asherah 0.9.1-aarch64-linux → 0.10.0-aarch64-linux

data/lib/asherah/error.rb

@@ -1,30 +1,16 @@
 # frozen_string_literal: true
 
 module Asherah
-  # Asherah Error converts the error code to error message
-  module Error
-    ConfigError = Class.new(StandardError)
-    NotInitialized = Class.new(StandardError)
-    AlreadyInitialized = Class.new(StandardError)
-    GetSessionFailed = Class.new(StandardError)
-    EncryptFailed = Class.new(StandardError)
-    DecryptFailed = Class.new(StandardError)
-    BadConfig = Class.new(StandardError)
-
-    CODES = {
-      -100 => NotInitialized,
-      -101 => AlreadyInitialized,
-      -102 => GetSessionFailed,
-      -103 => EncryptFailed,
-      -104 => DecryptFailed,
-      -105 => BadConfig
-    }.freeze
-
-    def self.check_result!(result, message)
-      return unless result.negative?
-
-      error_class = Error::CODES.fetch(result, StandardError)
-      raise error_class, "#{message} (#{result})"
-    end
+  # Base error class. Also serves as a namespace for specific error types
+  # compatible with the canonical godaddy/asherah-ruby gem.
+  class Error < StandardError
+    ConfigError = Class.new(self)
+    NotInitialized = Class.new(self)
+    AlreadyInitialized = Class.new(self)
+    GetSessionFailed = Class.new(self)
+    EncryptFailed = Class.new(self)
+    DecryptFailed = Class.new(self)
+    BadConfig = Class.new(self)
+    Timeout = Class.new(self)
   end
 end

data/lib/asherah/hooks.rb

@@ -0,0 +1,239 @@
+# frozen_string_literal: true
+
+require "logger"
+
+require_relative "native"
+
+module Asherah
+  # Log + metrics observability hooks.
+  #
+  # The C ABI accepts a single function pointer per hook. We marshal each
+  # invocation into a Ruby Hash with symbol keys and yield it to the
+  # user-provided +Proc+. Exceptions raised by the user's callback are caught
+  # and silently swallowed — propagating an exception across the FFI boundary
+  # would be undefined behavior (and since Rust 1.81 aborts the process).
+  #
+  # The user's callback may fire from any thread (Rust tokio worker threads,
+  # database driver threads). Implementations must be thread-safe and should
+  # not block; expensive forwarding (e.g. to a logging framework) should be
+  # done by enqueueing work onto a background thread you own.
+  module Hooks
+    # Map C ABI integer log level → +Logger::Severity+ constant. The Rust
+    # +log+ crate has a TRACE level that stdlib +Logger+ does not; it is
+    # surfaced as +Logger::DEBUG+ so the value is still meaningful when the
+    # caller dispatches via +Logger#add+.
+    LOG_LEVEL_TO_SEVERITY = {
+      Native::LOG_TRACE => Logger::DEBUG,
+      Native::LOG_DEBUG => Logger::DEBUG,
+      Native::LOG_INFO  => Logger::INFO,
+      Native::LOG_WARN  => Logger::WARN,
+      Native::LOG_ERROR => Logger::ERROR
+    }.freeze
+    private_constant :LOG_LEVEL_TO_SEVERITY
+
+    # Map +Logger::Severity+ → lowercase symbol for ergonomic dispatch on
+    # the raw block API.
+    SEVERITY_TO_SYMBOL = {
+      Logger::DEBUG => :debug,
+      Logger::INFO  => :info,
+      Logger::WARN  => :warn,
+      Logger::ERROR => :error,
+      Logger::FATAL => :fatal,
+      Logger::UNKNOWN => :unknown
+    }.freeze
+    private_constant :SEVERITY_TO_SYMBOL
+
+    METRIC_TYPE_NAMES = {
+      Native::METRIC_ENCRYPT     => :encrypt,
+      Native::METRIC_DECRYPT     => :decrypt,
+      Native::METRIC_STORE       => :store,
+      Native::METRIC_LOAD        => :load,
+      Native::METRIC_CACHE_HIT   => :cache_hit,
+      Native::METRIC_CACHE_MISS  => :cache_miss,
+      Native::METRIC_CACHE_STALE => :cache_stale
+    }.freeze
+    private_constant :METRIC_TYPE_NAMES
+
+    # Module state: pinning the active FFI::Function trampolines is required
+    # so the GC does not free them while the C ABI still holds the pointer.
+    @mutex = Mutex.new
+    @log_trampoline  = nil
+    @metrics_trampoline = nil
+    @log_callback    = nil
+    @metrics_callback = nil
+    # Re-entrancy guard. The +ffi+ gem itself can log via its own internal
+    # paths during marshalling, and the Rust crates we bridge to log freely.
+    # Without this guard a user callback that itself produces log output
+    # would re-enter the trampoline and recurse.
+    @log_in_callback = {}
+    @metrics_in_callback = {}
+
+    class << self
+      # Install a log hook. Three forms are supported:
+      #
+      # 1. A stdlib +Logger+ instance (or any Logger-compatible object that
+      #    responds to +#add+, +#debug+, +#info+, +#warn+, +#error+):
+      #
+      #      Asherah.set_log_hook(Logger.new($stdout))
+      #
+      #    Each Asherah record is forwarded via
+      #    +Logger#add(severity, message, target)+ so the logger's own filter
+      #    rules and formatters apply. The +target+ argument is passed as
+      #    +progname+ for routing.
+      #
+      # 2. A +Proc+ or block, yielded a Hash:
+      #
+      #      Asherah.set_log_hook do |event|
+      #        # event[:level]    => :debug | :info | :warn | :error  (symbol)
+      #        # event[:severity] => Logger::DEBUG ...  (Logger::Severity int)
+      #        # event[:target]   => "asherah::session"
+      #        # event[:message]  => "..."
+      #      end
+      #
+      # 3. +nil+ to clear (equivalent to {clear_log_hook}).
+      #
+      # Replaces any previously installed log hook. Exceptions raised from
+      # the callback are caught and silently swallowed.
+      def set_log_hook(callback = nil, &block)
+        callback ||= block
+        if callback.nil?
+          clear_log_hook
+          return
+        end
+        callback = logger_to_callback(callback) if logger_like?(callback)
+        unless callback.respond_to?(:call)
+          raise ArgumentError, "log hook must be a Logger, Proc, or block"
+        end
+
+        @mutex.synchronize do
+          @log_callback = callback
+          # Allocate the trampoline OUTSIDE the user block so a slow user
+          # callback can't hold the mutex.
+          @log_trampoline = FFI::Function.new(
+            :void,
+            [:pointer, :int, :string, :string]
+          ) do |_user_data, level, target, message|
+            dispatch_log(level, target, message)
+          end
+          rc = Native.asherah_set_log_hook(@log_trampoline, FFI::Pointer::NULL)
+          raise Error, "asherah_set_log_hook failed: rc=#{rc}" if rc != 0
+        end
+        nil
+      end
+
+      # Remove the active log hook. Idempotent.
+      def clear_log_hook
+        @mutex.synchronize do
+          Native.asherah_clear_log_hook
+          @log_callback = nil
+          @log_trampoline = nil
+        end
+        nil
+      end
+
+      # Install a metrics hook. +block+ receives a Hash:
+      #
+      #   # Timing event:
+      #   { type: :encrypt|:decrypt|:store|:load, duration_ns: Integer, name: nil }
+      #   # Cache event:
+      #   { type: :cache_hit|:cache_miss|:cache_stale, duration_ns: 0, name: String }
+      #
+      # Installing a hook implicitly enables the global metrics gate; clearing
+      # it disables the gate. Replaces any previously installed metrics hook.
+      # Pass +nil+ to clear.
+      def set_metrics_hook(callback = nil, &block)
+        callback ||= block
+        if callback.nil?
+          clear_metrics_hook
+          return
+        end
+        unless callback.respond_to?(:call)
+          raise ArgumentError, "metrics hook must be callable (Proc or block)"
+        end
+
+        @mutex.synchronize do
+          @metrics_callback = callback
+          @metrics_trampoline = FFI::Function.new(
+            :void,
+            [:pointer, :int, :uint64, :string]
+          ) do |_user_data, type, duration_ns, name|
+            dispatch_metric(type, duration_ns, name)
+          end
+          rc = Native.asherah_set_metrics_hook(@metrics_trampoline, FFI::Pointer::NULL)
+          raise Error, "asherah_set_metrics_hook failed: rc=#{rc}" if rc != 0
+        end
+        nil
+      end
+
+      # Remove the active metrics hook and disable the metrics gate. Idempotent.
+      def clear_metrics_hook
+        @mutex.synchronize do
+          Native.asherah_clear_metrics_hook
+          @metrics_callback = nil
+          @metrics_trampoline = nil
+        end
+        nil
+      end
+
+      private
+
+      # Duck-typed Logger detection: anything that is NOT a +Proc+/+Method+
+      # and responds to the core stdlib +Logger+ API is treated as a Logger
+      # instance. This catches stdlib +Logger+, +ActiveSupport::Logger+,
+      # +SemanticLogger+, +Ougai+, etc.
+      def logger_like?(obj)
+        return false if obj.is_a?(Proc) || obj.is_a?(Method)
+        %i[debug info warn error add].all? { |m| obj.respond_to?(m) }
+      end
+
+      def logger_to_callback(logger)
+        lambda do |event|
+          severity = event[:severity] || Logger::ERROR
+          # Logger#add(severity, msg, progname) — progname carries target so
+          # custom formatters can route on it.
+          logger.add(severity, event[:message], event[:target])
+        end
+      end
+
+      def dispatch_log(level, target, message)
+        tid = Thread.current.object_id
+        return if @log_in_callback[tid]
+        @log_in_callback[tid] = true
+        cb = @log_callback
+        return if cb.nil?
+        begin
+          severity = LOG_LEVEL_TO_SEVERITY[level] || Logger::ERROR
+          cb.call(
+            level: SEVERITY_TO_SYMBOL[severity] || :error,
+            severity: severity,
+            target: target.to_s,
+            message: message.to_s
+          )
+        rescue StandardError, ScriptError
+          # swallow — exceptions across FFI are undefined behavior
+        ensure
+          @log_in_callback.delete(tid)
+        end
+      end
+
+      def dispatch_metric(type, duration_ns, name)
+        tid = Thread.current.object_id
+        return if @metrics_in_callback[tid]
+        @metrics_in_callback[tid] = true
+        cb = @metrics_callback
+        return if cb.nil?
+        begin
+          cb.call(
+            type: METRIC_TYPE_NAMES[type] || :encrypt,
+            duration_ns: duration_ns,
+            name: name
+          )
+        rescue StandardError, ScriptError
+          # swallow
+        ensure
+          @metrics_in_callback.delete(tid)
+        end
+      end
+    end
+  end
+end

data/lib/asherah/native.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require "ffi"
+require "rbconfig"
+require_relative "error"
+
+module Asherah
+  module Native
+    extend FFI::Library
+
+    class AsherahBuffer < FFI::Struct
+      layout :data, :pointer, :len, :size_t, :capacity, :size_t
+    end
+
+    class << self
+      def library_basenames
+        host = RbConfig::CONFIG["host_os"]
+        if host =~ /mswin|mingw|cygwin/
+          ["asherah_ffi.dll"]
+        elsif host =~ /darwin/
+          ["libasherah_ffi.dylib"]
+        else
+          ["libasherah_ffi.so"]
+        end
+      end
+
+      def candidate_paths
+        names = library_basenames
+        paths = []
+
+        # 1. Explicit override via environment variable
+        env = ENV.fetch("ASHERAH_RUBY_NATIVE", "").strip
+        unless env.empty?
+          if File.directory?(env)
+            names.each { |name| paths << File.join(env, name) }
+          else
+            paths << env
+          end
+        end
+
+        # 2. Bundled in gem (platform-specific gem ships it here)
+        native_dir = File.expand_path("native", __dir__)
+        names.each { |name| paths << File.join(native_dir, name) }
+
+        # 3. CARGO_TARGET_DIR (development)
+        cargo_target = ENV.fetch("CARGO_TARGET_DIR", "").strip
+        unless cargo_target.empty?
+          %w[debug release].each do |profile|
+            names.each { |name| paths << File.join(cargo_target, profile, name) }
+          end
+        end
+
+        # 4. Workspace target directory (development)
+        root = File.expand_path("../../..", __dir__)
+        %w[target/release target/debug].each do |sub|
+          names.each { |name| paths << File.join(root, sub, name) }
+        end
+
+        # 5. System library path fallback
+        names.each { |name| paths << name }
+        paths.uniq
+      end
+
+      def resolve_library
+        candidate_paths.find { |path| File.exist?(path) } || candidate_paths.first
+      end
+    end
+
+    LIBRARY_PATH = resolve_library
+    ffi_lib LIBRARY_PATH
+
+    attach_function :asherah_last_error_message, [], :pointer
+    # Factory creation can hit AWS KMS / DynamoDB / TLS handshakes, so it
+    # must release the GVL — otherwise every other Ruby thread blocks for
+    # the duration of the SDK init. T5 in
+    # docs/review-2026-05-05-findings.md.
+    attach_function :asherah_factory_new_from_env, [], :pointer, blocking: true
+    attach_function :asherah_factory_new_with_config, [:string], :pointer, blocking: true
+    attach_function :asherah_apply_config_json, [:string], :int, blocking: true
+    attach_function :asherah_factory_free, [:pointer], :void
+    attach_function :asherah_factory_get_session, [:pointer, :string], :pointer
+    attach_function :asherah_session_free, [:pointer], :void
+    # encrypt/decrypt block on the metastore (MySQL/Postgres/DynamoDB) and
+    # KMS during cache misses. blocking: true frees the GVL so other Ruby
+    # threads stay schedulable while the native call is in-flight.
+    attach_function :asherah_encrypt_to_json,
+                    [:pointer, :buffer_in, :size_t, :pointer], :int, blocking: true
+    attach_function :asherah_decrypt_from_json,
+                    [:pointer, :buffer_in, :size_t, :pointer], :int, blocking: true
+    attach_function :asherah_buffer_free, [:pointer], :void
+
+    # Async callback type: void(user_data, result_data, result_len, error_message)
+    callback :asherah_completion_fn, [:pointer, :pointer, :size_t, :string], :void
+    # The async entry points only enqueue work onto the Rust tokio runtime
+    # before returning, so they're brief — but mark them blocking anyway so
+    # a queue-full backpressure stall doesn't pin the GVL.
+    attach_function :asherah_encrypt_to_json_async,
+                    [:pointer, :buffer_in, :size_t, :asherah_completion_fn, :pointer], :int,
+                    blocking: true
+    attach_function :asherah_decrypt_from_json_async,
+                    [:pointer, :buffer_in, :size_t, :asherah_completion_fn, :pointer], :int,
+                    blocking: true
+
+    # Log + metrics hooks. The C ABI does not own the callback closure — Ruby
+    # must keep a reference to the FFI::Function it passes here for as long as
+    # the hook is registered, otherwise the GC will collect it and the next
+    # invocation segfaults. The Asherah module pins the active hooks in module
+    # state.
+    callback :asherah_log_callback, [:pointer, :int, :string, :string], :void
+    callback :asherah_metrics_callback, [:pointer, :int, :uint64, :string], :void
+
+    # Hook set/clear functions must release the GVL (blocking: true) because
+    # they may join the async dispatcher worker thread (via Drop on the old
+    # AsyncLogSink/AsyncMetricsSink). That worker thread needs the GVL to
+    # execute FFI callbacks into Ruby — holding the GVL here deadlocks.
+    attach_function :asherah_set_log_hook, [:asherah_log_callback, :pointer], :int, blocking: true
+    attach_function :asherah_clear_log_hook, [], :int, blocking: true
+    attach_function :asherah_set_metrics_hook, [:asherah_metrics_callback, :pointer], :int, blocking: true
+    attach_function :asherah_clear_metrics_hook, [], :int, blocking: true
+
+    # Internal: integer constants that mirror the C ABI severity/event
+    # codes in hooks.rs. The public Ruby API exposes them as
+    # +Logger::Severity+ values and +Symbol+ types respectively, so
+    # callers should never need to reference these directly.
+    LOG_TRACE = 0
+    LOG_DEBUG = 1
+    LOG_INFO  = 2
+    LOG_WARN  = 3
+    LOG_ERROR = 4
+
+    METRIC_ENCRYPT     = 0
+    METRIC_DECRYPT     = 1
+    METRIC_STORE       = 2
+    METRIC_LOAD        = 3
+    METRIC_CACHE_HIT   = 4
+    METRIC_CACHE_MISS  = 5
+    METRIC_CACHE_STALE = 6
+
+    def self.last_error
+      ptr = asherah_last_error_message
+      ptr.null? ? "unknown error" : ptr.read_string
+    end
+
+    private_class_method :library_basenames, :candidate_paths, :resolve_library
+  end
+end

data/lib/asherah/session.rb

@@ -0,0 +1,176 @@
+# frozen_string_literal: true
+
+require "timeout"
+require_relative "native"
+
+module Asherah
+  class Session
+    # Maximum wall time the async API will wait for the FFI callback to
+    # deliver a result before giving up. Without this bound, a hung tokio
+    # worker (or any callback-delivery race) would block the calling Ruby
+    # thread until the process exits — observed as 6-hour CI hangs on the
+    # round-trip tests. Override via ASHERAH_RUBY_ASYNC_TIMEOUT (seconds).
+    DEFAULT_ASYNC_TIMEOUT_SECONDS = 30
+
+    # Maximum time {#close} will wait for in-flight async operations to
+    # drain before forcibly freeing the session. Independent of the
+    # per-call async timeout above.
+    DEFAULT_CLOSE_DRAIN_SECONDS = 5
+
+    def self.async_timeout_seconds
+      val = ENV["ASHERAH_RUBY_ASYNC_TIMEOUT"]
+      return DEFAULT_ASYNC_TIMEOUT_SECONDS if val.nil? || val.empty?
+      Float(val)
+    rescue ArgumentError, TypeError
+      DEFAULT_ASYNC_TIMEOUT_SECONDS
+    end
+
+    def initialize(pointer)
+      raise Asherah::Error::GetSessionFailed, Native.last_error if pointer.null?
+      @pointer = pointer
+      @close_mu = Mutex.new
+      @pending_ops = 0
+    end
+
+    def encrypt_bytes(data)
+      raise ArgumentError, "data cannot be nil" if data.nil?
+      raise Asherah::Error::EncryptFailed, "session closed" if @pointer.null?
+      buf = thread_local_buffer
+      status = Native.asherah_encrypt_to_json(@pointer, data, data.bytesize, buf.pointer)
+      raise Asherah::Error::EncryptFailed, Native.last_error unless status.zero?
+      # `begin/ensure` so the FFI buffer is always freed (and its
+      # plaintext bytes wiped via `asherah_buffer_free`'s zeroize) even
+      # if `read_bytes` throws — without this the thread-local buffer
+      # would leak the previous call's plaintext until the next
+      # successful encrypt/decrypt on the same thread.
+      begin
+        buf[:data].read_bytes(buf[:len])
+      ensure
+        Native.asherah_buffer_free(buf.pointer)
+      end
+    end
+
+    def decrypt_bytes(json)
+      raise ArgumentError, "json cannot be nil" if json.nil?
+      raise Asherah::Error::DecryptFailed, "session closed" if @pointer.null?
+      buf = thread_local_buffer
+      status = Native.asherah_decrypt_from_json(@pointer, json, json.bytesize, buf.pointer)
+      raise Asherah::Error::DecryptFailed, Native.last_error unless status.zero?
+      # See encrypt_bytes — `ensure` guarantees the wipe runs even if
+      # the read_bytes call somehow raises.
+      begin
+        buf[:data].read_bytes(buf[:len])
+      ensure
+        Native.asherah_buffer_free(buf.pointer)
+      end
+    end
+
+    # True async encrypt — runs on Rust's tokio runtime, does not block the Ruby thread.
+    # Returns the result; internally uses a Queue to wait for the tokio callback.
+    def encrypt_bytes_async(data)
+      raise ArgumentError, "data cannot be nil" if data.nil?
+      raise Asherah::Error::EncryptFailed, "session closed" if @pointer.null?
+      @close_mu.synchronize { @pending_ops += 1 }
+      queue = Queue.new
+      session = self
+      callback = FFI::Function.new(:void, [:pointer, :pointer, :size_t, :string]) do |_ud, result_ptr, result_len, error|
+        begin
+          if error
+            queue.push(Asherah::Error::EncryptFailed.new(error))
+          else
+            queue.push(result_ptr.read_bytes(result_len))
+          end
+        ensure
+          session.send(:decrement_pending_ops)
+        end
+      end
+      status = Native.asherah_encrypt_to_json_async(@pointer, data, data.bytesize, callback, nil)
+      unless status.zero?
+        @close_mu.synchronize { @pending_ops -= 1 }
+        raise Asherah::Error::EncryptFailed, Native.last_error
+      end
+      # Bound the wait so a wedged callback can't block the calling
+      # thread forever. We use Timeout.timeout (not Queue#pop(timeout:),
+      # which only landed in Ruby 3.2) so the lib remains usable on the
+      # 3.0/3.1 Ruby builds still in some CI/test images.
+      result = await_async_result(queue, "encrypt_bytes_async")
+      raise result if result.is_a?(Exception)
+      result
+    end
+
+    # True async decrypt — runs on Rust's tokio runtime, does not block the Ruby thread.
+    def decrypt_bytes_async(json)
+      raise ArgumentError, "json cannot be nil" if json.nil?
+      raise Asherah::Error::DecryptFailed, "session closed" if @pointer.null?
+      @close_mu.synchronize { @pending_ops += 1 }
+      queue = Queue.new
+      session = self
+      callback = FFI::Function.new(:void, [:pointer, :pointer, :size_t, :string]) do |_ud, result_ptr, result_len, error|
+        begin
+          if error
+            queue.push(Asherah::Error::DecryptFailed.new(error))
+          else
+            queue.push(result_ptr.read_bytes(result_len))
+          end
+        ensure
+          session.send(:decrement_pending_ops)
+        end
+      end
+      status = Native.asherah_decrypt_from_json_async(@pointer, json, json.bytesize, callback, nil)
+      unless status.zero?
+        @close_mu.synchronize { @pending_ops -= 1 }
+        raise Asherah::Error::DecryptFailed, Native.last_error
+      end
+      result = await_async_result(queue, "decrypt_bytes_async")
+      raise result if result.is_a?(Exception)
+      result
+    end
+
+    def close
+      ptr = @close_mu.synchronize do
+        return if @pointer.null?
+        # Wait for in-flight async operations before freeing, but bound
+        # the wait — a wedged callback used to make this spin forever
+        # (and silently wedge any process trying to shut down cleanly).
+        deadline = Process.clock_gettime(Process::CLOCK_MONOTONIC) + DEFAULT_CLOSE_DRAIN_SECONDS
+        while @pending_ops > 0 && Process.clock_gettime(Process::CLOCK_MONOTONIC) < deadline
+          sleep 0.001
+        end
+        if @pending_ops > 0
+          warn "asherah: closing session with #{@pending_ops} async operation(s) " \
+               "still in flight after #{DEFAULT_CLOSE_DRAIN_SECONDS}s drain"
+        end
+        p = @pointer
+        @pointer = FFI::Pointer::NULL
+        p
+      end
+      Native.asherah_session_free(ptr)
+    end
+
+    def closed?
+      @pointer.null?
+    end
+
+    private
+
+    # Wait up to {Session.async_timeout_seconds} for the FFI callback
+    # to push a result onto +queue+. On expiry, raise
+    # {Asherah::Error::Timeout}; the late callback (if it eventually
+    # fires) still decrements the pending-op counter via its `ensure`
+    # block, so close() can drain cleanly.
+    def await_async_result(queue, label)
+      ::Timeout.timeout(Session.async_timeout_seconds) { queue.pop }
+    rescue ::Timeout::Error
+      raise Asherah::Error::Timeout,
+            "#{label} timed out after #{Session.async_timeout_seconds}s"
+    end
+
+    def decrement_pending_ops
+      @close_mu.synchronize { @pending_ops -= 1 }
+    end
+
+    def thread_local_buffer
+      Thread.current[:asherah_buffer] ||= Native::AsherahBuffer.new
+    end
+  end
+end

data/lib/asherah/session_factory.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative "native"
+require_relative "session"
+
+module Asherah
+  class SessionFactory
+    def initialize(pointer)
+      raise Asherah::Error::BadConfig, Native.last_error if pointer.null?
+      @pointer = pointer
+      @close_mu = Mutex.new
+    end
+
+    def get_session(partition_id)
+      raise Asherah::Error::NotInitialized, "factory closed" if @pointer.null?
+      id = String(partition_id)
+      raise ArgumentError, "partition_id cannot be empty" if id.empty?
+      Session.new(Native.asherah_factory_get_session(@pointer, id))
+    end
+
+    def close
+      ptr = @close_mu.synchronize do
+        return if @pointer.null?
+        p = @pointer
+        @pointer = FFI::Pointer::NULL
+        p
+      end
+      Native.asherah_factory_free(ptr)
+    end
+
+    def closed?
+      @pointer.null?
+    end
+  end
+end

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.9.1'
+  VERSION = "0.10.0"
 end