Move version file, fix oidc, make jobs use envs

VERSION

@@ -1 +0,0 @@
-0.2.2

app/controllers/oidc_auth_controller.rb

@@ -40,9 +40,13 @@ class OidcAuthController < ApplicationController
 
     # Add PKCE verifier if available
     code_verifier = retrieve_pkce_verifier
-    oidc_client.code_verifier = code_verifier if code_verifier.present?
 
-    access_token = oidc_client.access_token!
+    # Pass code_verifier as parameter to access_token! method (PKCE support)
+    access_token = if code_verifier.present?
+      oidc_client.access_token!(:body, code_verifier: code_verifier)
+    else
+      oidc_client.access_token!
+    end
 
     # Extract claims from ID token (JWT-only approach)
     id_token = access_token.id_token

app/services/event_tagger.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+# EventTagger - Service for applying tags to events
+#
+# Centralizes tagging logic to keep Event model focused on data management.
+# Tags can come from multiple sources:
+# 1. Agent-provided tags (from payload)
+# 2. Matched rule tags (from rule.metadata['tags'])
+# 3. Future: Policy-based tags, network intelligence tags, etc.
+#
+# Usage:
+#   EventTagger.tag_event(event)                    # Tag single event
+#   EventTagger.tag_batch(Event.where(...))         # Efficiently tag multiple events
+#   EventTagger.retag_for_rule(rule)                # Retag all events for a specific rule
+class EventTagger
+  # Tag a single event with rule tags
+  #
+  # @param event [Event] The event to tag
+  # @return [Array<String>] The final array of tags applied
+  def self.tag_event(event)
+    tags = []
+
+    # 1. Keep agent-provided tags (if any)
+    tags += event.payload&.dig("tags") || []
+
+    # 2. Add tags from matched rule (if any)
+    if event.rule_id.present?
+      rule = event.rule
+      tags += rule&.tags || []
+    end
+
+    # 3. Future: Add tags from policies, network intelligence, etc.
+    # tags += apply_policy_tags(event)
+    # tags += apply_network_tags(event)
+
+    # Deduplicate and update
+    final_tags = tags.uniq
+    event.update_column(:tags, final_tags)
+    final_tags
+  end
+
+  # Efficiently tag multiple events with preloaded rules
+  #
+  # @param events [ActiveRecord::Relation, Array<Event>] Events to tag
+  # @return [Integer] Number of events tagged
+  def self.tag_batch(events)
+    events = events.to_a if events.is_a?(ActiveRecord::Relation)
+    return 0 if events.empty?
+
+    # Preload rules to avoid N+1 queries
+    rule_ids = events.map(&:rule_id).compact.uniq
+    rules_by_id = Rule.where(id: rule_ids).index_by(&:id)
+
+    tagged_count = 0
+
+    events.each do |event|
+      tags = event.payload&.dig("tags") || []
+
+      # Add rule tags if rule exists
+      if event.rule_id && rules_by_id[event.rule_id]
+        tags += rules_by_id[event.rule_id].tags
+      end
+
+      # Update tags
+      event.update_column(:tags, tags.uniq)
+      tagged_count += 1
+    end
+
+    tagged_count
+  end
+
+  # Retag all events that matched a specific rule
+  # Useful when a rule's tags are updated
+  #
+  # @param rule [Rule] The rule whose events should be retagged
+  # @param limit [Integer] Maximum number of events to retag (default: no limit)
+  # @return [Integer] Number of events retagged
+  def self.retag_for_rule(rule, limit: nil)
+    events = Event.where(rule_id: rule.id)
+    events = events.limit(limit) if limit
+    tag_batch(events)
+  end
+
+  # Retag all events (useful for bulk migrations or fixes)
+  #
+  # @param batch_size [Integer] Number of events to process at once
+  # @return [Integer] Total number of events retagged
+  def self.retag_all(batch_size: 1000)
+    total = 0
+
+    Event.find_in_batches(batch_size: batch_size) do |batch|
+      total += tag_batch(batch)
+      Rails.logger.info "[EventTagger] Retagged #{total} events..."
+    end
+
+    total
+  end
+
+  private
+
+  # Future: Apply policy-based tags
+  # def self.apply_policy_tags(event)
+  #   tags = []
+  #   # Check if event matches any policy conditions
+  #   # Add tags based on policy matches
+  #   tags
+  # end
+
+  # Future: Apply network intelligence tags
+  # def self.apply_network_tags(event)
+  #   tags = []
+  #   # Add tags based on network_range attributes
+  #   # e.g., ["datacenter", "vpn", "proxy", "country:US"]
+  #   tags
+  # end
+end

config/initializers/sentry.rb

@@ -140,7 +140,7 @@ end
 
 # Add application-specific context
 app_version = begin
-  File.read(Rails.root.join('VERSION')).strip
+  BaffleHub::VERSION
 rescue
   ENV['APP_VERSION'] || ENV['GIT_COMMIT_SHA']&.[](0..7) || 'unknown'
 end

config/queue.yml

@@ -4,8 +4,8 @@ default: &default
       batch_size: 500
   workers:
     - queues: "*"
-      threads: 3
+      threads: <%= ENV.fetch("JOB_THREADS", 3) %>
-      processes: <%= ENV.fetch("JOB_CONCURRENCY", 1) %>
+      processes: <%= ENV.fetch("JOB_PROCESSES", 1) %>
       polling_interval: 0.1
 
 development: