smplkit 3.0.101 → 3.0.102

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 023cc1c779a1121f562c18522ac3df12441aa82f224b886dcf51b92856607d9f
-  data.tar.gz: 38edf4febecc1c929d086456450d8b836ae5c73866aec3031d2f9c1bbce1eea4
+  metadata.gz: 047e3fc0922ee25b1441a22a33addbba76e885b486414ac3ca99b31d07b17277
+  data.tar.gz: 5ce032781cecf99066afb73359af216000039d158318dc427dfc456f159d35b3
 SHA512:
-  metadata.gz: d79bfdecf66c1d5896c7f3db0a2faca933cfdeab6025888133ae1e2b999ef2525b0a25224d4295e4d5c4b4b9b0089a0428cee337f2a11d883955626e4214d1ae
-  data.tar.gz: 4ba20edec0551888d6aa7b13ddbd5fc99bd481794a1771e2c271c6f5c212a328cd028e060d9ddb6f59af56d71e094ff3648ae06100e621069b29186ff3ff4120
+  metadata.gz: 7c5a05ff1932b11b194a3405bb6f361763810c935e3e7bc924afb6431dfd201b6447020b117f14161dc209525a072e4a4afb9d6b467eb086bfd177c5f3f6400c
+  data.tar.gz: cebda2b16e66a59fac937a6f135fdaeff3cdd727ff009637a77627efefc0eb2738a411dead73ccaf60d3f30edbd1416a6f55602bcfe4da2d00c891c14effefcc

data/lib/smplkit/audit/categories.rb

@@ -8,16 +8,19 @@ module Smplkit
     # Response time is independent of how many years of events the account has
     # accumulated. Sorted alphabetically; offset paginated.
     class Categories
-      def initialize(api)
+      def initialize(api, environment: nil)
         @api = api
+        @environment = environment
       end
 
       # List the distinct +category+ values seen in the account.
       #
       # +environments+ scopes the listing to a set of environments: pass an
       # array of environment keys and/or the reserved +"smplkit"+ control-plane
-      # bucket; the values are comma-joined into +filter[environment]+. Omitting
-      # it (or passing an empty array) leaves the filter off entirely.
+      # bucket; the values are comma-joined into +filter[environment]+. Omit it
+      # (the default) to scope the listing to the client's configured
+      # environment; with no configured environment the filter is left off
+      # entirely.
       #
       # @param page_number [Integer, nil] 1-based page index. Omit for the first
       #   page.
@@ -28,7 +31,8 @@ module Smplkit
       #   count server-side). Omit to skip it.
       # @param environments [Array<String>, nil] Environment keys and/or the
       #   reserved +"smplkit"+ control-plane bucket to scope the listing to. Omit
-      #   to leave the filter off entirely.
+      #   to fall back to the client's configured environment; with no configured
+      #   environment the filter is left off entirely.
       # @return [Smplkit::Audit::CategoryListPage] A page of the matching
       #   category values.
       def list(page_number: nil, page_size: nil, meta_total: nil, environments: nil)
@@ -36,8 +40,8 @@ module Smplkit
         opts[:page_number] = page_number if page_number
         opts[:page_size] = page_size if page_size
         opts[:meta_total] = meta_total unless meta_total.nil?
-        joined_environments = Smplkit::Audit.join_environments(environments)
-        opts[:filter_environment] = joined_environments if joined_environments
+        resolved_environment = Smplkit::Audit.resolve_environment_filter(environments, @environment)
+        opts[:filter_environment] = resolved_environment if resolved_environment
 
         resp = Smplkit::Audit.call_api { @api.list_categories(opts) }
         rows = (resp.data || []).map { |r| Category.from_resource(r) }

data/lib/smplkit/audit/client.rb

@@ -21,9 +21,13 @@ module Smplkit
     #   from +base_domain+/+scheme+; supplied directly by the top-level clients
     #   which have already computed it.
     # @param environment [String, nil] Deployment environment to scope recording
-    #   and reads to. Optional — forwarder CRUD and discovery are
-    #   environment-agnostic, and reads accept an explicit +environments: [...]+
-    #   filter.
+    #   and reads to. Sent on the event request body when recording and as the
+    #   default +filter[environment]+ on the read surfaces (events list and the
+    #   resource_type / event_type / category discovery lists). Optional —
+    #   forwarder CRUD is environment-agnostic, and reads accept an explicit
+    #   +environments: [...]+ filter that overrides this default. With no
+    #   configured environment, recording falls back to the server-side default
+    #   environment and the read filter is left off.
     # @param profile [String, nil] Named +~/.smplkit+ profile section.
     # @param base_domain [String, nil] Base domain for API requests (default
     #   +"smplkit.com"+).
@@ -64,21 +68,26 @@ module Smplkit
         HttpPool.configure(cfg)
         api_client = SmplkitGeneratedClient::Audit::ApiClient.new(cfg)
         api_client.default_headers["User-Agent"] = "smplkit-ruby-sdk/#{Smplkit::VERSION}"
-        # Runtime audit ops are environment-scoped: record / list / get /
-        # discovery all resolve their environment from the
-        # +X-Smplkit-Environment+ request header (ADR-055). We stamp it once
-        # at the client level from the SDK's configured runtime environment so
-        # every generated call carries it. It is stamped before +extra_headers+
-        # is applied so a caller-supplied entry of the same name wins (explicit
-        # override).
-        api_client.default_headers["X-Smplkit-Environment"] = environment unless environment.nil?
+        # Runtime audit ops are environment-scoped, but the scoping is
+        # body-driven (ADR-055): +events.record+ stamps the configured
+        # environment onto the event request body, and the read surfaces
+        # (events list plus the resource_type / event_type / category discovery
+        # lists) default +filter[environment]+ to it. The transport therefore
+        # carries only auth plus any caller-supplied +extra_headers+ — no
+        # environment header. Forwarder CRUD is environment-agnostic.
         extra_headers&.each do |k, v|
           api_client.default_headers[k] = v unless SDK_OWNED_HEADERS.include?(k.downcase)
         end
-        @events = Events.new(SmplkitGeneratedClient::Audit::EventsApi.new(api_client))
-        @resource_types = ResourceTypes.new(SmplkitGeneratedClient::Audit::ResourceTypesApi.new(api_client))
-        @event_types = EventTypes.new(SmplkitGeneratedClient::Audit::EventTypesApi.new(api_client))
-        @categories = Categories.new(SmplkitGeneratedClient::Audit::CategoriesApi.new(api_client))
+        @events = Events.new(SmplkitGeneratedClient::Audit::EventsApi.new(api_client), environment: environment)
+        @resource_types = ResourceTypes.new(
+          SmplkitGeneratedClient::Audit::ResourceTypesApi.new(api_client), environment: environment
+        )
+        @event_types = EventTypes.new(
+          SmplkitGeneratedClient::Audit::EventTypesApi.new(api_client), environment: environment
+        )
+        @categories = Categories.new(
+          SmplkitGeneratedClient::Audit::CategoriesApi.new(api_client), environment: environment
+        )
         @forwarders = ForwardersClient.new(SmplkitGeneratedClient::Audit::ForwardersApi.new(api_client))
       end
 

data/lib/smplkit/audit/event_types.rb

@@ -13,16 +13,19 @@ module Smplkit
     #
     # Sorted alphabetically; offset paginated.
     class EventTypes
-      def initialize(api)
+      def initialize(api, environment: nil)
         @api = api
+        @environment = environment
       end
 
       # List the distinct +event_type+ slugs seen in the account.
       #
       # +environments+ scopes the listing to a set of environments: pass an
       # array of environment keys and/or the reserved +"smplkit"+ control-plane
-      # bucket; the values are comma-joined into +filter[environment]+. Omitting
-      # it (or passing an empty array) leaves the filter off entirely.
+      # bucket; the values are comma-joined into +filter[environment]+. Omit it
+      # (the default) to scope the listing to the client's configured
+      # environment; with no configured environment the filter is left off
+      # entirely.
       #
       # @param filter_resource_type [String, nil] Restrict the listing to
       #   event_types seen with this +resource_type+. Omit to list every distinct
@@ -36,7 +39,8 @@ module Smplkit
       #   count server-side). Omit to skip it.
       # @param environments [Array<String>, nil] Environment keys and/or the
       #   reserved +"smplkit"+ control-plane bucket to scope the listing to. Omit
-      #   to leave the filter off entirely.
+      #   to fall back to the client's configured environment; with no configured
+      #   environment the filter is left off entirely.
       # @return [Smplkit::Audit::EventTypeListPage] A page of the matching
       #   event-type slugs.
       def list(filter_resource_type: nil, page_number: nil, page_size: nil, meta_total: nil, environments: nil)
@@ -45,8 +49,8 @@ module Smplkit
         opts[:page_number] = page_number if page_number
         opts[:page_size] = page_size if page_size
         opts[:meta_total] = meta_total unless meta_total.nil?
-        joined_environments = Smplkit::Audit.join_environments(environments)
-        opts[:filter_environment] = joined_environments if joined_environments
+        resolved_environment = Smplkit::Audit.resolve_environment_filter(environments, @environment)
+        opts[:filter_environment] = resolved_environment if resolved_environment
 
         resp = Smplkit::Audit.call_api { @api.list_event_types(opts) }
         rows = (resp.data || []).map { |r| EventType.from_resource(r) }

data/lib/smplkit/audit/events.rb

@@ -9,8 +9,9 @@ module Smplkit
     # +flush: true+ to block until the event is durable before continuing.
     # +#list+ and +#get+ are synchronous reads.
     class Events
-      def initialize(api)
+      def initialize(api, environment: nil)
         @api = api
+        @environment = environment
         @buffer = EventBuffer.new(api)
       end
 
@@ -105,6 +106,13 @@ module Smplkit
           data: data || {},
           do_not_forward: do_not_forward
         )
+        # Stamp the client's configured environment onto the event body — the
+        # body-driven replacement for the old +X-Smplkit-Environment+ header
+        # (ADR-055). Left off when nil so a single-environment credential
+        # resolves it server-side. Assigning conditionally (rather than passing
+        # +environment: nil+ through the constructor) keeps the field out of the
+        # serialized body entirely when unconfigured.
+        attrs.environment = @environment unless @environment.nil?
         resource = SmplkitGeneratedClient::Audit::EventResource.new(
           id: "",
           type: "event",
@@ -141,6 +149,13 @@ module Smplkit
       # +occurred_at_range+, or with both +resource_type+ and +resource_id+ —
       # or the request is rejected.
       #
+      # +environments+ scopes the read to a set of environments: pass an array
+      # of environment keys and/or the reserved +"smplkit"+ control-plane
+      # bucket; the values are sent comma-separated as +filter[environment]+.
+      # Omit it (the default) to scope the read to the client's configured
+      # environment; with no configured environment the filter is left off
+      # entirely.
+      #
       # @param event_type [String, nil] Return only events with this
       #   +event_type+. Omit to match any.
       # @param resource_type [String, nil] Return only events about this
@@ -160,7 +175,8 @@ module Smplkit
       #   or the request is rejected. Omit to disable text filtering.
       # @param environments [Array<String>, nil] Environment keys (and/or the
       #   reserved +"smplkit"+ control-plane bucket) to scope the read to. Omit
-      #   to leave the filter off entirely.
+      #   to fall back to the client's configured environment; with no configured
+      #   environment the filter is left off entirely.
       # @param page_size [Integer, nil] Maximum number of events to return in
       #   this page.
       # @param page_after [String, nil] Opaque cursor from a previous page's
@@ -183,8 +199,8 @@ module Smplkit
         opts[:filter_actor_id] = actor_id if actor_id
         opts[:filter_occurred_at] = occurred_at_range if occurred_at_range
         opts[:filter_search] = search if search
-        joined_environments = Smplkit::Audit.join_environments(environments)
-        opts[:filter_environment] = joined_environments if joined_environments
+        resolved_environment = Smplkit::Audit.resolve_environment_filter(environments, @environment)
+        opts[:filter_environment] = resolved_environment if resolved_environment
         opts[:page_size] = page_size if page_size
         opts[:page_after] = page_after if page_after
 

data/lib/smplkit/audit/models.rb

@@ -79,6 +79,28 @@ module Smplkit
       values.empty? ? nil : values.join(",")
     end
 
+    # Resolve the +filter[environment]+ value for a read surface.
+    #
+    # An explicit, non-empty +environments+ list always wins and is comma-joined
+    # via {join_environments}. Otherwise the client's configured +default+
+    # environment scopes the read — the body-driven replacement for the old
+    # per-request +X-Smplkit-Environment+ header (ADR-055), which previously
+    # scoped every read to the client's environment. A client with no configured
+    # environment and no explicit list returns +nil+ so the caller omits the
+    # query param and the credential's own scoping applies server-side.
+    #
+    # @param environments [Array<String>, String, nil] Explicit per-call
+    #   environment filter; an empty/blank value falls through to +default+.
+    # @param default [String, nil] The client's configured environment.
+    # @return [String, nil] The +filter[environment]+ value, or +nil+ to omit it.
+    # @api private
+    def self.resolve_environment_filter(environments, default)
+      joined = join_environments(environments)
+      return joined unless joined.nil?
+
+      default
+    end
+
     # Supported SIEM forwarder destination types.
     #
     # Members are declared in alphabetical order. Customers pass these
@@ -204,7 +226,7 @@ module Smplkit
     #     Read-only and always present on reads — the audit service resolves it
     #     when the event is recorded (from a single-environment credential, or
     #     from the runtime SDK's configured environment, which the SDK sends on
-    #     every recording call). Never set on the recording request body.
+    #     the recording request body).
     AuditEvent = Struct.new(
       :id, :event_type, :resource_type, :resource_id,
       :occurred_at, :created_at,

data/lib/smplkit/audit/resource_types.rb

@@ -8,16 +8,19 @@ module Smplkit
     # Response time is independent of how many years of events the account has
     # accumulated. Sorted alphabetically; offset paginated.
     class ResourceTypes
-      def initialize(api)
+      def initialize(api, environment: nil)
         @api = api
+        @environment = environment
       end
 
       # List the distinct +resource_type+ slugs seen in the account.
       #
       # +environments+ scopes the listing to a set of environments: pass an
       # array of environment keys and/or the reserved +"smplkit"+ control-plane
-      # bucket; the values are comma-joined into +filter[environment]+. Omitting
-      # it (or passing an empty array) leaves the filter off entirely.
+      # bucket; the values are comma-joined into +filter[environment]+. Omit it
+      # (the default) to scope the listing to the client's configured
+      # environment; with no configured environment the filter is left off
+      # entirely.
       #
       # @param page_number [Integer, nil] 1-based page index. Omit for the first
       #   page.
@@ -28,7 +31,8 @@ module Smplkit
       #   count server-side). Omit to skip it.
       # @param environments [Array<String>, nil] Environment keys and/or the
       #   reserved +"smplkit"+ control-plane bucket to scope the listing to. Omit
-      #   to leave the filter off entirely.
+      #   to fall back to the client's configured environment; with no configured
+      #   environment the filter is left off entirely.
       # @return [Smplkit::Audit::ResourceTypeListPage] A page of the matching
       #   resource-type slugs.
       def list(page_number: nil, page_size: nil, meta_total: nil, environments: nil)
@@ -36,8 +40,8 @@ module Smplkit
         opts[:page_number] = page_number if page_number
         opts[:page_size] = page_size if page_size
         opts[:meta_total] = meta_total unless meta_total.nil?
-        joined_environments = Smplkit::Audit.join_environments(environments)
-        opts[:filter_environment] = joined_environments if joined_environments
+        resolved_environment = Smplkit::Audit.resolve_environment_filter(environments, @environment)
+        opts[:filter_environment] = resolved_environment if resolved_environment
 
         resp = Smplkit::Audit.call_api { @api.list_resource_types(opts) }
         rows = (resp.data || []).map { |r| ResourceType.from_resource(r) }

data/lib/smplkit/client.rb

@@ -124,9 +124,11 @@ module Smplkit
       # borrows the shared logging transport and WebSocket. The two management
       # sub-clients live at client.logging.loggers / client.logging.log_groups.
       @logging = Logging::LoggingClient.new(parent: self, transport: @transports.logging_http, metrics: @metrics)
-      # Audit's full surface on one client; this runtime instance carries the
-      # configured environment as ``X-Smplkit-Environment`` and owns its own
-      # transport (closed in ``close``).
+      # Audit's full surface on one client; this runtime instance scopes audit
+      # ops to the configured environment via the body-driven path (ADR-055):
+      # ``events.record`` stamps it on the event body and the read surfaces
+      # default ``filter[environment]`` to it. Owns its own transport (closed in
+      # ``close``).
       @audit = Audit::AuditClient.new(
         api_key: cfg.api_key, base_url: audit_url, environment: cfg.environment, extra_headers: extra_headers
       )

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smplkit
 version: !ruby/object:Gem::Version
-  version: 3.0.101
+  version: 3.0.102
 platform: ruby
 authors:
 - Smpl Solutions LLC