RubyGems - e11y - Versions diffs - 0.2.0 → 1.0.0 - Mend

e11y 0.2.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (230) hide show

checksums.yaml +4 -4
data/.rubocop.yml +130 -10
data/CHANGELOG.md +56 -1
data/CLAUDE.md +168 -0
data/CONTRIBUTING.md +640 -0
data/README.md +134 -702
data/RELEASE.md +18 -3
data/Rakefile +108 -29
data/config/README.md +1 -1
data/config/loki-local-config.yaml +12 -0
data/config/otel-collector-config.yaml +44 -0
data/cucumber.yml +1 -0
data/docker-compose.yml +18 -2
data/docs/ADAPTERS.md +76 -0
data/docs/ADAPTIVE_SAMPLING.md +59 -0
data/docs/COMPARISON.md +104 -0
data/docs/CONFIGURATION.md +52 -0
data/docs/DISTRIBUTED_TRACING.md +44 -0
data/docs/LIMITATIONS.md +13 -0
data/docs/METRICS_DSL.md +84 -0
data/docs/PERFORMANCE.md +60 -0
data/docs/PII_FILTERING.md +40 -0
data/docs/PRESETS.md +65 -0
data/docs/QUICK-START.md +546 -587
data/docs/RAILS_INTEGRATION.md +29 -0
data/docs/SCHEMA_VALIDATION.md +63 -0
data/docs/SLO-PROMQL-ALERTS.md +161 -0
data/docs/TESTING.md +69 -0
data/docs/{ADR-001-architecture.md → architecture/ADR-001-architecture.md} +35 -64
data/docs/{ADR-002-metrics-yabeda.md → architecture/ADR-002-metrics-yabeda.md} +62 -236
data/docs/{ADR-003-slo-observability.md → architecture/ADR-003-slo-observability.md} +27 -466
data/docs/{ADR-004-adapter-architecture.md → architecture/ADR-004-adapter-architecture.md} +163 -146
data/docs/{ADR-005-tracing-context.md → architecture/ADR-005-tracing-context.md} +10 -9
data/docs/{ADR-006-security-compliance.md → architecture/ADR-006-security-compliance.md} +184 -191
data/docs/{ADR-007-opentelemetry-integration.md → architecture/ADR-007-opentelemetry-integration.md} +3 -21
data/docs/{ADR-008-rails-integration.md → architecture/ADR-008-rails-integration.md} +209 -339
data/docs/{ADR-009-cost-optimization.md → architecture/ADR-009-cost-optimization.md} +45 -54
data/docs/architecture/ADR-010-developer-experience.md +522 -0
data/docs/{ADR-011-testing-strategy.md → architecture/ADR-011-testing-strategy.md} +41 -83
data/docs/{ADR-013-reliability-error-handling.md → architecture/ADR-013-reliability-error-handling.md} +37 -12
data/docs/{ADR-014-event-driven-slo.md → architecture/ADR-014-event-driven-slo.md} +12 -24
data/docs/{ADR-015-middleware-order.md → architecture/ADR-015-middleware-order.md} +23 -41
data/docs/{ADR-016-self-monitoring-slo.md → architecture/ADR-016-self-monitoring-slo.md} +52 -349
data/docs/{ADR-017-multi-rails-compatibility.md → architecture/ADR-017-multi-rails-compatibility.md} +4 -11
data/docs/architecture/ADR-018-memory-optimization.md +366 -0
data/docs/{ADR-INDEX.md → architecture/ADR-INDEX.md} +11 -6
data/docs/{00-ICP-AND-TIMELINE.md → prd/00-ICP-AND-TIMELINE.md} +6 -6
data/docs/{01-SCALE-REQUIREMENTS.md → prd/01-SCALE-REQUIREMENTS.md} +6 -6
data/docs/prd/01-overview-vision.md +19 -14
data/docs/use_cases/README.md +22 -23
data/docs/use_cases/UC-001-request-scoped-debug-buffering.md +50 -44
data/docs/use_cases/UC-002-business-event-tracking.md +26 -95
data/docs/use_cases/UC-003-event-metrics.md +66 -0
data/docs/use_cases/UC-004-zero-config-slo-tracking.md +42 -101
data/docs/use_cases/UC-005-sentry-integration.md +13 -15
data/docs/use_cases/UC-006-trace-context-management.md +30 -28
data/docs/use_cases/UC-007-pii-filtering.md +35 -87
data/docs/use_cases/UC-008-opentelemetry-integration.md +51 -89
data/docs/use_cases/UC-009-multi-service-tracing.md +4 -4
data/docs/use_cases/UC-010-background-job-tracking.md +5 -5
data/docs/use_cases/UC-011-rate-limiting.md +95 -168
data/docs/use_cases/UC-012-audit-trail.md +21 -46
data/docs/use_cases/UC-013-high-cardinality-protection.md +29 -167
data/docs/use_cases/UC-014-adaptive-sampling.md +2 -2
data/docs/use_cases/UC-015-cost-optimization.md +46 -99
data/docs/use_cases/UC-016-rails-logger-migration.md +39 -213
data/docs/use_cases/UC-017-local-development.md +203 -777
data/docs/use_cases/UC-018-testing-events.md +3 -3
data/docs/use_cases/UC-019-retention-based-routing.md +53 -106
data/docs/use_cases/UC-020-event-versioning.md +8 -9
data/docs/use_cases/UC-021-error-handling-retry-dlq.md +18 -22
data/docs/use_cases/UC-022-event-registry.md +15 -21
data/docs/use_cases/backlog.md +119 -87
data/e11y.gemspec +2 -2
data/gems/e11y-devtools/README.md +136 -0
data/gems/e11y-devtools/config/routes.rb +8 -0
data/gems/e11y-devtools/e11y-devtools.gemspec +25 -0
data/gems/e11y-devtools/exe/e11y +34 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/server.rb +96 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tool_base.rb +25 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/clear.rb +31 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/errors.rb +35 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/event_detail.rb +33 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/events_by_trace.rb +33 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/interactions.rb +40 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/recent_events.rb +34 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/search.rb +34 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/stats.rb +30 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/assets/overlay.js +115 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/controller.rb +54 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/engine.rb +26 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/middleware.rb +80 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/rails_controller.rb +42 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/app.rb +262 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/grouping.rb +66 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/widgets/event_detail.rb +62 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/widgets/event_list.rb +70 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/widgets/interaction_list.rb +47 -0
data/gems/e11y-devtools/lib/e11y/devtools/version.rb +8 -0
data/gems/e11y-devtools/lib/e11y/devtools.rb +13 -0
data/gems/e11y-devtools/spec/e11y/devtools/mcp/tools_spec.rb +107 -0
data/gems/e11y-devtools/spec/e11y/devtools/overlay/controller_spec.rb +58 -0
data/gems/e11y-devtools/spec/e11y/devtools/overlay/middleware_spec.rb +46 -0
data/gems/e11y-devtools/spec/e11y/devtools/tui/app_spec.rb +85 -0
data/gems/e11y-devtools/spec/e11y/devtools/tui/grouping_spec.rb +64 -0
data/gems/e11y-devtools/spec/spec_helper.rb +5 -0
data/gems/e11y-devtools/spec/tui/widgets/event_list_spec.rb +44 -0
data/gems/e11y-devtools/spec/tui/widgets/interaction_list_spec.rb +62 -0
data/lib/e11y/adapters/audit_encrypted.rb +53 -11
data/lib/e11y/adapters/base.rb +33 -34
data/lib/e11y/adapters/dev_log/file_store.rb +143 -0
data/lib/e11y/adapters/dev_log/query.rb +219 -0
data/lib/e11y/adapters/dev_log.rb +118 -0
data/lib/e11y/adapters/file.rb +3 -6
data/lib/e11y/adapters/in_memory.rb +52 -5
data/lib/e11y/adapters/in_memory_test.rb +29 -0
data/lib/e11y/adapters/loki.rb +58 -23
data/lib/e11y/adapters/null.rb +82 -0
data/lib/e11y/adapters/opentelemetry_collector.rb +183 -0
data/lib/e11y/adapters/otel_logs.rb +136 -23
data/lib/e11y/adapters/sentry.rb +4 -7
data/lib/e11y/adapters/stdout.rb +73 -7
data/lib/e11y/adapters/yabeda.rb +153 -29
data/lib/e11y/buffers/adaptive_buffer.rb +3 -17
data/lib/e11y/buffers/{request_scoped_buffer.rb → ephemeral_buffer.rb} +72 -58
data/lib/e11y/buffers/ring_buffer.rb +3 -16
data/lib/e11y/configuration.rb +272 -0
data/lib/e11y/console.rb +10 -17
data/lib/e11y/current.rb +53 -1
data/lib/e11y/debug/pipeline_inspector.rb +96 -0
data/lib/e11y/documentation/generator.rb +48 -0
data/lib/e11y/event/base.rb +176 -82
data/lib/e11y/event/value_sampling_config.rb +1 -5
data/lib/e11y/events/rails/database/query.rb +1 -4
data/lib/e11y/events/rails/job/failed.rb +2 -0
data/lib/e11y/instruments/active_job.rb +46 -12
data/lib/e11y/instruments/rails_instrumentation.rb +49 -24
data/lib/e11y/instruments/sidekiq.rb +137 -31
data/lib/e11y/linters/base.rb +11 -0
data/lib/e11y/linters/pii/pii_declaration_linter.rb +120 -0
data/lib/e11y/linters/slo/config_consistency_linter.rb +76 -0
data/lib/e11y/linters/slo/explicit_declaration_linter.rb +36 -0
data/lib/e11y/linters/slo/slo_status_from_linter.rb +41 -0
data/lib/e11y/logger/bridge.rb +26 -7
data/lib/e11y/metrics/cardinality_protection.rb +10 -15
data/lib/e11y/metrics/cardinality_tracker.rb +16 -6
data/lib/e11y/metrics/registry.rb +3 -5
data/lib/e11y/metrics/test_backend.rb +62 -0
data/lib/e11y/metrics.rb +56 -10
data/lib/e11y/middleware/adapter_resolver.rb +40 -0
data/lib/e11y/middleware/audit_signing.rb +43 -6
data/lib/e11y/middleware/baggage_protection.rb +75 -0
data/lib/e11y/middleware/dev_log_source.rb +24 -0
data/lib/e11y/middleware/event_slo.rb +23 -9
data/lib/e11y/middleware/otel_span.rb +23 -0
data/lib/e11y/middleware/pii_filter.rb +104 -75
data/lib/e11y/middleware/rate_limiting.rb +54 -27
data/lib/e11y/middleware/request.rb +70 -23
data/lib/e11y/middleware/routing.rb +78 -21
data/lib/e11y/middleware/sampling.rb +66 -17
data/lib/e11y/middleware/self_monitoring_emit.rb +39 -0
data/lib/e11y/middleware/trace_context.rb +45 -10
data/lib/e11y/middleware/track_latency.rb +34 -0
data/lib/e11y/middleware/validation.rb +7 -16
data/lib/e11y/middleware/versioning.rb +26 -22
data/lib/e11y/opentelemetry/semantic_conventions.rb +109 -0
data/lib/e11y/opentelemetry/span_creator.rb +142 -0
data/lib/e11y/pii/patterns.rb +12 -1
data/lib/e11y/pipeline/builder.rb +1 -1
data/lib/e11y/presets/audit_event.rb +13 -2
data/lib/e11y/railtie.rb +52 -15
data/lib/e11y/registry.rb +306 -0
data/lib/e11y/reliability/circuit_breaker.rb +19 -21
data/lib/e11y/reliability/dlq/base.rb +71 -0
data/lib/e11y/reliability/dlq/file_adapter.rb +301 -0
data/lib/e11y/reliability/dlq/file_storage.rb +63 -34
data/lib/e11y/reliability/dlq/filter.rb +37 -54
data/lib/e11y/reliability/retry_handler.rb +26 -29
data/lib/e11y/reliability/retry_rate_limiter.rb +3 -11
data/lib/e11y/sampling/error_spike_detector.rb +0 -2
data/lib/e11y/sampling/load_monitor.rb +5 -9
data/lib/e11y/sampling/stratified_tracker.rb +18 -0
data/lib/e11y/self_monitoring/buffer_monitor.rb +2 -0
data/lib/e11y/self_monitoring/performance_monitor.rb +19 -61
data/lib/e11y/self_monitoring/reliability_monitor.rb +4 -74
data/lib/e11y/slo/config_loader.rb +40 -0
data/lib/e11y/slo/config_validator.rb +58 -0
data/lib/e11y/slo/dashboard_generator.rb +122 -0
data/lib/e11y/slo/event_driven.rb +8 -0
data/lib/e11y/slo/tracker.rb +31 -4
data/lib/e11y/testing/have_tracked_event_matcher.rb +190 -0
data/lib/e11y/testing/rspec_matchers.rb +21 -0
data/lib/e11y/testing/snapshot_matcher.rb +86 -0
data/lib/e11y/trace_context/sampler.rb +35 -0
data/lib/e11y/tracing/faraday_middleware.rb +31 -0
data/lib/e11y/tracing/net_http_patch.rb +33 -0
data/lib/e11y/tracing/propagator.rb +116 -0
data/lib/e11y/tracing.rb +47 -0
data/lib/e11y/version.rb +1 -1
data/lib/e11y/versioning/version_extractor.rb +32 -0
data/lib/e11y.rb +141 -265
data/lib/generators/e11y/event/event_generator.rb +22 -0
data/lib/generators/e11y/event/templates/event.rb.tt +16 -0
data/lib/generators/e11y/grafana_dashboard/grafana_dashboard_generator.rb +30 -0
data/lib/generators/e11y/grafana_dashboard/templates/e11y_dashboard.json +81 -0
data/lib/generators/e11y/install/install_generator.rb +34 -0
data/lib/generators/e11y/install/templates/e11y.rb +239 -0
data/lib/generators/e11y/prometheus_alerts/prometheus_alerts_generator.rb +29 -0
data/lib/generators/e11y/prometheus_alerts/templates/e11y_alerts.yml +28 -0
data/lib/tasks/e11y_docs.rake +30 -0
data/lib/tasks/e11y_events.rake +71 -0
data/lib/tasks/e11y_lint.rake +91 -0
data/lib/tasks/e11y_slo.rake +29 -0
metadata +129 -39
data/docs/ADR-010-developer-experience.md +0 -2166
data/docs/API-REFERENCE-L28.md +0 -914
data/docs/COMPREHENSIVE-CONFIGURATION.md +0 -2366
data/docs/CONTRIBUTING.md +0 -312
data/docs/IMPLEMENTATION_NOTES.md +0 -2804
data/docs/IMPLEMENTATION_PLAN.md +0 -1971
data/docs/IMPLEMENTATION_PLAN_ARCHITECTURE.md +0 -586
data/docs/PLAN.md +0 -148
data/docs/README.md +0 -296
data/docs/design/00-memory-optimization.md +0 -593
data/docs/guides/MIGRATION-L27-L28.md +0 -692
data/docs/guides/PERFORMANCE-BENCHMARKS.md +0 -434
data/docs/guides/README.md +0 -44
data/docs/use_cases/UC-003-pattern-based-metrics.md +0 -1627
data/lib/e11y/adapters/registry.rb +0 -141
/data/docs/{ADR-012-event-evolution.md → architecture/ADR-012-event-evolution.md} +0 -0

data/docs/use_cases/UC-011-rate-limiting.md CHANGED Viewed

@@ -381,7 +381,7 @@ end
 ### Layer 4: DLQ Filter Integration (C02 Resolution) ⚠️
-> **Reference:** See [ADR-013 §4.6: Rate Limiting × DLQ Filter](../ADR-013-reliability-error-handling.md#46-rate-limiting--dlq-filter-interaction-c02-resolution) for full architecture.
+> **Reference:** See [ADR-013 §4.6: Rate Limiting × DLQ Filter](../architecture/ADR-013-reliability-error-handling.md#46-rate-limiting--dlq-filter-interaction-c02-resolution) for full architecture.
 **Problem:** Rate limiting drops events BEFORE they reach DLQ filter. Critical events (e.g., payments) may be lost during traffic spikes, even though DLQ filter says "always save payments".
@@ -472,7 +472,7 @@ end
 ### Layer 5: Retry Rate Limiting (C06 Resolution) ⚠️
-> **Reference:** See [ADR-013 §3.5: Retry Rate Limiting](../ADR-013-reliability-error-handling.md#35-retry-rate-limiting-c06-resolution) for full architecture.
+> **Reference:** See [ADR-013 §3.5: Retry Rate Limiting](../architecture/ADR-013-reliability-error-handling.md#35-retry-rate-limiting-c06-resolution) for full architecture.
 **Problem:** Adapter failures trigger retries. If 1000 events fail → 3000 retry attempts (thundering herd) → buffer overflow.
@@ -732,130 +732,85 @@ end
 ---
-## 📊 Implementation with Redis
+## 📊 Implementation: In-Memory Token Bucket
-**Production-ready implementation using Redis:**
+**Current implementation uses in-memory token bucket algorithm (no Redis dependency):**
 ```ruby
-# lib/e11y/processing/rate_limiter.rb
+# lib/e11y/middleware/rate_limiting.rb
 module E11y
-  module Processing
-    class RateLimiter
-      def initialize(redis: Redis.new)
-        @redis = redis
-        @config = E11y.config.rate_limiting
-      end
-      def allowed?(event)
-        # Check bypass rules first
-        return true if bypassed?(event)
-        # Check global limit
-        return false unless check_global_limit(event)
-        # Check per-event limit
-        return false unless check_per_event_limit(event)
-        # Check per-context limits
-        return false unless check_per_context_limits(event)
-        true
-      end
-      private
-      def check_global_limit(event)
-        key = 'e11y:rate_limit:global'
-        limit = @config.global_limit
-        window = @config.global_window
-        check_limit(key, limit, window)
-      end
-      def check_per_event_limit(event)
-        limit_config = @config.per_event_limits[event.event_name]
-        return true unless limit_config
-        key = "e11y:rate_limit:event:#{event.event_name}"
-        check_limit(key, limit_config[:limit], limit_config[:window])
-      end
-      def check_per_context_limits(event)
-        @config.per_context_limits.all? do |field, limit_config|
-          value = extract_context_value(event, field, limit_config[:extractor])
-          next true unless value
-          key = "e11y:rate_limit:context:#{field}:#{value}"
-          check_limit(key, limit_config[:limit], limit_config[:window])
+  module Middleware
+    class RateLimiting < Base
+      def initialize(app, global_limit: 10_000, per_event_limit: 1_000, window: 1.0)
+        super(app)
+        @global_limit = global_limit
+        @per_event_limit = per_event_limit
+        @window = window
+        # Token buckets for rate limiting (in-memory)
+        @global_bucket = TokenBucket.new(
+          capacity: @global_limit,
+          refill_rate: @global_limit,
+          window: @window
+        )
+        @per_event_buckets = Hash.new do |hash, event_name|
+          hash[event_name] = TokenBucket.new(
+            capacity: @per_event_limit,
+            refill_rate: @per_event_limit,
+            window: @window
+          )
         end
+        @mutex = Mutex.new
       end
-      def check_limit(key, limit, window)
-        # Sliding window counter using Redis sorted sets
-        now = Time.now.to_f
-        window_start = now - window
-        # Remove old entries (outside window)
-        @redis.zremrangebyscore(key, 0, window_start)
-        # Count current entries
-        current_count = @redis.zcard(key)
-        if current_count < limit
-          # Add new entry
-          @redis.zadd(key, now, "#{now}-#{SecureRandom.hex(8)}")
-          @redis.expire(key, window.to_i + 60)  # TTL = window + buffer
-          true
-        else
-          # Limit exceeded
-          handle_exceeded(key, current_count, limit)
-          false
+      def call(event_data)
+        event_name = event_data[:event_name]
+        # Check global rate limit
+        unless @global_bucket.allow?
+          handle_rate_limited(event_data, :global)
+          return nil
         end
-      end
-      def handle_exceeded(key, current, limit)
-        # Track metric
-        Yabeda.e11y_internal.rate_limit_hits_total.increment(
-          limit_type: extract_limit_type(key),
-          key: key
-        )
-        # Log warning
-        E11y.logger.warn(
-          "[E11y] Rate limit exceeded: #{key} (#{current}/#{limit})"
-        )
-        # Alert if configured
-        if @config.alert_on_limit
-          alert_rate_limit_exceeded(key, current, limit)
+        # Check per-event rate limit
+        per_event_bucket = @mutex.synchronize { @per_event_buckets[event_name] }
+        unless per_event_bucket.allow?
+          handle_rate_limited(event_data, :per_event)
+          return nil
         end
+        # Rate limit not exceeded - continue pipeline
+        event_data
       end
-      def bypassed?(event)
-        # Check bypass rules
-        @config.bypass_rules.any? do |rule|
-          case rule[:type]
-          when :event_types
-            rule[:values].include?(event.event_name)
-          when :severities
-            rule[:values].include?(event.severity)
-          when :contexts
-            rule[:values].all? { |k, v| event.context[k] == v }
-          when :custom
-            rule[:condition].call(event)
-          end
-        end
+      private
+      def handle_rate_limited(event_data, limit_type)
+        # C02 Resolution: Check if event should be saved to DLQ
+        return unless should_save_to_dlq?(event_data)
+        save_to_dlq(event_data, limit_type)
       end
     end
   end
 end
 ```
+**Why In-Memory Token Bucket?**
+- ✅ **Fast:** No network latency (O(1) operations)
+- ✅ **Simple:** No external dependencies (Redis not required)
+- ✅ **Thread-safe:** Mutex-protected token buckets
+- ✅ **Smooth rate limiting:** Token bucket avoids bursty behavior
+- ⚠️ **Trade-off:** Per-process limits (not shared across instances)
+**Note:** In-memory rate limiting is sufficient for most use cases. Each application process maintains its own rate limits, which is appropriate for event tracking workloads.
 ---
 ## 🔧 Implementation Details
-> **Implementation:** See [ADR-006 Section 4.0: Rate Limiting + Retry Policy Resolution](../ADR-006-security-compliance.md#40-rate-limiting--retry-policy-resolution-conflict-14) for detailed architecture.
+> **Implementation:** See [ADR-006 Section 4.0: Rate Limiting + Retry Policy Resolution](../architecture/ADR-006-security-compliance.md#40-rate-limiting--retry-policy-resolution-conflict-14) for detailed architecture.
 ### Middleware Flow
@@ -980,53 +935,27 @@ end
 ---
-### Redis-Based Rate Limiting
+### Token Bucket Algorithm
-E11y uses **Redis sorted sets** for distributed rate limiting across multiple application instances.
+E11y uses **in-memory token bucket algorithm** for rate limiting.
-**Algorithm: Sliding Window Counter**
+**How Token Bucket Works:**
+- Each bucket has a **capacity** (max tokens) and **refill rate** (tokens per second)
+- When event arrives: Check if token available → consume token if yes
+- Tokens refill continuously based on elapsed time
+- Allows burst traffic up to capacity, then smooth rate limiting
-```ruby
-def check_limit(key, limit, window)
-  now = Time.now.to_f
-  window_start = now - window
-  # 1. Remove expired entries (outside window)
-  redis.zremrangebyscore(key, 0, window_start)
-  # 2. Count current entries
-  current_count = redis.zcard(key)
-  # 3. Check limit
-  if current_count < limit
-    # Add new entry (score = timestamp, member = unique ID)
-    redis.zadd(key, now, "#{now}-#{SecureRandom.hex(8)}")
-    redis.expire(key, window.to_i + 60)  # TTL cleanup
-    true  # Allowed
-  else
-    false  # Rate limited
-  end
-end
-```
+**Why Token Bucket?**
+- ✅ **Smooth rate limiting:** Avoids bursty behavior
+- ✅ **Burst support:** Allows traffic spikes up to capacity
+- ✅ **Fast:** O(1) operations (no external dependencies)
+- ✅ **Industry standard:** Used by Nginx, AWS API Gateway, Google Cloud
+- ⚠️ **Per-process limits:** Each application instance has separate limits
-**Why Sorted Sets?**
-- ✅ **Sliding window:** Accurate counting (no edge cases like fixed window)
-- ✅ **Distributed:** Works across multiple app instances
-- ✅ **Efficient:** O(log N) for add/remove operations
-- ✅ **Automatic cleanup:** Redis TTL handles old entries
-**Redis Keys:**
-```ruby
-# Global limit
-"e11y:rate_limit:global"
-# Per-event limit
-"e11y:rate_limit:event:payment.retry"
-# Per-context limit
-"e11y:rate_limit:context:user_id:user-123"
-"e11y:rate_limit:context:ip_address:192.168.1.100"
-```
+**Memory Usage:**
+- Global bucket: ~100 bytes (single TokenBucket instance)
+- Per-event buckets: ~100 bytes per unique event type (lazy initialization)
+- Example: 100 event types × 100 bytes = ~10KB total
 ---
@@ -1095,30 +1024,28 @@ end
 # Overhead: ~0.5μs (5% increase)
 ```
-**Redis Latency:**
+**In-Memory Performance:**
 ```ruby
-# Redis operations per event (within limit):
-# 1. ZREMRANGEBYSCORE (cleanup)  ~0.1ms
-# 2. ZCARD (count)               ~0.05ms
-# 3. ZADD (add entry)            ~0.05ms
-# 4. EXPIRE (set TTL)            ~0.05ms
-# Total: ~0.25ms per event
+# Token bucket operations per event (within limit):
+# 1. Mutex lock                    ~0.001ms
+# 2. Refill calculation           ~0.001ms
+# 3. Token consumption            ~0.001ms
+# Total: ~0.003ms per event (3000x faster than Redis!)
 # When rate limited:
-# 1. ZREMRANGEBYSCORE            ~0.1ms
-# 2. ZCARD                       ~0.05ms
-# Total: ~0.15ms (no write)
+# 1. Mutex lock                    ~0.001ms
+# 2. Refill calculation           ~0.001ms
+# 3. Check tokens (0 available)   ~0.001ms
+# Total: ~0.003ms (no network overhead)
 ```
 **Scaling:**
 ```ruby
-# Redis memory usage:
-# - Global limit (10k events/min): ~500KB
-# - Per-event limit (100/min): ~5KB per event type
-# - Per-context limit (1k/min): ~50KB per user
-#
-# Example: 1000 users × 50KB = 50MB
-# → Acceptable for most deployments
+# Memory usage (in-memory):
+# - Global bucket: ~100 bytes
+# - Per-event bucket: ~100 bytes per unique event type
+# - Example: 100 event types × 100 bytes = ~10KB total
+# → Negligible memory footprint
 ```
 ---
@@ -1198,7 +1125,7 @@ end
 ## 📊 Self-Monitoring & Metrics
-> **Implementation:** See [ADR-006 Section 4: Rate Limiting](../ADR-006-security-compliance.md#4-rate-limiting) for detailed architecture.
+> **Implementation:** See [ADR-006 Section 4: Rate Limiting](../architecture/ADR-006-security-compliance.md#4-rate-limiting) for detailed architecture.
 E11y provides comprehensive self-monitoring metrics for rate limiting. These metrics help you understand rate limit behavior, detect attacks, and optimize limits.

data/docs/use_cases/UC-012-audit-trail.md CHANGED Viewed

@@ -240,7 +240,7 @@ end
 > - ✅ Separate storage (isolated from app DB)
 > - ✅ Long retention (7-10 years)
 >
-> **Implementation:** See [ADR-015 §3.3: Audit Event Pipeline Separation](../ADR-015-middleware-order.md#33-audit-event-pipeline-separation-c01-resolution) for full architecture.
+> **Implementation:** See [ADR-015 §3.3: Audit Event Pipeline Separation](../architecture/ADR-015-middleware-order.md#33-audit-event-pipeline-separation-c01-resolution) for full architecture.
 ---
@@ -424,15 +424,11 @@ Events::UserDeleted.track(
 E11y.configure do |config|
   config.audit_trail do
     # Separate storage for audit events
-    storage adapter: :postgresql,  # OR :s3, :file
+    storage adapter: :postgresql,  # OR :file
             table: 'audit_events',
             read_only: true  # Can't UPDATE/DELETE
-    # S3 with object lock (true immutability)
-    # storage adapter: :s3,
-    #         bucket: 'company-audit-trail',
-    #         object_lock: true,  # WORM (Write Once Read Many)
-    #         retention_period: 7.years
+    # Object storage with WORM (external; E11y uses retention_until for archival filtering)
   end
 end
@@ -568,14 +564,13 @@ E11y.configure do |config|
     # === ARCHIVAL ===
     archive_after 1.year,
-                  to: :s3_glacier,  # Cheaper cold storage
-                  bucket: 'company-audit-archive'
+                  to: :archive,  # Cold storage (external job filters by retention_until)
   end
 end
 # How it works:
-# 1. Events stored in hot storage (PostgreSQL/S3)
-# 2. After 1 year → moved to cold storage (Glacier)
+# 1. Events stored in hot storage (PostgreSQL/File)
+# 2. After 1 year → moved to cold storage (archival job filters by retention_until)
 # 3. After retention period → permanently deleted
 # 4. Deletion logged as audit event (audit the audit!)
 ```
@@ -1239,7 +1234,7 @@ end
 ## 🔧 Implementation Details
-> **Implementation:** See [ADR-006 Section 5: Audit Trail](../ADR-006-security-compliance.md#5-audit-trail) for detailed architecture.
+> **Implementation:** See [ADR-006 Section 5: Audit Trail](../architecture/ADR-006-security-compliance.md#5-audit-trail) for detailed architecture.
 ### Audit Middleware Architecture
@@ -1554,17 +1549,18 @@ module E11y
 end
 ```
-**3. S3 Audit Adapter (Cloud, Object Lock WORM)**
+**3. Object Storage Audit Adapter (conceptual; not in E11y)**
+> E11y does not provide an S3/object-storage adapter. For cloud WORM storage, use OTel Collector's object-storage exporter, or an external archival job that filters Loki by `retention_until`. Events carry `retention_until` (ISO8601) for easy filtering.
 ```ruby
-# lib/e11y/adapters/s3_audit.rb
+# Conceptual: Object storage with WORM (e.g., S3 Object Lock)
+# E11y does NOT implement this — use external archival
 module E11y
   module Adapters
-    class S3Audit < Base
+    class ObjectStorageAudit < Base  # Conceptual only
       def initialize(config)
         @bucket = config.bucket
-        @s3_client = Aws::S3::Client.new
-        @object_lock = config.object_lock || true
         @retention_days = config.retention_days || 2555  # 7 years
       end
@@ -1573,37 +1569,16 @@ module E11y
       end
       def write(event_data)
-        object_key = audit_object_key(event_data)
-        @s3_client.put_object(
-          bucket: @bucket,
-          key: object_key,
-          body: event_data.to_json,
-          content_type: 'application/json',
-          # WORM: Object Lock prevents deletion
-          object_lock_mode: 'GOVERNANCE',  # OR 'COMPLIANCE' (stricter)
-          object_lock_retain_until_date: @retention_days.days.from_now,
-          # Metadata for audit
-          metadata: {
-            'event-id' => event_data[:event_id],
-            'event-name' => event_data[:event_name],
-            'signed-at' => event_data[:signed_at],
-            'signature-algorithm' => event_data[:signature_algorithm]
-          }
-        )
+        # Filter by retention_until for archival decisions
+        # object_key = "#{event_data[:retention_until]}/#{event_data[:event_id]}.json"
+        # ... PUT to object storage with WORM ...
       end
       private
       def audit_object_key(event_data)
-        timestamp = event_data[:timestamp]
-        date = timestamp.to_date
-        hour = timestamp.hour
-        # Partition by date and hour for efficient queries
-        "audit/#{date.strftime('%Y/%m/%d')}/hour=#{hour.to_s.rjust(2, '0')}/#{event_data[:event_id]}.json"
+        ts = Time.parse(event_data[:timestamp])
+        "audit/#{ts.strftime('%Y/%m/%d')}/#{event_data[:event_id]}.json"
       end
     end
   end
@@ -1715,7 +1690,7 @@ end
 ## ⚡ Performance Guarantees
-> **Implementation:** See [ADR-006 Section 5.2: Cryptographic Signing](../ADR-006-security-compliance.md#52-cryptographic-signing) for detailed architecture.
+> **Implementation:** See [ADR-006 Section 5.2: Cryptographic Signing](../architecture/ADR-006-security-compliance.md#52-cryptographic-signing) for detailed architecture.
 E11y audit trail is designed for **high-performance production environments** with strict SLOs. Audit events must not significantly impact application latency.
@@ -1880,10 +1855,10 @@ end
 |-----------------|---------------------|------------|----------|
 | **File (append-only)** | 1-2ms | 10,000/sec | Simple, local, fast |
 | **PostgreSQL** | 2-5ms | 5,000/sec | Queryable, ACID |
-| **S3 (Object Lock)** | 10-50ms | 1,000/sec | Cloud, immutable (WORM) |
+| **Object storage (WORM)** | 10-50ms | 1,000/sec | Cloud, immutable (external archival) |
 | **Elasticsearch** | 5-10ms | 3,000/sec | Full-text search |
-**Recommendation:** Use **File adapter** for lowest latency, **PostgreSQL** for queryability, **S3** for compliance (true WORM).
+**Recommendation:** Use **File adapter** for lowest latency, **PostgreSQL** for queryability. For cloud WORM, use external archival (filter by `retention_until`).
 ---