console1984 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/console1984/command_validator/.command_parser.rb +1 -1
  3. data/lib/console1984/engine.rb +4 -0
  4. data/lib/console1984/ext/active_record/protected_auditable_tables.rb +9 -1
  5. data/lib/console1984/query_auditor.rb +40 -0
  6. data/lib/console1984/version.rb +1 -1
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3bcb1c5436456f551d695a6b3ffdf284959846303adf6afaaee8fe0ff66ecb6e
4
- data.tar.gz: 317f00e5e0c25b8f2e18876782872cc7288df2038c25139538c98c1e77dbeb85
3
+ metadata.gz: 62a1a63354e44bfc19ab3ca033e14a44505c55832aa150ae1fc11b77b8d01919
4
+ data.tar.gz: beef047a7ec407f4fac7d08601a7522689d2cb0365d186447a4f4bbf0f06ebfe
5
5
  SHA512:
6
- metadata.gz: 0a9fc5c6bb7c6c36580dfae29f4cfaadbc18930d11061a77609bbec85c9a3b44131e873bc347e04f7db2b8ce7dc2d239c9d18a74cedcde14dcb28858697e7c86
7
- data.tar.gz: fb53e1d21f930e80b4d05a77a2e3b2eeed5eb7af22fd242874452cce10b141e65e4f4b7eda3a22a2d52335d7aeed923d22c6732905587f0890d1cfcb630cd78d
6
+ metadata.gz: 925ef9d2ec34d823fe1ed7714164ca6ef7842e91f952c8746fdc60d53d8e5e7a9870a0b0883c702f5d5f7f26f653251f09325814bac8b504a8d40de2eab2b67a
7
+ data.tar.gz: a362cb02f0499406b7aea4e9e415265ceabefe9aaeb4661fe6097789252c746a4fd52d8faad4aaed56b7c5b48abefc1045cc539cf605077327300ec9d1b94483
data/lib/console1984/command_validator/.command_parser.rb CHANGED
@@ -56,7 +56,7 @@ class Console1984::CommandValidator::CommandParser < ::Parser::AST::Processor
56
56
 
57
57
  def on_casgn(node)
58
58
  super
59
- scope_node, name, value_node = *node
59
+ _, _, value_node = *node
60
60
  @constant_assignments.push(*extract_constants(value_node))
61
61
  end
62
62
 
data/lib/console1984/engine.rb CHANGED
@@ -24,5 +24,9 @@ module Console1984
24
24
  Console1984.supervisor.start
25
25
  end
26
26
  end
27
+
28
+ initializer "console1984.query_auditor" do
29
+ Console1984::QueryAuditor.install
30
+ end
27
31
  end
28
32
  end
data/lib/console1984/ext/active_record/protected_auditable_tables.rb CHANGED
@@ -5,7 +5,7 @@ module Console1984::Ext::ActiveRecord::ProtectedAuditableTables
5
5
  %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
6
6
  define_method method do |*args, **kwargs|
7
7
  sql = args.first
8
- if Console1984.command_executor.executing_user_command? && sql.b =~ auditable_tables_regexp
8
+ if Console1984.command_executor.executing_user_command? && auditable_sql(sql) =~ auditable_tables_regexp
9
9
  raise Console1984::Errors::ForbiddenCommandAttempted, "#{sql}"
10
10
  else
11
11
  super(*args, **kwargs)
@@ -14,6 +14,14 @@ module Console1984::Ext::ActiveRecord::ProtectedAuditableTables
14
14
  end
15
15
 
16
16
  private
17
+ # exec_insert_all receives an ActiveRecord::InsertAll, not a SQL string, so
18
+ # #b is undefined on it. Check its target table name instead, so insert_all
19
+ # and upsert_all don't blow up when run from the console.
20
+ def auditable_sql(sql)
21
+ string = sql.is_a?(String) ? sql : (sql.try(:model)&.table_name || sql.to_s)
22
+ string.b
23
+ end
24
+
17
25
  def auditable_tables_regexp
18
26
  @auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
19
27
  end
data/lib/console1984/query_auditor.rb ADDED
@@ -0,0 +1,40 @@
1
+ class Console1984::QueryAuditor
2
+ mattr_accessor :known_agents, default: {
3
+ "CLAUDECODE" => "Claude Code",
4
+ "CODEX_THREAD_ID" => "Codex"
5
+ }
6
+
7
+ def self.install
8
+ ActiveSupport::Notifications.subscribe("query.rails", new)
9
+ end
10
+
11
+ def start(name, id, payload)
12
+ return unless Console1984.running_protected_environment?
13
+
14
+ Console1984.session_logger.start_session(resolved_username, session_reason)
15
+ Console1984.session_logger.before_executing([ payload[:expression].to_s ])
16
+ end
17
+
18
+ def finish(name, id, payload)
19
+ return unless Console1984.running_protected_environment?
20
+
21
+ Console1984.session_logger.finish_session
22
+ end
23
+
24
+ private
25
+ def resolved_username
26
+ Console1984.username_resolver.current.presence || "unknown"
27
+ end
28
+
29
+ def session_reason
30
+ if agent = detected_agent
31
+ "rails query (via #{agent})"
32
+ else
33
+ "rails query"
34
+ end
35
+ end
36
+
37
+ def detected_agent
38
+ known_agents.find { |var, _| ENV[var].present? }&.last
39
+ end
40
+ end
data/lib/console1984/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Console1984
2
- VERSION = "0.2.3"
2
+ VERSION = "0.2.4"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: console1984
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 0.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jorge Manrubia
@@ -275,6 +275,7 @@ files:
275
275
  - lib/console1984/input_output.rb
276
276
  - lib/console1984/messages.rb
277
277
  - lib/console1984/protections_config.rb
278
+ - lib/console1984/query_auditor.rb
278
279
  - lib/console1984/refrigerator.rb
279
280
  - lib/console1984/sessions_logger/database.rb
280
281
  - lib/console1984/shield.rb
@@ -309,7 +310,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
309
310
  - !ruby/object:Gem::Version
310
311
  version: '0'
311
312
  requirements: []
312
- rubygems_version: 3.6.9
313
+ rubygems_version: 4.0.3
313
314
  specification_version: 4
314
315
  summary: Your Rails console, 1984 style
315
316
  test_files: []