lex-identity-system 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8fdbebb784907023be65b35dc3c008757ab9eb0a96aeb71f1ef00a800365109d
+  data.tar.gz: 7c2a752be8ff16f5a04f66b3ca72ddce74de2daf0c5f155875e545687f09aa64
+SHA512:
+  metadata.gz: badf8b601045d8d5bb0858feb22a60a9dc9d21103e40f1eee564249ec33730275ba3e2afa8261567f0f7fb68f807a702ef048a06e7ed15c72bdaf3a5ca319471
+  data.tar.gz: 96cb2b408aafda406d7199e73cce91fdb9acc76ae3797c04366649f1a191ff9a82aebde162f055c3ff8e3c2023e83682e7d4f8b089cf4a66f96d4595df1953a3

data/.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Auto-generated from team-config.yml
+# Team: extensions
+#
+# To apply: scripts/apply-codeowners.sh lex-identity-system
+
+* @LegionIO/maintainers
+* @LegionIO/extensions

data/.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    open-pull-requests-limit: 5
+    labels:
+      - "type:dependencies"
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    open-pull-requests-limit: 5
+    labels:
+      - "type:dependencies"

data/.github/workflows/ci.yml

@@ -0,0 +1,34 @@
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+  schedule:
+    - cron: '0 9 * * 1'
+
+jobs:
+  ci:
+    uses: LegionIO/.github/.github/workflows/ci.yml@main
+
+  excluded-files:
+    uses: LegionIO/.github/.github/workflows/excluded-files.yml@main
+
+  security:
+    uses: LegionIO/.github/.github/workflows/security-scan.yml@main
+
+  version-changelog:
+    uses: LegionIO/.github/.github/workflows/version-changelog.yml@main
+
+  dependency-review:
+    uses: LegionIO/.github/.github/workflows/dependency-review.yml@main
+
+  stale:
+    if: github.event_name == 'schedule'
+    uses: LegionIO/.github/.github/workflows/stale.yml@main
+
+  release:
+    needs: [ci, excluded-files]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    uses: LegionIO/.github/.github/workflows/release.yml@main
+    secrets:
+      rubygems-api-key: ${{ secrets.RUBYGEMS_API_KEY }}

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.rspec_status
+Gemfile.lock

data/.rubocop.yml

@@ -0,0 +1,2 @@
+inherit_gem:
+  rubocop-legion: config/lex.yml

data/CHANGELOG.md

@@ -0,0 +1,18 @@
+# Changelog
+
+## [0.1.1] - 2026-04-09
+
+### Changed
+- Updated documentation (CLAUDE.md)
+
+## [0.1.0] - 2026-04-06
+
+### Added
+
+- Initial release
+- `Identity` module implementing the LegionIO identity provider contract
+- `provider_type: :fallback` — last resort when no other provider resolves
+- `resolve` reads `ENV['USER']` and returns a minimal identity hash with `persistent: false`
+- `normalize` strips non-alphanumeric characters (except `_` and `-`) for AMQP-safe names
+- `trust_weight: 200` (least trusted), `priority: 0` (lowest), `capabilities: [:profile]`
+- No actors, no auth, no group resolution — strictly minimal ENV-based fallback

data/CLAUDE.md

@@ -0,0 +1,69 @@
+# lex-identity-system: System ENV Identity Fallback for LegionIO
+
+**Repository Level 3 Documentation**
+- **Parent (Level 2)**: `/Users/miverso2/rubymine/legion/extensions/CLAUDE.md`
+- **Parent (Level 1)**: `/Users/miverso2/rubymine/legion/CLAUDE.md`
+
+## Purpose
+
+Identity fallback provider. Reads `ENV['USER']` to produce a minimal identity when no other provider resolves. `provider_type: :fallback` — distinct from `:auth` and `:profile` providers. Last resort in the identity resolution chain.
+
+**GitHub**: https://github.com/LegionIO/lex-identity-system
+**License**: MIT
+**Version**: 0.1.0
+
+## Architecture
+
+```
+Legion::Extensions::Identity::System
+└── Identity    # provider contract: resolve, normalize, provider_name, provider_type, ...
+```
+
+No runners, no actors, no transport, no helpers. Strictly minimal.
+
+## File Map
+
+| File | Purpose |
+|------|---------|
+| `lib/legion/extensions/identity/system.rb` | Entry point, extends Core, declares `identity_provider?` and `remote_invocable?` |
+| `lib/legion/extensions/identity/system/identity.rb` | Provider contract: all methods including `resolve` and `normalize` |
+| `lib/legion/extensions/identity/system/version.rb` | `VERSION = '0.1.0'` |
+
+## Provider Contract
+
+| Method | Return |
+|--------|--------|
+| `provider_name` | `:system` |
+| `provider_type` | `:fallback` |
+| `facing` | `nil` |
+| `priority` | `0` |
+| `trust_weight` | `200` |
+| `capabilities` | `[:profile]` |
+| `resolve` | identity hash or `nil` |
+| `normalize(val)` | String |
+
+## Key Rules
+
+- `persistent: false` in the resolved hash — signals no durable principal should be created
+- `normalize` removes dots (AMQP word separator) — result must match `^[a-z0-9][a-z0-9_-]*$`
+- Returns `nil` when `ENV['USER']` is nil, empty, or normalizes to empty string
+- No `provide_token`, no `vault_auth`, no group support
+
+## Dependencies
+
+| Gem | Purpose |
+|-----|---------|
+| `legion-json` | JSON serialization (framework compat) |
+| `legion-settings` | Configuration management (framework compat) |
+
+## Testing
+
+```bash
+bundle install
+bundle exec rspec     # 38 specs across 1 spec file
+bundle exec rubocop   # Clean
+```
+
+---
+
+**Maintained By**: Matthew Iverson (@Esity)

data/Gemfile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+gemspec
+
+group :development, :test do
+  gem 'rspec', '~> 3.13'
+  gem 'rubocop', '~> 1.75'
+  gem 'rubocop-legion', '~> 0.1'
+  gem 'simplecov', '~> 0.22'
+end

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Esity
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,60 @@
+# lex-identity-system
+
+LegionIO identity fallback provider. Reads `ENV['USER']` to produce a minimal identity when no other provider resolves. It is the last resort in the identity resolution chain.
+
+## Provider contract
+
+| Attribute | Value |
+|-----------|-------|
+| `provider_name` | `:system` |
+| `provider_type` | `:fallback` |
+| `facing` | `nil` |
+| `priority` | `0` (lowest) |
+| `trust_weight` | `200` (least trusted) |
+| `capabilities` | `[:profile]` |
+
+## Behavior
+
+`Identity.resolve` reads `ENV['USER']`. If present and non-empty after normalization, it returns:
+
+```ruby
+{
+  canonical_name: "jsmith",       # normalized: downcase, strip, remove non-alnum except _ and -
+  kind: :human,
+  source: :system,
+  persistent: false,              # ephemeral — no durable principal should be created
+  groups: [],
+  profile: {
+    username: "jsmith",           # original ENV['USER'] value
+    hostname: "my-host.example"   # Socket.gethostname
+  }
+}
+```
+
+Returns `nil` if `ENV['USER']` is nil, empty, or normalizes to an empty string.
+
+`persistent: false` signals to callers that no durable principal should be created from this identity.
+
+## What this provider does NOT do
+
+- No token issuance (`provide_token`)
+- No Vault authentication (`vault_auth`)
+- No group resolution
+- No actors (nothing to refresh)
+- No remote calls of any kind (`remote_invocable? => false`)
+
+## Normalization
+
+`normalize(val)` applies `val.to_s.downcase.strip.gsub(/[^a-z0-9_-]/, '')`. Dots are stripped because `.` is an AMQP word separator.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem 'lex-identity-system'
+```
+
+## License
+
+MIT

data/lex-identity-system.gemspec

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative 'lib/legion/extensions/identity/system/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'lex-identity-system'
+  spec.version       = Legion::Extensions::Identity::System::VERSION
+  spec.authors       = ['Esity']
+  spec.email         = ['matthewdiverson@gmail.com']
+
+  spec.summary       = 'LEX Identity System'
+  spec.description   = 'LegionIO identity fallback provider — resolves a minimal identity from ENV[\'USER\'] when no other provider succeeds'
+  spec.homepage      = 'https://github.com/LegionIO/lex-identity-system'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = '>= 3.4'
+
+  spec.metadata['homepage_uri']        = spec.homepage
+  spec.metadata['source_code_uri']     = 'https://github.com/LegionIO/lex-identity-system'
+  spec.metadata['documentation_uri']   = 'https://github.com/LegionIO/lex-identity-system'
+  spec.metadata['changelog_uri']       = 'https://github.com/LegionIO/lex-identity-system'
+  spec.metadata['bug_tracker_uri']     = 'https://github.com/LegionIO/lex-identity-system/issues'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'legion-json',     '>= 1.2.1'
+  spec.add_dependency 'legion-settings', '>= 1.3.14'
+end

data/lib/legion/extensions/identity/system/identity.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'socket'
+
+module Legion
+  module Extensions
+    module Identity
+      module System
+        module Identity
+          module_function
+
+          def provider_name
+            :system
+          end
+
+          def provider_type
+            :fallback
+          end
+
+          def facing
+            nil
+          end
+
+          def priority
+            0
+          end
+
+          def trust_weight
+            200
+          end
+
+          def capabilities
+            [:profile]
+          end
+
+          def resolve
+            raw = ENV.fetch('USER', nil)
+            return nil if raw.nil? || raw.strip.empty?
+
+            normalized = normalize(raw)
+            return nil if normalized.empty?
+
+            {
+              canonical_name: normalized,
+              kind:           :human,
+              source:         :system,
+              persistent:     false,
+              groups:         [],
+              profile:        {
+                username: raw,
+                hostname: ::Socket.gethostname
+              }
+            }
+          end
+
+          def normalize(val)
+            val.to_s.downcase.strip.gsub(/[^a-z0-9_-]/, '')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/identity/system/version.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Identity
+      module System
+        VERSION = '0.1.1'
+      end
+    end
+  end
+end

data/lib/legion/extensions/identity/system.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/identity/system/version'
+require 'legion/extensions/identity/system/identity'
+
+module Legion
+  module Extensions
+    module Identity
+      module System
+        extend Legion::Extensions::Core if Legion::Extensions.const_defined?(:Core, false)
+
+        def self.identity_provider?
+          true
+        end
+
+        def self.remote_invocable?
+          false
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: lex-identity-system
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Esity
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: legion-json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+- !ruby/object:Gem::Dependency
+  name: legion-settings
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.14
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.14
+description: LegionIO identity fallback provider — resolves a minimal identity from
+  ENV['USER'] when no other provider succeeds
+email:
+- matthewdiverson@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/CODEOWNERS"
+- ".github/dependabot.yml"
+- ".github/workflows/ci.yml"
+- ".gitignore"
+- ".rubocop.yml"
+- CHANGELOG.md
+- CLAUDE.md
+- Gemfile
+- LICENSE
+- README.md
+- lex-identity-system.gemspec
+- lib/legion/extensions/identity/system.rb
+- lib/legion/extensions/identity/system/identity.rb
+- lib/legion/extensions/identity/system/version.rb
+homepage: https://github.com/LegionIO/lex-identity-system
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/LegionIO/lex-identity-system
+  source_code_uri: https://github.com/LegionIO/lex-identity-system
+  documentation_uri: https://github.com/LegionIO/lex-identity-system
+  changelog_uri: https://github.com/LegionIO/lex-identity-system
+  bug_tracker_uri: https://github.com/LegionIO/lex-identity-system/issues
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: LEX Identity System
+test_files: []