RubyGems - lex-governance - Versions diffs - 0.2.0 → 0.2.1 - Mend

lex-governance 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +4 -4
data/lib/legion/extensions/governance/helpers/airb.rb +58 -0
data/lib/legion/extensions/governance/runners/governance.rb +15 -70
data/lib/legion/extensions/governance/version.rb +1 -1
data/lib/legion/extensions/governance.rb +1 -7
metadata +5 -25
data/Gemfile +0 -14
data/lex-governance.gemspec +0 -28
data/lib/legion/extensions/governance/actors/shadow_ai_scan.rb +0 -15
data/lib/legion/extensions/governance/actors/vote_timeout.rb +0 -41
data/lib/legion/extensions/governance/client.rb +0 -23
data/lib/legion/extensions/governance/helpers/layers.rb +0 -36
data/lib/legion/extensions/governance/helpers/proposal.rb +0 -90
data/lib/legion/extensions/governance/runners/shadow_ai.rb +0 -89
data/spec/legion/extensions/governance/actors/vote_timeout_spec.rb +0 -45
data/spec/legion/extensions/governance/client_spec.rb +0 -14
data/spec/legion/extensions/governance/helpers/layers_spec.rb +0 -190
data/spec/legion/extensions/governance/helpers/proposal_spec.rb +0 -188
data/spec/legion/extensions/governance/runners/governance_spec.rb +0 -101
data/spec/legion/extensions/governance/runners/shadow_ai_spec.rb +0 -65
data/spec/spec_helper.rb +0 -46

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ae04ddeb792bd593f11c4b121cf778a1b6fb14b9827de61aca08d88363f3cb8
-  data.tar.gz: 1c9c72455e758c50f9bdc00995a32d9bb2c7a18d1140f2203020467b08c91b1b
+  metadata.gz: c49ec8c4434d925672bf24d03d0d568673dba8007ea72303b5d345fb87a5142c
+  data.tar.gz: 85e0ccc337f078cdc9cd7f8b4f2abf0c311f66c1bc9fc15ed0e6483f4c187290
 SHA512:
-  metadata.gz: 6cf0a327af81329db2a4f8255c0ac4fdbcdccbfab56ef9803eb70ea14880bedd8bb99f1161381eeed56345ed9b9c6fcd81e3c2e77c92971dabf0e32a8da6bb56
-  data.tar.gz: 1f2834223f2a83f382e89684afbdffae40f913e36d174f55ef3596feade744f842fa62716ff544da6eb88ad4e9575143a83da85a7deae9865eb0b0aeb9db30cb
+  metadata.gz: 16ce4ad3ee7c08f7feeaf9e48efc9ff7ac15a1636be69e7cf59103a61684f3f77f296b2ee791be8c11caa4443e5b5790d55acc31f96899f77c96e7d932847b72
+  data.tar.gz: 42ef43f72cfd53b14b3095128b441809568fb03a6885631e3607089b69a2d8c0a981db3e788724d3b5f4164333c5bf3b142735d33e7a6ced5d9739d16740354b

data/lib/legion/extensions/governance/helpers/airb.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module Legion
+  module Extensions
+    module Governance
+      module Helpers
+        module Airb
+          AIRB_STATUSES = %i[unknown pending approved conditional denied expired].freeze
+          REQUIRE_AIRB_APPROVAL = {
+            low: false, medium: false, high: true, critical: true
+          }.freeze
+          ACCEPTABLE_STATUSES = {
+            low: %i[unknown pending approved conditional],
+            medium: %i[unknown pending approved conditional],
+            high: %i[approved conditional],
+            critical: %i[approved]
+          }.freeze
+          AirbRecord = Struct.new(:worker_id, :airb_id, :status, :risk_tier, :expires_at, :conditions)
+          module_function
+          def fetch(worker_id:)
+            backend = Legion::Settings.dig(:governance, :airb, :backend)&.to_sym || :settings
+            case backend
+            when :stub
+              AirbRecord.new(worker_id: worker_id, airb_id: 'STUB', status: :approved,
+                             risk_tier: :low, expires_at: nil, conditions: [])
+            else
+              fetch_from_settings(worker_id)
+            end
+          end
+          def fetch_from_settings(worker_id)
+            approvals = Legion::Settings[:airb_approvals] || {}
+            entry = approvals[worker_id.to_s] || approvals[worker_id.to_sym]
+            unless entry
+              return AirbRecord.new(worker_id: worker_id, airb_id: nil, status: :unknown,
+                                    risk_tier: :low, expires_at: nil, conditions: [])
+            end
+            AirbRecord.new(
+              worker_id: worker_id,
+              airb_id: entry[:airb_id],
+              status: (entry[:status] || 'unknown').to_sym,
+              risk_tier: (entry[:risk_tier] || 'low').to_sym,
+              expires_at: entry[:expires_at],
+              conditions: entry[:conditions] || []
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/governance/runners/governance.rb CHANGED Viewed

@@ -5,76 +5,21 @@ module Legion
     module Governance
       module Runners
         module Governance
-          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
-                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
-          def create_proposal(category:, description:, proposer:, council_size: nil, **)
-            return { error: :invalid_category, valid: Helpers::Layers::PROPOSAL_CATEGORIES } unless Helpers::Layers.valid_category?(category)
-            size = council_size || Helpers::Layers::MIN_COUNCIL_SIZE
-            id = proposal_store.create(category: category, description: description,
-                                       proposer: proposer, council_size: size)
-            Legion::Logging.info "[governance] proposal created: id=#{id[0..7]} category=#{category} proposer=#{proposer} council=#{size}"
-            { proposal_id: id, category: category, status: :open }
-          end
-          def vote_on_proposal(proposal_id:, voter:, approve:, **)
-            result = proposal_store.vote(proposal_id, voter: voter, approve: approve)
-            case result
-            when nil
-              Legion::Logging.debug "[governance] vote failed: proposal=#{proposal_id[0..7]} not found or closed"
-              { error: :not_found_or_closed }
-            when :already_voted
-              Legion::Logging.debug "[governance] vote failed: proposal=#{proposal_id[0..7]} voter=#{voter} already voted"
-              { error: :already_voted }
-            else
-              Legion::Logging.info "[governance] vote: proposal=#{proposal_id[0..7]} voter=#{voter} approve=#{approve} resolution=#{result}"
-              { voted: true, resolution: result }
-            end
-          end
-          def get_proposal(proposal_id:, **)
-            prop = proposal_store.get(proposal_id)
-            Legion::Logging.debug "[governance] get: proposal=#{proposal_id[0..7]} found=#{!prop.nil?}"
-            prop ? { found: true, proposal: prop } : { found: false }
-          end
-          def open_proposals(**)
-            props = proposal_store.open_proposals
-            Legion::Logging.debug "[governance] open proposals: count=#{props.size}"
-            { proposals: props, count: props.size }
-          end
-          def timeout_proposals(**)
-            open  = proposal_store.open_proposals
-            timed = open.select { |p| Time.now.utc - p[:created_at] > Helpers::Layers::VOTE_TIMEOUT }
-            timed.each { |p| proposal_store.resolve_timed_out(p[:proposal_id]) }
-            timed_ids = timed.map { |p| p[:proposal_id] }
-            Legion::Logging.debug "[governance] vote timeout sweep: open=#{open.size} timed_out=#{timed.size}"
-            { checked: open.size, timed_out: timed.size, timed_out_ids: timed_ids }
-          end
-          def validate_action(layer:, action: nil, _context: {}, **) # rubocop:disable Lint/UnusedMethodArgument
-            return { error: :invalid_layer } unless Helpers::Layers.valid_layer?(layer)
-            result = case layer
-                     when :agent_validation
-                       { allowed: true, layer: layer, reason: :self_validated }
-                     when :anomaly_detection
-                       { allowed: true, layer: layer, reason: :no_anomaly }
-                     when :human_deliberation
-                       { allowed: false, layer: layer, reason: :requires_human_approval }
-                     when :transparency
-                       { allowed: true, layer: layer, reason: :logged, audit_required: true }
-                     end
-            Legion::Logging.debug "[governance] validate: layer=#{layer} allowed=#{result[:allowed]} reason=#{result[:reason]}"
-            result
-          end
-          private
-          def proposal_store
-            @proposal_store ||= Helpers::Proposal.new
+          def check_airb_approval(worker_id:, **)
+            require_relative '../helpers/airb'
+            record = Helpers::Airb.fetch(worker_id: worker_id)
+            required = Helpers::Airb::REQUIRE_AIRB_APPROVAL[record.risk_tier]
+            acceptable = Helpers::Airb::ACCEPTABLE_STATUSES[record.risk_tier]
+            allowed = !required || acceptable.include?(record.status)
+            {
+              allowed: allowed,
+              worker_id: worker_id,
+              airb_id: record.airb_id,
+              status: record.status,
+              risk_tier: record.risk_tier,
+              reason: allowed ? :airb_cleared : :airb_blocked
+            }
           end
         end
       end

data/lib/legion/extensions/governance/version.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Legion
   module Extensions
     module Governance
-      VERSION = '0.2.0'
+      VERSION = '0.2.1'
     end
   end
 end

data/lib/legion/extensions/governance.rb CHANGED Viewed

@@ -1,16 +1,10 @@
 # frozen_string_literal: true
-require 'legion/extensions/governance/version'
-require 'legion/extensions/governance/helpers/layers'
-require 'legion/extensions/governance/helpers/proposal'
-require 'legion/extensions/governance/runners/governance'
-require 'legion/extensions/governance/runners/shadow_ai'
-require 'legion/extensions/governance/actors/shadow_ai_scan'
+require_relative 'governance/version'
 module Legion
   module Extensions
     module Governance
-      extend Legion::Extensions::Core if Legion::Extensions.const_defined? :Core
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lex-governance
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Esity
@@ -9,41 +9,21 @@ bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
-description: Four-layer distributed governance protocol for brain-modeled agentic
-  AI
+description: AIRB compliance gates and governance policy enforcement for LegionIO
 email:
 - matthewdiverson@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- Gemfile
-- lex-governance.gemspec
 - lib/legion/extensions/governance.rb
-- lib/legion/extensions/governance/actors/shadow_ai_scan.rb
-- lib/legion/extensions/governance/actors/vote_timeout.rb
-- lib/legion/extensions/governance/client.rb
-- lib/legion/extensions/governance/helpers/layers.rb
-- lib/legion/extensions/governance/helpers/proposal.rb
+- lib/legion/extensions/governance/helpers/airb.rb
 - lib/legion/extensions/governance/runners/governance.rb
-- lib/legion/extensions/governance/runners/shadow_ai.rb
 - lib/legion/extensions/governance/version.rb
-- spec/legion/extensions/governance/actors/vote_timeout_spec.rb
-- spec/legion/extensions/governance/client_spec.rb
-- spec/legion/extensions/governance/helpers/layers_spec.rb
-- spec/legion/extensions/governance/helpers/proposal_spec.rb
-- spec/legion/extensions/governance/runners/governance_spec.rb
-- spec/legion/extensions/governance/runners/shadow_ai_spec.rb
-- spec/spec_helper.rb
-homepage: https://github.com/LegionIO/lex-governance
+homepage: https://github.com/LegionIO
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/LegionIO/lex-governance
-  source_code_uri: https://github.com/LegionIO/lex-governance
-  documentation_uri: https://github.com/LegionIO/lex-governance
-  changelog_uri: https://github.com/LegionIO/lex-governance
-  bug_tracker_uri: https://github.com/LegionIO/lex-governance/issues
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -61,5 +41,5 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 3.6.9
 specification_version: 4
-summary: LEX Governance
+summary: LEX::Governance
 test_files: []

data/Gemfile DELETED Viewed

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-source 'https://rubygems.org'
-gemspec
-gem 'rspec', '~> 3.13'
-gem 'rubocop', '~> 1.75', require: false
-if File.directory?(File.expand_path('../../legion-gaia', __dir__))
-  gem 'legion-gaia', path: '../../legion-gaia'
-else
-  gem 'legion-gaia'
-end

data/lex-governance.gemspec DELETED Viewed

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-require_relative 'lib/legion/extensions/governance/version'
-Gem::Specification.new do |spec|
-  spec.name          = 'lex-governance'
-  spec.version       = Legion::Extensions::Governance::VERSION
-  spec.authors       = ['Esity']
-  spec.email         = ['matthewdiverson@gmail.com']
-  spec.summary       = 'LEX Governance'
-  spec.description   = 'Four-layer distributed governance protocol for brain-modeled agentic AI'
-  spec.homepage      = 'https://github.com/LegionIO/lex-governance'
-  spec.license       = 'MIT'
-  spec.required_ruby_version = '>= 3.4'
-  spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://github.com/LegionIO/lex-governance'
-  spec.metadata['documentation_uri'] = 'https://github.com/LegionIO/lex-governance'
-  spec.metadata['changelog_uri'] = 'https://github.com/LegionIO/lex-governance'
-  spec.metadata['bug_tracker_uri'] = 'https://github.com/LegionIO/lex-governance/issues'
-  spec.metadata['rubygems_mfa_required'] = 'true'
-  spec.files = Dir.chdir(File.expand_path(__dir__)) do
-    Dir.glob('{lib,spec}/**/*') + %w[lex-governance.gemspec Gemfile]
-  end
-  spec.require_paths = ['lib']
-end

data/lib/legion/extensions/governance/actors/shadow_ai_scan.rb DELETED Viewed

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-module Legion
-  module Extensions
-    module Governance
-      module Actors
-        class ShadowAiScan < Legion::Extensions::Actors::Every
-          def runner_class = Runners::ShadowAi
-          def runner_function = 'full_scan'
-          def time = 86_400
-        end
-      end
-    end
-  end
-end

data/lib/legion/extensions/governance/actors/vote_timeout.rb DELETED Viewed

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-require 'legion/extensions/actors/every'
-module Legion
-  module Extensions
-    module Governance
-      module Actor
-        class VoteTimeout < Legion::Extensions::Actors::Every
-          def runner_class
-            Legion::Extensions::Governance::Runners::Governance
-          end
-          def runner_function
-            'timeout_proposals'
-          end
-          def time
-            300
-          end
-          def run_now?
-            false
-          end
-          def use_runner?
-            false
-          end
-          def check_subtask?
-            false
-          end
-          def generate_task?
-            false
-          end
-        end
-      end
-    end
-  end
-end

data/lib/legion/extensions/governance/client.rb DELETED Viewed

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-require 'legion/extensions/governance/helpers/layers'
-require 'legion/extensions/governance/helpers/proposal'
-require 'legion/extensions/governance/runners/governance'
-module Legion
-  module Extensions
-    module Governance
-      class Client
-        include Runners::Governance
-        def initialize(**)
-          @proposal_store = Helpers::Proposal.new
-        end
-        private
-        attr_reader :proposal_store
-      end
-    end
-  end
-end

data/lib/legion/extensions/governance/helpers/layers.rb DELETED Viewed

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-module Legion
-  module Extensions
-    module Governance
-      module Helpers
-        module Layers
-          # Four governance layers (spec: governance-protocol-spec.md)
-          GOVERNANCE_LAYERS = %i[agent_validation anomaly_detection human_deliberation transparency].freeze
-          # Council quorum requirements
-          MIN_COUNCIL_SIZE    = 3
-          QUORUM_FRACTION     = 0.66
-          VOTE_TIMEOUT        = 86_400 # 24 hours
-          PROPOSAL_CATEGORIES = %i[policy_change resource_allocation access_control emergency protocol_update].freeze
-          module_function
-          def valid_layer?(layer)
-            GOVERNANCE_LAYERS.include?(layer)
-          end
-          def valid_category?(category)
-            PROPOSAL_CATEGORIES.include?(category)
-          end
-          def quorum_met?(votes, council_size)
-            return false if council_size < MIN_COUNCIL_SIZE
-            votes >= (council_size * QUORUM_FRACTION).ceil
-          end
-        end
-      end
-    end
-  end
-end

data/lib/legion/extensions/governance/helpers/proposal.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# frozen_string_literal: true
-require 'securerandom'
-module Legion
-  module Extensions
-    module Governance
-      module Helpers
-        class Proposal
-          attr_reader :proposals
-          def initialize
-            @proposals = {}
-          end
-          def create(category:, description:, proposer:, council_size: Layers::MIN_COUNCIL_SIZE)
-            id = SecureRandom.uuid
-            @proposals[id] = {
-              proposal_id:   id,
-              category:      category,
-              description:   description,
-              proposer:      proposer,
-              council_size:  council_size,
-              votes_for:     [],
-              votes_against: [],
-              status:        :open,
-              created_at:    Time.now.utc,
-              resolved_at:   nil
-            }
-            id
-          end
-          def vote(proposal_id, voter:, approve:)
-            prop = @proposals[proposal_id]
-            return nil unless prop && prop[:status] == :open
-            # Prevent double-voting
-            all_voters = prop[:votes_for] + prop[:votes_against]
-            return :already_voted if all_voters.include?(voter)
-            if approve
-              prop[:votes_for] << voter
-            else
-              prop[:votes_against] << voter
-            end
-            check_resolution(proposal_id)
-          end
-          def get(proposal_id)
-            @proposals[proposal_id]
-          end
-          def open_proposals
-            @proposals.values.select { |p| p[:status] == :open }
-          end
-          def resolve_timed_out(proposal_id)
-            prop = @proposals[proposal_id]
-            return nil unless prop && prop[:status] == :open
-            prop[:status]      = :timed_out
-            prop[:resolved_at] = Time.now.utc
-            prop
-          end
-          private
-          def check_resolution(proposal_id)
-            prop = @proposals[proposal_id]
-            total_votes = prop[:votes_for].size + prop[:votes_against].size
-            if Layers.quorum_met?(prop[:votes_for].size, prop[:council_size])
-              prop[:status] = :approved
-              prop[:resolved_at] = Time.now.utc
-              :approved
-            elsif Layers.quorum_met?(prop[:votes_against].size, prop[:council_size]) ||
-                  total_votes >= prop[:council_size]
-              prop[:status] = :rejected
-              prop[:resolved_at] = Time.now.utc
-              :rejected
-            else
-              :pending
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/legion/extensions/governance/runners/shadow_ai.rb DELETED Viewed

@@ -1,89 +0,0 @@
-# frozen_string_literal: true
-module Legion
-  module Extensions
-    module Governance
-      module Runners
-        module ShadowAi
-          def scan_unregistered_extensions(**)
-            installed = Bundler.load.specs.select { |s| s.name.start_with?('lex-') }.map(&:name)
-            registered = registered_extension_names
-            unregistered = installed - registered
-            { installed: installed.size, registered: registered.size, unregistered: unregistered }
-          rescue StandardError => e
-            { installed: 0, registered: 0, unregistered: [], error: e.message }
-          end
-          def check_llm_bypass_indicators(**)
-            indicators = []
-            indicators << :direct_openai_key if ENV.key?('OPENAI_API_KEY') && !provider_enabled?(:openai)
-            indicators << :direct_anthropic_key if ENV.key?('ANTHROPIC_API_KEY') && !provider_enabled?(:anthropic)
-            { indicators: indicators, bypassed: !indicators.empty? }
-          end
-          def check_airb_compliance(**)
-            return { checked: 0, source: :unavailable } unless defined?(Legion::Data::Model::DigitalWorker)
-            workers = Legion::Data::Model::DigitalWorker.where(lifecycle_state: 'active').all
-            non_compliant = workers.select do |w|
-              risk = w.respond_to?(:risk_tier) ? w.risk_tier : nil
-              %w[high critical].include?(risk) && w.respond_to?(:airb_status) && w.airb_status != 'approved'
-            end
-            { checked: workers.size, compliant: workers.size - non_compliant.size,
-              non_compliant: non_compliant.map(&:worker_id) }
-          rescue StandardError => e
-            { checked: 0, error: e.message }
-          end
-          def full_scan(**)
-            extensions = scan_unregistered_extensions
-            bypass = check_llm_bypass_indicators
-            compliance = check_airb_compliance
-            has_issues = extensions[:unregistered]&.any? || bypass[:bypassed] || compliance[:non_compliant]&.any?
-            emit_shadow_event(extensions, bypass, compliance) if has_issues
-            { extensions: extensions, bypass: bypass, compliance: compliance, issues_found: has_issues }
-          end
-          private
-          def registered_extension_names
-            return [] unless defined?(Legion::Data) && Legion::Data.respond_to?(:connection)
-            conn = Legion::Data.connection
-            return [] unless conn&.table_exists?(:extension_registry)
-            conn[:extension_registry].select_map(:gem_name)
-          rescue StandardError
-            []
-          end
-          def provider_enabled?(provider)
-            llm = Legion::Settings[:llm]
-            return false unless llm.is_a?(Hash)
-            providers = llm[:providers]
-            return false unless providers.is_a?(Hash)
-            providers.dig(provider, :enabled) == true
-          rescue StandardError
-            false
-          end
-          def emit_shadow_event(extensions, bypass, compliance)
-            return unless defined?(Legion::Events)
-            Legion::Events.emit('governance.shadow_ai_detected', {
-                                  unregistered:  extensions[:unregistered],
-                                  bypass:        bypass[:indicators],
-                                  non_compliant: compliance[:non_compliant]
-                                })
-          end
-        end
-      end
-    end
-  end
-end

data/spec/legion/extensions/governance/actors/vote_timeout_spec.rb DELETED Viewed

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-module Legion
-  module Extensions
-    module Actors
-      class Every; end # rubocop:disable Lint/EmptyClass
-    end
-  end
-end
-$LOADED_FEATURES << 'legion/extensions/actors/every'
-require_relative '../../../../../lib/legion/extensions/governance/actors/vote_timeout'
-RSpec.describe Legion::Extensions::Governance::Actor::VoteTimeout do
-  subject(:actor) { described_class.new }
-  describe '#runner_class' do
-    it { expect(actor.runner_class).to eq Legion::Extensions::Governance::Runners::Governance }
-  end
-  describe '#runner_function' do
-    it { expect(actor.runner_function).to eq 'timeout_proposals' }
-  end
-  describe '#time' do
-    it { expect(actor.time).to eq 300 }
-  end
-  describe '#run_now?' do
-    it { expect(actor.run_now?).to be false }
-  end
-  describe '#use_runner?' do
-    it { expect(actor.use_runner?).to be false }
-  end
-  describe '#check_subtask?' do
-    it { expect(actor.check_subtask?).to be false }
-  end
-  describe '#generate_task?' do
-    it { expect(actor.generate_task?).to be false }
-  end
-end

data/spec/legion/extensions/governance/client_spec.rb DELETED Viewed

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-require 'legion/extensions/governance/client'
-RSpec.describe Legion::Extensions::Governance::Client do
-  it 'responds to governance runner methods' do
-    client = described_class.new
-    expect(client).to respond_to(:create_proposal)
-    expect(client).to respond_to(:vote_on_proposal)
-    expect(client).to respond_to(:get_proposal)
-    expect(client).to respond_to(:open_proposals)
-    expect(client).to respond_to(:validate_action)
-  end
-end

data/spec/legion/extensions/governance/helpers/layers_spec.rb DELETED Viewed

@@ -1,190 +0,0 @@
-# frozen_string_literal: true
-require 'legion/extensions/governance/helpers/layers'
-RSpec.describe Legion::Extensions::Governance::Helpers::Layers do
-  describe 'GOVERNANCE_LAYERS' do
-    it 'contains four layers as symbols' do
-      expect(described_class::GOVERNANCE_LAYERS.size).to eq(4)
-    end
-    it 'includes agent_validation' do
-      expect(described_class::GOVERNANCE_LAYERS).to include(:agent_validation)
-    end
-    it 'includes anomaly_detection' do
-      expect(described_class::GOVERNANCE_LAYERS).to include(:anomaly_detection)
-    end
-    it 'includes human_deliberation' do
-      expect(described_class::GOVERNANCE_LAYERS).to include(:human_deliberation)
-    end
-    it 'includes transparency' do
-      expect(described_class::GOVERNANCE_LAYERS).to include(:transparency)
-    end
-    it 'is frozen' do
-      expect(described_class::GOVERNANCE_LAYERS).to be_frozen
-    end
-  end
-  describe 'PROPOSAL_CATEGORIES' do
-    it 'contains five categories' do
-      expect(described_class::PROPOSAL_CATEGORIES.size).to eq(5)
-    end
-    it 'includes policy_change' do
-      expect(described_class::PROPOSAL_CATEGORIES).to include(:policy_change)
-    end
-    it 'includes resource_allocation' do
-      expect(described_class::PROPOSAL_CATEGORIES).to include(:resource_allocation)
-    end
-    it 'includes access_control' do
-      expect(described_class::PROPOSAL_CATEGORIES).to include(:access_control)
-    end
-    it 'includes emergency' do
-      expect(described_class::PROPOSAL_CATEGORIES).to include(:emergency)
-    end
-    it 'includes protocol_update' do
-      expect(described_class::PROPOSAL_CATEGORIES).to include(:protocol_update)
-    end
-    it 'is frozen' do
-      expect(described_class::PROPOSAL_CATEGORIES).to be_frozen
-    end
-  end
-  describe 'numeric constants' do
-    it 'sets MIN_COUNCIL_SIZE to 3' do
-      expect(described_class::MIN_COUNCIL_SIZE).to eq(3)
-    end
-    it 'sets QUORUM_FRACTION to 0.66' do
-      expect(described_class::QUORUM_FRACTION).to eq(0.66)
-    end
-    it 'sets VOTE_TIMEOUT to 86400' do
-      expect(described_class::VOTE_TIMEOUT).to eq(86_400)
-    end
-  end
-  describe '.valid_layer?' do
-    it 'returns true for agent_validation' do
-      expect(described_class.valid_layer?(:agent_validation)).to be true
-    end
-    it 'returns true for anomaly_detection' do
-      expect(described_class.valid_layer?(:anomaly_detection)).to be true
-    end
-    it 'returns true for human_deliberation' do
-      expect(described_class.valid_layer?(:human_deliberation)).to be true
-    end
-    it 'returns true for transparency' do
-      expect(described_class.valid_layer?(:transparency)).to be true
-    end
-    it 'returns false for unknown layer symbol' do
-      expect(described_class.valid_layer?(:unknown)).to be false
-    end
-    it 'returns false for nil' do
-      expect(described_class.valid_layer?(nil)).to be false
-    end
-    it 'returns false for string version of valid layer' do
-      expect(described_class.valid_layer?('agent_validation')).to be false
-    end
-  end
-  describe '.valid_category?' do
-    it 'returns true for policy_change' do
-      expect(described_class.valid_category?(:policy_change)).to be true
-    end
-    it 'returns true for resource_allocation' do
-      expect(described_class.valid_category?(:resource_allocation)).to be true
-    end
-    it 'returns true for access_control' do
-      expect(described_class.valid_category?(:access_control)).to be true
-    end
-    it 'returns true for emergency' do
-      expect(described_class.valid_category?(:emergency)).to be true
-    end
-    it 'returns true for protocol_update' do
-      expect(described_class.valid_category?(:protocol_update)).to be true
-    end
-    it 'returns false for unknown category' do
-      expect(described_class.valid_category?(:invalid)).to be false
-    end
-    it 'returns false for nil' do
-      expect(described_class.valid_category?(nil)).to be false
-    end
-    it 'returns false for string version of valid category' do
-      expect(described_class.valid_category?('emergency')).to be false
-    end
-  end
-  describe '.quorum_met?' do
-    context 'when council_size is below minimum' do
-      it 'returns false for council_size of 2' do
-        expect(described_class.quorum_met?(2, 2)).to be false
-      end
-      it 'returns false for council_size of 1' do
-        expect(described_class.quorum_met?(1, 1)).to be false
-      end
-      it 'returns false for council_size of 0' do
-        expect(described_class.quorum_met?(0, 0)).to be false
-      end
-    end
-    context 'with minimum council size of 3' do
-      it 'returns true when 2 of 3 vote (meets ceil(3 * 0.66) = 2)' do
-        expect(described_class.quorum_met?(2, 3)).to be true
-      end
-      it 'returns true when all 3 vote' do
-        expect(described_class.quorum_met?(3, 3)).to be true
-      end
-      it 'returns false when only 1 of 3 vote' do
-        expect(described_class.quorum_met?(1, 3)).to be false
-      end
-    end
-    context 'with larger council sizes' do
-      it 'requires ceil(4 * 0.66) = 3 votes for council of 4' do
-        expect(described_class.quorum_met?(3, 4)).to be true
-        expect(described_class.quorum_met?(2, 4)).to be false
-      end
-      it 'requires ceil(5 * 0.66) = 4 votes for council of 5' do
-        expect(described_class.quorum_met?(4, 5)).to be true
-        expect(described_class.quorum_met?(3, 5)).to be false
-      end
-      it 'requires ceil(9 * 0.66) = 6 votes for council of 9' do
-        expect(described_class.quorum_met?(6, 9)).to be true
-        expect(described_class.quorum_met?(5, 9)).to be false
-      end
-    end
-    it 'returns false for zero votes regardless of council size' do
-      expect(described_class.quorum_met?(0, 3)).to be false
-    end
-  end
-end

data/spec/legion/extensions/governance/helpers/proposal_spec.rb DELETED Viewed

@@ -1,188 +0,0 @@
-# frozen_string_literal: true
-require 'legion/extensions/governance/helpers/layers'
-require 'legion/extensions/governance/helpers/proposal'
-RSpec.describe Legion::Extensions::Governance::Helpers::Proposal do
-  subject(:proposal_store) { described_class.new }
-  describe '#initialize' do
-    it 'starts with an empty proposals hash' do
-      expect(proposal_store.proposals).to eq({})
-    end
-  end
-  describe '#create' do
-    let(:created_id) do
-      proposal_store.create(category: :policy_change, description: 'Enable new policy', proposer: 'agent-1')
-    end
-    it 'returns a UUID string' do
-      expect(created_id).to match(/\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/)
-    end
-    it 'stores the proposal under the returned ID' do
-      expect(proposal_store.proposals[created_id]).not_to be_nil
-    end
-    it 'stores the correct category' do
-      expect(proposal_store.proposals[created_id][:category]).to eq(:policy_change)
-    end
-    it 'stores the correct description' do
-      expect(proposal_store.proposals[created_id][:description]).to eq('Enable new policy')
-    end
-    it 'stores the correct proposer' do
-      expect(proposal_store.proposals[created_id][:proposer]).to eq('agent-1')
-    end
-    it 'defaults council_size to MIN_COUNCIL_SIZE' do
-      expect(proposal_store.proposals[created_id][:council_size])
-        .to eq(Legion::Extensions::Governance::Helpers::Layers::MIN_COUNCIL_SIZE)
-    end
-    it 'uses the provided council_size when specified' do
-      id = proposal_store.create(category: :emergency, description: 'urgent', proposer: 'agent-x', council_size: 7)
-      expect(proposal_store.proposals[id][:council_size]).to eq(7)
-    end
-    it 'initializes with status :open' do
-      expect(proposal_store.proposals[created_id][:status]).to eq(:open)
-    end
-    it 'initializes votes_for as empty array' do
-      expect(proposal_store.proposals[created_id][:votes_for]).to eq([])
-    end
-    it 'initializes votes_against as empty array' do
-      expect(proposal_store.proposals[created_id][:votes_against]).to eq([])
-    end
-    it 'sets created_at to a Time object' do
-      expect(proposal_store.proposals[created_id][:created_at]).to be_a(Time)
-    end
-    it 'sets resolved_at to nil initially' do
-      expect(proposal_store.proposals[created_id][:resolved_at]).to be_nil
-    end
-    it 'generates unique IDs for separate calls' do
-      id1 = proposal_store.create(category: :policy_change, description: 'a', proposer: 'x')
-      id2 = proposal_store.create(category: :policy_change, description: 'b', proposer: 'y')
-      expect(id1).not_to eq(id2)
-    end
-  end
-  describe '#get' do
-    it 'returns the proposal hash for a valid ID' do
-      id = proposal_store.create(category: :policy_change, description: 'test', proposer: 'agent-1')
-      result = proposal_store.get(id)
-      expect(result[:proposal_id]).to eq(id)
-    end
-    it 'returns nil for an unknown ID' do
-      expect(proposal_store.get('nonexistent-uuid')).to be_nil
-    end
-  end
-  describe '#open_proposals' do
-    it 'returns empty array when no proposals exist' do
-      expect(proposal_store.open_proposals).to eq([])
-    end
-    it 'returns all open proposals' do
-      proposal_store.create(category: :policy_change, description: 'first', proposer: 'a1')
-      proposal_store.create(category: :emergency, description: 'second', proposer: 'a2')
-      expect(proposal_store.open_proposals.size).to eq(2)
-    end
-    it 'excludes resolved proposals' do
-      id = proposal_store.create(category: :policy_change, description: 'vote me', proposer: 'a1', council_size: 3)
-      proposal_store.vote(id, voter: 'v1', approve: true)
-      proposal_store.vote(id, voter: 'v2', approve: true)
-      expect(proposal_store.open_proposals).to be_empty
-    end
-  end
-  describe '#vote' do
-    let(:proposal_id) do
-      proposal_store.create(category: :policy_change, description: 'test', proposer: 'agent-1', council_size: 3)
-    end
-    it 'returns nil for an unknown proposal ID' do
-      expect(proposal_store.vote('no-such-id', voter: 'v1', approve: true)).to be_nil
-    end
-    it 'returns :already_voted when the same voter votes twice' do
-      proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-      result = proposal_store.vote(proposal_id, voter: 'v1', approve: false)
-      expect(result).to eq(:already_voted)
-    end
-    it 'prevents double voting even when switching approve/reject' do
-      proposal_store.vote(proposal_id, voter: 'v1', approve: false)
-      result = proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-      expect(result).to eq(:already_voted)
-    end
-    it 'adds approve vote to votes_for' do
-      proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-      expect(proposal_store.proposals[proposal_id][:votes_for]).to include('v1')
-    end
-    it 'adds reject vote to votes_against' do
-      proposal_store.vote(proposal_id, voter: 'v1', approve: false)
-      expect(proposal_store.proposals[proposal_id][:votes_against]).to include('v1')
-    end
-    it 'returns :pending when quorum is not yet met' do
-      result = proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-      expect(result).to eq(:pending)
-    end
-    context 'when quorum for approval is met' do
-      it 'returns :approved and sets status' do
-        proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-        result = proposal_store.vote(proposal_id, voter: 'v2', approve: true)
-        expect(result).to eq(:approved)
-        expect(proposal_store.proposals[proposal_id][:status]).to eq(:approved)
-      end
-      it 'sets resolved_at on approval' do
-        proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-        proposal_store.vote(proposal_id, voter: 'v2', approve: true)
-        expect(proposal_store.proposals[proposal_id][:resolved_at]).to be_a(Time)
-      end
-    end
-    context 'when quorum for rejection is met' do
-      it 'returns :rejected when enough votes against' do
-        proposal_store.vote(proposal_id, voter: 'v1', approve: false)
-        result = proposal_store.vote(proposal_id, voter: 'v2', approve: false)
-        expect(result).to eq(:rejected)
-        expect(proposal_store.proposals[proposal_id][:status]).to eq(:rejected)
-      end
-      it 'sets resolved_at on rejection' do
-        proposal_store.vote(proposal_id, voter: 'v1', approve: false)
-        proposal_store.vote(proposal_id, voter: 'v2', approve: false)
-        expect(proposal_store.proposals[proposal_id][:resolved_at]).to be_a(Time)
-      end
-      it 'returns :rejected when all council members voted and no quorum for approval' do
-        proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-        proposal_store.vote(proposal_id, voter: 'v2', approve: false)
-        result = proposal_store.vote(proposal_id, voter: 'v3', approve: false)
-        expect(result).to eq(:rejected)
-      end
-    end
-    it 'returns nil when voting on a resolved (approved) proposal' do
-      proposal_store.vote(proposal_id, voter: 'v1', approve: true)
-      proposal_store.vote(proposal_id, voter: 'v2', approve: true)
-      result = proposal_store.vote(proposal_id, voter: 'v3', approve: true)
-      expect(result).to be_nil
-    end
-  end
-end

data/spec/legion/extensions/governance/runners/governance_spec.rb DELETED Viewed

@@ -1,101 +0,0 @@
-# frozen_string_literal: true
-require 'legion/extensions/governance/client'
-RSpec.describe Legion::Extensions::Governance::Runners::Governance do
-  let(:client) { Legion::Extensions::Governance::Client.new }
-  describe '#create_proposal' do
-    it 'creates a proposal' do
-      result = client.create_proposal(category: :policy_change, description: 'test', proposer: 'agent-1')
-      expect(result[:proposal_id]).to match(/\A[0-9a-f-]{36}\z/)
-      expect(result[:status]).to eq(:open)
-    end
-    it 'rejects invalid category' do
-      result = client.create_proposal(category: :invalid, description: 'test', proposer: 'agent-1')
-      expect(result[:error]).to eq(:invalid_category)
-    end
-  end
-  describe '#vote_on_proposal' do
-    it 'records a vote' do
-      prop = client.create_proposal(category: :policy_change, description: 'test', proposer: 'agent-1', council_size: 3)
-      result = client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'agent-2', approve: true)
-      expect(result[:voted]).to be true
-    end
-    it 'prevents double voting' do
-      prop = client.create_proposal(category: :policy_change, description: 'test', proposer: 'agent-1', council_size: 3)
-      client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'agent-2', approve: true)
-      result = client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'agent-2', approve: true)
-      expect(result[:error]).to eq(:already_voted)
-    end
-    it 'approves with quorum' do
-      prop = client.create_proposal(category: :policy_change, description: 'test', proposer: 'agent-1', council_size: 3)
-      client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'v1', approve: true)
-      result = client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'v2', approve: true)
-      expect(result[:resolution]).to eq(:approved)
-    end
-  end
-  describe '#validate_action' do
-    it 'allows agent_validation' do
-      result = client.validate_action(layer: :agent_validation, action: 'test')
-      expect(result[:allowed]).to be true
-    end
-    it 'blocks human_deliberation' do
-      result = client.validate_action(layer: :human_deliberation, action: 'test')
-      expect(result[:allowed]).to be false
-    end
-    it 'rejects invalid layer' do
-      result = client.validate_action(layer: :invalid, action: 'test')
-      expect(result[:error]).to eq(:invalid_layer)
-    end
-  end
-  describe '#open_proposals' do
-    it 'lists open proposals' do
-      client.create_proposal(category: :policy_change, description: 'test', proposer: 'agent-1')
-      result = client.open_proposals
-      expect(result[:count]).to eq(1)
-    end
-  end
-  describe '#timeout_proposals' do
-    it 'returns zero timed_out when no proposals exist' do
-      result = client.timeout_proposals
-      expect(result[:checked]).to eq(0)
-      expect(result[:timed_out]).to eq(0)
-      expect(result[:timed_out_ids]).to eq([])
-    end
-    it 'returns zero timed_out for recently created proposals' do
-      client.create_proposal(category: :policy_change, description: 'fresh', proposer: 'agent-1')
-      result = client.timeout_proposals
-      expect(result[:timed_out]).to eq(0)
-    end
-    it 'times out proposals older than VOTE_TIMEOUT' do
-      prop = client.create_proposal(category: :policy_change, description: 'old', proposer: 'agent-1')
-      store = client.instance_variable_get(:@proposal_store)
-      store.proposals[prop[:proposal_id]][:created_at] = Time.now.utc - (Legion::Extensions::Governance::Helpers::Layers::VOTE_TIMEOUT + 1)
-      result = client.timeout_proposals
-      expect(result[:timed_out]).to eq(1)
-      expect(result[:timed_out_ids]).to include(prop[:proposal_id])
-    end
-    it 'does not time out already-resolved proposals' do
-      prop = client.create_proposal(category: :policy_change, description: 'resolved', proposer: 'agent-1', council_size: 3)
-      store = client.instance_variable_get(:@proposal_store)
-      store.proposals[prop[:proposal_id]][:created_at] = Time.now.utc - (Legion::Extensions::Governance::Helpers::Layers::VOTE_TIMEOUT + 1)
-      client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'v1', approve: true)
-      client.vote_on_proposal(proposal_id: prop[:proposal_id], voter: 'v2', approve: true)
-      result = client.timeout_proposals
-      expect(result[:timed_out]).to eq(0)
-    end
-  end
-end

data/spec/legion/extensions/governance/runners/shadow_ai_spec.rb DELETED Viewed

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-require 'spec_helper'
-RSpec.describe Legion::Extensions::Governance::Runners::ShadowAi do
-  let(:host) { Object.new.extend(described_class) }
-  describe '#check_llm_bypass_indicators' do
-    it 'detects direct API key when provider not enabled' do
-      allow(ENV).to receive(:key?).and_call_original
-      allow(ENV).to receive(:key?).with('OPENAI_API_KEY').and_return(true)
-      allow(ENV).to receive(:key?).with('ANTHROPIC_API_KEY').and_return(false)
-      allow(Legion::Settings).to receive(:[]).with(:llm).and_return(
-        { providers: { openai: { enabled: false } } }
-      )
-      result = host.check_llm_bypass_indicators
-      expect(result[:bypassed]).to be true
-      expect(result[:indicators]).to include(:direct_openai_key)
-    end
-    it 'returns clean when no bypass indicators' do
-      allow(ENV).to receive(:key?).with('OPENAI_API_KEY').and_return(false)
-      allow(ENV).to receive(:key?).with('ANTHROPIC_API_KEY').and_return(false)
-      result = host.check_llm_bypass_indicators
-      expect(result[:bypassed]).to be false
-      expect(result[:indicators]).to be_empty
-    end
-    it 'does not flag when provider is enabled' do
-      allow(ENV).to receive(:key?).and_call_original
-      allow(ENV).to receive(:key?).with('OPENAI_API_KEY').and_return(true)
-      allow(ENV).to receive(:key?).with('ANTHROPIC_API_KEY').and_return(false)
-      allow(Legion::Settings).to receive(:[]).with(:llm).and_return(
-        { providers: { openai: { enabled: true } } }
-      )
-      result = host.check_llm_bypass_indicators
-      expect(result[:bypassed]).to be false
-    end
-  end
-  describe '#check_airb_compliance' do
-    it 'returns unavailable when data model not loaded' do
-      result = host.check_airb_compliance
-      expect(result[:source]).to eq(:unavailable)
-    end
-  end
-  describe '#full_scan' do
-    it 'returns combined results' do
-      allow(host).to receive(:scan_unregistered_extensions).and_return(
-        { installed: 5, registered: 5, unregistered: [] }
-      )
-      allow(host).to receive(:check_llm_bypass_indicators).and_return(
-        { indicators: [], bypassed: false }
-      )
-      allow(host).to receive(:check_airb_compliance).and_return(
-        { checked: 0, source: :unavailable }
-      )
-      result = host.full_scan
-      expect(result[:issues_found]).to be_falsey
-      expect(result[:extensions][:installed]).to eq(5)
-    end
-  end
-end

data/spec/spec_helper.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-require 'bundler/setup'
-module Legion
-  module Logging
-    def self.debug(_msg); end
-    def self.info(_msg); end
-    def self.warn(_msg); end
-    def self.error(_msg); end
-  end
-  module Extensions
-    module Actors
-      class Every; end # rubocop:disable Lint/EmptyClass
-    end
-  end
-  module Settings
-    @store = {}
-    class << self
-      def [](key)
-        @store[key.to_sym] ||= {}
-      end
-      def reset!
-        @store = {}
-      end
-    end
-  end
-  module Events
-    def self.emit(_name, _payload); end
-  end
-end
-$LOADED_FEATURES << 'legion/extensions/actors/every'
-require 'legion/extensions/governance'
-RSpec.configure do |config|
-  config.example_status_persistence_file_path = '.rspec_status'
-  config.disable_monkey_patching!
-  config.expect_with(:rspec) { |c| c.syntax = :expect }
-end