column_anonymizer 0.1.0

data/README.md

@@ -0,0 +1,389 @@
+# Column Anonymizer
+
+A Rails gem for intelligently anonymizing encrypted data with YAML-based configuration.
+
+## Features
+
+- 🔒 **Seamless Rails Integration**: Works with Rails 7+ Active Record Encryption
+- 📝 **YAML-Based Configuration**: Centralized, version-controlled column type definitions
+- 🔍 **Automatic Model Scanner**: Discovers encrypted columns automatically
+- 🧠 **Intelligent Type Guessing**: Smart detection of data types from column names
+- 🎨 **Built-in Generators**: Pre-configured anonymizers for common data types
+- 🔄 **Safe Merging**: Updates config without overwriting existing entries
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'column_anonymizer'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+Or install from source:
+
+```bash
+cd column_anonymizer
+gem build column_anonymizer.gemspec
+gem install column_anonymizer-0.1.0.gem
+```
+
+## Quick Start
+
+### 1. Install Configuration File
+
+```bash
+rails generate column_anonymizer:install
+```
+
+This creates `config/encrypted_columns.yml`.
+
+### 2. Scan Your Models (Recommended)
+
+Automatically discover encrypted columns:
+
+```bash
+rails generate column_anonymizer:scan
+```
+
+Or install and scan in one step:
+
+```bash
+rails generate column_anonymizer:install --scan
+```
+
+### 3. Use Standard Rails Encryption
+
+```ruby
+class User < ApplicationRecord
+  encrypts :email
+  encrypts :phone_number
+  encrypts :ssn
+end
+```
+
+### 4. Anonymize Data
+
+```ruby
+user = User.first
+ColumnAnonymizer::Anonymizer.anonymize_model!(user)
+
+# email becomes: user_a1b2c3d4@example.com
+# phone_number becomes: +15551234567
+# ssn becomes: 123-45-6789
+```
+
+## Automatic Model Scanning
+
+The scan generator intelligently discovers all encrypted columns in your models:
+
+```bash
+rails generate column_anonymizer:scan
+```
+
+**Output:**
+```
+🔍 Scanning models for encrypted attributes...
+   ➕ Adding User.email as 'email'
+   ➕ Adding User.phone as 'phone'
+   ➕ Adding User.ssn as 'ssn'
+✅ Scanned 1 model(s) with encrypted attributes
+📝 Appended 3 new column(s) to config/encrypted_columns.yml
+   User: email, phone, ssn
+```
+
+### Append-Only Updates 🎯
+
+The scanner **preserves your existing file structure**:
+- ✅ Comments and custom formatting maintained
+- ✅ Only new entries added (minimal git diffs)
+- ✅ Existing configuration never modified
+- ✅ New columns inserted under their model
+- ✅ New models appended at the end
+
+Perfect for team environments where the YAML file has custom organization!
+
+### Intelligent Type Guessing
+
+The scanner automatically detects appropriate anonymization types:
+
+| Column Name Pattern | Detected Type | Example Output |
+|---------------------|---------------|----------------|
+| `email` | `:email` | `user_a1b2c3d4@example.com` |
+| `phone`, `mobile`, `cell` | `:phone` | `+15551234567` |
+| `ssn`, `social_security` | `:ssn` | `123-45-6789` |
+| `first_name`, `fname` | `:first_name` | `John`, `Jane` |
+| `last_name`, `surname` | `:last_name` | `Smith`, `Johnson` |
+| `name`, `full_name` | `:name` | `Anonymous User abc123` |
+| `address`, `street` | `:address` | `1234 Anonymous St` |
+| `password`, `token` | `:text` | `Anonymized text abc123` |
+
+### Safe Configuration Updates
+
+Re-running the scanner **only adds new entries** without modifying existing ones:
+
+```bash
+rails generate column_anonymizer:scan
+```
+
+**Output:**
+```
+🔍 Scanning models for encrypted attributes...
+   ℹ️  Skipping User.email (already configured as 'email')
+   ℹ️  Skipping User.phone (already configured as 'phone')
+   ➕ Adding User.date_of_birth as 'text'
+```
+
+**What gets preserved:**
+- ✅ Your comments in the YAML file
+- ✅ Custom formatting and indentation
+- ✅ Order of existing entries
+- ✅ Manual type overrides
+
+The scanner intelligently:
+- Inserts new columns under their existing model
+- Appends new models at the end of the file
+- Never regenerates or reformats existing content
+
+## Manual Configuration
+
+You can also manually edit `config/encrypted_columns.yml`:
+
+```yaml
+User:
+  email: email
+  phone_number: phone
+  ssn: ssn
+  first_name: first_name
+  last_name: last_name
+  date_of_birth: text
+
+Patient:
+  medical_record_number: text
+  emergency_contact_phone: phone
+  
+CreditCard:
+  card_number: text
+  cvv: text
+  cardholder_name: name
+```
+
+## Built-in Anonymization Types
+
+| Type | Example Output | Use Case |
+|------|----------------|----------|
+| `:email` | `user_a1b2c3d4@example.com` | Email addresses |
+| `:phone` | `+15551234567` | Phone numbers |
+| `:ssn` | `123-45-6789` | Social Security Numbers |
+| `:name` | `Anonymous User abc123` | Full names |
+| `:first_name` | `John`, `Jane`, `Alex` | First names |
+| `:last_name` | `Smith`, `Johnson`, `Williams` | Last names |
+| `:address` | `1234 Anonymous St, City, ST 12345` | Full addresses |
+| `:text` | `Anonymized text a1b2c3d4` | Generic text |
+
+## Custom Anonymization Types 🎨
+
+Define your own custom anonymization generators for domain-specific data:
+
+```bash
+# Generate initializer for custom generators
+rails generate column_anonymizer:initializer
+```
+
+Then register your custom types:
+
+```ruby
+# config/initializers/column_anonymizer.rb
+
+ColumnAnonymizer::Anonymizer.register(:credit_card) do
+  "XXXX-XXXX-XXXX-#{rand(1000..9999)}"
+end
+
+ColumnAnonymizer::Anonymizer.register(:employee_id) do
+  "EMP-#{Time.now.year}-#{rand(10000..99999)}"
+end
+```
+
+Use them in your config:
+
+```yaml
+# config/encrypted_columns.yml
+User:
+  credit_card_number: credit_card  # Custom type!
+  employee_number: employee_id     # Custom type!
+```
+
+**See [CUSTOM_GENERATORS_GUIDE.md](CUSTOM_GENERATORS_GUIDE.md) for complete documentation and examples.**
+
+## Usage Examples
+
+### Anonymize a Single Model
+
+```ruby
+user = User.find(123)
+ColumnAnonymizer::Anonymizer.anonymize_model!(user)
+user.reload
+
+puts user.email  # => "user_abc12345@example.com"
+puts user.phone  # => "+15551234567"
+puts user.ssn    # => "123-45-6789"
+```
+
+### Anonymize All Records
+
+```ruby
+User.find_each do |user|
+  ColumnAnonymizer::Anonymizer.anonymize_model!(user)
+end
+```
+
+### Anonymize Specific Records
+
+```ruby
+# Anonymize users from a specific date range
+User.where("created_at < ?", 1.year.ago).find_each do |user|
+  ColumnAnonymizer::Anonymizer.anonymize_model!(user)
+end
+```
+
+### Bulk Anonymization with Rake Tasks 🚀
+
+The gem includes powerful Rake tasks for bulk anonymization:
+
+```bash
+# Anonymize all models and all records
+rake column_anonymizer:anonymize_all
+
+# Anonymize a specific model
+rake column_anonymizer:anonymize_model[User]
+
+# Anonymize records matching a condition
+rake column_anonymizer:anonymize_where[User,'created_at < "2023-01-01"']
+
+# Preview what will be anonymized (dry run)
+rake column_anonymizer:preview
+
+# Show statistics
+rake column_anonymizer:stats
+```
+
+**Example Output:**
+```
+📋 Processing User...
+   Columns: email, phone, ssn
+   Records: 1,523
+   ✅ Anonymized 1,523 record(s)
+
+🎉 Anonymization complete!
+   Total records anonymized: 1,523
+```
+
+**See [RAKE_TASKS_GUIDE.md](RAKE_TASKS_GUIDE.md) for complete documentation.**
+
+### Custom Rake Task
+
+You can also create your own tasks:
+
+```ruby
+# lib/tasks/anonymize.rake
+namespace :data do
+  desc "Anonymize old user data"
+  task anonymize_old_users: :environment do
+    count = 0
+    User.where("created_at < ?", 2.years.ago).find_each do |user|
+      ColumnAnonymizer::Anonymizer.anonymize_model!(user)
+      count += 1
+    end
+    puts "Anonymized #{count} users"
+  end
+end
+```
+
+Then run:
+
+```bash
+rails data:anonymize_old_users
+```
+
+## Development & Testing
+
+### Reload Schema in Console
+
+```ruby
+# In Rails console
+ColumnAnonymizer::SchemaLoader.reload_schema!
+User.reload_encrypted_columns_metadata!
+```
+
+### Check Current Configuration
+
+```ruby
+# View metadata for a model
+User.encrypted_columns_metadata
+# => {:email=>:email, :phone=>:phone, :ssn=>:ssn}
+
+# View all loaded schema
+ColumnAnonymizer::SchemaLoader.load_schema
+# => {"User"=>{"email"=>"email", "phone"=>"phone", "ssn"=>"ssn"}}
+```
+
+## Generator Commands
+
+| Command | Description |
+|---------|-------------|
+| `rails generate column_anonymizer:install` | Create config file |
+| `rails generate column_anonymizer:install --scan` | Install and scan models |
+| `rails generate column_anonymizer:scan` | Scan models and update config |
+| `rails generate column_anonymizer:initializer` | Create initializer for custom generators |
+
+## Configuration File
+
+The gem expects a YAML file at `config/encrypted_columns.yml`:
+
+```yaml
+# Format: ModelName -> column_name -> anonymization_type
+User:
+  email: email
+  phone: phone
+  ssn: ssn
+
+Patient:
+  medical_record_number: text
+  emergency_contact_phone: phone
+```
+
+## Why YAML Configuration?
+
+✅ **Centralized**: All column types in one file  
+✅ **Version Controlled**: Track changes in git  
+✅ **No Code Changes**: Use standard Rails `encrypts`  
+✅ **Easy Updates**: Modify types without touching models  
+✅ **Automatic Discovery**: Scan feature populates config  
+✅ **Team Friendly**: Clear overview of all encrypted data  
+
+## Requirements
+
+- Ruby 2.7+
+- Rails 7.0+
+- Active Record Encryption enabled
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Support
+
+For issues, questions, or contributions, please visit the [GitHub repository](https://github.com/hunter-kendall/column_anonymizer).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/SCAN_GENERATOR_TEST.md

@@ -0,0 +1,141 @@
+# Test Script for Scan Generator
+
+This document describes how to test the scan generator.
+
+## Setup Test Rails App
+
+```bash
+# Create a test Rails app
+rails new test_app --skip-bundle
+cd test_app
+
+# Add the gem to Gemfile
+echo "gem 'column_anonymizer', path: '/Users/hkend/Documents/column_anonymizer'" >> Gemfile
+bundle install
+
+# Install the gem
+rails generate column_anonymizer:install
+```
+
+## Create Test Models
+
+```bash
+# Create some test models with encrypted attributes
+rails generate model User email:string phone:string ssn:string
+rails generate model Patient medical_record_number:string emergency_contact_phone:string
+
+# Add encrypts calls to models
+```
+
+Edit `app/models/user.rb`:
+```ruby
+class User < ApplicationRecord
+  encrypts :email
+  encrypts :phone
+  encrypts :ssn
+end
+```
+
+Edit `app/models/patient.rb`:
+```ruby
+class Patient < ApplicationRecord
+  encrypts :medical_record_number
+  encrypts :emergency_contact_phone
+end
+```
+
+## Test the Scanner
+
+```bash
+# Run the scan generator
+rails generate column_anonymizer:scan
+```
+
+Expected output:
+```
+🔍 Scanning models for encrypted attributes...
+   ➕ Adding User.email as 'email'
+   ➕ Adding User.phone as 'phone'
+   ➕ Adding User.ssn as 'ssn'
+   ➕ Adding Patient.medical_record_number as 'text'
+   ➕ Adding Patient.emergency_contact_phone as 'phone'
+✅ Scanned 2 model(s) with encrypted attributes
+📝 Updated config/encrypted_columns.yml
+   User: email, phone, ssn
+   Patient: medical_record_number, emergency_contact_phone
+```
+
+## Verify Config File
+
+```bash
+cat config/encrypted_columns.yml
+```
+
+Expected content:
+```yaml
+---
+User:
+  email: email
+  phone: phone
+  ssn: ssn
+Patient:
+  medical_record_number: text
+  emergency_contact_phone: phone
+```
+
+## Test Re-running Scanner
+
+```bash
+# Run again to verify it doesn't overwrite existing entries
+rails generate column_anonymizer:scan
+```
+
+Expected output:
+```
+🔍 Scanning models for encrypted attributes...
+   ℹ️  Skipping User.email (already configured as 'email')
+   ℹ️  Skipping User.phone (already configured as 'phone')
+   ℹ️  Skipping User.ssn (already configured as 'ssn')
+   ℹ️  Skipping Patient.medical_record_number (already configured as 'text')
+   ℹ️  Skipping Patient.emergency_contact_phone (already configured as 'phone')
+✅ Scanned 2 model(s) with encrypted attributes
+📝 Updated config/encrypted_columns.yml
+   User: email, phone, ssn
+   Patient: medical_record_number, emergency_contact_phone
+```
+
+## Test Install with Scan
+
+```bash
+# Remove config file
+rm config/encrypted_columns.yml
+
+# Install and scan in one step
+rails generate column_anonymizer:install --scan
+```
+
+## Test Patterns
+
+The scanner should detect these patterns correctly:
+
+| Model Attribute | Expected Type |
+|----------------|---------------|
+| `email` | `email` |
+| `phone`, `mobile_phone`, `cell_phone` | `phone` |
+| `ssn`, `social_security_number` | `ssn` |
+| `first_name` | `first_name` |
+| `last_name`, `surname` | `last_name` |
+| `full_name`, `name` | `name` |
+| `address`, `street_address` | `address` |
+| `credit_card_number` | `text` |
+| `password_digest` | `text` |
+| `api_token` | `text` |
+
+## Success Criteria
+
+- ✅ Scanner finds all models with `encrypts` calls
+- ✅ Type guessing works correctly for common column names
+- ✅ Existing config entries are preserved (not overwritten)
+- ✅ Multiple attributes in single `encrypts` call are detected
+- ✅ Config file has valid YAML format
+- ✅ Install with `--scan` works in one step