Module: Legion::DigitalWorker::Registration
- Defined in:
- lib/legion/digital_worker/registration.rb
Constant Summary collapse
- APPROVAL_TIMEOUT_SECONDS =
48 hours default
172_800
Class Method Summary collapse
- .approval_required?(risk_tier) ⇒ Boolean
- .approve(worker_id, approver:, notes: nil) ⇒ Object
- .escalate(worker_id) ⇒ Object
- .pending_approvals ⇒ Object
- .register(worker_attrs) ⇒ Object
- .reject(worker_id, approver:, reason:) ⇒ Object
Class Method Details
.approval_required?(risk_tier) ⇒ Boolean
90 91 92 |
# File 'lib/legion/digital_worker/registration.rb', line 90 def approval_required?(risk_tier) %w[high critical].include?(risk_tier.to_s) end |
.approve(worker_id, approver:, notes: nil) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/legion/digital_worker/registration.rb', line 48 def approve(worker_id, approver:, notes: nil) worker = find_pending!(worker_id) Lifecycle.transition!( worker, to_state: 'active', by: approver, reason: notes, authority_verified: true ) record_audit('worker_approved', worker_id, approver, { notes: notes }) emit_event('worker.registration.approved', worker_id: worker_id, approver: approver) log_info "worker=#{worker_id} approved by=#{approver}" worker end |
.escalate(worker_id) ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/legion/digital_worker/registration.rb', line 94 def escalate(worker_id) worker = find_worker(worker_id) return { escalated: false, reason: 'worker not found' } unless worker return { escalated: false, reason: 'not pending approval' } unless worker.lifecycle_state == 'pending_approval' timeout = settings_timeout pending_seconds = worker.created_at ? (Time.now.utc - worker.created_at) : 0 if pending_seconds >= timeout emit_event('worker.registration.escalated', worker_id: worker_id, pending_seconds: pending_seconds) log_info "worker=#{worker_id} escalated pending_seconds=#{pending_seconds.to_i}" { escalated: true, worker_id: worker_id, pending_seconds: pending_seconds.to_i } else remaining = (timeout - pending_seconds).to_i { escalated: false, reason: 'timeout not reached', remaining_seconds: remaining } end end |
.pending_approvals ⇒ Object
84 85 86 87 88 |
# File 'lib/legion/digital_worker/registration.rb', line 84 def pending_approvals return [] unless defined?(Legion::Data::Model::DigitalWorker) Legion::Data::Model::DigitalWorker.where(lifecycle_state: 'pending_approval').all end |
.register(worker_attrs) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/legion/digital_worker/registration.rb', line 11 def register(worker_attrs) risk_tier = worker_attrs[:risk_tier].to_s lifecycle_state = if approval_required?(risk_tier) 'pending_approval' else 'bootstrap' end worker = Legion::Data::Model::DigitalWorker.create( worker_id: SecureRandom.uuid, name: worker_attrs[:name], extension_name: worker_attrs[:extension_name], entra_app_id: worker_attrs[:entra_app_id], owner_msid: worker_attrs[:owner_msid], owner_name: worker_attrs[:owner_name], business_role: worker_attrs[:business_role], risk_tier: risk_tier.empty? ? nil : risk_tier, team: worker_attrs[:team], manager_msid: worker_attrs[:manager_msid], lifecycle_state: lifecycle_state, consent_tier: 'supervised', trust_score: 0.0 ) if lifecycle_state == 'pending_approval' intake_id = create_airb_intake(worker) log_info "worker=#{worker.worker_id} state=pending_approval airb_intake=#{intake_id}" emit_event('worker.registration.pending', worker_id: worker.worker_id, risk_tier: risk_tier, intake_id: intake_id) else log_info "worker=#{worker.worker_id} state=bootstrap risk_tier=#{risk_tier}" emit_event('worker.registration.created', worker_id: worker.worker_id, risk_tier: risk_tier) end worker end |
.reject(worker_id, approver:, reason:) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/legion/digital_worker/registration.rb', line 66 def reject(worker_id, approver:, reason:) worker = find_pending!(worker_id) Lifecycle.transition!( worker, to_state: 'rejected', by: approver, reason: reason, authority_verified: true ) record_audit('worker_rejected', worker_id, approver, { reason: reason }) emit_event('worker.registration.rejected', worker_id: worker_id, approver: approver, reason: reason) log_info "worker=#{worker_id} rejected by=#{approver} reason=#{reason}" worker end |