RubyGems - e11y - Versions diffs - 0.2.0 → 1.0.0 - Mend

e11y 0.2.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (230) hide show

checksums.yaml +4 -4
data/.rubocop.yml +130 -10
data/CHANGELOG.md +56 -1
data/CLAUDE.md +168 -0
data/CONTRIBUTING.md +640 -0
data/README.md +134 -702
data/RELEASE.md +18 -3
data/Rakefile +108 -29
data/config/README.md +1 -1
data/config/loki-local-config.yaml +12 -0
data/config/otel-collector-config.yaml +44 -0
data/cucumber.yml +1 -0
data/docker-compose.yml +18 -2
data/docs/ADAPTERS.md +76 -0
data/docs/ADAPTIVE_SAMPLING.md +59 -0
data/docs/COMPARISON.md +104 -0
data/docs/CONFIGURATION.md +52 -0
data/docs/DISTRIBUTED_TRACING.md +44 -0
data/docs/LIMITATIONS.md +13 -0
data/docs/METRICS_DSL.md +84 -0
data/docs/PERFORMANCE.md +60 -0
data/docs/PII_FILTERING.md +40 -0
data/docs/PRESETS.md +65 -0
data/docs/QUICK-START.md +546 -587
data/docs/RAILS_INTEGRATION.md +29 -0
data/docs/SCHEMA_VALIDATION.md +63 -0
data/docs/SLO-PROMQL-ALERTS.md +161 -0
data/docs/TESTING.md +69 -0
data/docs/{ADR-001-architecture.md → architecture/ADR-001-architecture.md} +35 -64
data/docs/{ADR-002-metrics-yabeda.md → architecture/ADR-002-metrics-yabeda.md} +62 -236
data/docs/{ADR-003-slo-observability.md → architecture/ADR-003-slo-observability.md} +27 -466
data/docs/{ADR-004-adapter-architecture.md → architecture/ADR-004-adapter-architecture.md} +163 -146
data/docs/{ADR-005-tracing-context.md → architecture/ADR-005-tracing-context.md} +10 -9
data/docs/{ADR-006-security-compliance.md → architecture/ADR-006-security-compliance.md} +184 -191
data/docs/{ADR-007-opentelemetry-integration.md → architecture/ADR-007-opentelemetry-integration.md} +3 -21
data/docs/{ADR-008-rails-integration.md → architecture/ADR-008-rails-integration.md} +209 -339
data/docs/{ADR-009-cost-optimization.md → architecture/ADR-009-cost-optimization.md} +45 -54
data/docs/architecture/ADR-010-developer-experience.md +522 -0
data/docs/{ADR-011-testing-strategy.md → architecture/ADR-011-testing-strategy.md} +41 -83
data/docs/{ADR-013-reliability-error-handling.md → architecture/ADR-013-reliability-error-handling.md} +37 -12
data/docs/{ADR-014-event-driven-slo.md → architecture/ADR-014-event-driven-slo.md} +12 -24
data/docs/{ADR-015-middleware-order.md → architecture/ADR-015-middleware-order.md} +23 -41
data/docs/{ADR-016-self-monitoring-slo.md → architecture/ADR-016-self-monitoring-slo.md} +52 -349
data/docs/{ADR-017-multi-rails-compatibility.md → architecture/ADR-017-multi-rails-compatibility.md} +4 -11
data/docs/architecture/ADR-018-memory-optimization.md +366 -0
data/docs/{ADR-INDEX.md → architecture/ADR-INDEX.md} +11 -6
data/docs/{00-ICP-AND-TIMELINE.md → prd/00-ICP-AND-TIMELINE.md} +6 -6
data/docs/{01-SCALE-REQUIREMENTS.md → prd/01-SCALE-REQUIREMENTS.md} +6 -6
data/docs/prd/01-overview-vision.md +19 -14
data/docs/use_cases/README.md +22 -23
data/docs/use_cases/UC-001-request-scoped-debug-buffering.md +50 -44
data/docs/use_cases/UC-002-business-event-tracking.md +26 -95
data/docs/use_cases/UC-003-event-metrics.md +66 -0
data/docs/use_cases/UC-004-zero-config-slo-tracking.md +42 -101
data/docs/use_cases/UC-005-sentry-integration.md +13 -15
data/docs/use_cases/UC-006-trace-context-management.md +30 -28
data/docs/use_cases/UC-007-pii-filtering.md +35 -87
data/docs/use_cases/UC-008-opentelemetry-integration.md +51 -89
data/docs/use_cases/UC-009-multi-service-tracing.md +4 -4
data/docs/use_cases/UC-010-background-job-tracking.md +5 -5
data/docs/use_cases/UC-011-rate-limiting.md +95 -168
data/docs/use_cases/UC-012-audit-trail.md +21 -46
data/docs/use_cases/UC-013-high-cardinality-protection.md +29 -167
data/docs/use_cases/UC-014-adaptive-sampling.md +2 -2
data/docs/use_cases/UC-015-cost-optimization.md +46 -99
data/docs/use_cases/UC-016-rails-logger-migration.md +39 -213
data/docs/use_cases/UC-017-local-development.md +203 -777
data/docs/use_cases/UC-018-testing-events.md +3 -3
data/docs/use_cases/UC-019-retention-based-routing.md +53 -106
data/docs/use_cases/UC-020-event-versioning.md +8 -9
data/docs/use_cases/UC-021-error-handling-retry-dlq.md +18 -22
data/docs/use_cases/UC-022-event-registry.md +15 -21
data/docs/use_cases/backlog.md +119 -87
data/e11y.gemspec +2 -2
data/gems/e11y-devtools/README.md +136 -0
data/gems/e11y-devtools/config/routes.rb +8 -0
data/gems/e11y-devtools/e11y-devtools.gemspec +25 -0
data/gems/e11y-devtools/exe/e11y +34 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/server.rb +96 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tool_base.rb +25 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/clear.rb +31 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/errors.rb +35 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/event_detail.rb +33 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/events_by_trace.rb +33 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/interactions.rb +40 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/recent_events.rb +34 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/search.rb +34 -0
data/gems/e11y-devtools/lib/e11y/devtools/mcp/tools/stats.rb +30 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/assets/overlay.js +115 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/controller.rb +54 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/engine.rb +26 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/middleware.rb +80 -0
data/gems/e11y-devtools/lib/e11y/devtools/overlay/rails_controller.rb +42 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/app.rb +262 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/grouping.rb +66 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/widgets/event_detail.rb +62 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/widgets/event_list.rb +70 -0
data/gems/e11y-devtools/lib/e11y/devtools/tui/widgets/interaction_list.rb +47 -0
data/gems/e11y-devtools/lib/e11y/devtools/version.rb +8 -0
data/gems/e11y-devtools/lib/e11y/devtools.rb +13 -0
data/gems/e11y-devtools/spec/e11y/devtools/mcp/tools_spec.rb +107 -0
data/gems/e11y-devtools/spec/e11y/devtools/overlay/controller_spec.rb +58 -0
data/gems/e11y-devtools/spec/e11y/devtools/overlay/middleware_spec.rb +46 -0
data/gems/e11y-devtools/spec/e11y/devtools/tui/app_spec.rb +85 -0
data/gems/e11y-devtools/spec/e11y/devtools/tui/grouping_spec.rb +64 -0
data/gems/e11y-devtools/spec/spec_helper.rb +5 -0
data/gems/e11y-devtools/spec/tui/widgets/event_list_spec.rb +44 -0
data/gems/e11y-devtools/spec/tui/widgets/interaction_list_spec.rb +62 -0
data/lib/e11y/adapters/audit_encrypted.rb +53 -11
data/lib/e11y/adapters/base.rb +33 -34
data/lib/e11y/adapters/dev_log/file_store.rb +143 -0
data/lib/e11y/adapters/dev_log/query.rb +219 -0
data/lib/e11y/adapters/dev_log.rb +118 -0
data/lib/e11y/adapters/file.rb +3 -6
data/lib/e11y/adapters/in_memory.rb +52 -5
data/lib/e11y/adapters/in_memory_test.rb +29 -0
data/lib/e11y/adapters/loki.rb +58 -23
data/lib/e11y/adapters/null.rb +82 -0
data/lib/e11y/adapters/opentelemetry_collector.rb +183 -0
data/lib/e11y/adapters/otel_logs.rb +136 -23
data/lib/e11y/adapters/sentry.rb +4 -7
data/lib/e11y/adapters/stdout.rb +73 -7
data/lib/e11y/adapters/yabeda.rb +153 -29
data/lib/e11y/buffers/adaptive_buffer.rb +3 -17
data/lib/e11y/buffers/{request_scoped_buffer.rb → ephemeral_buffer.rb} +72 -58
data/lib/e11y/buffers/ring_buffer.rb +3 -16
data/lib/e11y/configuration.rb +272 -0
data/lib/e11y/console.rb +10 -17
data/lib/e11y/current.rb +53 -1
data/lib/e11y/debug/pipeline_inspector.rb +96 -0
data/lib/e11y/documentation/generator.rb +48 -0
data/lib/e11y/event/base.rb +176 -82
data/lib/e11y/event/value_sampling_config.rb +1 -5
data/lib/e11y/events/rails/database/query.rb +1 -4
data/lib/e11y/events/rails/job/failed.rb +2 -0
data/lib/e11y/instruments/active_job.rb +46 -12
data/lib/e11y/instruments/rails_instrumentation.rb +49 -24
data/lib/e11y/instruments/sidekiq.rb +137 -31
data/lib/e11y/linters/base.rb +11 -0
data/lib/e11y/linters/pii/pii_declaration_linter.rb +120 -0
data/lib/e11y/linters/slo/config_consistency_linter.rb +76 -0
data/lib/e11y/linters/slo/explicit_declaration_linter.rb +36 -0
data/lib/e11y/linters/slo/slo_status_from_linter.rb +41 -0
data/lib/e11y/logger/bridge.rb +26 -7
data/lib/e11y/metrics/cardinality_protection.rb +10 -15
data/lib/e11y/metrics/cardinality_tracker.rb +16 -6
data/lib/e11y/metrics/registry.rb +3 -5
data/lib/e11y/metrics/test_backend.rb +62 -0
data/lib/e11y/metrics.rb +56 -10
data/lib/e11y/middleware/adapter_resolver.rb +40 -0
data/lib/e11y/middleware/audit_signing.rb +43 -6
data/lib/e11y/middleware/baggage_protection.rb +75 -0
data/lib/e11y/middleware/dev_log_source.rb +24 -0
data/lib/e11y/middleware/event_slo.rb +23 -9
data/lib/e11y/middleware/otel_span.rb +23 -0
data/lib/e11y/middleware/pii_filter.rb +104 -75
data/lib/e11y/middleware/rate_limiting.rb +54 -27
data/lib/e11y/middleware/request.rb +70 -23
data/lib/e11y/middleware/routing.rb +78 -21
data/lib/e11y/middleware/sampling.rb +66 -17
data/lib/e11y/middleware/self_monitoring_emit.rb +39 -0
data/lib/e11y/middleware/trace_context.rb +45 -10
data/lib/e11y/middleware/track_latency.rb +34 -0
data/lib/e11y/middleware/validation.rb +7 -16
data/lib/e11y/middleware/versioning.rb +26 -22
data/lib/e11y/opentelemetry/semantic_conventions.rb +109 -0
data/lib/e11y/opentelemetry/span_creator.rb +142 -0
data/lib/e11y/pii/patterns.rb +12 -1
data/lib/e11y/pipeline/builder.rb +1 -1
data/lib/e11y/presets/audit_event.rb +13 -2
data/lib/e11y/railtie.rb +52 -15
data/lib/e11y/registry.rb +306 -0
data/lib/e11y/reliability/circuit_breaker.rb +19 -21
data/lib/e11y/reliability/dlq/base.rb +71 -0
data/lib/e11y/reliability/dlq/file_adapter.rb +301 -0
data/lib/e11y/reliability/dlq/file_storage.rb +63 -34
data/lib/e11y/reliability/dlq/filter.rb +37 -54
data/lib/e11y/reliability/retry_handler.rb +26 -29
data/lib/e11y/reliability/retry_rate_limiter.rb +3 -11
data/lib/e11y/sampling/error_spike_detector.rb +0 -2
data/lib/e11y/sampling/load_monitor.rb +5 -9
data/lib/e11y/sampling/stratified_tracker.rb +18 -0
data/lib/e11y/self_monitoring/buffer_monitor.rb +2 -0
data/lib/e11y/self_monitoring/performance_monitor.rb +19 -61
data/lib/e11y/self_monitoring/reliability_monitor.rb +4 -74
data/lib/e11y/slo/config_loader.rb +40 -0
data/lib/e11y/slo/config_validator.rb +58 -0
data/lib/e11y/slo/dashboard_generator.rb +122 -0
data/lib/e11y/slo/event_driven.rb +8 -0
data/lib/e11y/slo/tracker.rb +31 -4
data/lib/e11y/testing/have_tracked_event_matcher.rb +190 -0
data/lib/e11y/testing/rspec_matchers.rb +21 -0
data/lib/e11y/testing/snapshot_matcher.rb +86 -0
data/lib/e11y/trace_context/sampler.rb +35 -0
data/lib/e11y/tracing/faraday_middleware.rb +31 -0
data/lib/e11y/tracing/net_http_patch.rb +33 -0
data/lib/e11y/tracing/propagator.rb +116 -0
data/lib/e11y/tracing.rb +47 -0
data/lib/e11y/version.rb +1 -1
data/lib/e11y/versioning/version_extractor.rb +32 -0
data/lib/e11y.rb +141 -265
data/lib/generators/e11y/event/event_generator.rb +22 -0
data/lib/generators/e11y/event/templates/event.rb.tt +16 -0
data/lib/generators/e11y/grafana_dashboard/grafana_dashboard_generator.rb +30 -0
data/lib/generators/e11y/grafana_dashboard/templates/e11y_dashboard.json +81 -0
data/lib/generators/e11y/install/install_generator.rb +34 -0
data/lib/generators/e11y/install/templates/e11y.rb +239 -0
data/lib/generators/e11y/prometheus_alerts/prometheus_alerts_generator.rb +29 -0
data/lib/generators/e11y/prometheus_alerts/templates/e11y_alerts.yml +28 -0
data/lib/tasks/e11y_docs.rake +30 -0
data/lib/tasks/e11y_events.rake +71 -0
data/lib/tasks/e11y_lint.rake +91 -0
data/lib/tasks/e11y_slo.rake +29 -0
metadata +129 -39
data/docs/ADR-010-developer-experience.md +0 -2166
data/docs/API-REFERENCE-L28.md +0 -914
data/docs/COMPREHENSIVE-CONFIGURATION.md +0 -2366
data/docs/CONTRIBUTING.md +0 -312
data/docs/IMPLEMENTATION_NOTES.md +0 -2804
data/docs/IMPLEMENTATION_PLAN.md +0 -1971
data/docs/IMPLEMENTATION_PLAN_ARCHITECTURE.md +0 -586
data/docs/PLAN.md +0 -148
data/docs/README.md +0 -296
data/docs/design/00-memory-optimization.md +0 -593
data/docs/guides/MIGRATION-L27-L28.md +0 -692
data/docs/guides/PERFORMANCE-BENCHMARKS.md +0 -434
data/docs/guides/README.md +0 -44
data/docs/use_cases/UC-003-pattern-based-metrics.md +0 -1627
data/lib/e11y/adapters/registry.rb +0 -141
/data/docs/{ADR-012-event-evolution.md → architecture/ADR-012-event-evolution.md} +0 -0

data/gems/e11y-devtools/spec/e11y/devtools/overlay/middleware_spec.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require "spec_helper"
+require "rack/test"
+require "rack/mock"
+require "e11y/devtools/overlay/middleware"
+RSpec.describe E11y::Devtools::Overlay::Middleware do
+  include Rack::Test::Methods
+  let(:html_body) { "<html><body><h1>Hello</h1></body></html>" }
+  let(:base_app) do
+    ->(_env) { [200, { "Content-Type" => "text/html" }, [html_body]] }
+  end
+  def app = described_class.new(base_app)
+  it "injects overlay script before </body>" do
+    get "/"
+    expect(last_response.body).to include("e11y-overlay")
+    expect(last_response.body).to include("</body>")
+  end
+  it "does not inject into non-HTML responses" do
+    json_app = ->(_env) { [200, { "Content-Type" => "application/json" }, ['{"ok":true}']] }
+    response = described_class.new(json_app).call(Rack::MockRequest.env_for("/"))
+    body = response[2].join
+    expect(body).not_to include("e11y-overlay")
+  end
+  it "does not inject into XHR requests" do
+    get "/", {}, { "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest" }
+    expect(last_response.body).not_to include("e11y-overlay")
+  end
+  it "does not inject into asset paths" do
+    get "/assets/application.js"
+    expect(last_response.body).not_to include("e11y-overlay")
+  end
+  it "preserves Content-Length consistency after injection" do
+    get "/"
+    content_length = last_response.headers["Content-Length"]
+    expect(content_length.to_i).to eq(last_response.body.bytesize) if content_length
+  end
+end

data/gems/e11y-devtools/spec/e11y/devtools/tui/app_spec.rb ADDED Viewed

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+require "spec_helper"
+require "tmpdir"
+require "e11y/adapters/dev_log/query"
+require "e11y/devtools/tui/grouping"
+require "e11y/devtools/tui/app"
+RSpec.describe E11y::Devtools::Tui::App do
+  subject(:app) { described_class.new(log_path: "/dev/null") }
+  describe "#initialize" do
+    it "starts in :interactions view" do
+      expect(app.current_view).to eq(:interactions)
+    end
+    it "starts with source_filter :web" do
+      expect(app.source_filter).to eq(:web)
+    end
+  end
+  describe "#handle_key" do
+    context "when in :interactions view" do
+      it "drills into :events on Enter" do
+        query = instance_double(E11y::Adapters::DevLog::Query, events_by_trace: [])
+        interaction = E11y::Devtools::Tui::Grouping::Interaction.new(
+          Time.now, ["t1"], false, "web"
+        )
+        app.instance_variable_set(:@query, query)
+        app.instance_variable_set(:@interactions, [interaction])
+        app.instance_variable_set(:@selected_ix, 0)
+        app.handle_key("enter")
+        expect(app.current_view).to eq(:events)
+      end
+      it "toggles source to :job on 'j'" do
+        app.handle_key("j")
+        expect(app.source_filter).to eq(:job)
+      end
+      it "toggles source to :all on 'a'" do
+        app.handle_key("a")
+        expect(app.source_filter).to eq(:all)
+      end
+      it "toggles source back to :web on 'w'" do
+        app.handle_key("a")
+        app.handle_key("w")
+        expect(app.source_filter).to eq(:web)
+      end
+    end
+    context "when in :events view" do
+      before do
+        app.instance_variable_set(:@current_view, :events)
+        app.instance_variable_set(:@current_trace_id, "t1")
+        app.instance_variable_set(:@events, [{ "id" => "e1", "event_name" => "x" }])
+      end
+      it "goes back to :interactions on Esc" do
+        app.handle_key("esc")
+        expect(app.current_view).to eq(:interactions)
+      end
+      it "drills into :detail on Enter" do
+        app.handle_key("enter")
+        expect(app.current_view).to eq(:detail)
+      end
+    end
+    context "when in :detail view" do
+      before { app.instance_variable_set(:@current_view, :detail) }
+      it "goes back to :events on Esc" do
+        app.handle_key("esc")
+        expect(app.current_view).to eq(:events)
+      end
+      it "goes back to :events on 'b'" do
+        app.handle_key("b")
+        expect(app.current_view).to eq(:events)
+      end
+    end
+  end
+end

data/gems/e11y-devtools/spec/e11y/devtools/tui/grouping_spec.rb ADDED Viewed

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+require "spec_helper"
+require "time"
+require "e11y/devtools/tui/grouping"
+RSpec.describe E11y::Devtools::Tui::Grouping do
+  def make_trace(id, offset_ms, severity: "info", source: "web")
+    {
+      trace_id: id,
+      started_at: Time.now + (offset_ms / 1000.0),
+      severity: severity,
+      source: source
+    }
+  end
+  describe ".group" do
+    it "returns empty array for empty input" do
+      expect(described_class.group([])).to eq([])
+    end
+    it "places single trace in one interaction" do
+      groups = described_class.group([make_trace("t1", 0)])
+      expect(groups.size).to eq(1)
+      expect(groups.first.trace_ids).to eq(["t1"])
+    end
+    it "groups traces within window into one interaction" do
+      traces = [
+        make_trace("t1", 0),
+        make_trace("t2", 300),  # 300ms after t1 — within 500ms window
+        make_trace("t3", 1200)  # 1200ms after t1 — outside window
+      ]
+      groups = described_class.group(traces, window_ms: 500)
+      expect(groups.size).to eq(2)
+      # newest-first: groups[0] = t3 group, groups[1] = t1+t2 group
+      expect(groups.last.trace_ids.sort).to eq(%w[t1 t2].sort)
+      expect(groups.first.trace_ids).to eq(["t3"])
+    end
+    it "marks interaction has_error? when any trace has error severity" do
+      traces = [
+        make_trace("t1", 0, severity: "error"),
+        make_trace("t2", 100, severity: "info")
+      ]
+      groups = described_class.group(traces, window_ms: 500)
+      expect(groups.first.has_error?).to be true
+    end
+    it "marks interaction clean when no errors" do
+      groups = described_class.group([make_trace("t1", 0, severity: "info")])
+      expect(groups.first.has_error?).to be false
+    end
+    it "returns groups newest-first" do
+      traces = [
+        make_trace("old", 0),
+        make_trace("new", 2000)
+      ]
+      groups = described_class.group(traces, window_ms: 500)
+      expect(groups.first.trace_ids).to eq(["new"])
+    end
+  end
+end

data/gems/e11y-devtools/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
+require "e11y/devtools/version"

data/gems/e11y-devtools/spec/tui/widgets/event_list_spec.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require "spec_helper"
+require "time"
+unless defined?(RATATUI_AVAILABLE)
+  begin
+    require "minitest"
+    require "ratatui_ruby"
+    require "ratatui_ruby/test_helper"
+    RATATUI_AVAILABLE = true
+  rescue LoadError
+    RATATUI_AVAILABLE = false
+  end
+end
+RSpec.describe "E11y::Devtools::Tui::Widgets::EventList" do
+  include RatatuiRuby::TestHelper if RATATUI_AVAILABLE
+  before do
+    skip "ratatui_ruby not available" unless RATATUI_AVAILABLE
+    require "e11y/devtools/tui/widgets/event_list"
+  end
+  let(:events) do
+    [
+      { "severity" => "error", "event_name" => "order.failed",
+        "timestamp" => Time.now.iso8601, "metadata" => {} },
+      { "severity" => "info", "event_name" => "order.created",
+        "timestamp" => Time.now.iso8601, "metadata" => { "duration_ms" => 42 } }
+    ]
+  end
+  it "renders without raising" do
+    widget = E11y::Devtools::Tui::Widgets::EventList.new(
+      events: events, trace_id: "trace-1", selected_index: 0
+    )
+    tui = RatatuiRuby::TUI.new
+    with_test_terminal(80, 10) do
+      expect { RatatuiRuby.draw { |frame| widget.render(tui, frame, frame.area) } }
+        .not_to raise_error
+    end
+  end
+end

data/gems/e11y-devtools/spec/tui/widgets/interaction_list_spec.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+require "spec_helper"
+require "time"
+require "e11y/devtools/tui/grouping"
+unless defined?(RATATUI_AVAILABLE)
+  begin
+    require "minitest"
+    require "ratatui_ruby"
+    require "ratatui_ruby/test_helper"
+    RATATUI_AVAILABLE = true
+  rescue LoadError
+    RATATUI_AVAILABLE = false
+  end
+end
+RSpec.describe "E11y::Devtools::Tui::Widgets::InteractionList" do
+  include RatatuiRuby::TestHelper if RATATUI_AVAILABLE
+  before do
+    skip "ratatui_ruby not available" unless RATATUI_AVAILABLE
+    require "e11y/devtools/tui/widgets/interaction_list"
+  end
+  let(:t0) { Time.now }
+  def make_interaction(trace_ids:, has_error: false)
+    E11y::Devtools::Tui::Grouping::Interaction.new(
+      started_at: t0,
+      trace_ids: trace_ids,
+      has_error?: has_error,
+      source: "web"
+    )
+  end
+  it "renders bullet as ● red when interaction has error" do
+    widget = E11y::Devtools::Tui::Widgets::InteractionList.new(
+      interactions: [make_interaction(trace_ids: ["t1"], has_error: true)],
+      selected_index: 0
+    )
+    tui = RatatuiRuby::TUI.new
+    with_test_terminal(40, 5) do
+      expect { RatatuiRuby.draw { |frame| widget.render(tui, frame, frame.area) } }
+        .not_to raise_error
+      expect(buffer_content.join).to include("●")
+    end
+  end
+  it "renders bullet as ○ when interaction is clean" do
+    widget = E11y::Devtools::Tui::Widgets::InteractionList.new(
+      interactions: [make_interaction(trace_ids: ["t1"], has_error: false)],
+      selected_index: 0
+    )
+    tui = RatatuiRuby::TUI.new
+    with_test_terminal(40, 5) do
+      expect { RatatuiRuby.draw { |frame| widget.render(tui, frame, frame.area) } }
+        .not_to raise_error
+      expect(buffer_content.join).to include("○")
+    end
+  end
+end

data/lib/e11y/adapters/audit_encrypted.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require "openssl"
 require "json"
 require "fileutils"
 require "base64"
+require "e11y/event/base"
 module E11y
   module Adapters
@@ -84,14 +85,47 @@ module E11y
       # Read and decrypt audit event (for verification)
       #
       # @param event_id [String] Event ID
-      # @return [Hash] Decrypted event data
+      # @return [Hash, nil] Decrypted event data, or nil if decryption fails
       def read(event_id)
         encrypted_data = read_from_storage(event_id)
         decrypt_event(encrypted_data)
+      rescue Errno::ENOENT => e
+        warn "AuditEncrypted read error (file not found): #{e.message}"
+        nil
+      rescue JSON::ParserError => e
+        warn "AuditEncrypted read error (corrupt data): #{e.message}"
+        nil
+      rescue OpenSSL::Cipher::CipherError => e
+        # SECURITY: decryption failure indicates tampered or corrupt ciphertext.
+        # Re-raise so callers can handle it; also attempt to emit a security event.
+        track_security_event(event_id, e)
+        raise
       end
       private
+      # Emit a security event when decryption fails (potential tampering).
+      # Guards against E11y not being fully configured in non-production envs.
+      #
+      # @param event_id [String] The event ID that failed to decrypt
+      # @param error [OpenSSL::Cipher::CipherError] The decryption error
+      # @return [void]
+      def track_security_event(event_id, error)
+        E11y::Event::Base.track(
+          event_name: "e11y.security.audit_decryption_failed",
+          severity: :error,
+          payload: {
+            event_id: event_id,
+            error_class: error.class.name,
+            error_message: error.message,
+            adapter: self.class.name
+          }
+        )
+      rescue StandardError
+        warn "AuditEncrypted: decryption failure detected for #{event_id} " \
+             "(#{error.message}); security event could not be tracked"
+      end
       # Encrypt event data with AES-256-GCM
       #
       # @param event_data [Hash] Event data
@@ -127,7 +161,6 @@ module E11y
       #
       # @param encrypted [Hash] Encrypted data with nonce and tag
       # @return [Hash] Decrypted event data
-      # rubocop:disable Metrics/AbcSize
       # Cryptographic operations require multiple steps for secure decryption
       def decrypt_event(encrypted)
         cipher = OpenSSL::Cipher.new(CIPHER)
@@ -141,7 +174,6 @@ module E11y
         JSON.parse(plaintext, symbolize_names: true)
       end
-      # rubocop:enable Metrics/AbcSize
       # Write encrypted data to storage
       #
@@ -216,17 +248,27 @@ module E11y
       #
       # @return [String] Encryption key
       def default_encryption_key
-        key = ENV.fetch("E11Y_AUDIT_ENCRYPTION_KEY") do
-          if defined?(::Rails) && ::Rails.env.production?
-            raise E11y::Error, "E11Y_AUDIT_ENCRYPTION_KEY must be set in production"
-          end
+        # Use ENV var if provided (required in production)
+        env_key = ENV.fetch("E11Y_AUDIT_ENCRYPTION_KEY", nil)
+        if env_key
+          return env_key.bytesize == 32 ? env_key : [env_key].pack("H*")
+        end
-          # Development fallback
-          OpenSSL::Random.random_bytes(32)
+        # In production without ENV var, raise a clear error
+        if defined?(::Rails) && ::Rails.env.production?
+          raise E11y::Error,
+                "E11Y_AUDIT_ENCRYPTION_KEY must be set in production. " \
+                "Generate with: openssl rand -hex 32"
         end
-        # Ensure 32 bytes
-        key.bytesize == 32 ? key : [key].pack("H*")
+        # Development/test: derive a stable key from a fixed seed.
+        # This is NOT secure for production — only for development/testing.
+        OpenSSL::PKCS5.pbkdf2_hmac_sha1(
+          "e11y-development-key-not-for-production",
+          "e11y-static-salt",
+          1000,
+          32
+        )
       end
       # Default storage path

data/lib/e11y/adapters/base.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require_relative "../reliability/retry_handler"
+require_relative "../reliability/retry_rate_limiter"
 require_relative "../reliability/circuit_breaker"
 module E11y
@@ -98,14 +99,13 @@ module E11y
       # This is the recommended public API for sending events.
       # Automatically handles failures, retries, and DLQ.
       #
-      # Respects `E11y.config.error_handling.fail_on_error` setting (C18 Resolution):
+      # Respects `E11y.config.error_handling_fail_on_error` setting (C18 Resolution):
       # - `true`: Raises exceptions (fast feedback for web requests)
       # - `false`: Swallows exceptions, saves to DLQ (don't fail background jobs)
       #
       # @param event_data [Hash] Event payload
       # @return [Boolean] true on success
       # @raise [RetryExhaustedError, CircuitOpenError] if fail_on_error=true
-      # rubocop:disable Metrics/MethodLength
       # Core reliability logic with retry and circuit breaker - should stay as cohesive unit
       def write_with_reliability(event_data)
         return write(event_data) unless @reliability_enabled
@@ -129,7 +129,6 @@ module E11y
           handle_reliability_error(event_data, e, :circuit_open)
         end
       end
-      # rubocop:enable Metrics/MethodLength
       # Write a batch of events (preferred for performance)
       #
@@ -288,7 +287,7 @@ module E11y
           raise unless retriable_error?(e) && attempt < max_attempts
           delay = calculate_backoff_delay(attempt, base_delay, max_delay, jitter)
-          warn "[E11y] #{self.class.name} retry #{attempt}/#{max_attempts} after #{delay.round(2)}s: #{e.message}"
+          E11y.logger&.warn("[E11y] #{self.class.name} retry #{attempt}/#{max_attempts} after #{delay.round(2)}s: #{e.message}")
           sleep(delay)
           retry
         end
@@ -306,7 +305,7 @@ module E11y
       #   def retriable_error?(error)
       #     super || error.is_a?(CustomTransientError)
       #   end
-      # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       # This method checks many different error types for retryability - splitting would reduce clarity
       def retriable_error?(error)
         # Network timeout errors
@@ -334,7 +333,7 @@ module E11y
         false
       end
-      # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       # Calculate exponential backoff delay with jitter
       #
@@ -381,16 +380,13 @@ module E11y
       #   end
       #
       # @see ADR-004 Section 7.2 (Circuit Breaker)
-      # rubocop:disable Metrics/MethodLength
       # Circuit breaker state machine logic should stay as cohesive unit
       def with_circuit_breaker(failure_threshold: 5, timeout: 60)
         init_circuit_breaker! unless @circuit_state
         @circuit_mutex.synchronize do
           if @circuit_state == :open
-            unless circuit_timeout_expired?(timeout)
-              raise CircuitOpenError, "Circuit breaker open for #{self.class.name}"
-            end
+            raise CircuitOpenError, "Circuit breaker open for #{self.class.name}" unless circuit_timeout_expired?(timeout)
             @circuit_state = :half_open
             @circuit_success_count = 0
@@ -407,7 +403,6 @@ module E11y
           raise
         end
       end
-      # rubocop:enable Metrics/MethodLength
       # Initialize circuit breaker state
       #
@@ -431,7 +426,7 @@ module E11y
             @circuit_success_count += 1
             if @circuit_success_count >= 2 # 2 successes → close
               @circuit_state = :closed
-              warn "[E11y] #{self.class.name} circuit breaker closed (recovered)"
+              E11y.logger&.warn("[E11y] #{self.class.name} circuit breaker closed (recovered)")
             end
           end
         end
@@ -449,7 +444,7 @@ module E11y
           if @circuit_failure_count >= threshold && @circuit_state == :closed
             @circuit_state = :open
-            warn "[E11y] #{self.class.name} circuit breaker opened (#{@circuit_failure_count} failures)"
+            E11y.logger&.warn("[E11y] #{self.class.name} circuit breaker opened (#{@circuit_failure_count} failures)")
           end
         end
       end
@@ -469,9 +464,14 @@ module E11y
       def setup_reliability_layer
         reliability_config = @config.fetch(:reliability, {})
-        # Setup RetryHandler
+        # Setup RetryHandler (C06: wire RetryRateLimiter for thundering herd prevention)
         retry_config = reliability_config.fetch(:retry, {})
-        @retry_handler = E11y::Reliability::RetryHandler.new(config: retry_config)
+        rate_limiter = reliability_config[:retry_rate_limiter] ||
+                       E11y::Reliability::RetryRateLimiter.new
+        @retry_handler = E11y::Reliability::RetryHandler.new(
+          config: retry_config,
+          rate_limiter: rate_limiter
+        )
         # Setup CircuitBreaker
         circuit_breaker_config = reliability_config.fetch(:circuit_breaker, {})
@@ -479,15 +479,11 @@ module E11y
           adapter_name: self.class.name,
           config: circuit_breaker_config
         )
-        # Setup DLQ components (will be initialized from E11y.config later)
-        @dlq_filter = nil
-        @dlq_storage = nil
       end
       # Handle reliability error (retry exhausted / circuit breaker open).
       #
-      # Behavior depends on `E11y.config.error_handling.fail_on_error` (C18 Resolution):
+      # Behavior depends on `E11y.config.error_handling_fail_on_error` (C18 Resolution):
       # - `true`: Re-raises exception (fast feedback for web requests)
       # - `false`: Swallows exception, saves to DLQ (don't fail background jobs)
       #
@@ -505,35 +501,38 @@ module E11y
         save_to_dlq_if_needed(event_data, error, reason)
         # Log warning
-        warn "[E11y] #{self.class.name} #{reason} for event #{event_data[:event_name]}: #{error.message}"
+        E11y.logger&.warn("[E11y] #{self.class.name} #{reason} for event #{event_data[:event_name]}: #{error.message}")
         # Check fail_on_error setting (C18 Resolution)
-        raise error if E11y.config.error_handling.fail_on_error
+        raise error if E11y.config.error_handling_fail_on_error
         # Web request context: RAISE (fast feedback)
         # Background job context: SWALLOW (don't fail business logic)
-        # TODO: Track metric e11y.event.tracking_failed_silent
         false
       end
       # rubocop:enable Naming/PredicateMethod
       # Save event to DLQ if filter allows.
+      # Uses E11y.config.dlq_filter and E11y.config.dlq_storage (F3 — wired from config).
       #
       # @api private
       def save_to_dlq_if_needed(event_data, error, reason)
-        return unless @dlq_filter&.should_save?(event_data, error)
-        @dlq_storage&.save(event_data, metadata: {
-                             error: error.message,
-                             error_class: error.class.name,
-                             reason: reason,
-                             adapter: self.class.name,
-                             timestamp: Time.now.utc.iso8601
-                           })
+        dlq_filter = E11y.config.respond_to?(:dlq_filter) ? E11y.config.dlq_filter : nil
+        dlq_storage = E11y.config.respond_to?(:dlq_storage) ? E11y.config.dlq_storage : nil
+        return unless dlq_filter&.should_save?(event_data, error)
+        return unless dlq_storage
+        dlq_storage.save(event_data, metadata: {
+                           error: error,
+                           error_class: error.class.name,
+                           reason: reason,
+                           adapter: self.class.name,
+                           timestamp: Time.now.utc.iso8601
+                         })
       rescue StandardError => e
         # C18: Don't fail if DLQ save fails
-        warn "[E11y] Failed to save event to DLQ: #{e.message}"
+        E11y.logger&.warn("[E11y] Failed to save event to DLQ: #{e.message}")
       end
       # Track successful adapter write (self-monitoring).
@@ -558,7 +557,7 @@ module E11y
         )
       rescue StandardError => e
         # Don't fail if monitoring fails
-        warn "[E11y] Self-monitoring error: #{e.message}"
+        E11y.logger&.warn("[E11y] Self-monitoring error: #{e.message}")
       end
       # Track failed adapter write (self-monitoring).