RubyGems - certynix - Versions diffs - 1.0.0 - Mend

certynix 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +20 -0
data/README.md +316 -0
data/lib/certynix/client.rb +27 -0
data/lib/certynix/config.rb +34 -0
data/lib/certynix/errors.rb +96 -0
data/lib/certynix/http_client.rb +140 -0
data/lib/certynix/models/paginator.rb +43 -0
data/lib/certynix/resources/alerts.rb +15 -0
data/lib/certynix/resources/api_keys.rb +23 -0
data/lib/certynix/resources/assets.rb +55 -0
data/lib/certynix/resources/audit_logs.rb +15 -0
data/lib/certynix/resources/trust_score.rb +15 -0
data/lib/certynix/resources/verify.rb +26 -0
data/lib/certynix/resources/webhooks.rb +41 -0
data/lib/certynix/version.rb +5 -0
data/lib/certynix/webhooks.rb +65 -0
data/lib/certynix.rb +16 -0
metadata +130 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 206f0b9118f06cfe87e16926a83cca66fae4186fd19bf87926e4fdb54b412db9
+  data.tar.gz: a48a96dbfcb73d9ac8e23cc4a1a85da97ff9a44bb3742cd942ca4529da7e2aff
+SHA512:
+  metadata.gz: 9c1d9204cc01e24bb2a46d1a9dd7f4dafa501264988bf0265da3d6dff68e9e947480654efa5540c316bb7ed077d99c80a3997aa04ffd968ca4b375e28fc6168b
+  data.tar.gz: 3b773469de280162e98b3d8e01d949a024ac39c43d35b2a24fb617060c7122c88676a57a4ab2fe124f87a61022576c153c0288071ffd7162c10ae03c0a7ce101

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,20 @@
+# Changelog
+## [1.0.0] - 2026-03-15
+### Added
+- Initial release of `certynix` gem
+- Ruby 3.1+ with keyword arguments, `Data.define` patterns
+- `Assets`: `register`, `register_batch`, `get`, `list` (Enumerable/lazy), `delete`
+- `Verify`: `by_hash`, `by_asset_id`, `by_hash_post` (public, no auth)
+- `Webhooks`: `create`, `list`, `update`, `delete`, `list_deliveries`
+- `Alerts`: `list`
+- `ApiKeys`: `create`, `list`, `revoke`
+- `AuditLogs`: `list`
+- `TrustScore`: `get`
+- `Certynix::Webhooks.validate_signature` — uses `OpenSSL.secure_compare` (constant-time)
+- Anti-replay protection (5-minute timestamp tolerance)
+- `Paginator` with `Enumerable` — supports `.lazy`, `.first(n)`, `.select`, `.map`
+- Faraday-based HTTP with automatic retry (faraday-retry)
+- Automatic sandbox detection via `cnx_test_sk_` prefix
+- API key never exposed in error messages — `mask_api_key` helper

data/README.md ADDED Viewed

@@ -0,0 +1,316 @@
+# certynix
+Official Ruby SDK for the [Certynix](https://certynix.com) Trust Infrastructure API.
+## Installation
+Add to your Gemfile:
+```ruby
+gem 'certynix'
+```
+Then run:
+```bash
+bundle install
+```
+Or install directly:
+```bash
+gem install certynix
+```
+Requires **Ruby 3.1+**.
+## Quick Start
+```ruby
+require 'certynix'
+client = Certynix::Client.new(ENV['CERTYNIX_API_KEY']) # cnx_live_sk_... or cnx_test_sk_...
+# Register an asset by SHA-256 hash
+asset = client.assets.register(
+  hash_sha256: 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
+  filename: 'contract-2024.pdf'
+)
+puts "#{asset.id} — #{asset.status}"
+puts asset.is_first_registrant ? 'First registrant!' : 'Already registered'
+# Public verification (no auth required)
+result = client.verify.by_hash(asset.hash)
+puts result.match ? 'Verified' : 'Not found'
+puts result.first_registrant.organization_name
+```
+## Authentication
+```ruby
+# Production
+client = Certynix::Client.new('cnx_live_sk_...')
+# Sandbox (auto-detected from key prefix cnx_test_sk_)
+client = Certynix::Client.new('cnx_test_sk_...')
+# Automatically uses https://sandbox.certynix.com
+# Custom options
+client = Certynix::Client.new(
+  'cnx_live_sk_...',
+  base_url: 'https://api.staging.certynix.com',
+  timeout: 30,
+  max_retries: 3
+)
+```
+## Resources
+### Assets
+```ruby
+# Register by hash
+asset = client.assets.register(
+  hash_sha256: 'abc123...',
+  filename: 'document.pdf',
+  source_url: 'https://example.com/document.pdf',
+  metadata: { author: 'John Doe' }
+)
+# Register by URL (Certynix downloads and hashes)
+asset = client.assets.register(
+  source_url: 'https://example.com/document.pdf',
+  filename: 'document.pdf'
+)
+# Register batch (up to 1,000 assets)
+batch = client.assets.register_batch(
+  assets: [
+    { hash_sha256: 'abc...', filename: 'file1.pdf' },
+    { hash_sha256: 'def...', filename: 'file2.pdf' }
+  ]
+)
+puts "#{batch.batch_id} — #{batch.status}"
+# Get by ID
+asset = client.assets.get('ast_abc123')
+# List (Enumerable — all pages iterated automatically)
+client.assets.list(limit: 50).each do |asset|
+  puts "#{asset.id} — #{asset.status}"
+end
+# List with filters
+verified = client.assets.list(status: 'verified').to_a
+# Lazy with limit
+first_10 = client.assets.list.lazy.first(10)
+# Delete (soft delete — history preserved)
+client.assets.delete('ast_abc123')
+```
+### Verification (public — no API key required)
+```ruby
+# Verify by SHA-256 hash
+result = client.verify.by_hash(
+  'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+)
+puts result.match ? 'Verified' : 'Not found'
+puts result.first_registrant.organization_name
+# Verify by asset ID
+result = client.verify.by_asset_id('ast_abc123')
+# Verify by URL
+result = client.verify.by_url('https://example.com/document.pdf')
+```
+### Webhooks
+```ruby
+# Create webhook
+webhook = client.webhooks.create(
+  url: 'https://example.com/webhook',
+  events: ['asset.created', 'asset.verified', 'exposure.alert.created']
+)
+# Store webhook.signing_secret securely — shown only once!
+# List
+client.webhooks.list.each do |webhook|
+  puts "#{webhook.id} — #{webhook.url}"
+end
+# Update
+webhook = client.webhooks.update('wh_abc123', active: false)
+# Delete
+client.webhooks.delete('wh_abc123')
+# Validate signature (in your webhook handler)
+begin
+  event = Certynix::Webhooks.validate_signature(
+    raw_body: request.body.read,
+    signature: request.headers['X-Certynix-Signature'],
+    secret: ENV['CERTYNIX_WEBHOOK_SECRET']
+  )
+  puts event.type
+  puts event.payload.inspect
+rescue Certynix::WebhookSignatureError => e
+  render plain: 'Invalid signature', status: :bad_request
+rescue Certynix::WebhookReplayError => e
+  render plain: 'Replay attack detected', status: :bad_request
+end
+```
+### Exposure Alerts
+```ruby
+# List active alerts
+client.alerts.list(resolved: false).each do |alert|
+  puts "[#{alert.severity}] #{alert.description}"
+end
+```
+### API Keys
+```ruby
+# Create — value shown only once!
+key = client.api_keys.create(name: 'Production App')
+puts key.key_value  # cnx_live_sk_... — store immediately!
+# List
+client.api_keys.list.each do |key|
+  puts "#{key.name} — #{key.prefix}"
+end
+# Revoke
+client.api_keys.revoke('key_abc123')
+```
+### Audit Logs
+```ruby
+client.audit_logs.list(limit: 50).each do |log|
+  puts "#{log.action} by #{log.actor_id} at #{log.created_at}"
+end
+# Filter by action
+client.audit_logs.list(action: 'asset.created').each do |log|
+  puts log.resource_id
+end
+```
+### Trust Score
+```ruby
+score = client.trust_score.get
+puts "Score: #{score.score}/100"
+puts "Identity: #{score.components.identity}"
+puts "Security: #{score.components.security}"
+puts "Behavior: #{score.components.behavior}"
+puts "Assets:   #{score.components.assets}"
+score.penalties.each do |penalty|
+  puts "Penalty: #{penalty.description} (-#{penalty.points})"
+end
+```
+## Error Handling
+```ruby
+require 'certynix'
+begin
+  asset = client.assets.get('ast_notfound')
+rescue Certynix::NotFoundError => e
+  puts "Not found: #{e.message}"
+  puts "Code: #{e.code}"
+  puts "Request ID: #{e.request_id}"
+rescue Certynix::RateLimitError => e
+  puts "Rate limited. Retry after: #{e.retry_after}s"
+rescue Certynix::AuthenticationError => e
+  puts "Invalid API key"
+rescue Certynix::ServerError => e
+  puts "Server error: #{e.message}"
+rescue Certynix::NetworkError => e
+  puts "Network error: #{e.message}"
+end
+```
+## Pagination
+All `list` methods return a `Paginator` that includes Ruby's `Enumerable`:
+```ruby
+# Iterate all pages automatically
+client.assets.list(limit: 100).each do |asset|
+  puts asset.id
+end
+# Collect all into array
+assets = client.assets.list.to_a
+# Lazy enumeration (stops fetching when you stop iterating)
+first_10 = client.assets.list.lazy.first(10)
+# Map, select, reduce
+verified_ids = client.assets.list
+  .select { |a| a.status == 'verified' }
+  .map(&:id)
+```
+## Retry Policy
+The SDK automatically retries on transient errors (via `faraday-retry`):
+| Scenario | Retried |
+|---|---|
+| `429 Too Many Requests` | Yes — respects `Retry-After` |
+| `500`, `502`, `503`, `504` | Yes — exponential backoff + jitter |
+| Network errors | Yes |
+| `400`, `401`, `403`, `404`, `409` | No |
+Default: 3 retries, max 60s backoff.
+## Webhook Signature Validation
+```ruby
+# Rails example
+class WebhooksController < ApplicationController
+  skip_before_action :verify_authenticity_token
+  def certynix
+    event = Certynix::Webhooks.validate_signature(
+      raw_body: request.body.read,
+      signature: request.headers['X-Certynix-Signature'],
+      secret: Rails.application.credentials.certynix_webhook_secret
+    )
+    case event.type
+    when 'asset.created'
+      AssetCreatedJob.perform_later(event.payload)
+    when 'asset.verified'
+      AssetVerifiedJob.perform_later(event.payload)
+    when 'exposure.alert.created'
+      AlertCreatedJob.perform_later(event.payload)
+    end
+    head :ok
+  rescue Certynix::WebhookSignatureError, Certynix::WebhookReplayError
+    head :bad_request
+  end
+end
+```
+## Testing
+```bash
+bundle install
+bundle exec rspec
+```
+## License
+MIT

data/lib/certynix/client.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+module Certynix
+  class Client
+    attr_reader :assets, :verify, :webhooks, :api_keys, :alerts, :audit_logs, :trust_score
+    def initialize(api_key:, base_url: nil, timeout: 30, max_retries: 3, access_token: nil)
+      config = Config.new(
+        api_key:      api_key,
+        base_url:     base_url,
+        timeout:      timeout,
+        max_retries:  max_retries,
+        access_token: access_token,
+      )
+      http = HttpClient.new(config)
+      @assets      = Resources::Assets.new(http)
+      @verify      = Resources::Verify.new(http)
+      @webhooks    = Resources::Webhooks.new(http)
+      @api_keys    = Resources::ApiKeys.new(http)
+      @alerts      = Resources::Alerts.new(http)
+      @audit_logs  = Resources::AuditLogs.new(http)
+      @trust_score = Resources::TrustScore.new(http)
+    end
+  end
+end

data/lib/certynix/config.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module Certynix
+  class Config
+    API_KEY_REGEX   = /\Acnx_(live|test)_sk_[a-zA-Z0-9]{32,}\z/
+    PRODUCTION_URL  = 'https://api.certynix.com'
+    SANDBOX_URL     = 'https://sandbox.certynix.com'
+    attr_reader :api_key, :base_url, :timeout, :max_retries, :access_token, :sandbox
+    def initialize(api_key:, base_url: nil, timeout: 30, max_retries: 3, access_token: nil)
+      raise ConfigurationError, 'api_key is required' if api_key.nil? || api_key.empty?
+      unless api_key.match?(API_KEY_REGEX)
+        # NUNCA incluir a API key na mensagem de erro
+        raise ConfigurationError, 'Invalid API key format. Expected cnx_live_sk_... or cnx_test_sk_...'
+      end
+      @api_key      = api_key
+      @sandbox      = api_key.start_with?('cnx_test_')
+      @base_url     = base_url || (@sandbox ? SANDBOX_URL : PRODUCTION_URL)
+      @timeout      = timeout
+      @max_retries  = max_retries
+      @access_token = access_token
+    end
+    alias sandbox? sandbox
+    # Mascara a API key para logs — nunca expõe o valor completo
+    def mask_api_key
+      return '***' if api_key.length <= 12
+      "#{api_key[0..11]}***"
+    end
+  end
+end

data/lib/certynix/errors.rb ADDED Viewed

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+module Certynix
+  # Erro base para todos os erros do SDK Certynix.
+  class Error < StandardError
+    attr_reader :code, :request_id, :status_code
+    def initialize(message:, code:, request_id: nil, status_code: 0)
+      super(message)
+      @code       = code
+      @request_id = request_id
+      @status_code = status_code
+    end
+  end
+  # API key inválida, configuração incorreta
+  class ConfigurationError < Error
+    def initialize(message)
+      super(message: message, code: 'CONFIGURATION_ERROR', status_code: 0)
+    end
+  end
+  # HTTP 401
+  class AuthenticationError < Error
+    def initialize(message:, code:, request_id: nil)
+      super(message: message, code: code, request_id: request_id, status_code: 401)
+    end
+  end
+  # HTTP 403
+  class PermissionError < Error
+    def initialize(message:, code:, request_id: nil)
+      super(message: message, code: code, request_id: request_id, status_code: 403)
+    end
+  end
+  # HTTP 404
+  class NotFoundError < Error
+    def initialize(message:, code:, request_id: nil)
+      super(message: message, code: code, request_id: request_id, status_code: 404)
+    end
+  end
+  # HTTP 409
+  class ConflictError < Error
+    def initialize(message:, code:, request_id: nil)
+      super(message: message, code: code, request_id: request_id, status_code: 409)
+    end
+  end
+  # HTTP 400
+  class ValidationError < Error
+    def initialize(message:, code:, request_id: nil)
+      super(message: message, code: code, request_id: request_id, status_code: 400)
+    end
+  end
+  # HTTP 429
+  class RateLimitError < Error
+    attr_reader :retry_after
+    def initialize(message:, code:, request_id: nil, retry_after: 0)
+      super(message: message, code: code, request_id: request_id, status_code: 429)
+      @retry_after = retry_after
+    end
+  end
+  # HTTP 5xx
+  class ServerError < Error
+    def initialize(message:, code:, request_id: nil, status_code: 500)
+      super(message: message, code: code, request_id: request_id, status_code: status_code)
+    end
+  end
+  # Timeout, DNS, conexão recusada
+  class NetworkError < Error
+    def initialize(message, cause: nil)
+      super(message: message, code: 'NETWORK_ERROR', status_code: 0)
+      @cause = cause
+    end
+  end
+  # HMAC inválido
+  class WebhookSignatureError < Error
+    def initialize(message)
+      super(message: message, code: 'INVALID_WEBHOOK_SIGNATURE', status_code: 0)
+    end
+  end
+  # Timestamp fora do prazo
+  class WebhookReplayError < Error
+    def initialize(message)
+      super(message: message, code: 'WEBHOOK_REPLAY_ATTACK', status_code: 0)
+    end
+  end
+end

data/lib/certynix/http_client.rb ADDED Viewed

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+require 'faraday'
+require 'faraday/retry'
+require 'securerandom'
+require 'json'
+module Certynix
+  class HttpClient
+    SDK_VERSION = Certynix::VERSION
+    def initialize(config)
+      @config = config
+      @conn   = build_connection
+    end
+    def get(path, params = {})
+      request(:get, path, params: compact_params(params))
+    end
+    def post(path, body = nil)
+      request(:post, path, body: body)
+    end
+    def put(path, body = nil)
+      request(:put, path, body: body)
+    end
+    def delete(path)
+      request(:delete, path)
+      nil
+    end
+    # GET sem autenticação — para endpoints públicos (verify)
+    def get_public(path, params = {})
+      request(:get, path, params: compact_params(params), public: true)
+    end
+    def post_public(path, body = nil)
+      request(:post, path, body: body, public: true)
+    end
+    private
+    def build_connection
+      Faraday.new(url: @config.base_url) do |f|
+        f.options.timeout      = @config.timeout
+        f.options.open_timeout = 10
+        f.request :retry,
+          max:                 @config.max_retries,
+          interval:            1.0,
+          interval_randomness: 0.5,
+          backoff_factor:      2,
+          exceptions:          [Faraday::TimeoutError, Faraday::ConnectionFailed],
+          retry_statuses:      [429, 500, 502, 503, 504]
+        f.request  :json
+        f.response :raise_error
+        f.adapter  Faraday.default_adapter
+      end
+    end
+    def request(method, path, params: {}, body: nil, public: false)
+      headers = build_headers(public_request: public)
+      request_id = headers['X-Request-ID']
+      response = @conn.public_send(method, path) do |req|
+        req.headers.merge!(headers)
+        req.params.merge!(params) if params.any?
+        req.body = body.to_json if body && %i[post put patch].include?(method)
+      end
+      parse_response(response.body)
+    rescue Faraday::ClientError => e
+      handle_error(e, request_id)
+    rescue Faraday::ServerError => e
+      handle_error(e, request_id)
+    rescue Faraday::ConnectionFailed, Faraday::TimeoutError => e
+      raise NetworkError.new(e.message, cause: e)
+    end
+    def handle_error(err, request_id)
+      status = err.response&.dig(:status) || 0
+      body   = err.response&.dig(:body)   || '{}'
+      begin
+        parsed    = JSON.parse(body, symbolize_names: true)
+        code      = parsed.dig(:error, :code)    || 'INTERNAL_ERROR'
+        message   = parsed.dig(:error, :message) || "HTTP #{status}"
+        req_id    = parsed.dig(:error, :request_id) || request_id
+      rescue JSON::ParserError
+        code    = 'INTERNAL_ERROR'
+        message = "HTTP #{status}"
+        req_id  = request_id
+      end
+      retry_after = err.response&.dig(:headers, 'retry-after').to_i
+      raise map_error(status, code, message, req_id, retry_after)
+    end
+    def map_error(status, code, message, request_id, retry_after = 0)
+      case status
+      when 400 then ValidationError.new(message: message, code: code, request_id: request_id)
+      when 401 then AuthenticationError.new(message: message, code: code, request_id: request_id)
+      when 403 then PermissionError.new(message: message, code: code, request_id: request_id)
+      when 404 then NotFoundError.new(message: message, code: code, request_id: request_id)
+      when 409 then ConflictError.new(message: message, code: code, request_id: request_id)
+      when 429 then RateLimitError.new(message: message, code: code, request_id: request_id, retry_after: retry_after)
+      else          ServerError.new(message: message, code: code, request_id: request_id, status_code: status)
+      end
+    end
+    def build_headers(public_request: false)
+      headers = {
+        'Accept'       => 'application/json',
+        'Content-Type' => 'application/json',
+        'User-Agent'   => "certynix-ruby/#{SDK_VERSION} (ruby/#{RUBY_VERSION})",
+        'X-Request-ID' => SecureRandom.uuid,
+      }
+      headers['x-api-key'] = @config.api_key unless public_request
+      if !public_request && @config.access_token
+        headers['Authorization'] = "Bearer #{@config.access_token}"
+      end
+      headers
+    end
+    def compact_params(params)
+      params.reject { |_, v| v.nil? }
+    end
+    def parse_response(body)
+      return {} if body.nil? || body.empty?
+      JSON.parse(body, symbolize_names: true)
+    rescue JSON::ParserError
+      {}
+    end
+  end
+end

data/lib/certynix/models/paginator.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module Certynix
+  module Models
+    # Paginador automático com suporte completo ao módulo Enumerable.
+    #
+    # @example Iterar todos os assets
+    #   client.assets.list.each { |a| puts a[:id] }
+    #
+    # @example Lazy — pegar apenas os 10 primeiros
+    #   client.assets.list.lazy.first(10)
+    #
+    # @example Usar métodos Enumerable
+    #   verified = client.assets.list.select { |a| a[:status] == 'verified' }
+    class Paginator
+      include Enumerable
+      def initialize(http:, path:, params: {})
+        @http   = http
+        @path   = path
+        @params = params
+      end
+      def each
+        cursor = nil
+        loop do
+          query    = cursor ? @params.merge(cursor: cursor) : @params
+          response = @http.get(@path, query)
+          data       = response[:data] || []
+          pagination = response[:pagination] || {}
+          data.each { |item| yield item }
+          break unless pagination[:has_more]
+          cursor = pagination[:next_cursor]
+          break if cursor.nil? || cursor.empty?
+        end
+      end
+    end
+  end
+end

data/lib/certynix/resources/alerts.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class Alerts
+      def initialize(http)
+        @http = http
+      end
+      def list(**params)
+        Models::Paginator.new(http: @http, path: '/v1/alerts', params: params)
+      end
+    end
+  end
+end

data/lib/certynix/resources/api_keys.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class ApiKeys
+      def initialize(http)
+        @http = http
+      end
+      def create(name:)
+        @http.post('/v1/api-keys', { name: name })
+      end
+      def list(**params)
+        Models::Paginator.new(http: @http, path: '/v1/api-keys', params: params)
+      end
+      def revoke(id)
+        @http.delete("/v1/api-keys/#{URI.encode_www_form_component(id)}")
+      end
+    end
+  end
+end

data/lib/certynix/resources/assets.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class Assets
+      def initialize(http)
+        @http = http
+      end
+      # Registra um asset por hash SHA-256, URL ou arquivo.
+      def register(hash_sha256: nil, url: nil, file: nil, filename: nil, mime_type: nil, file_size: nil)
+        body = {}
+        if file
+          # Upload — usar multipart (simplificado: enviar como hash com file_data)
+          body[:file] = file
+          body[:filename] = filename if filename
+          body[:mime_type] = mime_type if mime_type
+        elsif hash_sha256
+          body[:hash_sha256] = hash_sha256
+          body[:filename]    = filename  if filename
+          body[:mime_type]   = mime_type if mime_type
+          body[:file_size]   = file_size if file_size
+        elsif url
+          body[:url]      = url
+          body[:filename] = filename if filename
+        end
+        @http.post('/v1/assets', body)
+      end
+      # Registra um lote de assets.
+      def register_batch(assets:)
+        @http.post('/v1/assets/batch', { assets: assets })
+      end
+      # Busca um asset por ID.
+      def get(id)
+        @http.get("/v1/assets/#{URI.encode_www_form_component(id)}")
+      end
+      # Lista assets com paginação automática via Enumerable.
+      #
+      # @example
+      #   client.assets.list.each { |a| puts a[:id] }
+      #   client.assets.list.lazy.first(10)
+      def list(**params)
+        Models::Paginator.new(http: @http, path: '/v1/assets', params: params)
+      end
+      # Remove um asset (soft delete).
+      def delete(id)
+        @http.delete("/v1/assets/#{URI.encode_www_form_component(id)}")
+      end
+    end
+  end
+end

data/lib/certynix/resources/audit_logs.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class AuditLogs
+      def initialize(http)
+        @http = http
+      end
+      def list(**params)
+        Models::Paginator.new(http: @http, path: '/v1/audit', params: params)
+      end
+    end
+  end
+end

data/lib/certynix/resources/trust_score.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class TrustScore
+      def initialize(http)
+        @http = http
+      end
+      def get
+        @http.get('/v1/trust-score')
+      end
+    end
+  end
+end

data/lib/certynix/resources/verify.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class Verify
+      def initialize(http)
+        @http = http
+      end
+      # Verificação pública por hash SHA-256 — sem autenticação.
+      def by_hash(hash)
+        @http.get_public("/v1/verify/#{URI.encode_www_form_component(hash)}")
+      end
+      # Verificação pública por asset ID — sem autenticação.
+      def by_asset_id(id)
+        @http.get_public("/v1/verify/#{URI.encode_www_form_component(id)}")
+      end
+      # Verificação pública por hash via POST — sem autenticação.
+      def by_hash_post(hash)
+        @http.post_public('/v1/verify', { hash_sha256: hash })
+      end
+    end
+  end
+end

data/lib/certynix/resources/webhooks.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module Certynix
+  module Resources
+    class Webhooks
+      def initialize(http)
+        @http = http
+      end
+      def create(url:, events: nil)
+        body = { url: url }
+        body[:events] = events if events
+        @http.post('/v1/webhooks', body)
+      end
+      def list(**params)
+        Models::Paginator.new(http: @http, path: '/v1/webhooks', params: params)
+      end
+      def update(id, url: nil, events: nil, active: nil)
+        body = {}
+        body[:url]    = url    if url
+        body[:events] = events if events
+        body[:active] = active unless active.nil?
+        @http.put("/v1/webhooks/#{URI.encode_www_form_component(id)}", body)
+      end
+      def delete(id)
+        @http.delete("/v1/webhooks/#{URI.encode_www_form_component(id)}")
+      end
+      def list_deliveries(id, **params)
+        Models::Paginator.new(
+          http: @http,
+          path: "/v1/webhooks/#{URI.encode_www_form_component(id)}/deliveries",
+          params: params
+        )
+      end
+    end
+  end
+end

data/lib/certynix/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module Certynix
+  VERSION = '1.0.0'
+end

data/lib/certynix/webhooks.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+require 'openssl'
+require 'json'
+module Certynix
+  # Utilitários para validação de assinatura de webhooks Certynix.
+  module Webhooks
+    TOLERANCE_SECONDS = 300 # 5 minutos
+    # Valida a assinatura HMAC-SHA256 de um delivery de webhook.
+    #
+    # CRÍTICO: raw_body deve ser o body bruto ANTES de qualquer JSON.parse.
+    # Usa OpenSSL.secure_compare (Ruby 2.7+) para constant-time comparison.
+    #
+    # @param raw_body  [String] body bruto do request
+    # @param signature [String] valor do header X-Certynix-Signature
+    # @param secret    [String] signing secret do webhook
+    # @return [Hash]   { type:, payload:, timestamp: }
+    # @raise [WebhookSignatureError] se a assinatura for inválida
+    # @raise [WebhookReplayError]    se o timestamp for > 5 minutos
+    def self.validate_signature(raw_body:, signature:, secret:)
+      # 1. Parse: "t=timestamp,v1=hash"
+      timestamp = nil
+      hash      = nil
+      signature.split(',').each do |part|
+        timestamp = part[2..] if part.start_with?('t=')
+        hash      = part[3..] if part.start_with?('v1=')
+      end
+      if timestamp.nil? || timestamp.empty? || hash.nil? || hash.empty?
+        raise WebhookSignatureError, 'Invalid signature format: expected t=timestamp,v1=hash'
+      end
+      # 2. Anti-replay
+      ts   = timestamp.to_i
+      diff = (Time.now.to_i - ts).abs
+      if diff > TOLERANCE_SECONDS
+        raise WebhookReplayError, "Webhook timestamp is #{diff}s old — exceeds #{TOLERANCE_SECONDS}s tolerance"
+      end
+      # 3. Calcular HMAC-SHA256("{timestamp}.{raw_body}")
+      expected = OpenSSL::HMAC.hexdigest('SHA256', secret, "#{timestamp}.#{raw_body}")
+      # 4. Constant-time comparison
+      unless OpenSSL.secure_compare(expected, hash)
+        raise WebhookSignatureError, 'Webhook signature mismatch'
+      end
+      # 5. Parse payload
+      begin
+        payload = JSON.parse(raw_body, symbolize_names: true)
+      rescue JSON::ParserError
+        raise WebhookSignatureError, 'Failed to parse webhook payload as JSON'
+      end
+      {
+        type:      payload[:type].to_s,
+        payload:   payload,
+        timestamp: ts,
+      }
+    end
+  end
+end

data/lib/certynix.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'certynix/version'
+require 'certynix/errors'
+require 'certynix/config'
+require 'certynix/http_client'
+require 'certynix/webhooks'
+require 'certynix/models/paginator'
+require 'certynix/resources/assets'
+require 'certynix/resources/verify'
+require 'certynix/resources/webhooks'
+require 'certynix/resources/alerts'
+require 'certynix/resources/api_keys'
+require 'certynix/resources/audit_logs'
+require 'certynix/resources/trust_score'
+require 'certynix/client'

metadata ADDED Viewed

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: certynix
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Certynix
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-03-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-retry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.23'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.23'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.2'
+description: Register, certify and verify digital assets with Certynix Trust Infrastructure
+email:
+- sdk@certynix.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- lib/certynix.rb
+- lib/certynix/client.rb
+- lib/certynix/config.rb
+- lib/certynix/errors.rb
+- lib/certynix/http_client.rb
+- lib/certynix/models/paginator.rb
+- lib/certynix/resources/alerts.rb
+- lib/certynix/resources/api_keys.rb
+- lib/certynix/resources/assets.rb
+- lib/certynix/resources/audit_logs.rb
+- lib/certynix/resources/trust_score.rb
+- lib/certynix/resources/verify.rb
+- lib/certynix/resources/webhooks.rb
+- lib/certynix/version.rb
+- lib/certynix/webhooks.rb
+homepage: https://certynix.com
+licenses:
+- Proprietary
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: Official Ruby SDK for Certynix Trust Infrastructure API
+test_files: []