lex-audit 0.1.4 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b945759c5e9cecb1a9da5e6f66891c53f19a7377a4397c68a32d395723a134e
-  data.tar.gz: f0973cd9c76720addbcdc904f7f66bcce55f208b770df5bdab2bf29bc5f1f921
+  metadata.gz: 531cdf796a189cb155d128d61af3fd72128d859d780ca21cfe40f50336f08ce4
+  data.tar.gz: 9bfbf2fa44d6ccb8c864f5b348b0d8bbc9f5f237dafefb65e12752111a077f54
 SHA512:
-  metadata.gz: '0319d0e5f3efda872544651da44aa2042234689f2519ab500c74aa9c7c6c6b807cbbf16203ba1e8c694b63f8638e313670bcbf6c4f45b2a7357b2f39e6ef2555'
-  data.tar.gz: 66cffab3964a538ca615db77903e266f5bc2297b11ad7fb5c830efd47a55d673aaca35a0e9873284132a1a420b014c6632726d1f8b83c0f2a67bb0ec48b0aa3e
+  metadata.gz: 4b760a57e8ecd4462d38541552e486034b0fa0c39320a078a38e1d60cea940cc9ae3f5214dc661ba169a5b412ef0f8ad64fb044ef939bc48794aded44a548df1
+  data.tar.gz: 1ed526ca7d9fad3b2ff541e0fc791ecb50bfc3ca37452339ac699b730065dbb091ff9b19a6ce11c5dd85cb9b8e2e721219758dce2140988476c75653098e7d32

data/.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Auto-generated from team-config.yml
+# Team: extensions
+#
+# To apply: scripts/apply-codeowners.sh lex-audit
+
+* @LegionIO/maintainers
+* @LegionIO/extensions

data/.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    open-pull-requests-limit: 5
+    labels:
+      - "type:dependencies"
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    open-pull-requests-limit: 5
+    labels:
+      - "type:dependencies"

data/.github/workflows/ci.yml

@@ -10,8 +10,8 @@ jobs:
   ci:
     uses: LegionIO/.github/.github/workflows/ci.yml@main
 
-  lint:
-    uses: LegionIO/.github/.github/workflows/lint-patterns.yml@main
+  excluded-files:
+    uses: LegionIO/.github/.github/workflows/excluded-files.yml@main
 
   security:
     uses: LegionIO/.github/.github/workflows/security-scan.yml@main
@@ -27,7 +27,7 @@ jobs:
     uses: LegionIO/.github/.github/workflows/stale.yml@main
 
   release:
-    needs: [ci, lint]
+    needs: [ci, excluded-files]
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     uses: LegionIO/.github/.github/workflows/release.yml@main
     secrets:

data/.rubocop.yml

@@ -1,53 +1,2 @@
-AllCops:
-  TargetRubyVersion: 3.4
-  NewCops: enable
-  SuggestExtensions: false
-
-Layout/LineLength:
-  Max: 160
-
-Layout/SpaceAroundEqualsInParameterDefault:
-  EnforcedStyle: space
-
-Layout/HashAlignment:
-  EnforcedHashRocketStyle: table
-  EnforcedColonStyle: table
-
-Metrics/MethodLength:
-  Max: 50
-
-Metrics/ClassLength:
-  Max: 1500
-
-Metrics/ModuleLength:
-  Max: 1500
-
-Metrics/BlockLength:
-  Max: 40
-  Exclude:
-    - 'spec/**/*'
-
-Metrics/AbcSize:
-  Max: 60
-
-Metrics/CyclomaticComplexity:
-  Max: 15
-
-Metrics/PerceivedComplexity:
-  Max: 17
-
-Style/Documentation:
-  Enabled: false
-
-Style/SymbolArray:
-  Enabled: true
-
-Style/FrozenStringLiteralComment:
-  Enabled: true
-  EnforcedStyle: always
-
-Naming/FileName:
-  Enabled: false
-
-Gemspec/DevelopmentDependencies:
-  Enabled: false
+inherit_gem:
+  rubocop-legion: config/lex.yml

data/CHANGELOG.md

@@ -2,6 +2,21 @@
 
 ## [Unreleased]
 
+## [0.1.6] - 2026-03-31
+
+### Added
+- `Helpers::VerifiedWrite` module with `verified_write` and `verified_edit` methods
+- Post-write SHA-256 verification catches silent write failures (disk full, permission, NFS stale)
+- Stale edit detection catches external file modifications between read and write
+- `WriteVerificationError` and `StaleEditError` error classes in `errors.rb`
+- Audit trail recording via `Legion::Data::Model::AuditLog` when legion-data is available (best-effort, never breaks the write)
+- Shared `spec/support/audit_log_db.rb` eliminates DB constant conflicts when all specs run together
+
+## [0.1.5] - 2026-03-30
+
+### Changed
+- update to rubocop-legion 0.1.7, resolve all offenses
+
 ### Fixed
 - Add explicit runner_class to AuditWriter actor to prevent runner resolution error at boot
 

data/CLAUDE.md

@@ -6,20 +6,22 @@
 
 ## Purpose
 
-Legion Extension that provides immutable, tamper-evident audit logging with a SHA-256 hash chain. Records runner executions and lifecycle transitions via AMQP. Requires `legion-data` (`data_required? true`).
+Legion Extension that provides immutable, tamper-evident audit logging with a SHA-256 hash chain. Records runner executions and lifecycle transitions via AMQP. Also provides an approval queue for human-in-the-loop review flows. Requires `legion-data` (`data_required? true`).
 
 **GitHub**: https://github.com/LegionIO/lex-audit
 **License**: MIT
-**Version**: 0.1.2
+**Version**: 0.1.4
 
 ## Architecture
 
 ```
 Legion::Extensions::Audit
-├── Actors/
-│   └── AuditWriter        # Subscription actor: consumes audit messages, calls write runner
+├── Actor/              # Note: singular "Actor" per framework convention
+│   └── AuditWriter    # Subscription actor: explicit runner_class override to
+│                      # Legion::Extensions::Audit::Runners::Audit; calls write
 ├── Runners/
-│   └── Audit              # write: hash-chained record insert; verify: chain integrity check
+│   ├── Audit          # write: hash-chained record insert; verify: chain integrity check
+│   └── ApprovalQueue  # submit, approve, reject, list_pending, show_approval
 └── Transport/
     ├── Exchanges/Audit    # Audit exchange
     ├── Queues/Audit       # audit.log queue (x-single-active-consumer: true)
@@ -32,19 +34,36 @@ Legion::Extensions::Audit
 |------|---------|
 | `lib/legion/extensions/audit.rb` | Entry point, extension registration (`data_required? true`) |
 | `lib/legion/extensions/audit/runners/audit.rb` | Hash chain write and verify logic |
-| `lib/legion/extensions/audit/actors/audit_writer.rb` | AMQP subscription actor |
+| `lib/legion/extensions/audit/runners/approval_queue.rb` | Human-in-the-loop approval flow |
+| `lib/legion/extensions/audit/actors/audit_writer.rb` | AMQP subscription actor with explicit runner_class |
 | `lib/legion/extensions/audit/transport/messages/audit.rb` | Message class with validation and routing |
 
 ## Runner Details
 
-**write**: Fetches the last record's hash (or genesis hash `"0"*64`), computes SHA-256 of `prev_hash|event_type|principal_id|action|resource|created_at`, and inserts the record. Uses `.utc.iso8601` for timezone-safe hashing.
+### Audit (`Runners::Audit`)
+
+**write**: Fetches the last record's hash (or genesis hash `"0"*64`), computes SHA-256 of `prev_hash|event_type|principal_id|action|resource|context_snapshot|created_at`, and inserts the record. Uses `.utc.iso8601` for timezone-safe hashing. The `context_snapshot` field captures working memory state and is included in the hash chain for tamper evidence; backward-compatible with records that have no snapshot.
 
 **verify**: Iterates all records in order, recomputes each hash, and compares. Returns `{ valid:, records_checked:, break_at: }`.
 
+### ApprovalQueue (`Runners::ApprovalQueue`)
+
+Human-in-the-loop review. Uses a lazy-defined Sequel model (`approval_queue` table).
+
+| Method | Returns |
+|--------|---------|
+| `submit(approval_type:, payload:, requester_id:, tenant_id: nil)` | `{ success:, approval_id:, status: 'pending' }` |
+| `approve(id:, reviewer_id:)` | `{ success:, approval_id:, status: 'approved' }` |
+| `reject(id:, reviewer_id:)` | `{ success:, approval_id:, status: 'rejected' }` |
+| `list_pending(tenant_id: nil, limit: 50)` | `{ success:, approvals: [], count: }` |
+| `show_approval(id:)` | `{ success:, approval: }` |
+
+Each state transition publishes an `Audit` message (`approval_needed` or `approval_decided`) to the audit chain.
+
 ## Hash Chain Design
 
 - Genesis hash: `"0" * 64` (64 zeros)
-- Hash content: `"#{prev_hash}|#{event_type}|#{principal_id}|#{action}|#{resource}|#{created_at.utc.iso8601}"`
+- Hash content: `"#{prev_hash}|#{event_type}|#{principal_id}|#{action}|#{resource}|#{context_snapshot}|#{created_at.utc.iso8601}"`
 - Algorithm: SHA-256
 - Single-active-consumer queue ensures ordering across cluster nodes
 - `Sequel.default_timezone = :utc` required for consistent hash verification
@@ -57,11 +76,16 @@ Legion::Extensions::Audit
 - `GET /api/audit` and `GET /api/audit/verify` query the audit log
 - `legion audit list` and `legion audit verify` CLI commands
 
+## Known Behaviour Notes
+
+- `Actor::AuditWriter` uses `runner_class = Legion::Extensions::Audit::Runners::Audit` (class reference, not string) — this explicit override prevents the framework from attempting to resolve a non-existent `Runners::AuditWriter` constant
+- Actor module is `module Actor` (singular) per framework convention
+
 ## Testing
 
 ```bash
 bundle install
-bundle exec rspec     # 26 examples, 0 failures
+bundle exec rspec     # 26+ examples, 0 failures
 bundle exec rubocop   # 0 offenses
 ```
 

data/Gemfile

@@ -2,3 +2,5 @@
 
 source 'https://rubygems.org'
 gemspec
+
+gem 'rubocop-legion', '~> 0.1', require: false

data/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2021 Esity
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/lex-audit.gemspec

@@ -36,7 +36,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'legion-settings', '>= 1.3.14'
   spec.add_dependency 'legion-transport', '>= 1.3.9'
 
-  spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'rubocop'
   spec.add_development_dependency 'rubocop-rspec'

data/lib/legion/extensions/audit/errors.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Audit
+      # Raised when post-write SHA-256 verification fails.
+      class WriteVerificationError < StandardError; end
+
+      # Raised when the file on disk has been modified since the caller read it.
+      class StaleEditError < StandardError; end
+    end
+  end
+end

data/lib/legion/extensions/audit/helpers/verified_write.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+require 'digest'
+require 'legion/extensions/audit/errors'
+
+module Legion
+  module Extensions
+    module Audit
+      module Helpers
+        # Combines file write/edit operations with post-write SHA-256 verification
+        # and optional audit trail recording via AuditRecord.
+        #
+        # Include this module in any class or extension that modifies files and
+        # needs tamper-evident confirmation that the write succeeded.
+        module VerifiedWrite
+          include Legion::Extensions::Helpers::Lex if defined?(Legion::Extensions::Helpers::Lex)
+
+          # Write +content+ to +path+, then re-read and compare SHA-256 digests.
+          #
+          # @param path      [String]  absolute or relative filesystem path
+          # @param content   [String]  content to write
+          # @param agent_id  [String, nil]  identity recorded in the audit trail
+          # @param chain_id  [String]  audit chain identifier
+          #
+          # @return [Hash] { path:, before_hash:, after_hash:, verified: true }
+          # @raise [WriteVerificationError] when re-read digest does not match written digest
+          def verified_write(path, content, agent_id: nil, chain_id: 'file_edits')
+            before_hash = ::File.exist?(path) ? sha256_file(path) : nil
+            expected    = sha256_string(content)
+
+            ::File.write(path, content)
+
+            actual = sha256_file(path)
+            unless actual == expected
+              raise WriteVerificationError,
+                    "write verification failed for #{path}: expected #{expected}, got #{actual}"
+            end
+
+            record_audit(
+              path:        path,
+              action:      'verified_write',
+              agent_id:    agent_id,
+              chain_id:    chain_id,
+              before_hash: before_hash,
+              after_hash:  actual
+            )
+
+            { path: path, before_hash: before_hash, after_hash: actual, verified: true }
+          end
+
+          # Apply a string-replacement edit to +path+, with a staleness check before writing
+          # and SHA-256 verification after writing.
+          #
+          # @param path        [String]  absolute or relative filesystem path
+          # @param old_content [String]  expected current file content (used for staleness check)
+          # @param new_content [String]  desired file content after edit
+          # @param agent_id    [String, nil]  identity recorded in the audit trail
+          # @param chain_id    [String]  audit chain identifier
+          #
+          # @return [Hash] { path:, before_hash:, after_hash:, verified: true }
+          # @raise [StaleEditError]        when the file has been modified since +old_content+ was read
+          # @raise [WriteVerificationError] when re-read digest does not match written digest
+          def verified_edit(path, old_content, new_content, agent_id: nil, chain_id: 'file_edits')
+            before_hash   = sha256_string(old_content)
+            on_disk_hash  = sha256_file(path)
+
+            unless on_disk_hash == before_hash
+              raise StaleEditError,
+                    "stale edit detected for #{path}: disk content has changed since old_content was read"
+            end
+
+            verified_write(path, new_content, agent_id: agent_id, chain_id: chain_id)
+          end
+
+          private
+
+          def sha256_string(str)
+            ::Digest::SHA256.hexdigest(str)
+          end
+
+          def sha256_file(path)
+            ::Digest::SHA256.file(path).hexdigest
+          end
+
+          def record_audit(path:, action:, agent_id:, chain_id:, before_hash:, after_hash:)
+            return unless defined?(Legion::Data::Model::AuditLog)
+
+            Legion::Data::Model::AuditLog.create(
+              event_type:     'file_operation',
+              principal_id:   agent_id || 'system',
+              principal_type: 'system',
+              action:         action,
+              resource:       path,
+              source:         chain_id,
+              node:           'local',
+              status:         'success',
+              detail:         ::JSON.generate({ before_hash: before_hash, after_hash: after_hash }),
+              record_hash:    ::Digest::SHA256.hexdigest("#{before_hash}|#{after_hash}|#{path}"),
+              prev_hash:      before_hash || ('0' * 64),
+              created_at:     ::Time.now.utc
+            )
+          rescue StandardError => e
+            # audit recording is best-effort; never let it break the write
+            log.warn("[lex-audit] verified_write audit record failed: #{e.message}")
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/audit/runners/approval_queue.rb

@@ -67,7 +67,7 @@ module Legion
           def define_approval_queue_model
             return if Legion::Extensions::Audit::Runners::ApprovalQueue.const_defined?(:ApprovalQueue, false)
 
-            db = Legion::Data::Connection.sequel
+            db = data_connection
             return unless db&.table_exists?(:approval_queue)
 
             Legion::Extensions::Audit::Runners::ApprovalQueue.const_set(

data/lib/legion/extensions/audit/version.rb

@@ -3,7 +3,7 @@
 module Legion
   module Extensions
     module Audit
-      VERSION = '0.1.4'
+      VERSION = '0.1.6'
     end
   end
 end

data/lib/legion/extensions/audit.rb

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
 
 require 'legion/extensions/audit/version'
+require 'legion/extensions/audit/errors'
+require 'legion/extensions/audit/helpers/verified_write'
 require 'legion/extensions/audit/runners/approval_queue'
 
 module Legion
   module Extensions
     module Audit
-      extend Legion::Extensions::Core if Legion::Extensions.const_defined? :Core
+      extend Legion::Extensions::Core if Legion::Extensions.const_defined? :Core, false
 
-      def self.data_required?
+      def self.data_required? # rubocop:disable Legion/Extension/DataRequiredWithoutMigrations
         true
       end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lex-audit
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Esity
@@ -107,20 +107,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.9
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -199,6 +185,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/CODEOWNERS"
+- ".github/dependabot.yml"
 - ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
@@ -206,10 +194,13 @@ files:
 - CHANGELOG.md
 - CLAUDE.md
 - Gemfile
+- LICENSE
 - README.md
 - lex-audit.gemspec
 - lib/legion/extensions/audit.rb
 - lib/legion/extensions/audit/actors/audit_writer.rb
+- lib/legion/extensions/audit/errors.rb
+- lib/legion/extensions/audit/helpers/verified_write.rb
 - lib/legion/extensions/audit/runners/approval_queue.rb
 - lib/legion/extensions/audit/runners/audit.rb
 - lib/legion/extensions/audit/transport/exchanges/audit.rb