aikido-zen 0.2.0-x86_64-mingw-64 → 1.0.1.beta.2-x86_64-mingw-64

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ce4b289f036d48b9824da37911bbdf60f09db7ecfe000ae64aef3e4a36f8fd1
-  data.tar.gz: c05604178d2b213e54efac4b5902fb15081c6955e159e21424450cd8d14ec965
+  metadata.gz: 6870d1d0a0a5f98ddaa519ea4d4629d5f188651767d14e7d73e7f8f5f768dce5
+  data.tar.gz: 8fe0c47688f64f8a735b192159339ff19499f4da99451045ad0e3fad95bccdde
 SHA512:
-  metadata.gz: a4cf09ab6f3f577f9c2acd8e34a7b0da87d4aaa96427c87d4ae86b6697370c665e2fdd49e69829dc48795ec895f1d13643a6875491e277caa3b44c6b88230eb5
-  data.tar.gz: b753b8b30ab3aa9c8c617f70728b79f70958ed16dee616a3db7f66627474bfa617c2d2acc05958b6c00bb90415fe412c80a96be9641fba2122ff7cfa5bf41450
+  metadata.gz: 516d0a01b52bc249bb5ed730322442c6885e76beb561b49e2dfac7dae399952ba55d7a9485c2f14ff17cdeea2e71ffdd4df94d25d106039aa4114f4327287d45
+  data.tar.gz: 3eb82a1a977b37c4cfba905a22ab071fd1f3ca68529c282b7ddb70659f6b52acefeba80d25d95d72db48bff6ce0dc43dc45e03cb04d691ec09781d4c237da64b

data/.aikido

@@ -0,0 +1,6 @@
+exclude:
+  paths:
+    - benchmarks/
+    - docs/
+    - sample_apps/
+    - tasklib/wrk.rb

data/.simplecov

@@ -15,6 +15,12 @@ SimpleCov.start do
   minimum_coverage line: 95, branch: 85
 
   add_filter "/test/"
+
+  # WebMock excludes EM-HTTP-Request on Ruby 3.4:
+  # https://github.com/c960657/webmock/commit/34d16285dbcc574c90b273a89f16cb5fb9f4222a
+  if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.4.0") && Gem.loaded_specs["em-http-request"].version <= Gem::Version.new("1.1.7")
+    add_filter "lib/aikido/zen/sinks/em_http.rb"
+  end
 end
 
 # vim: ft=ruby

data/README.md

@@ -1,146 +1,137 @@
 ![Zen by Aikido for Ruby](./docs/banner.svg)
 
+# Zen, in-app firewall for Ruby | by Aikido
+
 [![Gem Version](https://badge.fury.io/rb/aikido-zen.svg?icon=si%3Arubygems&style=flat)](https://badge.fury.io/rb/aikido-zen)
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](http://makeapullrequest.com)
 [![Unit tests](https://github.com/AikidoSec/firewall-ruby/actions/workflows/main.yml/badge.svg)](https://github.com/AikidoSec/firewall-ruby/actions/workflows/main.yml)
 [![Release](https://github.com/AikidoSec/firewall-ruby/actions/workflows/release.yml/badge.svg)](https://github.com/AikidoSec/firewall-ruby/actions/workflows/release.yml)
 
-# Zen, in-app firewall for Ruby | by Aikido
+Zen, your in-app firewall for peace of mind - at runtime.
+
+Zen by Aikido is an embedded Web Application Firewall that autonomously protects Ruby apps against common and critical attacks.
 
-Zen, your in-app firewall for peace of mind—at runtime.
+It protects your Ruby apps by preventing user input containing dangerous strings, which allow injection, pollution, and path traversal attacks. It runs on the same server as your Ruby app for simple [installation](#installation) and zero maintenance.
 
-Zen by Aikido is an embedded Web Application Firewall that autonomously protects
-Ruby on Rails apps against common and critical attacks.
+## Features
 
-It protects your Rails apps by preventing user input containing dangerous
-strings, preventing SQL injection and SSRF attacks. It runs embedded on your
-Rails application, for simple installation and zero maintenance.
+Zen will autonomously protect your Ruby applications against:
 
 * 🛡️ [SQL injection attacks](https://www.aikido.dev/blog/the-state-of-sql-injections)
 * 🛡️ [Server-side request forgery (SSRF)](https://github.com/AikidoSec/firewall-node/blob/main/docs/ssrf.md)
-* 🛡️ [Command injection attacks](https://www.aikido.dev/blog/command-injection-in-2024-unpacked) (coming soon)
-* 🛡️ [Path traversal attacks](https://www.aikido.dev/blog/path-traversal-in-2024-the-year-unpacked) (coming soon)
+* 🛡️ [Command injection attacks](https://www.aikido.dev/blog/command-injection-in-2024-unpacked)
+* 🛡️ [Path traversal attacks](https://www.aikido.dev/blog/path-traversal-in-2024-the-year-unpacked)
 * 🛡️ [NoSQL injection attacks](https://www.aikido.dev/blog/web-application-security-vulnerabilities) (coming soon)
 
-Zen operates autonomously on the same server as your Rails app to:
+Zen operates autonomously on the same server as your Ruby app to:
 
-* ✅ Secure your app like a classic web application firewall (WAF), but with none of the infrastructure or cost.
-* ✅ Rate limit specific API endpoints by IP or by user.
-* ✅ Allow you to block specific users manually.
+* ✅ Secure your app like a classic web application firewall (WAF), but with none of the infrastructure or cost
+* ✅ Rate limit specific API endpoints by IP or by user
+* ✅ Allow you to block specific users manually
 
 ## Supported libraries and frameworks
 
 Zen for Ruby 2.7+ is compatible with:
 
+### Web frameworks
+
+* ✅ [Ruby on Rails](docs/rails.md) 7.x, 8.x
+
 ### Database drivers
 
-* ✅ [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) 1.x, 2.x
-* ✅ [pg](https://github.com/ged/ruby-pg) 1.x
-* ✅ [trilogy](https://github.com/trilogy-libraries/trilogy) 2.x
-* ✅ [mysql2](https://github.com/brianmario/mysql2) 0.x
+* ✅ [`sqlite3`](https://github.com/sparklemotion/sqlite3-ruby) 1.x, 2.x
+* ✅ [`pg`](https://github.com/ged/ruby-pg) 1.x
+* ✅ [`mysql2`](https://github.com/brianmario/mysql2) 0.x
+* ✅ [`trilogy`](https://github.com/trilogy-libraries/trilogy) 2.x
 
-### ORMs and Query Builders
+### ORMs and query builders
 
 See list above for supported database drivers.
 
 * ✅ [ActiveRecord](https://github.com/rails/rails)
 * ✅ [Sequel](https://github.com/jeremyevans/sequel)
 
-### HTTP Clients
+### HTTP clients
 
-* ✅ [net-http](https://github.com/ruby/net-http)
-* ✅ [http.rb](https://github.com/httprb/http) 1.x, 2.x, 3.x, 4.x, 5.x
-* ✅ [httpx](https://gitlab.com/os85/httpx) 1.x (1.1.3+)
-* ✅ [HttpClient](https://github.com/nahi/httpclient) 2.x, 3.x
-* ✅ [excon](https://github.com/excon/excon) 0.x (0.50.0+), 1.x
-* ✅ [patron](https://github.com/toland/patron) 0.x (0.6.4+)
-* ✅ [typhoeus](https://github.com/typhoeus/typhoeus) 0.x (0.5.0+), 1.x
-* ✅ [curb](https://github.com/taf2/curb) 0.x (0.2.3+), 1.x
-* ✅ [em-http-request](https://github.com/igrigorik/em-http-request) 1.x
-* ✅ [async-http](https://github.com/igrigorik/em-http-request) 0.x (0.70.0+)
+* ✅ [`net-http`](https://github.com/ruby/net-http)
+* ✅ [`http.rb`](https://github.com/httprb/http) 1.x, 2.x, 3.x, 4.x, 5.x
+* ✅ [`httpx`](https://gitlab.com/os85/httpx) 1.x (1.1.3+)
+* ✅ [`httpclient`](https://github.com/nahi/httpclient) 2.x, 3.x
+* ✅ [`excon`](https://github.com/excon/excon) 0.x (0.50.0+), 1.x
+* ✅ [`curb`](https://github.com/taf2/curb) 0.x (0.2.3+), 1.x
+* ✅ [`patron`](https://github.com/toland/patron) 0.x (0.6.4+)
+* ✅ [`typhoeus`](https://github.com/typhoeus/typhoeus) 0.x (0.5.0+), 1.x
+* ✅ [`async-http`](https://github.com/igrigorik/em-http-request) 0.x (0.70.0+)
+* ✅ [`em-http-request`](https://github.com/igrigorik/em-http-request) 1.x
 
 ## Installation
 
 We recommend testing Zen locally or on staging before deploying to production.
 
-```
+```sh
 bundle add aikido-zen
 ```
 
 or, if not using bundler:
 
-```
+```sh
 gem install aikido-zen
 ```
 
 For framework specific instructions, check out our docs:
 
-* [Ruby on Rails apps](docs/rails.md)
+* [Ruby on Rails](docs/rails.md)
 
-## Running in production (blocking) mode
+## Reporting to your Aikido Security dashboard
 
-By default, Zen will only detect and report attacks to Aikido.
+> Aikido is your no nonsense application security platform. One central system that scans your source code & cloud, shows you what vulnerabilities matter, and how to fix them - fast. So you can get back to building.
 
-To block requests, set the `AIKIDO_BLOCK` environment variable to `true`.
+Zen is a new product by Aikido. Built for developers to level up their security. While Aikido scans, get Zen for always-on protection.
 
-See [Reporting to Aikido](#reporting-to-your-aikido-security-dashboard) to learn
-how to send events to Aikido.
+You can use some of Zen's features without Aikido, of course. Peace of mind is just a few lines of code away.
 
-## Additional configuration
+But you will get the most value by reporting your data to Aikido.
 
-[Configure Zen using environment variables for authentication, mode settings, debugging, and more.](https://help.aikido.dev/doc/configuration-via-env-vars/docrSItUkeR9)
+You will need an Aikido account and a token to report events to Aikido. If you don't have an account, you can [sign up for free](https://app.aikido.dev/login).
 
-## Reporting to your Aikido Security dashboard
+Here's how:
 
-> Aikido is your no nonsense application security platform. One central system
-> that scans your source code & cloud, shows you what vulnerabilities matter,
-> and how to fix them - fast. So you can get back to building.
+* [Log in to your Aikido account](https://app.aikido.dev/login).
+* Go to [Zen](https://app.aikido.dev/runtime/services).
+* Go to apps.
+* Click on **Add app**.
+* Choose a name for your app.
+* Click **Generate token**.
+* Copy the token.
+* Set the token as an environment variable, `AIKIDO_TOKEN`, using [dotenv](https://github.com/bkeepers/dotenv) or another method of your choosing.
 
-Zen is a new product by Aikido. Built for developers to level up their security.
-While Aikido scans, get Zen for always-on protection.
+## Running in production (blocking) mode
 
-You can use some of Zen’s features without Aikido, of course. Peace of mind is
-just a few lines of code away.
+By default, Zen will only detect and report attacks to Aikido.
 
-But you will get the most value by reporting your data to Aikido.
+To block requests, set the `AIKIDO_BLOCK` environment variable to `true`.
 
-You will need an Aikido account and a token to report events to Aikido. If you
-don't have an account, you can sign up for free.
+See [Reporting to Aikido](#reporting-to-your-aikido-security-dashboard) to learn how to send events to Aikido.
 
-Here's how:
+## Additional configuration
 
-* Log in to your Aikido account.
-* Go to "Zen" on the sidebar.
-* Click on "Add App".
-* Choose a name for your App.
-* Click "Continue to Install"
-* Click "Generate Token".
-* Copy the token.
-* Set the token as an environment variable, `AIKIDO_TOKEN`, using
-  [dotenv](https://github.com/bkeepers/dotenv) or another method
-  of your choosing.
+[Configure Zen using environment variables for authentication, mode settings, debugging, and more.](https://help.aikido.dev/doc/configuration-via-env-vars/docrSItUkeR9)
 
-## Performance
+## License
 
-We run a benchmark on every commit to ensure Zen has a minimal impact on your
-application's performance.
+This program is offered under a commercial and under the AGPL license. You can be released from the requirements of the AGPL license by purchasing a commercial license. Buying such a license is mandatory as soon as you develop commercial activities involving the Zen software without disclosing the source code of your own applications. 
 
-For example, here's a benchmark that runs a single GET request to a Rails
-endpoint that performs a single SQL SELECT query:
+For more information, please contact Aikido Security at this address: support@aikido.dev or create an account at https://app.aikido.dev.
 
-| Without Zen      | With Zen      | Difference    |
-|------------------|---------------|---------------|
-| 3.527ms          | 3.583ms       | +0.056ms      |
+## Benchmarks
 
-Using Ruby 3.3, Rails 7.1, SQLite 1.7, running on a MacBook Pro M1 Pro. Results
-will vary based on hardware.
+We run a benchmark on every commit to ensure Zen has a minimal impact on your application's performance.
 
-See [benchmarks](benchmarks) for more information.
+See [benchmarks](benchmarks)
 
 ## Bug bounty program
 
-Our bug bounty program is public and can be found by all registered Intigriti
-users at: https://app.intigriti.com/researcher/programs/aikido/aikidoruntime
+Our bug bounty program is public and can be found by all registered Intigriti users at: https://app.intigriti.com/researcher/programs/aikido/aikidozenbeta
 
 ## Contributing
 
@@ -150,13 +141,6 @@ See [CONTRIBUTING.md](.github/CONTRIBUTING.md) for more information.
 
 See [CODE_OF_CONDUCT.md](.github/CODE_OF_CONDUCT.md) for more information.
 
-## License
-
-This program is offered under a commercial and under the AGPL license. You can
-be released from the requirements of the AGPL license by purchasing a commercial
-license. Buying such a license is mandatory as soon as you develop commercial
-activities involving the Zen software without disclosing the source code of your
-own applications.
+## Security
 
-For more information, please contact Aikido Security at this address:
-support@aikido.dev or create an account at https://app.aikido.dev.
+See [SECURITY.md](.github/SECURITY.md) for more information.

data/benchmarks/README.md

@@ -1,27 +1,23 @@
 # Benchmarking Zen for Ruby
 
-This directory contains the benchmarking scripts that we use to ensure adding
-Zen to your application does not impact performance significantly.
 
-We use [Grafana K6](https://k6.io) for these. For each sample application we
-include in this repo under [sample_apps](../sample_apps), you should find
-a script here that runs certain benchmarks against that app.
+We use [WRK](https://github.com/wg/wrk) & [Grafana K6](https://k6.io) for these.
 
-To run all the benchmarks, run the following from the root of the project:
+WRK benchmarks are only requesting a URL (`/benchmark`). In case you want to add more 
+of those test, you have to code them in the file `tasklib/bench.rake`.
 
-```
-$ bundle exec rake bench
-```
+K6 tests are defined in `benchmarks` folder. They are a javascript file, with calls 
+to different endpoints.
 
 In order to run a benchmarks against a single application, run the following
 from the root of the project:
 
 ```
-$ bundle exec rake bench:{app}:run
+$ BUNDLE_GEMFILE=./sample_apps/{app}/Gemfile bundle exec rake bench:{app}:(k6|wrk)_run
 ```
 
-For example, for the `rails7.1_sql_injection` application:
+For example, for the WRK of `rails7.1_benchmark` application:
 
 ```
-$ bundle exec rake bench:rails7.1_sql_injection:run
+$ BUNDLE_GEMFILE=./sample_apps/rails7.1_benchmark/Gemfile bundle exec rake bench:rails7.1_benchmark:wrk_run
 ```

data/docs/rails.md

@@ -40,7 +40,7 @@ You can just tell Zen to use it like so:
 
 ``` ruby
 # config/initializers/zen.rb
-Rails.application.config.zen.api_token = Rails.application.credentials.zen.token
+Rails.application.config.zen.token = Rails.application.credentials.zen.token
 ```
 
 [creds]: https://guides.rubyonrails.org/security.html#environmental-security

data/lib/aikido/zen/agent.rb

@@ -19,6 +19,7 @@ module Aikido::Zen
     def initialize(
       config: Aikido::Zen.config,
       collector: Aikido::Zen.collector,
+      detached_agent: Aikido::Zen.detached_agent,
       worker: Aikido::Zen::Worker.new(config: config),
       api_client: Aikido::Zen::APIClient.new(config: config)
     )
@@ -28,6 +29,7 @@ module Aikido::Zen
       @worker = worker
       @api_client = api_client
       @collector = collector
+      @detached_agent = detached_agent
     end
 
     def started?
@@ -35,7 +37,7 @@ module Aikido::Zen
     end
 
     def start!
-      @config.logger.info "Starting Aikido agent"
+      @config.logger.info "Starting Aikido agent v#{Aikido::Zen::VERSION}"
 
       raise Aikido::ZenError, "Aikido Agent already started!" if started?
       @started_at = Time.now.utc
@@ -57,7 +59,7 @@ module Aikido::Zen
       at_exit { stop! if started? }
 
       report(Events::Started.new(time: @started_at)) do |response|
-        Aikido::Zen.runtime_settings.update_from_json(response)
+        updated_settings! if Aikido::Zen.runtime_settings.update_from_json(response)
         @config.logger.info "Updated runtime settings."
       rescue => err
         @config.logger.error(err.message)
@@ -141,11 +143,11 @@ module Aikido::Zen
     def send_heartbeat(at: Time.now.utc)
       return unless @api_client.can_make_requests?
 
-      event = @collector.flush(at: at)
-
-      report(event) do |response|
-        Aikido::Zen.runtime_settings.update_from_json(response)
-        @config.logger.info "Updated runtime settings after heartbeat"
+      @collector.flush_heartbeats.each do |heartbeat|
+        report(heartbeat) do |response|
+          updated_settings! if Aikido::Zen.runtime_settings.update_from_json(response)
+          @config.logger.info "Updated runtime settings after heartbeat"
+        end
       end
     end
 
@@ -159,7 +161,7 @@ module Aikido::Zen
     def poll_for_setting_updates
       @worker.every(@config.polling_interval) do
         if @api_client.should_fetch_settings?
-          Aikido::Zen.runtime_settings.update_from_json(@api_client.fetch_settings)
+          updated_settings! if Aikido::Zen.runtime_settings.update_from_json(@api_client.fetch_settings)
           @config.logger.info "Updated runtime settings after polling"
         end
       end

data/lib/aikido/zen/api_client.rb

@@ -72,16 +72,26 @@ module Aikido::Zen
     #   @return (see #fetch_settings)
     #   @raise (see #request)
     def report(event)
-      if @rate_limiter.throttle?(event)
-        @config.logger.error("Not reporting #{event.type.upcase} event due to rate limiting")
+      event_type = if event.respond_to?(:type)
+        event.type
+      else
+        event[:type]
+      end
+
+      if @rate_limiter.throttle?(event_type)
+        @config.logger.error("Not reporting #{event_type.upcase} event due to rate limiting")
         return
       end
 
-      @config.logger.debug("Reporting #{event.type.upcase} event")
+      @config.logger.debug("Reporting #{event_type.upcase} event")
 
       req = Net::HTTP::Post.new("/api/runtime/events", default_headers)
       req.content_type = "application/json"
-      req.body = @config.json_encoder.call(event.as_json)
+      req.body = if event.respond_to?(:as_json)
+        @config.json_encoder.call(event.as_json)
+      else
+        @config.json_encoder.call(event)
+      end
 
       request(req)
     rescue Aikido::Zen::RateLimitedError

data/lib/aikido/zen/background_worker.rb

@@ -0,0 +1,52 @@
+module Aikido::Zen
+  # Generic background worker class backed by queue. Meant to be used by any
+  # background process that needs to do heavy tasks.
+  class BackgroundWorker
+    # @param block [block] A block that receives 1 message directly from the queue
+    def initialize(&block)
+      @queue = Queue.new
+      @block = block
+    end
+
+    # starts the background thread, blocking the thread until a new messages arrives
+    # or the queue is stopped.
+    def start
+      @thread = Thread.new do
+        while running? || actions?
+          action = wait_for_action
+          @block.call(action) unless action.nil?
+        end
+      end
+    end
+
+    def restart
+      stop
+      @queue = Queue.new # re-open the queue
+      start
+    end
+
+    # Drain the queue to do not lose any messages
+    def stop
+      @queue.close # stop accepting messages
+      @thread.join # wait for the queue to be drained
+    end
+
+    def enqueue(scan)
+      @queue.push(scan)
+    end
+
+    private
+
+    def actions?
+      !@queue.empty?
+    end
+
+    def running?
+      !@queue.closed?
+    end
+
+    def wait_for_action
+      @queue.pop(false)
+    end
+  end
+end

data/lib/aikido/zen/collector.rb

@@ -11,6 +11,7 @@ module Aikido::Zen
       @users = Concurrent::AtomicReference.new(Users.new(@config))
       @hosts = Concurrent::AtomicReference.new(Hosts.new(@config))
       @routes = Concurrent::AtomicReference.new(Routes.new(@config))
+      @heartbeats = Queue.new
       @middleware_installed = Concurrent::AtomicBoolean.new
     end
 
@@ -34,6 +35,16 @@ module Aikido::Zen
       )
     end
 
+    # Put heartbeats coming from child processes into the internal queue.
+    def push_heartbeat(heartbeat)
+      @heartbeats << heartbeat
+    end
+
+    # Drains into an array all the queued heartbeats
+    def flush_heartbeats
+      Array.new(@heartbeats.size) { @heartbeats.pop }
+    end
+
     # Sets the start time for this collection period.
     #
     # @param at [Time] defaults to now.
@@ -46,7 +57,7 @@ module Aikido::Zen
     #
     # @param request [Aikido::Zen::Request]
     # @return [void]
-    def track_request(request)
+    def track_request(*)
       synchronize(@stats) { |stats| stats.add_request }
     end
 

data/lib/aikido/zen/config.rb

@@ -8,6 +8,12 @@ require_relative "context"
 
 module Aikido::Zen
   class Config
+    # @api private
+    # @return [Boolean] whether Aikido should protect.
+    def protect?
+      !api_token.nil? || blocking_mode? || debugging?
+    end
+
     # @return [Boolean] whether Aikido should be turned completely off (no
     #   intercepting calls to protect the app, no agent process running, no
     #   middleware installed). Defaults to false (so, enabled). Can be set
@@ -55,6 +61,11 @@ module Aikido::Zen
     # @return [Logger]
     attr_reader :logger
 
+    # @return [string] Path of the socket where the detached agent will listen.
+    # By default, is stored under the root application path with file name
+    # `aikido-detached-agent.sock`
+    attr_reader :detached_agent_socket_path
+
     # @return [Boolean] is the agent in debugging mode?
     attr_accessor :debugging
     alias_method :debugging?, :debugging
@@ -153,6 +164,7 @@ module Aikido::Zen
       self.debugging = read_boolean_from_env(ENV.fetch("AIKIDO_DEBUG", false))
       self.logger = Logger.new($stdout, progname: "aikido", level: debugging ? Logger::DEBUG : Logger::INFO)
       self.max_performance_samples = 5000
+      self.detached_agent_socket_path = ENV.fetch("AIKIDO_DETACHED_AGENT_SOCKET_PATH", DEFAULT_DETACHED_AGENT_SOCKET_PATH)
       self.max_compressed_stats = 100
       self.max_outbound_connections = 200
       self.max_users_tracked = 1000
@@ -210,6 +222,11 @@ module Aikido::Zen
       @api_timeouts.update(value)
     end
 
+    def detached_agent_socket_path=(path)
+      @detached_agent_socket_path = path
+      @detached_agent_socket_path = "drbunix:" + @detached_agent_socket_path unless @detached_agent_socket_path.start_with?("drbunix:")
+    end
+
     private
 
     def read_boolean_from_env(value)
@@ -235,6 +252,9 @@ module Aikido::Zen
     # @!visibility private
     DEFAULT_JSON_DECODER = JSON.method(:parse)
 
+    # @!visibility private
+    DEFAULT_DETACHED_AGENT_SOCKET_PATH = "aikido-detached-agent.sock"
+
     # @!visibility private
     DEFAULT_BLOCKED_RESPONDER = ->(request, blocking_type) do
       message = case blocking_type

data/lib/aikido/zen/context.rb

@@ -20,6 +20,9 @@ module Aikido::Zen
     # @return [Aikido::Zen::Request]
     attr_reader :request
 
+    # @return [Boolean]
+    attr_accessor :scanning
+
     # @param request [Rack::Request] a Request object that implements the
     #   Rack::Request API, to which we will delegate behavior.
     # @param settings [Aikido::Zen::RuntimeSettings]
@@ -32,6 +35,7 @@ module Aikido::Zen
       @settings = settings
       @payload_sources = sources
       @metadata = {}
+      @scanning = false
     end
 
     # Fetch some metadata stored in the Context.

data/lib/aikido/zen/detached_agent/agent.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require "drb/drb"
+require "drb/unix"
+require_relative "front_object"
+require_relative "../background_worker"
+
+module Aikido::Zen::DetachedAgent
+  # Agent that runs in forked processes. It communicates with the parent process to dRB
+  # calls. It's in charge of schedule and send heartbeats to the *parent process*, to be
+  # later pushed.
+  #
+  # heartbeat & polling interval are configured to 10s , because they are connecting with
+  # parent process. We want to have the freshest data.
+  #
+  # It's possible to use `extend Forwardable` here for one-line forward calls to the
+  # @detached_agent_front object. Unfortunately, the methods to be called are
+  # created at runtime by `DRbObject`, which leads to an ugly warning about
+  # private methods after the delegator is bound.
+  class Agent
+    attr_reader :worker
+
+    def initialize(
+      heartbeat_interval: 10,
+      polling_interval: 10,
+      config: Aikido::Zen.config,
+      collector: Aikido::Zen.collector,
+      worker: Aikido::Zen::Worker.new(config: config)
+    )
+      @config = config
+      @heartbeat_interval = heartbeat_interval
+      @polling_interval = polling_interval
+      @worker = worker
+      @collector = collector
+      @detached_agent_front = DRbObject.new_with_uri(config.detached_agent_socket_path)
+      @has_forked = false
+      schedule_tasks
+    end
+
+    def send_heartbeat(at: Time.now.utc)
+      return unless @collector.stats.any?
+
+      heartbeat = @collector.flush(at: at)
+      @detached_agent_front.send_heartbeat_to_parent_process(heartbeat.as_json)
+    end
+
+    private def schedule_tasks
+      # For heartbeats is correct to send them from parent or child process. Otherwise, we'll lose
+      # stats made by the parent process.
+      @worker.every(@heartbeat_interval, run_now: false) { send_heartbeat }
+
+      # Runtime_settings fetch must happens only in the child processes, otherwise, due to
+      # we are updating the global runtime_settings, we could have an infinite recursion.
+      if @has_forked
+        @worker.every(@polling_interval) do
+          Aikido::Zen.runtime_settings = @detached_agent_front.updated_settings
+          @config.logger.debug "Updated runtime settings after polling from child process #{Process.pid}"
+        end
+      end
+    end
+
+    def calculate_rate_limits(request)
+      @detached_agent_front.calculate_rate_limits(request.route, request.ip, request.actor.to_json)
+    end
+
+    # Every time a fork occurs (a new child process is created), we need to start
+    # a DRb service in a background thread within the child process. This service
+    # will manage the connection and handle resource cleanup.
+    def handle_fork
+      @has_forked = true
+      DRb.start_service
+      # we need to ensure that there are not more jobs in the queue, but
+      # we reuse the same object
+      @worker.restart
+      schedule_tasks
+    end
+  end
+end