Module: Legion::LLM::Router::GatewayInterceptor

Extended by:
Legion::Logging::Helper
Defined in:
lib/legion/llm/router/gateway_interceptor.rb

Class Method Summary collapse

Class Method Details

.gateway_enabled?Boolean

Returns:

  • (Boolean) 


33
34
35
36
 
# File 'lib/legion/llm/router/gateway_interceptor.rb', line 33

def gateway_enabled?
  settings = gateway_settings
  settings[:enabled] == true && !settings[:endpoint].nil?
end

.gateway_headers(context) ⇒ Object 



47
48
49
50
51
52
53
54
55
 
# File 'lib/legion/llm/router/gateway_interceptor.rb', line 47

def gateway_headers(context)
  {
    'X-Agent-Id'        => context[:worker_id],
    'X-Tenant-Id'       => context[:tenant_id],
    'X-AIRB-Project-Id' => context[:airb_project_id],
    'X-Risk-Tier'       => context[:risk_tier]&.to_s,
    'X-Legion-Task-Id'  => context[:task_id]&.to_s
  }.compact
end

.gateway_settingsObject 



57
58
59
60
61
62
63
64
65
 
# File 'lib/legion/llm/router/gateway_interceptor.rb', line 57

def gateway_settings
  llm = Legion::Settings[:llm]
  return {} unless llm.is_a?(Hash)

  (llm[:gateway] || {}).transform_keys(&:to_sym)
rescue StandardError => e
  handle_exception(e, level: :warn)
  {}
end

.intercept(resolution, context: {}) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/legion/llm/router/gateway_interceptor.rb', line 12

def intercept(resolution, context: {})
  return resolution unless gateway_enabled?
  return resolution unless resolution&.tier == :cloud

  model = resolution.model
  risk_tier = context[:risk_tier]&.to_sym

  unless model_allowed?(model, risk_tier)
    log.warn "[llm] gateway policy blocked model=#{model} risk_tier=#{risk_tier}"
    return nil
  end

  Resolution.new(
    tier:     :cloud,
    provider: :gateway,
    model:    model,
    rule:     'gateway_intercept',
    metadata: { original_provider: resolution.provider }
  )
end

.model_allowed?(model, risk_tier) ⇒ Boolean

Returns:

  • (Boolean) 


38
39
40
41
42
43
44
45
 
# File 'lib/legion/llm/router/gateway_interceptor.rb', line 38

def model_allowed?(model, risk_tier)
  return true unless risk_tier

  allowlist = gateway_settings.dig(:model_policy, risk_tier)
  return true unless allowlist.is_a?(Array) && !allowlist.empty?

  allowlist.any? { |pattern| File.fnmatch?(pattern, model.to_s) }
end