Module: Legion::Extensions::Agentic::Social::Governance::Runners::ShadowAi

Defined in:

lib/legion/extensions/agentic/social/governance/runners/shadow_ai.rb

Overview

rubocop:disable Legion/Extension/RunnerIncludeHelpers

Instance Method Summary

• #check_airb_compliance ⇒ Object
• #check_llm_bypass_indicators ⇒ Object
• #full_scan ⇒ Object
• #scan_unregistered_extensions ⇒ Object

Instance Method Details

#check_airb_compliance ⇒ Object

# File 'lib/legion/extensions/agentic/social/governance/runners/shadow_ai.rb', line 27

def check_airb_compliance(**)
  unless defined?(Legion::Data::Model::DigitalWorker)
    Legion::Logging.debug('[governance:shadow_ai] AIRB compliance check unavailable — DigitalWorker model not loaded')
    return { checked: 0, source: :unavailable, reason: 'DigitalWorker model not loaded' }
  end

  workers = Legion::Data::Model::DigitalWorker.where(lifecycle_state: 'active').all
  non_compliant = workers.select do |w|
    risk = w.respond_to?(:risk_tier) ? w.risk_tier : nil
    %w[high critical].include?(risk) && w.respond_to?(:airb_status) && w.airb_status != 'approved'
  end

  { checked: workers.size, compliant: workers.size - non_compliant.size,
    non_compliant: non_compliant.map(&:worker_id) }
rescue StandardError => e
  { checked: 0, error: e.message }
end

#check_llm_bypass_indicators ⇒ Object

# File 'lib/legion/extensions/agentic/social/governance/runners/shadow_ai.rb', line 20

def check_llm_bypass_indicators(**)
  indicators = []
  indicators << :direct_openai_key if ENV.key?('OPENAI_API_KEY') && !provider_enabled?(:openai)
  indicators << :direct_anthropic_key if ENV.key?('ANTHROPIC_API_KEY') && !provider_enabled?(:anthropic)
  { indicators: indicators, bypassed: !indicators.empty? }
end

#full_scan ⇒ Object

# File 'lib/legion/extensions/agentic/social/governance/runners/shadow_ai.rb', line 45

def full_scan(**)
  extensions = scan_unregistered_extensions
  bypass = check_llm_bypass_indicators
  compliance = check_airb_compliance

  has_issues = extensions[:unregistered]&.any? || bypass[:bypassed] || compliance[:non_compliant]&.any?
  emit_shadow_event(extensions, bypass, compliance) if has_issues

  { extensions: extensions, bypass: bypass, compliance: compliance, issues_found: has_issues }
end

#scan_unregistered_extensions ⇒ Object

# File 'lib/legion/extensions/agentic/social/governance/runners/shadow_ai.rb', line 10

def scan_unregistered_extensions(**)
  installed = Bundler.load.specs.select { |s| s.name.start_with?('lex-') }.map(&:name)
  registered = registered_extension_names

  unregistered = installed - registered
  { installed: installed.size, registered: registered.size, unregistered: unregistered }
rescue StandardError => e
  { installed: 0, registered: 0, unregistered: [], error: e.message }
end