RubyGems - e11y - Versions diffs - 0.1.0 - Mend

e11y 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

checksums.yaml +7 -0
data/.rspec +4 -0
data/.rubocop.yml +69 -0
data/CHANGELOG.md +26 -0
data/CODE_OF_CONDUCT.md +64 -0
data/LICENSE.txt +21 -0
data/README.md +179 -0
data/Rakefile +37 -0
data/benchmarks/run_all.rb +33 -0
data/config/README.md +83 -0
data/config/loki-local-config.yaml +35 -0
data/config/prometheus.yml +15 -0
data/docker-compose.yml +78 -0
data/docs/00-ICP-AND-TIMELINE.md +483 -0
data/docs/01-SCALE-REQUIREMENTS.md +858 -0
data/docs/ADR-001-architecture.md +2617 -0
data/docs/ADR-002-metrics-yabeda.md +1395 -0
data/docs/ADR-003-slo-observability.md +3337 -0
data/docs/ADR-004-adapter-architecture.md +2385 -0
data/docs/ADR-005-tracing-context.md +1372 -0
data/docs/ADR-006-security-compliance.md +4143 -0
data/docs/ADR-007-opentelemetry-integration.md +1385 -0
data/docs/ADR-008-rails-integration.md +1911 -0
data/docs/ADR-009-cost-optimization.md +2993 -0
data/docs/ADR-010-developer-experience.md +2166 -0
data/docs/ADR-011-testing-strategy.md +1836 -0
data/docs/ADR-012-event-evolution.md +958 -0
data/docs/ADR-013-reliability-error-handling.md +2750 -0
data/docs/ADR-014-event-driven-slo.md +1533 -0
data/docs/ADR-015-middleware-order.md +1061 -0
data/docs/ADR-016-self-monitoring-slo.md +1234 -0
data/docs/API-REFERENCE-L28.md +914 -0
data/docs/COMPREHENSIVE-CONFIGURATION.md +2366 -0
data/docs/IMPLEMENTATION_NOTES.md +2804 -0
data/docs/IMPLEMENTATION_PLAN.md +1971 -0
data/docs/IMPLEMENTATION_PLAN_ARCHITECTURE.md +586 -0
data/docs/PLAN.md +148 -0
data/docs/QUICK-START.md +934 -0
data/docs/README.md +296 -0
data/docs/design/00-memory-optimization.md +593 -0
data/docs/guides/MIGRATION-L27-L28.md +692 -0
data/docs/guides/PERFORMANCE-BENCHMARKS.md +434 -0
data/docs/guides/README.md +44 -0
data/docs/prd/01-overview-vision.md +440 -0
data/docs/use_cases/README.md +119 -0
data/docs/use_cases/UC-001-request-scoped-debug-buffering.md +813 -0
data/docs/use_cases/UC-002-business-event-tracking.md +1953 -0
data/docs/use_cases/UC-003-pattern-based-metrics.md +1627 -0
data/docs/use_cases/UC-004-zero-config-slo-tracking.md +728 -0
data/docs/use_cases/UC-005-sentry-integration.md +759 -0
data/docs/use_cases/UC-006-trace-context-management.md +905 -0
data/docs/use_cases/UC-007-pii-filtering.md +2648 -0
data/docs/use_cases/UC-008-opentelemetry-integration.md +1153 -0
data/docs/use_cases/UC-009-multi-service-tracing.md +1043 -0
data/docs/use_cases/UC-010-background-job-tracking.md +1018 -0
data/docs/use_cases/UC-011-rate-limiting.md +1906 -0
data/docs/use_cases/UC-012-audit-trail.md +2301 -0
data/docs/use_cases/UC-013-high-cardinality-protection.md +2127 -0
data/docs/use_cases/UC-014-adaptive-sampling.md +1940 -0
data/docs/use_cases/UC-015-cost-optimization.md +735 -0
data/docs/use_cases/UC-016-rails-logger-migration.md +785 -0
data/docs/use_cases/UC-017-local-development.md +867 -0
data/docs/use_cases/UC-018-testing-events.md +1081 -0
data/docs/use_cases/UC-019-tiered-storage-migration.md +562 -0
data/docs/use_cases/UC-020-event-versioning.md +708 -0
data/docs/use_cases/UC-021-error-handling-retry-dlq.md +956 -0
data/docs/use_cases/UC-022-event-registry.md +648 -0
data/docs/use_cases/backlog.md +226 -0
data/e11y.gemspec +76 -0
data/lib/e11y/adapters/adaptive_batcher.rb +207 -0
data/lib/e11y/adapters/audit_encrypted.rb +239 -0
data/lib/e11y/adapters/base.rb +580 -0
data/lib/e11y/adapters/file.rb +224 -0
data/lib/e11y/adapters/in_memory.rb +216 -0
data/lib/e11y/adapters/loki.rb +333 -0
data/lib/e11y/adapters/otel_logs.rb +203 -0
data/lib/e11y/adapters/registry.rb +141 -0
data/lib/e11y/adapters/sentry.rb +230 -0
data/lib/e11y/adapters/stdout.rb +108 -0
data/lib/e11y/adapters/yabeda.rb +370 -0
data/lib/e11y/buffers/adaptive_buffer.rb +339 -0
data/lib/e11y/buffers/base_buffer.rb +40 -0
data/lib/e11y/buffers/request_scoped_buffer.rb +246 -0
data/lib/e11y/buffers/ring_buffer.rb +267 -0
data/lib/e11y/buffers.rb +14 -0
data/lib/e11y/console.rb +122 -0
data/lib/e11y/current.rb +48 -0
data/lib/e11y/event/base.rb +894 -0
data/lib/e11y/event/value_sampling_config.rb +84 -0
data/lib/e11y/events/base_audit_event.rb +43 -0
data/lib/e11y/events/base_payment_event.rb +33 -0
data/lib/e11y/events/rails/cache/delete.rb +21 -0
data/lib/e11y/events/rails/cache/read.rb +23 -0
data/lib/e11y/events/rails/cache/write.rb +22 -0
data/lib/e11y/events/rails/database/query.rb +45 -0
data/lib/e11y/events/rails/http/redirect.rb +21 -0
data/lib/e11y/events/rails/http/request.rb +26 -0
data/lib/e11y/events/rails/http/send_file.rb +21 -0
data/lib/e11y/events/rails/http/start_processing.rb +26 -0
data/lib/e11y/events/rails/job/completed.rb +22 -0
data/lib/e11y/events/rails/job/enqueued.rb +22 -0
data/lib/e11y/events/rails/job/failed.rb +22 -0
data/lib/e11y/events/rails/job/scheduled.rb +23 -0
data/lib/e11y/events/rails/job/started.rb +22 -0
data/lib/e11y/events/rails/log.rb +56 -0
data/lib/e11y/events/rails/view/render.rb +23 -0
data/lib/e11y/events.rb +18 -0
data/lib/e11y/instruments/active_job.rb +201 -0
data/lib/e11y/instruments/rails_instrumentation.rb +141 -0
data/lib/e11y/instruments/sidekiq.rb +175 -0
data/lib/e11y/logger/bridge.rb +205 -0
data/lib/e11y/metrics/cardinality_protection.rb +172 -0
data/lib/e11y/metrics/cardinality_tracker.rb +134 -0
data/lib/e11y/metrics/registry.rb +234 -0
data/lib/e11y/metrics/relabeling.rb +226 -0
data/lib/e11y/metrics.rb +102 -0
data/lib/e11y/middleware/audit_signing.rb +174 -0
data/lib/e11y/middleware/base.rb +140 -0
data/lib/e11y/middleware/event_slo.rb +167 -0
data/lib/e11y/middleware/pii_filter.rb +266 -0
data/lib/e11y/middleware/pii_filtering.rb +280 -0
data/lib/e11y/middleware/rate_limiting.rb +214 -0
data/lib/e11y/middleware/request.rb +163 -0
data/lib/e11y/middleware/routing.rb +157 -0
data/lib/e11y/middleware/sampling.rb +254 -0
data/lib/e11y/middleware/slo.rb +168 -0
data/lib/e11y/middleware/trace_context.rb +131 -0
data/lib/e11y/middleware/validation.rb +118 -0
data/lib/e11y/middleware/versioning.rb +132 -0
data/lib/e11y/middleware.rb +12 -0
data/lib/e11y/pii/patterns.rb +90 -0
data/lib/e11y/pii.rb +13 -0
data/lib/e11y/pipeline/builder.rb +155 -0
data/lib/e11y/pipeline/zone_validator.rb +110 -0
data/lib/e11y/pipeline.rb +12 -0
data/lib/e11y/presets/audit_event.rb +65 -0
data/lib/e11y/presets/debug_event.rb +34 -0
data/lib/e11y/presets/high_value_event.rb +51 -0
data/lib/e11y/presets.rb +19 -0
data/lib/e11y/railtie.rb +138 -0
data/lib/e11y/reliability/circuit_breaker.rb +216 -0
data/lib/e11y/reliability/dlq/file_storage.rb +277 -0
data/lib/e11y/reliability/dlq/filter.rb +117 -0
data/lib/e11y/reliability/retry_handler.rb +207 -0
data/lib/e11y/reliability/retry_rate_limiter.rb +117 -0
data/lib/e11y/sampling/error_spike_detector.rb +225 -0
data/lib/e11y/sampling/load_monitor.rb +161 -0
data/lib/e11y/sampling/stratified_tracker.rb +92 -0
data/lib/e11y/sampling/value_extractor.rb +82 -0
data/lib/e11y/self_monitoring/buffer_monitor.rb +79 -0
data/lib/e11y/self_monitoring/performance_monitor.rb +97 -0
data/lib/e11y/self_monitoring/reliability_monitor.rb +146 -0
data/lib/e11y/slo/event_driven.rb +150 -0
data/lib/e11y/slo/tracker.rb +119 -0
data/lib/e11y/version.rb +9 -0
data/lib/e11y.rb +283 -0
metadata +452 -0

data/lib/e11y/adapters/audit_encrypted.rb ADDED Viewed

@@ -0,0 +1,239 @@
+# frozen_string_literal: true
+require "openssl"
+require "json"
+require "fileutils"
+require "base64"
+module E11y
+  module Adapters
+    # Audit Encrypted Adapter - AES-256-GCM encrypted storage for audit events
+    #
+    # Stores audit events with encryption at rest for compliance requirements.
+    # Each event is individually encrypted with AES-256-GCM.
+    #
+    # **Security:**
+    # - AES-256-GCM authenticated encryption
+    # - Per-event nonce (never reused)
+    # - Authentication tag validation
+    # - Separate encryption key from signing key
+    #
+    # @example Configuration
+    #   E11y.configure do |config|
+    #     config.adapter :audit_encrypted do |a|
+    #       a.storage_path = Rails.root.join('log', 'audit')
+    #       a.encryption_key = ENV['E11Y_AUDIT_ENCRYPTION_KEY']
+    #     end
+    #   end
+    #
+    # @see ADR-006 §4.0 Audit Trail Security
+    # @see UC-012 Audit Trail
+    class AuditEncrypted < Base
+      # AES-256-GCM cipher
+      CIPHER = "aes-256-gcm"
+      # Encryption key (256 bits = 32 bytes)
+      # Must be set via ENV or configuration
+      attr_accessor :encryption_key
+      # Storage path for encrypted audit logs
+      attr_accessor :storage_path
+      # Initialize adapter
+      #
+      # @param config [Hash] Configuration options
+      def initialize(config = {})
+        @encryption_key = config[:encryption_key] || default_encryption_key
+        @storage_path = config[:storage_path] || default_storage_path
+        super
+        ensure_storage_directory!
+      end
+      # Write encrypted audit event
+      #
+      # @param event_data [Hash] Event data with signature
+      # @return [Boolean] true on success, false on failure
+      def write(event_data)
+        # 1. Encrypt event data
+        encrypted = encrypt_event(event_data)
+        # 2. Write to storage
+        write_to_storage(encrypted)
+        true
+      rescue StandardError => e
+        warn "AuditEncrypted adapter error: #{e.message}"
+        false
+      end
+      # Adapter capabilities
+      #
+      # @return [Hash] Capability flags
+      def capabilities
+        {
+          batching: false,
+          compression: false,
+          async: false,
+          streaming: false
+        }
+      end
+      # Read and decrypt audit event (for verification)
+      #
+      # @param event_id [String] Event ID
+      # @return [Hash] Decrypted event data
+      def read(event_id)
+        encrypted_data = read_from_storage(event_id)
+        decrypt_event(encrypted_data)
+      end
+      private
+      # Encrypt event data with AES-256-GCM
+      #
+      # @param event_data [Hash] Event data
+      # @return [Hash] Encrypted data with nonce and tag
+      def encrypt_event(event_data)
+        cipher = OpenSSL::Cipher.new(CIPHER)
+        cipher.encrypt
+        cipher.key = encryption_key_bytes
+        # Generate random nonce (never reuse!)
+        nonce = cipher.random_iv
+        # Serialize event data
+        plaintext = JSON.generate(event_data)
+        # Encrypt
+        ciphertext = cipher.update(plaintext) + cipher.final
+        # Get authentication tag
+        auth_tag = cipher.auth_tag
+        {
+          encrypted_data: Base64.strict_encode64(ciphertext),
+          nonce: Base64.strict_encode64(nonce),
+          auth_tag: Base64.strict_encode64(auth_tag),
+          event_name: event_data[:event_name],
+          timestamp: event_data[:timestamp],
+          cipher: CIPHER
+        }
+      end
+      # Decrypt event data
+      #
+      # @param encrypted [Hash] Encrypted data with nonce and tag
+      # @return [Hash] Decrypted event data
+      def decrypt_event(encrypted)
+        cipher = OpenSSL::Cipher.new(CIPHER)
+        cipher.decrypt
+        cipher.key = encryption_key_bytes
+        cipher.iv = Base64.strict_decode64(encrypted[:nonce])
+        cipher.auth_tag = Base64.strict_decode64(encrypted[:auth_tag])
+        ciphertext = Base64.strict_decode64(encrypted[:encrypted_data])
+        plaintext = cipher.update(ciphertext) + cipher.final
+        JSON.parse(plaintext, symbolize_names: true)
+      end
+      # Write encrypted data to storage
+      #
+      # @param encrypted [Hash] Encrypted data
+      # @return [void]
+      def write_to_storage(encrypted)
+        # Generate filename with timestamp for sorting
+        timestamp = Time.now.utc.strftime("%Y%m%d_%H%M%S_%6N")
+        event_name = encrypted[:event_name].to_s.gsub("::", "_")
+        filename = "#{timestamp}_#{event_name}.enc"
+        filepath = ::File.join(storage_path, filename)
+        # Write atomically
+        ::File.write(filepath, JSON.generate(encrypted))
+      end
+      # Read encrypted data from storage
+      #
+      # @param event_id [String] Event ID (filename)
+      # @return [Hash] Encrypted data
+      def read_from_storage(event_id)
+        filepath = ::File.join(storage_path, event_id)
+        data = ::File.read(filepath)
+        JSON.parse(data, symbolize_names: true)
+      end
+      # Validate configuration
+      #
+      # @raise [E11y::Error] if configuration invalid
+      # @return [void]
+      def validate_config!
+        # Allow nil key for development (will use default)
+        return if encryption_key.nil? && !production?
+        if encryption_key && encryption_key.bytesize != 32
+          raise E11y::Error, "Audit encryption key must be 32 bytes (256 bits), got #{encryption_key.bytesize}"
+        end
+        return unless storage_path.nil? || storage_path.empty?
+        raise E11y::Error, "Audit storage path must be set"
+      end
+      # Check if running in production
+      #
+      # @return [Boolean]
+      def production?
+        defined?(Rails) && Rails.env.production?
+      end
+      # Ensure storage directory exists
+      #
+      # @return [void]
+      def ensure_storage_directory!
+        FileUtils.mkdir_p(storage_path)
+      end
+      # Get encryption key as bytes
+      #
+      # @return [String] Encryption key bytes
+      def encryption_key_bytes
+        @encryption_key_bytes ||= if encryption_key.bytesize == 32
+                                    encryption_key
+                                  else
+                                    # Hex-decode if provided as hex string
+                                    [encryption_key].pack("H*")
+                                  end
+      end
+      # Default encryption key (development only)
+      #
+      # @return [String] Encryption key
+      def default_encryption_key
+        key = ENV.fetch("E11Y_AUDIT_ENCRYPTION_KEY") do
+          if defined?(Rails) && Rails.env.production?
+            raise E11y::Error, "E11Y_AUDIT_ENCRYPTION_KEY must be set in production"
+          end
+          # Development fallback
+          OpenSSL::Random.random_bytes(32)
+        end
+        # Ensure 32 bytes
+        key.bytesize == 32 ? key : [key].pack("H*")
+      end
+      # Default storage path
+      #
+      # @return [String] Storage path
+      def default_storage_path
+        if defined?(Rails)
+          Rails.root.join("log", "audit").to_s
+        else
+          ::File.join(Dir.pwd, "log", "audit")
+        end
+      end
+    end
+  end
+end