aikido-zen 1.0.1.beta.5-x86_64-darwin → 1.0.2.beta.1-x86_64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1393fa45d0bfc2d1b2e9297c8f723a722a3a2c7bc23ba9154d7970d438a7641
-  data.tar.gz: 603014b3cac01c79a4ab4f50fbee852bfda042b860292bfb7aefb1c8002d12a4
+  metadata.gz: c55246b2bdb40b316fb80cf0aa1ddbedb6205c050a26b5b2f75e930d6a6cf989
+  data.tar.gz: 78156c513ccbadf7a7b3a8c24689d8629007bca189406fc1ea441c5c16763625
 SHA512:
-  metadata.gz: 14bc6ccd5afb21b194fff8992999f07da8cb8689bf9f5af89b19a5a10a5db2d005294e792e6a3aab67cd5af167480fa6a702e70ed4d3c38f05cc41b157a3dc08
-  data.tar.gz: b703d4a16f581d24e4ca981b2cdb3b9f36144f045b7ec49b4711ee3ccc501ffa4210d2e47f7960a8203f4e1ad7d2317741dc0c070cdd0365fdaa37c1cf8c9b62
+  metadata.gz: 216f8686d16699dabfb416fb207f31e302b2239aa9393999f499af14237156818b5c5e45bb6fa7cbf3b214336e6059b96867a303932b9669b87460b20d0514f6
+  data.tar.gz: 470b07194b238bb4a44c283fce7ad7679ac8fa4df119feca684bb65bb7c75729157c9e77b38fbce8bcc9629780848455aa790af9159c12a349c1e71faa41ee02

data/docs/rails.md

@@ -2,19 +2,63 @@
 
 To install Zen, add the gem:
 
-```
+```sh
 bundle add aikido-zen
 ```
 
+And require it before `Bundler.require` in `config/application.rb`:
+
+```ruby
+# config/application.rb
+require_relative "boot"
+
+require "rails/all"
+
+require "aikido-zen"
+Aikido::Zen.protect!
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+...
+```
+
 That's it! Zen will start to run inside your app when it starts getting
 requests.
 
+## Rate limiting and user blocking
+
+If you want to add the rate limiting feature to your app, modify your code like this:
+
+```ruby
+# app/controllers/application_controller.rb
+class ApplicationController < ActionController::Base
+  private
+
+  def current_user
+    return unless session[:user_id]
+    User.find(session[:user_id])
+  end
+
+  def authenticate_user!
+    # Your authentication logic here
+    # ...
+    # Optional, if you want to use user based rate limiting or block specific users
+    Aikido::Zen.set_user(
+      id: current_user.id,
+      name: current_user.name
+    )
+  end
+end
+```
+
 ## Configuration
 
 Zen exposes its configuration object to the Rails configuration, which you can
 modify in an initializer if desired:
 
-``` ruby
+```ruby
 # config/initializers/zen.rb
 Rails.application.config.zen.api_timeouts = 20
 ```
@@ -30,7 +74,7 @@ If you're using Rails' [encrypted credentials][creds], and prefer not storing
 sensitive values in your env vars, you can easily configure Zen for it. For
 example, assuming the following credentials structure:
 
-``` yaml
+```yaml
 # config/credentials.yml.enc
 zen:
   token: "AIKIDO_RUNTIME_..."
@@ -38,7 +82,7 @@ zen:
 
 You can just tell Zen to use it like so:
 
-``` ruby
+```ruby
 # config/initializers/zen.rb
 Rails.application.config.zen.token = Rails.application.credentials.zen.token
 ```
@@ -61,7 +105,7 @@ way.
 By default, Zen will use the Rails logger, prefixing messages with `[aikido]`.
 You can redirect the log to a separate stream by overriding the logger:
 
-```
+```ruby
 # config/initializers/zen.rb
 Rails.application.config.zen.logger = Logger.new(...)
 ```

data/lib/aikido/zen/config.rb

@@ -64,7 +64,7 @@ module Aikido::Zen
     # @return [string] Path of the socket where the detached agent will listen.
     # By default, is stored under the root application path with file name
     # `aikido-detached-agent.sock`
-    attr_reader :detached_agent_socket_path
+    attr_accessor :detached_agent_socket_path
 
     # @return [Boolean] is the agent in debugging mode?
     attr_accessor :debugging
@@ -222,9 +222,8 @@ module Aikido::Zen
       @api_timeouts.update(value)
     end
 
-    def detached_agent_socket_path=(path)
-      @detached_agent_socket_path = path
-      @detached_agent_socket_path = "drbunix:" + @detached_agent_socket_path unless @detached_agent_socket_path.start_with?("drbunix:")
+    def detached_agent_socket_uri
+      "drbunix:" + @detached_agent_socket_path
     end
 
     private

data/lib/aikido/zen/detached_agent/agent.rb

@@ -32,7 +32,7 @@ module Aikido::Zen::DetachedAgent
       @polling_interval = polling_interval
       @worker = worker
       @collector = collector
-      @detached_agent_front = DRbObject.new_with_uri(config.detached_agent_socket_path)
+      @detached_agent_front = DRbObject.new_with_uri(config.detached_agent_socket_uri)
       @has_forked = false
       schedule_tasks
     end

data/lib/aikido/zen/detached_agent/server.rb

@@ -1,41 +1,78 @@
 # frozen_string_literal: true
 
+require "fileutils"
+
 module Aikido::Zen::DetachedAgent
   class Server
+    # Initialize and start a detached agent server instance.
+    #
+    # @return [Aikido::Zen::DetachedAgent::Server]
+    def self.start(**opts)
+      new(**opts).tap(&:start!)
+    end
+
     def initialize(config: Aikido::Zen.config)
-      @detached_agent_front = FrontObject.new
-      @drb_server = DRb.start_service(config.detached_agent_socket_path, @detached_agent_front)
+      @started_at = nil
 
-      # We don't want to see drb logs unless in debug mode
-      @drb_server.verbose = config.logger.debug?
-    end
+      @config = config
 
-    def alive?
-      @drb_server.alive?
+      @socket_path = config.detached_agent_socket_path
+      @socket_uri = config.detached_agent_socket_uri
     end
 
-    def stop!
-      @drb_server.stop_service
-      DRb.stop_service
+    def started?
+      !!@started_at
     end
 
-    class << self
-      def start!
-        Aikido::Zen.config.logger.debug("Starting DRb Server...")
-        max_attempts = 10
-        @server = new
-
-        attempts = 0
-        until @server.alive?
-          Aikido::Zen.config.logger.info("DRb Server still not alive. #{max_attempts - attempts} attempts remaining")
-          sleep 0.1
-          attempts += 1
-          raise Aikido::Zen::DetachedAgentError.new("Impossible to start the dRB server (socket=#{Aikido::Zen.config.detached_agent_socket_path})") \
-            if attempts == max_attempts
-        end
-
-        @server
+    def start!
+      @config.logger.info("Starting DRb Server...")
+
+      # Try to ensure that the DRb service can start if the DRb service did
+      # not stop cleanly.
+      begin
+        # Check whether the Unix domain socket is in use by another process.
+        UNIXSocket.new(@socket_path).close
+      rescue Errno::ECONNREFUSED
+        @config.logger.debug("Removing residual Unix domain socket...")
+
+        # Remove the residual Unix domain socket.
+        FileUtils.rm_f(@socket_path)
+      rescue
+        # empty
+      end
+
+      @front = FrontObject.new
+
+      # If the Unix domain socket is in use by another process and/or the
+      # residual Unix domain socket could not be removed DRb will raise an
+      # appropriate error.
+      @drb_server = DRb.start_service(@socket_uri, @front)
+
+      # Only show DRb output in debug mode.
+      @drb_server.verbose = @config.logger.debug?
+
+      # Ensure that the DRb server is alive.
+      max_attempts = 10
+      attempts = 0
+      until @drb_server.alive?
+        @config.logger.info("DRb Server still not alive. #{max_attempts - attempts} attempts remaining")
+        sleep 0.1
+        attempts += 1
+        raise Aikido::Zen::DetachedAgentError.new("Impossible to start the dRB server (socket=#{Aikido::Zen.config.detached_agent_socket_path})") \
+          if attempts == max_attempts
       end
+
+      @started_at = Time.now.utc
+
+      at_exit { stop! if started? }
+    end
+
+    def stop!
+      @config.logger.info("Stopping DRb Server...")
+      @started_at = nil
+
+      @drb_server.stop_service if @drb_server.alive?
+      DRb.stop_service
     end
   end
 end

data/lib/aikido/zen/sinks_dsl.rb

@@ -109,6 +109,8 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_before(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         original = instance_method(method_name)
 
         define_method(method_name) do |*args, **kwargs, &blk|
@@ -131,6 +133,8 @@ module Aikido::Zen
       #
       # @note the block is executed within `safe` to handle errors safely; the original method is executed outside of `safe` to preserve the original behavior
       def sink_before(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         presafe_sink_before(method_name) do |*args, **kwargs|
           DSL.safe do
             instance_exec(*args, **kwargs, &block)
@@ -149,6 +153,8 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_after(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         original = instance_method(method_name)
 
         define_method(method_name) do |*args, **kwargs, &blk|
@@ -173,6 +179,8 @@ module Aikido::Zen
       #
       # @note the block is executed within `safe` to handle errors safely; the original method is executed outside of `safe` to preserve the original behavior
       def sink_after(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         presafe_sink_after(method_name) do |result, *args, **kwargs|
           DSL.safe do
             instance_exec(result, *args, **kwargs, &block)
@@ -191,6 +199,8 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_around(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         original = instance_method(method_name)
 
         define_method(method_name) do |*args, **kwargs, &blk|
@@ -219,6 +229,8 @@ module Aikido::Zen
       # @note the block is executed within `safe` to handle errors safely; the original method is executed within `presafe` to preserve the original behavior
       # @note if the block does not call `original_call`, the original method is called automatically after the block is executed
       def sink_around(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         presafe_sink_around(method_name) do |presafe_original_call, *args, **kwargs|
           original_called = false
           original_call = proc do

data/lib/aikido/zen/version.rb

@@ -2,7 +2,7 @@
 
 module Aikido
   module Zen
-    VERSION = "1.0.1.beta.5"
+    VERSION = "1.0.2.beta.1"
 
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.39"

data/lib/aikido/zen.rb

@@ -165,6 +165,11 @@ module Aikido
       end
     end
 
+    # Align with other Zen implementations, while keeping internal consistency.
+    class << self
+      alias_method :set_user, :track_user
+    end
+
     # Marks that the Zen middleware was installed properly
     # @return void
     def self.middleware_installed!
@@ -209,7 +214,7 @@ module Aikido
     end
 
     def self.detached_agent_server
-      @detached_agent_server ||= DetachedAgent::Server.start!
+      @detached_agent_server ||= DetachedAgent::Server.start
     end
 
     class << self

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.5
+  version: 1.0.2.beta.1
 platform: x86_64-darwin
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-08-19 00:00:00.000000000 Z
+date: 2025-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby