease: false
|
|
63
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: 1.2.1
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
name: legion-logging
|
|
70
|
+
requirement: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: 1.3.2
|
|
75
|
+
type: :runtime
|
|
76
|
+
prerelease: false
|
|
77
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - ">="
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: 1.3.2
|
|
82
|
+
- !ruby/object:Gem::Dependency
|
|
83
|
+
name: legion-settings
|
|
84
|
+
requirement: !ruby/object:Gem::Requirement
|
|
85
|
+
requirements:
|
|
86
|
+
- - ">="
|
|
87
|
+
- !ruby/object:Gem::Version
|
|
88
|
+
version: 1.3.14
|
|
89
|
+
type: :runtime
|
|
90
|
+
prerelease: false
|
|
91
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
92
|
+
requirements:
|
|
93
|
+
- - ">="
|
|
94
|
+
- !ruby/object:Gem::Version
|
|
95
|
+
version: 1.3.14
|
|
96
|
+
- !ruby/object:Gem::Dependency
|
|
97
|
+
name: legion-transport
|
|
98
|
+
requirement: !ruby/object:Gem::Requirement
|
|
99
|
+
requirements:
|
|
100
|
+
- - ">="
|
|
101
|
+
- !ruby/object:Gem::Version
|
|
102
|
+
version: 1.3.9
|
|
103
|
+
type: :runtime
|
|
104
|
+
prerelease: false
|
|
105
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
106
|
+
requirements:
|
|
107
|
+
- - ">="
|
|
108
|
+
- !ruby/object:Gem::Version
|
|
109
|
+
version: 1.3.9
|
|
12
110
|
- !ruby/object:Gem::Dependency
|
|
13
111
|
name: rake
|
|
14
112
|
requirement: !ruby/object:Gem::Requirement
|