smplkit 1.0.23 → 1.0.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bff1572898b8af4d21af85f39f82e0e7b684173ef64b86163c81dacf20563028
-  data.tar.gz: 50adc24985da3c81d82ed2847716e333c8d9589f74fc6eb86a7d53f6b4ae054e
+  metadata.gz: c5467982be79b924356216ec4b8a4158589ac70802cefbee82c819f5d390281d
+  data.tar.gz: 93f707d0f9951956db82350eb298d4a14f42ccb2effca770da64f9084e6908d4
 SHA512:
-  metadata.gz: bcb2099f897e6a2590abdf0bf56067bed0b0e876620a93d34fb074d10c30d81e081923024301f5a10d8a85230fdf8081f642957c3e368bb0b41307e15f1fe0f7
-  data.tar.gz: 4e8ebcafe5029e2f49f7518a1b103c454aab008ea38f0e8af4ff65732f662deeb4ded0426973185935fbf4948db0b93abd2f9b0945c02c3179284667f57abad4
+  metadata.gz: 50b0fd8883a16c7b2aff012f26c956a6b5c2f1e3501cb08a02b5641fa360eb1ca60cca85acb0290a141f416497be3a0f0c3a62ced5c6593a357667a149911dec
+  data.tar.gz: 36731f5638835a9939bd712574377f4f6ad7279883ad535f430c986173322c1d30044f95f2b47225c67b85c8eb2d5212ca9e736c4d6f5989b05b8c7260c43d68

data/lib/smplkit/audit/client.rb

@@ -8,17 +8,26 @@ module Smplkit
     # iterations may add SIEM exports as additional sub-clients
     # (ADR-047 §2.7 lists SIEM streaming as a Pro-tier capability).
     class AuditClient
-      attr_reader :events
+      attr_reader :events, :forwarders, :functions
 
-      def initialize(api_key:, base_url:, timeout: 10.0)
+      SDK_OWNED_HEADERS = %w[authorization content-type user-agent].freeze
+
+      def initialize(api_key:, base_url:, timeout: 10.0, extra_headers: nil)
         cfg = SmplkitGeneratedClient::Audit::Configuration.new
         cfg.host = URI.parse(base_url).host
         cfg.scheme = URI.parse(base_url).scheme
         cfg.access_token = api_key
         cfg.timeout = timeout
         api_client = SmplkitGeneratedClient::Audit::ApiClient.new(cfg)
-        api = SmplkitGeneratedClient::Audit::EventsApi.new(api_client)
-        @events = Events.new(api)
+        api_client.default_headers["User-Agent"] = "smplkit-ruby-sdk/#{Smplkit::VERSION}"
+        extra_headers&.each do |k, v|
+          api_client.default_headers[k] = v unless SDK_OWNED_HEADERS.include?(k.downcase)
+        end
+        events_api = SmplkitGeneratedClient::Audit::EventsApi.new(api_client)
+        forwarders_api = SmplkitGeneratedClient::Audit::ForwardersApi.new(api_client)
+        @events = Events.new(events_api)
+        @forwarders = Forwarders.new(forwarders_api)
+        @functions = Functions.new(forwarders_api)
       end
 
       def _close

data/lib/smplkit/audit/events.rb

@@ -19,7 +19,8 @@ module Smplkit
       # with +smpl.+ are rejected by the server with a 403 (the buffer
       # logs and drops permanent failures).
       def record(action:, resource_type:, resource_id:,
-                 occurred_at: nil, snapshot: nil, data: nil, idempotency_key: nil)
+                 occurred_at: nil, snapshot: nil, data: nil, idempotency_key: nil,
+                 do_not_forward: false)
         raise ArgumentError, "action is required" if action.nil? || action.to_s.empty?
         raise ArgumentError, "resource_type is required" if resource_type.nil? || resource_type.to_s.empty?
         raise ArgumentError, "resource_id is required" if resource_id.nil? || resource_id.to_s.empty?
@@ -45,7 +46,8 @@ module Smplkit
           resource_id: resource_id,
           occurred_at: normalized_occurred_at,
           snapshot: snapshot,
-          data: data || {}
+          data: data || {},
+          do_not_forward: do_not_forward
         )
         resource = SmplkitGeneratedClient::Audit::EventResource.new(
           id: "",
@@ -117,7 +119,7 @@ module Smplkit
       :id, :action, :resource_type, :resource_id,
       :occurred_at, :created_at,
       :actor_type, :actor_id, :actor_label,
-      :snapshot, :data, :idempotency_key,
+      :snapshot, :data, :idempotency_key, :do_not_forward,
       keyword_init: true
     ) do
       def self.from_resource(resource)
@@ -134,7 +136,8 @@ module Smplkit
           actor_label: attrs.actor_label,
           snapshot: attrs.snapshot,
           data: attrs.data || {},
-          idempotency_key: attrs.idempotency_key
+          idempotency_key: attrs.idempotency_key,
+          do_not_forward: attrs.do_not_forward || false
         )
       end
     end

data/lib/smplkit/audit/forwarders.rb

@@ -0,0 +1,246 @@
+# frozen_string_literal: true
+
+module Smplkit
+  module Audit
+    # SIEM streaming forwarders for the authenticated account.
+    #
+    # Pro tier only — every method here raises a wrapped 402
+    # +SmplkitGeneratedClient::Audit::ApiError+ on lower tiers.
+    class Forwarders
+      attr_reader :deliveries, :actions
+
+      def initialize(api)
+        @api = api
+        @deliveries = ForwarderDeliveries.new(api)
+        @actions = ForwarderActions.new(api)
+      end
+
+      def create(name:, forwarder_type:, http:, enabled: true,
+                 filter: nil, transform: nil, data: nil)
+        body = wrap_forwarder(nil, name, forwarder_type, http, enabled, filter, transform, data)
+        resp = @api.create_forwarder(body)
+        Forwarder.from_resource(resp.data)
+      end
+
+      def list(forwarder_type: nil, enabled: nil, page_size: nil, page_after: nil)
+        opts = {}
+        opts[:filter_forwarder_type] = forwarder_type if forwarder_type
+        opts[:filter_enabled] = enabled unless enabled.nil?
+        opts[:page_size] = page_size if page_size
+        opts[:page_after] = page_after if page_after
+        resp = @api.list_forwarders(opts)
+        forwarders = (resp.data || []).map { |r| Forwarder.from_resource(r) }
+        ListForwardersPage.new(forwarders, Forwarders.next_cursor(resp.links&._next))
+      end
+
+      def get(forwarder_id)
+        resp = @api.get_forwarder(forwarder_id)
+        Forwarder.from_resource(resp.data)
+      end
+
+      def update(forwarder_id, name:, forwarder_type:, http:, enabled: true,
+                 filter: nil, transform: nil, data: nil)
+        body = wrap_forwarder(forwarder_id, name, forwarder_type, http, enabled, filter, transform, data)
+        resp = @api.update_forwarder(forwarder_id, body)
+        Forwarder.from_resource(resp.data)
+      end
+
+      def delete(forwarder_id)
+        @api.delete_forwarder(forwarder_id)
+        nil
+      end
+
+      def self.next_cursor(link)
+        return nil unless link.is_a?(String)
+
+        idx = link.index("page[after]=")
+        return nil if idx.nil?
+
+        token = link[(idx + "page[after]=".length)..]
+        amp = token.index("&")
+        amp ? token[0...amp] : token
+      end
+
+      private
+
+      def wrap_forwarder(id, name, forwarder_type, http, enabled, filter, transform, data)
+        attrs = SmplkitGeneratedClient::Audit::Forwarder.new(
+          name: name,
+          forwarder_type: forwarder_type,
+          enabled: enabled,
+          # Server-side validation rejects ``data: null`` (the field is
+          # required-non-null in the OpenAPI schema). Default to an empty
+          # hash mirroring the AuditEvents.record fix.
+          data: data || {},
+          http: ForwarderHttp.to_wire(http),
+          filter: filter,
+          transform: transform
+        )
+        resource = SmplkitGeneratedClient::Audit::ForwarderResource.new(
+          id: id ? id.to_s : "",
+          type: "forwarder",
+          attributes: attrs
+        )
+        SmplkitGeneratedClient::Audit::ForwarderResponse.new(data: resource)
+      end
+    end
+
+    # Sub-namespace for the per-forwarder delivery log + per-delivery retry.
+    class ForwarderDeliveries
+      attr_reader :actions
+
+      def initialize(api)
+        @api = api
+        @actions = DeliveryActions.new(api)
+      end
+
+      def list(forwarder_id, status: nil, created_at_range: nil, page_size: nil, page_after: nil)
+        opts = {}
+        opts[:filter_status] = status if status
+        opts[:filter_created_at] = created_at_range if created_at_range
+        opts[:page_size] = page_size if page_size
+        opts[:page_after] = page_after if page_after
+        resp = @api.list_forwarder_deliveries(forwarder_id, opts)
+        deliveries = (resp.data || []).map { |r| ForwarderDelivery.from_resource(r) }
+        ListDeliveriesPage.new(deliveries, Forwarders.next_cursor(resp.links&._next))
+      end
+    end
+
+    # +client.audit.forwarders.deliveries.actions.retry(forwarder_id, delivery_id)+
+    class DeliveryActions
+      def initialize(api)
+        @api = api
+      end
+
+      def retry(forwarder_id, delivery_id)
+        resp = @api.retry_forwarder_delivery(forwarder_id, delivery_id)
+        ForwarderDelivery.from_resource(resp.data)
+      end
+    end
+
+    # +client.audit.forwarders.actions.retry_failed_deliveries(forwarder_id)+
+    class ForwarderActions
+      def initialize(api)
+        @api = api
+      end
+
+      def retry_failed_deliveries(forwarder_id)
+        resp = @api.retry_failed_forwarder_deliveries(forwarder_id)
+        RetryFailedDeliveriesSummary.new(
+          attempted: resp.attempted,
+          succeeded: resp.succeeded,
+          failed: resp.failed
+        )
+      end
+    end
+
+    # ----------------------------------------------------------------------
+    # Public-facing model structs
+    # ----------------------------------------------------------------------
+
+    HttpHeader = Struct.new(:name, :value, keyword_init: true)
+
+    # rubocop:disable Lint/StructNewOverride -- ``:method`` matches the
+    # API attribute and shadowing Struct#method is the expected ergonomics.
+    ForwarderHttp = Struct.new(:method, :url, :headers, :body, :success_status, keyword_init: true) do
+      def initialize(method: "POST", url: "", headers: nil, body: nil, success_status: "2xx")
+        super(method: method, url: url, headers: headers || [], body: body, success_status: success_status)
+      end
+
+      def self.to_wire(src)
+        h = src.is_a?(Hash) ? new(**src) : src
+        SmplkitGeneratedClient::Audit::ForwarderHttp.new(
+          method: h.method,
+          url: h.url,
+          headers: (h.headers || []).map do |hdr|
+            name, value = if hdr.is_a?(Hash)
+                            [hdr[:name] || hdr["name"],
+                             hdr[:value] || hdr["value"]]
+                          else
+                            [hdr.name, hdr.value]
+                          end
+            SmplkitGeneratedClient::Audit::HttpHeader.new(name: name, value: value)
+          end,
+          body: h.body,
+          success_status: h.success_status
+        )
+      end
+
+      def self.from_wire(src)
+        return new if src.nil?
+
+        new(
+          method: src.method || "POST",
+          url: src.url || "",
+          headers: (src.headers || []).map { |h| HttpHeader.new(name: h.name, value: h.value) },
+          body: src.body,
+          success_status: src.success_status || "2xx"
+        )
+      end
+    end
+    # rubocop:enable Lint/StructNewOverride
+
+    # rubocop:disable Lint/StructNewOverride -- ``:filter`` matches the
+    # API attribute and shadowing Struct#filter is the expected ergonomics.
+    Forwarder = Struct.new(
+      :id, :name, :slug, :forwarder_type, :enabled,
+      :filter, :transform, :http, :data,
+      :created_at, :updated_at, :deleted_at, :version,
+      keyword_init: true
+    ) do
+      def self.from_resource(resource)
+        a = resource.attributes
+        new(
+          id: resource.id,
+          name: a.name,
+          slug: a.slug,
+          forwarder_type: a.forwarder_type,
+          enabled: a.enabled.nil? || a.enabled,
+          filter: a.filter,
+          transform: a.transform,
+          http: ForwarderHttp.from_wire(a.http),
+          data: a.data || {},
+          created_at: a.created_at,
+          updated_at: a.updated_at,
+          deleted_at: a.deleted_at,
+          version: a.version
+        )
+      end
+    end
+    # rubocop:enable Lint/StructNewOverride
+
+    ListForwardersPage = Struct.new(:forwarders, :next_cursor)
+
+    ForwarderDelivery = Struct.new(
+      :id, :forwarder_id, :event_id, :attempt_number, :status,
+      :request, :response_status, :response_body, :latency_ms, :error, :created_at,
+      keyword_init: true
+    ) do
+      def self.from_resource(resource)
+        a = resource.attributes
+        new(
+          id: resource.id,
+          forwarder_id: a.forwarder_id,
+          event_id: a.event_id,
+          attempt_number: a.attempt_number,
+          status: a.status,
+          request: a.request,
+          response_status: a.response_status,
+          response_body: a.response_body,
+          latency_ms: a.latency_ms,
+          error: a.error,
+          created_at: a.created_at
+        )
+      end
+    end
+
+    ListDeliveriesPage = Struct.new(:deliveries, :next_cursor)
+
+    RetryFailedDeliveriesSummary = Struct.new(:attempted, :succeeded, :failed, keyword_init: true)
+
+    TestForwarderResult = Struct.new(
+      :succeeded, :response_status, :response_headers, :response_body, :latency_ms, :error,
+      keyword_init: true
+    )
+  end
+end

data/lib/smplkit/audit/functions.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Smplkit
+  module Audit
+    # +client.audit.functions.test_forwarder.actions.execute(...)+
+    class Functions
+      attr_reader :test_forwarder
+
+      def initialize(api)
+        @test_forwarder = TestForwarderNamespace.new(api)
+      end
+    end
+
+    # Sub-namespace for the test_forwarder action.
+    class TestForwarderNamespace
+      attr_reader :actions
+
+      def initialize(api)
+        @actions = TestForwarderActions.new(api)
+      end
+    end
+
+    # +execute+ is a server-side proxy that lets the console preview a
+    # destination without browser CORS getting in the way. The audit
+    # service applies its SSRF guard before resolving the URL —
+    # private/loopback/link-local addresses (incl. the EC2 IMDS at
+    # +169.254.169.254+) and disallowed ports are rejected.
+    class TestForwarderActions
+      def initialize(api)
+        @api = api
+      end
+
+      def execute(url:, method: "POST", headers: nil, body: nil,
+                  success_status: "2xx", timeout_ms: nil)
+        req = SmplkitGeneratedClient::Audit::TestForwarderRequest.new(
+          url: url,
+          method: method,
+          headers: (headers || []).map do |h|
+            name, value = h.is_a?(Hash) ? [h[:name] || h["name"], h[:value] || h["value"]] : [h.name, h.value]
+            SmplkitGeneratedClient::Audit::HttpHeader.new(name: name, value: value)
+          end,
+          body: body,
+          success_status: success_status,
+          timeout_ms: timeout_ms
+        )
+        resp = @api.execute_test_forwarder(req)
+        TestForwarderResult.new(
+          succeeded: resp.succeeded || false,
+          response_status: resp.response_status,
+          response_headers: resp.response_headers || {},
+          response_body: resp.response_body || "",
+          latency_ms: resp.latency_ms,
+          error: resp.error
+        )
+      end
+    end
+  end
+end

data/lib/smplkit/client.rb

@@ -43,7 +43,8 @@ module Smplkit
     end
 
     def initialize(api_key: nil, environment: nil, service: nil, profile: nil, # rubocop:disable Metrics/AbcSize
-                   base_domain: nil, scheme: nil, debug: nil, telemetry: nil)
+                   base_domain: nil, scheme: nil, debug: nil, telemetry: nil,
+                   extra_headers: nil)
       cfg = ConfigResolution.resolve_config(
         profile: profile, api_key: api_key, base_domain: base_domain, scheme: scheme,
         environment: environment, service: service, debug: debug, telemetry: telemetry
@@ -67,7 +68,8 @@ module Smplkit
       mgmt_cfg = ConfigResolution::ResolvedManagementConfig.new(
         api_key: cfg.api_key, base_domain: cfg.base_domain, scheme: cfg.scheme, debug: cfg.debug
       )
-      @manage = ManagementClient.from_resolved(mgmt_cfg)
+      @extra_headers = extra_headers
+      @manage = ManagementClient.from_resolved(mgmt_cfg, extra_headers: extra_headers)
 
       app_url = ConfigResolution.service_url(cfg.scheme, "app", cfg.base_domain)
       flags_url = ConfigResolution.service_url(cfg.scheme, "flags", cfg.base_domain)
@@ -87,7 +89,8 @@ module Smplkit
                                             flags_base_url: flags_url, app_base_url: app_url)
       @logging = Logging::LoggingClient.new(self, manage: @manage, metrics: @metrics,
                                                   logging_base_url: logging_url, app_base_url: app_url)
-      @audit = Audit::AuditClient.new(api_key: cfg.api_key, base_url: audit_url)
+      @audit = Audit::AuditClient.new(api_key: cfg.api_key, base_url: audit_url,
+                                      extra_headers: extra_headers)
 
       @closed = false
       schedule_periodic_flush
@@ -170,6 +173,7 @@ module Smplkit
     def _api_key = @api_key
     def _app_base_url = @app_base_url
     def _metrics = @metrics
+    def _extra_headers = @extra_headers
 
     def _ensure_ws
       @_ensure_ws ||= begin

data/lib/smplkit/management/client.rb

@@ -30,12 +30,12 @@ module Smplkit
     attr_reader :contexts, :context_types, :environments, :account_settings,
                 :config, :flags, :loggers, :log_groups
 
-    def self.from_resolved(resolved)
-      new(_resolved: resolved)
+    def self.from_resolved(resolved, extra_headers: nil)
+      new(_resolved: resolved, extra_headers: extra_headers)
     end
 
     def initialize(api_key: nil, base_domain: nil, scheme: nil, profile: nil,
-                   debug: nil, _resolved: nil)
+                   debug: nil, _resolved: nil, extra_headers: nil)
       cfg = _resolved ||
             ConfigResolution.resolve_management_config(
               api_key: api_key, base_domain: base_domain, scheme: scheme,
@@ -45,6 +45,7 @@ module Smplkit
 
       @resolved = cfg
 
+      @extra_headers = extra_headers
       @app_api_client = build_api_client(SmplkitGeneratedClient::App, "app", cfg)
       @config_api_client = build_api_client(SmplkitGeneratedClient::Config, "config", cfg)
       @flags_api_client = build_api_client(SmplkitGeneratedClient::Flags, "flags", cfg)
@@ -71,6 +72,8 @@ module Smplkit
     def _flags_http = @flags_api_client
     def _logging_http = @logging_api_client
 
+    SDK_OWNED_HEADERS = %w[authorization content-type user-agent].freeze
+
     private
 
     def build_api_client(generated_module, subdomain, cfg)
@@ -82,6 +85,9 @@ module Smplkit
       configuration.debugging = cfg.debug
       generated_module::ApiClient.new(configuration).tap do |client|
         client.default_headers["User-Agent"] = "smplkit-ruby-sdk/#{Smplkit::VERSION}"
+        @extra_headers&.each do |k, v|
+          client.default_headers[k] = v unless SDK_OWNED_HEADERS.include?(k.downcase)
+        end
       end
     end
 

data/lib/smplkit.rb

@@ -64,6 +64,8 @@ require_relative "smplkit/management/buffer"
 require_relative "smplkit/management/client"
 require_relative "smplkit/audit/buffer"
 require_relative "smplkit/audit/events"
+require_relative "smplkit/audit/forwarders"
+require_relative "smplkit/audit/functions"
 require_relative "smplkit/audit/client"
 require_relative "smplkit/client"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smplkit
 version: !ruby/object:Gem::Version
-  version: 1.0.23
+  version: 1.0.25
 platform: ruby
 authors:
 - Smpl Solutions LLC
@@ -583,6 +583,8 @@ files:
 - lib/smplkit/audit/buffer.rb
 - lib/smplkit/audit/client.rb
 - lib/smplkit/audit/events.rb
+- lib/smplkit/audit/forwarders.rb
+- lib/smplkit/audit/functions.rb
 - lib/smplkit/client.rb
 - lib/smplkit/config/client.rb
 - lib/smplkit/config/helpers.rb