aikido-zen 1.0.1.beta.4-arm64-linux-musl → 1.0.2-arm64-linux-musl

data/lib/aikido/zen.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require_relative "zen/helpers"
 require_relative "zen/version"
 require_relative "zen/errors"
 require_relative "zen/actor"
@@ -11,14 +12,17 @@ require_relative "zen/agent"
 require_relative "zen/api_client"
 require_relative "zen/context"
 require_relative "zen/detached_agent"
-require_relative "zen/middleware/check_allowed_addresses"
 require_relative "zen/middleware/middleware"
+require_relative "zen/middleware/fork_detector"
+require_relative "zen/middleware/context_setter"
+require_relative "zen/middleware/allowed_address_checker"
+require_relative "zen/middleware/attack_wave_protector"
 require_relative "zen/middleware/request_tracker"
-require_relative "zen/middleware/set_context"
 require_relative "zen/outbound_connection"
 require_relative "zen/outbound_connection_monitor"
 require_relative "zen/runtime_settings"
 require_relative "zen/rate_limiter"
+require_relative "zen/attack_wave"
 require_relative "zen/scanners"
 
 module Aikido
@@ -36,10 +40,8 @@ module Aikido
         return
       end
 
-      return unless config.protect?
-
       unless load_sources! && load_sinks!
-        config.logger.warn "Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information."
+        config.logger.warn("Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information.")
         return
       end
 
@@ -78,6 +80,16 @@ module Aikido
       @runtime_settings = settings
     end
 
+    # @return [Boolean] whether the Aikido agent is currently blocking requests.
+    #   Blocking mode is configured at startup and can be controlled through the
+    #   Aikido dashboard at runtime.
+    def self.blocking_mode?
+      blocking_mode = runtime_settings.blocking_mode
+      return blocking_mode unless blocking_mode.nil?
+
+      config.blocking_mode
+    end
+
     # Gets information about the current system configuration, which is sent to
     # the server along with any events.
     def self.system_info
@@ -87,15 +99,9 @@ module Aikido
     # Manages runtime metrics extracted from your app, which are uploaded to the
     # Aikido servers if configured to do so.
     def self.collector
-      check_and_handle_fork
       @collector ||= Collector.new
     end
 
-    def self.detached_agent
-      check_and_handle_fork
-      @detached_agent ||= DetachedAgent::Agent.new
-    end
-
     # Gets the current context object that holds all information about the
     # current request.
     #
@@ -121,6 +127,18 @@ module Aikido
       collector.track_request
     end
 
+    # Track statistics about an attack wave the app is handling.
+    #
+    # @param attack_wave [Aikido::Zen::Events::AttackWave]
+    # @return [void]
+    def self.track_attack_wave(attack_wave)
+      collector.track_attack_wave(being_blocked: false)
+    end
+
+    # Track statistics about a route that the app has discovered.
+    #
+    # @param request [Aikido::Zen::Request]
+    # @return [void]
     def self.track_discovered_route(request)
       collector.track_route(request)
     end
@@ -165,12 +183,22 @@ module Aikido
       end
     end
 
+    # Align with other Zen implementations, while keeping internal consistency.
+    class << self
+      alias_method :set_user, :track_user
+    end
+
     # Marks that the Zen middleware was installed properly
     # @return void
     def self.middleware_installed!
       collector.middleware_installed!
     end
 
+    # @return [Aikido::Zen::AttackWave::Detector] the attack wave detector.
+    def self.attack_wave_detector
+      @attack_wave_detector ||= AttackWave::Detector.new
+    end
+
     # @!visibility private
     # Load all sources.
     #
@@ -208,8 +236,12 @@ module Aikido
       @agent ||= Agent.start
     end
 
+    def self.detached_agent
+      @detached_agent ||= DetachedAgent::Agent.new
+    end
+
     def self.detached_agent_server
-      @detached_agent_server ||= DetachedAgent::Server.start!
+      @detached_agent_server ||= DetachedAgent::Server.start
     end
 
     class << self
@@ -218,24 +250,54 @@ module Aikido
       LOCK = Mutex.new
 
       def start!
+        return unless start?
+
         @pid = Process.pid
+
         LOCK.synchronize do
           agent
           detached_agent_server
         end
       end
 
+      def start?
+        !config.api_token.nil? ||
+          config.blocking_mode? ||
+          config.debugging?
+      end
+
       def check_and_handle_fork
-        if has_forked
-          @detached_agent&.handle_fork
-        end
+        handle_fork if forked?
       end
 
-      def has_forked
+      def forked?
         pid_changed = Process.pid != @pid
         @pid = Process.pid
         pid_changed
       end
+
+      def handle_fork
+        @detached_agent&.handle_fork
+      end
+    end
+
+    # @!visibility private
+    # Returns the stack trace trimmed to where execution last entered Zen.
+    #
+    # @return [String]
+    def self.clean_stack_trace
+      stack_trace = caller_locations
+
+      spec = Gem.loaded_specs["aikido-zen"]
+
+      # Only trim stack frames from .../lib/aikido/zen/ in the aikido-zen gem,
+      # so calls in sample apps are preserved.
+      lib_path_start = File.expand_path(File.join(spec.full_gem_path, "lib", "aikido", "zen")) + File::SEPARATOR
+
+      index = stack_trace.index { |frame| !File.expand_path(frame.path).start_with?(lib_path_start) }
+      stack_trace = stack_trace[index..] if index
+
+      stack_trace.map(&:to_s).join("\n")
     end
   end
 end

data/tasklib/bench.rake

@@ -87,7 +87,7 @@ Pathname.glob("sample_apps/*").select(&:directory?).each do |dir|
       end
 
       task :boot_unprotected_app do
-        boot_server(dir, port: PORT_UNPROTECTED, env: {"AIKIDO_DISABLED" => "true"})
+        boot_server(dir, port: PORT_UNPROTECTED, env: {"AIKIDO_DISABLE" => "true"})
       end
     end
   end

data/tasklib/libzen.rake

@@ -76,6 +76,7 @@ LIBZENS = [
   LibZen.new("arm64-darwin.dylib", "libzen_internals_aarch64-apple-darwin.dylib"),
   LibZen.new("arm64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
   LibZen.new("arm64-linux-musl.so", "libzen_internals_aarch64-unknown-linux-musl.so"),
+  LibZen.new("aarch64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
   LibZen.new("x86_64-darwin.dylib", "libzen_internals_x86_64-apple-darwin.dylib"),
   LibZen.new("x86_64-linux.so", "libzen_internals_x86_64-unknown-linux-gnu.so"),
   LibZen.new("x86_64-linux-musl.so", "libzen_internals_x86_64-unknown-linux-musl.so"),

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.4
+  version: 1.0.2
 platform: arm64-linux-musl
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-08-11 00:00:00.000000000 Z
+date: 2025-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -71,10 +71,13 @@ files:
 - README.md
 - Rakefile
 - benchmarks/README.md
+- benchmarks/rails7.1_benchmark.js
 - benchmarks/rails7.1_sql_injection.js
 - docs/banner.svg
 - docs/config.md
+- docs/proxy.md
 - docs/rails.md
+- docs/troubleshooting.md
 - lib/aikido-zen.rb
 - lib/aikido/zen.rb
 - lib/aikido/zen/actor.rb
@@ -82,9 +85,13 @@ files:
 - lib/aikido/zen/agent/heartbeats_manager.rb
 - lib/aikido/zen/api_client.rb
 - lib/aikido/zen/attack.rb
+- lib/aikido/zen/attack_wave.rb
+- lib/aikido/zen/attack_wave/helpers.rb
 - lib/aikido/zen/background_worker.rb
+- lib/aikido/zen/cache.rb
 - lib/aikido/zen/capped_collections.rb
 - lib/aikido/zen/collector.rb
+- lib/aikido/zen/collector/event.rb
 - lib/aikido/zen/collector/hosts.rb
 - lib/aikido/zen/collector/routes.rb
 - lib/aikido/zen/collector/sink_stats.rb
@@ -100,13 +107,16 @@ files:
 - lib/aikido/zen/detached_agent/server.rb
 - lib/aikido/zen/errors.rb
 - lib/aikido/zen/event.rb
+- lib/aikido/zen/helpers.rb
 - lib/aikido/zen/internals.rb
-- lib/aikido/zen/libzen-v0.1.39-arm64-linux-musl.so
-- lib/aikido/zen/middleware/check_allowed_addresses.rb
+- lib/aikido/zen/libzen-v0.1.48-arm64-linux-musl.so
+- lib/aikido/zen/middleware/allowed_address_checker.rb
+- lib/aikido/zen/middleware/attack_wave_protector.rb
+- lib/aikido/zen/middleware/context_setter.rb
+- lib/aikido/zen/middleware/fork_detector.rb
 - lib/aikido/zen/middleware/middleware.rb
 - lib/aikido/zen/middleware/rack_throttler.rb
 - lib/aikido/zen/middleware/request_tracker.rb
-- lib/aikido/zen/middleware/set_context.rb
 - lib/aikido/zen/outbound_connection.rb
 - lib/aikido/zen/outbound_connection_monitor.rb
 - lib/aikido/zen/package.rb