clamo 0.7.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 410f469e07b16f8273149b1eded89c94692a91c8b41cd7c47642e897ca8d97fb
-  data.tar.gz: 2d6be4be393cfd70d5bf22109943b7735de5ca0abe93b65a888fe1a372640faa
+  metadata.gz: e1a61a818aab987fe6d621d2f3bf642fd7993044933b0b258f2a515d896bb7a5
+  data.tar.gz: b68b313c737400cda3d739902d1d2d498a2d28344cf9cc0afc5c8b481850bcb5
 SHA512:
-  metadata.gz: 385175b28fea11461b35a98860a6b8099bd9c88bc8dfef4f2603dc911a3d9e1709b51343d2b22ebb524ffc82aa03de7d8886a50b078c258d5fe28ec897a17296
-  data.tar.gz: 0c37f0971e24855610a91c8687d8e55ff32a03accf1effc73b6a1090118b46e3d78ffd9f0a7531418aa97a3154969bf7fb4d2dd0da9dc0cfe1b2b7aa94778cda
+  metadata.gz: b2a1ac30f5f40c035d683d54a36c0164ea24dc56b8ca9af694de499862732faf22cc572029e6bfac1f05413c4d4cf56a737b9b29af96b870fcf23eee5305e756
+  data.tar.gz: ccb5a26f16ab0492e3d77e27eeed648e26b6fdcb9bda59c37a264cc3e419ba45a77bede078863e9ea18dface1f9f5c0be13a1629e6b37d4a8fb2da2f8cc291b4

data/.rubocop.yml

@@ -11,6 +11,9 @@ Metrics/ModuleLength:
 Metrics/ClassLength:
   Enabled: false
 
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+
 Style/Documentation:
   Enabled: false
 

data/CHANGELOG.md

@@ -4,6 +4,36 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [0.9.0] - 2026-03-14
+
+### Changed
+
+- **Breaking:** All response and request builder hashes now use string keys (`"jsonrpc"`, `"result"`, `"id"`, `"error"`) instead of symbol keys. This makes the entire pipeline consistent — `JSON.parse` produces string keys, `normalize_request_keys` uses string keys, and now responses match. Callers using the lower-level `parsed_dispatch_to_object` or `unparsed_dispatch_to_object` must update hash access from `response[:result]` to `response["result"]`. The `handle` method (JSON string in/out) is unaffected.
+- `after_dispatch` hook now receives the actual return value for notifications. Previously always passed `nil`; now passes the value returned by the dispatched method.
+
+### Fixed
+
+- **Security:** `method_known?` no longer exposes inherited `Module` methods (`define_method`, `class_eval`, `const_set`, `freeze`, `include`, and 55 others) on module-based service objects. The previous `public_methods(false)` implementation included these; the new `public_method_defined?` check restricts dispatch to methods explicitly defined on the service object.
+
+### Internal
+
+- `method_known?` replaced array-allocating `public_methods(false).map(&:to_sym).include?` with zero-allocation `public_method_defined?` lookups. Handles both module targets (singleton class) and class instance targets (class + singleton class).
+
+## [0.8.0] - 2026-03-14
+
+### Added
+
+- `before_dispatch` and `after_dispatch` hooks — run around every method call (requests and notifications). Raise in `before_dispatch` to halt execution; `after_dispatch` fires only on success with `(method, params, result)`.
+- Per-call configuration — `timeout`, `on_error`, `before_dispatch`, and `after_dispatch` can be passed as keyword arguments to `handle`, `unparsed_dispatch_to_object`, and `parsed_dispatch_to_object`, overriding module-level defaults.
+- `Clamo::Server::Config` — immutable `Data` struct that snapshots configuration at the start of each dispatch, eliminating race conditions from concurrent mutations to module-level settings.
+
+### Changed
+
+- Internal error responses no longer include `e.message` in the `data` field, preventing leakage of internal details to clients. Exceptions are routed through `on_error` instead.
+- `parsed_dispatch_to_object` normalizes request keys to strings at the boundary, fixing silent dispatch failures when callers pass symbol-key hashes.
+- `on_error` is now called for request dispatch errors (previously only for notification errors).
+- Test suite expanded to 95 tests / 138 assertions.
+
 ## [0.7.0] - 2026-03-14
 
 ### Added

data/README.md

@@ -43,7 +43,7 @@ response = Clamo::Server.unparsed_dispatch_to_object(
   request: '{"jsonrpc": "2.0", "method": "add", "params": [1, 2], "id": 1}',
   object: MyService
 )
-# => {jsonrpc: "2.0", result: 3, id: 1}
+# => {"jsonrpc" => "2.0", "result" => 3, "id" => 1}
 
 # From a pre-parsed hash
 response = Clamo::Server.parsed_dispatch_to_object(
@@ -82,7 +82,7 @@ batch_response = Clamo::Server.unparsed_dispatch_to_object(
 )
 
 puts batch_response
-# => [{jsonrpc: "2.0", result: 3, id: 1}, {jsonrpc: "2.0", result: 2, id: 2}]
+# => [{"jsonrpc" => "2.0", "result" => 3, "id" => 1}, {"jsonrpc" => "2.0", "result" => 2, "id" => 2}]
 ```
 
 ### Notifications
@@ -112,7 +112,7 @@ request = Clamo::JSONRPC.build_request(
 )
 
 puts request
-# => {jsonrpc: "2.0", method: "add", params: [1, 2], id: 1}
+# => {"jsonrpc" => "2.0", "method" => "add", "params" => [1, 2], "id" => 1}
 ```
 
 ## Error Handling
@@ -141,7 +141,7 @@ Clamo::Server.timeout = nil # disable timeout
 
 ### Error Callback
 
-Notifications don't return responses, so errors during notification dispatch are silent by default. Use `on_error` to capture them:
+Errors during dispatch are reported through `on_error`. Notifications are silent by default (no response is sent); requests return a generic `-32603 Internal error` without leaking exception details. Use `on_error` to capture the full exception for logging:
 
 ```ruby
 Clamo::Server.on_error = ->(exception, method, params) {
@@ -149,6 +149,37 @@ Clamo::Server.on_error = ->(exception, method, params) {
 }
 ```
 
+### Dispatch Hooks
+
+`before_dispatch` and `after_dispatch` run around every method call (requests and notifications). Raise in `before_dispatch` to halt execution:
+
+```ruby
+Clamo::Server.before_dispatch = ->(method, params) {
+  raise "unauthorized" unless allowed?(method)
+}
+
+Clamo::Server.after_dispatch = ->(method, params, result) {
+  Rails.logger.info("#{method} completed")
+}
+```
+
+### Per-Call Configuration
+
+All configuration options can be overridden per-call. Module-level settings serve as defaults:
+
+```ruby
+Clamo::Server.handle(
+  request: body,
+  object: MyService,
+  timeout: 5,
+  on_error: ->(e, method, params) { MyLogger.error(e) },
+  before_dispatch: ->(method, params) { authorize!(method) },
+  after_dispatch: ->(method, params, result) { track(method) }
+)
+```
+
+Per-call config is snapshotted at the start of each dispatch, so concurrent mutations to module-level settings cannot affect in-flight requests.
+
 ## Advanced Features
 
 ### Parallel Processing

data/lib/clamo/jsonrpc.rb

@@ -35,26 +35,26 @@ module Clamo
 
         validate_params_type!(opts[:params]) if opts.key?(:params)
 
-        { jsonrpc: "2.0", method: opts[:method] }
-          .then { |r| opts.key?(:params) ? r.merge(params: opts[:params]) : r }
-          .then { |r| opts.key?(:id) ? r.merge(id: opts[:id]) : r }
+        { "jsonrpc" => "2.0", "method" => opts[:method] }
+          .then { |r| opts.key?(:params) ? r.merge("params" => opts[:params]) : r }
+          .then { |r| opts.key?(:id) ? r.merge("id" => opts[:id]) : r }
       end
 
       def build_result_response(id:, result:)
-        { jsonrpc: "2.0", result: result, id: id }
+        { "jsonrpc" => "2.0", "result" => result, "id" => id }
       end
 
       def build_error_response(**opts)
         raise ArgumentError, "error code is required" unless opts.dig(:error, :code)
         raise ArgumentError, "error message is required" unless opts.dig(:error, :message)
 
-        { jsonrpc: "2.0",
-          id: opts[:id],
-          error: {
-            code: opts.dig(:error, :code),
-            message: opts.dig(:error, :message),
-            data: opts.dig(:error, :data)
-          }.reject { |k, _| k == :data && !opts[:error].key?(:data) } }
+        { "jsonrpc" => "2.0",
+          "id" => opts[:id],
+          "error" => {
+            "code" => opts.dig(:error, :code),
+            "message" => opts.dig(:error, :message),
+            "data" => opts.dig(:error, :data)
+          }.reject { |k, _| k == "data" && !opts[:error].key?(:data) } }
       end
 
       def build_error_response_from(descriptor:, id: nil)

data/lib/clamo/server.rb

@@ -6,20 +6,13 @@ require "timeout"
 
 module Clamo
   module Server
-    class << self
-      # Global error callback for notification failures.
-      # This is module-level state shared across all callers.
-      # Set to any callable (lambda, method, proc) that accepts (exception, method, params).
-      #
-      #   Clamo::Server.on_error = ->(e, method, params) { Rails.logger.error(e) }
-      #
-      attr_accessor :on_error
+    Config = Data.define(:timeout, :on_error, :before_dispatch, :after_dispatch)
 
-      # Maximum seconds allowed for a single method dispatch. Defaults to 30.
-      # Set to nil to disable.
-      #
-      #   Clamo::Server.timeout = 10
-      #
+    class << self
+      # Module-level defaults. These are snapshotted at the start of each
+      # dispatch call, so mutations mid-request do not affect in-flight work.
+      # All four can be overridden per-call via keyword arguments.
+      attr_accessor :on_error, :before_dispatch, :after_dispatch
       attr_writer :timeout
 
       def timeout
@@ -53,18 +46,41 @@ module Clamo
         parsed_dispatch_to_object(request: parsed, object: object, **)
       end
 
-      def parsed_dispatch_to_object(request:, object:, **opts)
+      def parsed_dispatch_to_object(request:, object:,
+                                    timeout: self.timeout,
+                                    on_error: self.on_error,
+                                    before_dispatch: self.before_dispatch,
+                                    after_dispatch: self.after_dispatch,
+                                    **opts)
         raise ArgumentError, "object is required" unless object
 
-        response_for(request: request, object: object, **opts) do |method, params|
+        request = normalize_request_keys(request)
+        config = Config.new(timeout: timeout, on_error: on_error,
+                            before_dispatch: before_dispatch, after_dispatch: after_dispatch)
+
+        response_for(request: request, object: object, config: config, **opts) do |method, params|
           dispatch_to_ruby(object: object, method: method, params: params)
         end
       end
 
       private
 
+      def normalize_request_keys(request)
+        case request
+        when Hash  then request.transform_keys(&:to_s)
+        when Array then request.map { |r| r.is_a?(Hash) ? r.transform_keys(&:to_s) : r }
+        else request
+        end
+      end
+
       def method_known?(object:, method:)
-        object.public_methods(false).map(&:to_sym).include?(method.to_sym)
+        name = method.to_sym
+        if object.is_a?(Module)
+          object.singleton_class.public_method_defined?(name, false)
+        else
+          object.class.public_method_defined?(name, false) ||
+            object.singleton_class.public_method_defined?(name, false)
+        end
       end
 
       def dispatch_to_ruby(object:, method:, params:)
@@ -78,18 +94,18 @@ module Clamo
       # Extra keyword arguments (**) are forwarded to response_for_batch only,
       # where they become options for Parallel.map (e.g., in_processes: 4).
       # For single requests they are silently ignored.
-      def response_for(request:, object:, **, &block)
+      def response_for(request:, object:, config:, **, &block)
         case request
         when Array
-          response_for_batch(request: request, object: object, block: block, **)
+          response_for_batch(request: request, object: object, block: block, config: config, **)
         when Hash
-          response_for_single_request(request: request, object: object, block: block)
+          response_for_single_request(request: request, object: object, block: block, config: config)
         else
           JSONRPC.build_error_response_from(id: nil, descriptor: JSONRPC::ProtocolErrors::INVALID_REQUEST)
         end
       end
 
-      def response_for_single_request(request:, object:, block:)
+      def response_for_single_request(request:, object:, block:, config:)
         error = validate_request_structure(request)
         return error if error
 
@@ -97,23 +113,23 @@ module Clamo
           return request.key?("id") ? method_not_found_error(request) : nil
         end
 
-        return dispatch_notification(request, block) unless request.key?("id")
+        return dispatch_notification(request, block, config) unless request.key?("id")
 
-        dispatch_request(request, block)
+        dispatch_request(request, block, config)
       end
 
-      def response_for_batch(request:, object:, block:, **opts)
+      def response_for_batch(request:, object:, block:, config:, **opts)
         if request.empty?
           return JSONRPC.build_error_response_from(id: nil, descriptor: JSONRPC::ProtocolErrors::INVALID_REQUEST)
         end
 
         if request.size == 1
-          result = response_for_single_request(request: request.first, object: object, block: block)
+          result = response_for_single_request(request: request.first, object: object, block: block, config: config)
           return result ? [result] : nil
         end
 
         result = Parallel.map(request, **opts) do |item|
-          response_for_single_request(request: item, object: object, block: block)
+          response_for_single_request(request: item, object: object, block: block, config: config)
         end.compact
         result.empty? ? nil : result
       end
@@ -138,20 +154,33 @@ module Clamo
         JSONRPC.build_error_response_from(id: request["id"], descriptor: JSONRPC::ProtocolErrors::METHOD_NOT_FOUND)
       end
 
-      def dispatch_notification(request, block)
-        with_timeout { block.yield request["method"], request["params"] }
+      def dispatch_notification(request, block, config)
+        method = request["method"]
+        params = request["params"]
+        config.before_dispatch&.call(method, params)
+        result = with_timeout(config.timeout) { block.yield(method, params) }
+        config.after_dispatch&.call(method, params, result)
         nil
       rescue StandardError => e
-        on_error&.call(e, request["method"], request["params"])
+        config.on_error&.call(e, method, params)
         nil
       end
 
-      def dispatch_request(request, block)
-        JSONRPC.build_result_response(
-          id: request["id"],
-          result: with_timeout { block.yield(request["method"], request["params"]) }
-        )
+      def dispatch_request(request, block, config)
+        method = request["method"]
+        params = request["params"]
+        config.before_dispatch&.call(method, params)
+        result = with_timeout(config.timeout) { block.yield(method, params) }
+        config.after_dispatch&.call(method, params, result)
+        JSONRPC.build_result_response(id: request["id"], result: result)
       rescue Timeout::Error
+        timeout_error(request)
+      rescue StandardError => e
+        config.on_error&.call(e, method, params)
+        JSONRPC.build_error_response_from(id: request["id"], descriptor: JSONRPC::ProtocolErrors::INTERNAL_ERROR)
+      end
+
+      def timeout_error(request)
         JSONRPC.build_error_response(
           id: request["id"],
           error: {
@@ -160,20 +189,11 @@ module Clamo
             data: "Request timed out"
           }
         )
-      rescue StandardError => e
-        JSONRPC.build_error_response(
-          id: request["id"],
-          error: {
-            code: JSONRPC::ProtocolErrors::INTERNAL_ERROR.code,
-            message: JSONRPC::ProtocolErrors::INTERNAL_ERROR.message,
-            data: e.message
-          }
-        )
       end
 
-      def with_timeout(&block)
-        if timeout
-          Timeout.timeout(timeout, &block)
+      def with_timeout(seconds, &block)
+        if seconds
+          Timeout.timeout(seconds, &block)
         else
           block.call
         end

data/lib/clamo/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clamo
-  VERSION = "0.7.0"
+  VERSION = "0.9.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clamo
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Andriy Tyurnikov