RubyGems - familia - Versions diffs - 2.0.0.pre14 → 2.0.0.pre16 - Mend

familia 2.0.0.pre14 → 2.0.0.pre16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (276) hide show

checksums.yaml +4 -4
data/.github/workflows/code-quality.yml +138 -0
data/.github/workflows/code-smellage.yml +145 -0
data/.github/workflows/docs.yml +31 -8
data/.gitignore +1 -1
data/.pre-commit-config.yaml +7 -1
data/.reek.yml +98 -0
data/.rubocop.yml +48 -10
data/.talismanrc +9 -0
data/.yardopts +18 -13
data/CHANGELOG.rst +66 -6
data/CLAUDE.md +1 -1
data/Gemfile +6 -5
data/Gemfile.lock +99 -23
data/LICENSE.txt +1 -1
data/README.md +285 -85
data/changelog.d/README.md +2 -2
data/docs/archive/FAMILIA_RELATIONSHIPS.md +22 -22
data/docs/archive/FAMILIA_TECHNICAL.md +41 -41
data/docs/archive/FAMILIA_UPDATE.md +3 -3
data/docs/archive/README.md +3 -2
data/docs/{guides/API-Reference.md → archive/api-reference.md} +87 -101
data/docs/conf.py +29 -0
data/docs/guides/{Field-System-Guide.md → core-field-system.md} +9 -9
data/docs/guides/feature-encrypted-fields.md +785 -0
data/docs/guides/{Expiration-Feature-Guide.md → feature-expiration.md} +11 -2
data/docs/guides/feature-external-identifiers.md +637 -0
data/docs/guides/feature-object-identifiers.md +435 -0
data/docs/guides/{Quantization-Feature-Guide.md → feature-quantization.md} +94 -29
data/docs/guides/feature-relationships-methods.md +684 -0
data/docs/guides/feature-relationships.md +200 -0
data/docs/guides/{Features-System-Developer-Guide.md → feature-system-devs.md} +4 -4
data/docs/guides/{Feature-System-Guide.md → feature-system.md} +5 -5
data/docs/guides/{Transient-Fields-Guide.md → feature-transient-fields.md} +2 -2
data/docs/guides/{Implementation-Guide.md → implementation.md} +3 -3
data/docs/guides/index.md +176 -0
data/docs/guides/{Security-Model.md → security-model.md} +1 -1
data/docs/migrating/v2.0.0-pre.md +1 -1
data/docs/migrating/v2.0.0-pre11.md +4 -4
data/docs/migrating/v2.0.0-pre12.md +2 -2
data/docs/migrating/v2.0.0-pre13.md +1 -1
data/docs/migrating/v2.0.0-pre5.md +33 -12
data/docs/migrating/v2.0.0-pre6.md +2 -2
data/docs/migrating/v2.0.0-pre7.md +8 -8
data/docs/overview.md +623 -19
data/docs/reference/api-technical.md +1365 -0
data/examples/autoloader/mega_customer/features/deprecated_fields.rb +7 -0
data/examples/autoloader/mega_customer/safe_dump_fields.rb +1 -1
data/examples/autoloader/mega_customer.rb +3 -1
data/examples/encrypted_fields.rb +378 -0
data/examples/json_usage_patterns.rb +144 -0
data/examples/relationships.rb +13 -13
data/examples/safe_dump.rb +6 -6
data/examples/single_connection_transaction_confusions.rb +379 -0
data/lib/familia/base.rb +49 -10
data/lib/familia/connection/handlers.rb +223 -0
data/lib/familia/connection/individual_command_proxy.rb +64 -0
data/lib/familia/connection/middleware.rb +75 -0
data/lib/familia/connection/operation_core.rb +93 -0
data/lib/familia/connection/operations.rb +277 -0
data/lib/familia/connection/pipeline_core.rb +87 -0
data/lib/familia/connection/transaction_core.rb +100 -0
data/lib/familia/connection.rb +60 -186
data/lib/familia/data_type/commands.rb +53 -51
data/lib/familia/data_type/serialization.rb +108 -107
data/lib/familia/data_type/types/counter.rb +1 -1
data/lib/familia/data_type/types/hashkey.rb +13 -10
data/lib/familia/data_type/types/{list.rb → listkey.rb} +13 -5
data/lib/familia/data_type/types/lock.rb +3 -2
data/lib/familia/data_type/types/sorted_set.rb +26 -15
data/lib/familia/data_type/types/{string.rb → stringkey.rb} +7 -5
data/lib/familia/data_type/types/unsorted_set.rb +20 -27
data/lib/familia/data_type.rb +75 -47
data/lib/familia/distinguisher.rb +85 -0
data/lib/familia/encryption/encrypted_data.rb +15 -24
data/lib/familia/encryption/manager.rb +6 -4
data/lib/familia/encryption/providers/aes_gcm_provider.rb +1 -1
data/lib/familia/encryption/providers/secure_xchacha20_poly1305_provider.rb +7 -9
data/lib/familia/encryption/providers/xchacha20_poly1305_provider.rb +4 -5
data/lib/familia/encryption/request_cache.rb +7 -7
data/lib/familia/encryption.rb +2 -3
data/lib/familia/errors.rb +9 -3
data/lib/familia/{autoloader.rb → features/autoloader.rb} +49 -23
data/lib/familia/features/encrypted_fields/concealed_string.rb +3 -4
data/lib/familia/features/encrypted_fields/encrypted_field_type.rb +13 -14
data/lib/familia/features/encrypted_fields.rb +68 -66
data/lib/familia/features/expiration/extensions.rb +61 -0
data/lib/familia/features/expiration.rb +35 -87
data/lib/familia/features/external_identifier.rb +11 -12
data/lib/familia/features/object_identifier.rb +58 -20
data/lib/familia/features/quantization.rb +17 -22
data/lib/familia/features/relationships/README.md +97 -0
data/lib/familia/features/relationships/collection_operations.rb +104 -0
data/lib/familia/features/relationships/indexing/multi_index_generators.rb +202 -0
data/lib/familia/features/relationships/indexing/unique_index_generators.rb +301 -0
data/lib/familia/features/relationships/indexing.rb +176 -256
data/lib/familia/features/relationships/indexing_relationship.rb +35 -0
data/lib/familia/features/relationships/participation/participant_methods.rb +160 -0
data/lib/familia/features/relationships/participation/target_methods.rb +225 -0
data/lib/familia/features/relationships/participation.rb +656 -0
data/lib/familia/features/relationships/participation_relationship.rb +31 -0
data/lib/familia/features/relationships/score_encoding.rb +20 -20
data/lib/familia/features/relationships.rb +69 -271
data/lib/familia/features/safe_dump.rb +127 -132
data/lib/familia/features/transient_fields/redacted_string.rb +6 -6
data/lib/familia/features/transient_fields/transient_field_type.rb +5 -5
data/lib/familia/features/transient_fields.rb +5 -5
data/lib/familia/features.rb +21 -21
data/lib/familia/field_type.rb +24 -4
data/lib/familia/horreum/core/connection.rb +229 -26
data/lib/familia/horreum/core/database_commands.rb +27 -17
data/lib/familia/horreum/core/serialization.rb +40 -20
data/lib/familia/horreum/core/utils.rb +2 -1
data/lib/familia/horreum/shared/settings.rb +2 -1
data/lib/familia/horreum/subclass/definition.rb +33 -45
data/lib/familia/horreum/subclass/management.rb +72 -24
data/lib/familia/horreum/subclass/related_fields_management.rb +82 -21
data/lib/familia/horreum.rb +196 -114
data/lib/familia/json_serializer.rb +0 -1
data/lib/familia/logging.rb +11 -114
data/lib/familia/refinements/dear_json.rb +122 -0
data/lib/familia/refinements/logger_trace.rb +20 -17
data/lib/familia/refinements/stylize_words.rb +65 -0
data/lib/familia/refinements/time_literals.rb +60 -52
data/lib/familia/refinements.rb +2 -1
data/lib/familia/secure_identifier.rb +60 -28
data/lib/familia/settings.rb +83 -7
data/lib/familia/utils.rb +5 -87
data/lib/familia/verifiable_identifier.rb +4 -4
data/lib/familia/version.rb +1 -1
data/lib/familia.rb +72 -15
data/lib/middleware/database_middleware.rb +56 -14
data/lib/{familia/multi_result.rb → multi_result.rb} +23 -16
data/try/configuration/scenarios_try.rb +1 -1
data/try/connection/fiber_context_preservation_try.rb +250 -0
data/try/connection/handler_constraints_try.rb +59 -0
data/try/connection/operation_mode_guards_try.rb +208 -0
data/try/connection/pipeline_fallback_integration_try.rb +128 -0
data/try/connection/responsibility_chain_tracking_try.rb +72 -0
data/try/connection/transaction_fallback_integration_try.rb +288 -0
data/try/connection/transaction_mode_permissive_try.rb +153 -0
data/try/connection/transaction_mode_strict_try.rb +98 -0
data/try/connection/transaction_mode_warn_try.rb +131 -0
data/try/connection/transaction_modes_try.rb +249 -0
data/try/core/autoloader_try.rb +129 -11
data/try/core/connection_try.rb +7 -7
data/try/core/conventional_inheritance_try.rb +130 -0
data/try/core/create_method_try.rb +15 -23
data/try/core/database_consistency_try.rb +10 -10
data/try/core/errors_try.rb +8 -11
data/try/core/familia_extended_try.rb +2 -2
data/try/core/familia_members_methods_try.rb +76 -0
data/try/core/isolated_dbclient_try.rb +165 -0
data/try/core/middleware_try.rb +16 -16
data/try/core/persistence_operations_try.rb +4 -4
data/try/core/pools_try.rb +42 -26
data/try/core/secure_identifier_try.rb +28 -24
data/try/core/time_utils_try.rb +10 -10
data/try/core/tools_try.rb +1 -1
data/try/core/utils_try.rb +2 -2
data/try/data_types/boolean_try.rb +4 -4
data/try/data_types/datatype_base_try.rb +0 -2
data/try/data_types/list_try.rb +10 -10
data/try/data_types/sorted_set_try.rb +5 -5
data/try/data_types/string_try.rb +12 -12
data/try/data_types/unsortedset_try.rb +33 -0
data/try/debugging/cache_behavior_tracer.rb +7 -7
data/try/debugging/debug_aad_process.rb +1 -1
data/try/debugging/debug_concealed_internal.rb +1 -1
data/try/debugging/debug_cross_context.rb +1 -1
data/try/debugging/debug_fresh_cross_context.rb +1 -1
data/try/debugging/encryption_method_tracer.rb +10 -10
data/try/edge_cases/hash_symbolization_try.rb +1 -1
data/try/edge_cases/ttl_side_effects_try.rb +1 -1
data/try/encryption/config_persistence_try.rb +2 -2
data/try/encryption/encryption_core_try.rb +19 -19
data/try/encryption/instance_variable_scope_try.rb +1 -1
data/try/encryption/module_loading_try.rb +2 -2
data/try/encryption/providers/aes_gcm_provider_try.rb +1 -1
data/try/encryption/providers/xchacha20_poly1305_provider_try.rb +1 -1
data/try/encryption/secure_memory_handling_try.rb +1 -1
data/try/features/encrypted_fields/concealed_string_core_try.rb +11 -7
data/try/features/encrypted_fields/encrypted_fields_core_try.rb +1 -1
data/try/features/encrypted_fields/encrypted_fields_integration_try.rb +3 -3
data/try/features/encrypted_fields/encrypted_fields_no_cache_security_try.rb +10 -10
data/try/features/encrypted_fields/encrypted_fields_security_try.rb +14 -14
data/try/features/encrypted_fields/error_conditions_try.rb +7 -7
data/try/features/encrypted_fields/fresh_key_try.rb +1 -1
data/try/features/encrypted_fields/nonce_uniqueness_try.rb +1 -1
data/try/features/encrypted_fields/secure_by_default_behavior_try.rb +7 -7
data/try/features/encrypted_fields/universal_serialization_safety_try.rb +13 -20
data/try/features/external_identifier/external_identifier_try.rb +1 -1
data/try/features/feature_dependencies_try.rb +3 -3
data/try/features/object_identifier/object_identifier_integration_try.rb +28 -34
data/try/features/object_identifier/object_identifier_try.rb +10 -0
data/try/features/quantization/quantization_try.rb +1 -1
data/try/features/relationships/indexing_commands_verification_try.rb +136 -0
data/try/features/relationships/indexing_try.rb +433 -0
data/try/features/relationships/participation_commands_verification_spec.rb +102 -0
data/try/features/relationships/participation_commands_verification_try.rb +105 -0
data/try/features/relationships/participation_performance_improvements_try.rb +124 -0
data/try/features/relationships/participation_reverse_index_try.rb +196 -0
data/try/features/relationships/relationships_api_changes_try.rb +72 -71
data/try/features/relationships/relationships_edge_cases_try.rb +15 -18
data/try/features/relationships/relationships_performance_minimal_try.rb +2 -2
data/try/features/relationships/relationships_performance_simple_try.rb +8 -8
data/try/features/relationships/relationships_performance_try.rb +20 -20
data/try/features/relationships/relationships_try.rb +27 -38
data/try/features/safe_dump/safe_dump_advanced_try.rb +2 -2
data/try/features/transient_fields/refresh_reset_try.rb +1 -1
data/try/features/transient_fields/simple_refresh_test.rb +1 -1
data/try/helpers/test_cleanup.rb +86 -0
data/try/helpers/test_helpers.rb +3 -3
data/try/horreum/base_try.rb +3 -2
data/try/horreum/commands_try.rb +1 -1
data/try/horreum/destroy_related_fields_cleanup_try.rb +330 -0
data/try/horreum/initialization_try.rb +11 -7
data/try/horreum/relations_try.rb +21 -13
data/try/horreum/serialization_try.rb +12 -11
data/try/integration/cross_component_try.rb +3 -3
data/try/memory/memory_basic_test.rb +1 -1
data/try/memory/memory_docker_ruby_dump.sh +1 -1
data/try/models/customer_safe_dump_try.rb +1 -1
data/try/models/customer_try.rb +8 -10
data/try/models/datatype_base_try.rb +3 -3
data/try/models/familia_object_try.rb +9 -8
data/try/performance/benchmarks_try.rb +2 -2
data/try/prototypes/atomic_saves_v1_context_proxy.rb +2 -2
data/try/prototypes/atomic_saves_v3_connection_pool.rb +3 -3
data/try/prototypes/atomic_saves_v4.rb +1 -1
data/try/prototypes/lib/atomic_saves_v2_connection_switching_helpers.rb +4 -4
data/try/prototypes/lib/atomic_saves_v3_connection_pool_helpers.rb +4 -4
data/try/prototypes/pooling/lib/atomic_saves_v3_connection_pool_helpers.rb +4 -4
data/try/prototypes/pooling/lib/connection_pool_metrics.rb +5 -5
data/try/prototypes/pooling/lib/connection_pool_stress_test.rb +26 -26
data/try/prototypes/pooling/lib/connection_pool_threading_models.rb +7 -7
data/try/prototypes/pooling/lib/visualize_stress_results.rb +1 -1
data/try/prototypes/pooling/pool_siege.rb +11 -11
data/try/prototypes/pooling/run_stress_tests.rb +7 -7
data/try/refinements/dear_json_array_methods_try.rb +53 -0
data/try/refinements/dear_json_hash_methods_try.rb +54 -0
data/try/refinements/logger_trace_methods_try.rb +44 -0
data/try/refinements/time_literals_numeric_methods_try.rb +141 -0
data/try/refinements/time_literals_string_methods_try.rb +80 -0
metadata +77 -45
data/.rubocop_todo.yml +0 -208
data/docs/connection_pooling.md +0 -192
data/docs/guides/Connection-Pooling-Guide.md +0 -437
data/docs/guides/Encrypted-Fields-Overview.md +0 -101
data/docs/guides/Feature-System-Autoloading.md +0 -228
data/docs/guides/Home.md +0 -116
data/docs/guides/Relationships-Guide.md +0 -737
data/docs/guides/relationships-methods.md +0 -266
data/docs/reference/auditing_database_commands.rb +0 -228
data/examples/permissions.rb +0 -240
data/lib/familia/features/autoloadable.rb +0 -113
data/lib/familia/features/relationships/cascading.rb +0 -437
data/lib/familia/features/relationships/membership.rb +0 -497
data/lib/familia/features/relationships/permission_management.rb +0 -264
data/lib/familia/features/relationships/querying.rb +0 -615
data/lib/familia/features/relationships/redis_operations.rb +0 -274
data/lib/familia/features/relationships/tracking.rb +0 -418
data/lib/familia/refinements/snake_case.rb +0 -40
data/lib/familia/validation/command_recorder.rb +0 -336
data/lib/familia/validation/expectations.rb +0 -519
data/lib/familia/validation/validation_helpers.rb +0 -443
data/lib/familia/validation/validator.rb +0 -412
data/lib/familia/validation.rb +0 -140
data/try/data_types/set_try.rb +0 -33
data/try/features/autoloadable/autoloadable_try.rb +0 -61
data/try/features/relationships/categorical_permissions_try.rb +0 -515
data/try/features/safe_dump/safe_dump_autoloading_try.rb +0 -111
data/try/validation/atomic_operations_try.rb.disabled +0 -320
data/try/validation/command_validation_try.rb.disabled +0 -207
data/try/validation/performance_validation_try.rb.disabled +0 -324
data/try/validation/real_world_scenarios_try.rb.disabled +0 -390

data/examples/autoloader/mega_customer/features/deprecated_fields.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# examples/autoloader/mega_customer/features/deprecated_fields.rb
+# Extend the MegaCustomer class to organize all of the deprecated fields into one place
+class MegaCustomer < Familia::Horreum
+  field :favourite_colour
+  field :nickname
+end

data/examples/autoloader/mega_customer/safe_dump_fields.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # examples/autoloader/mega_customer/safe_dump_fields.rb
 # Extend the MegaCustomer class to add safe dump fields
-class MegaCustomer
+class MegaCustomer < Familia::Horreum
   safe_dump_fields :custid, :username, :created_at, :updated_at
 end

data/examples/autoloader/mega_customer.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 require_relative '../../lib/familia'
 class MegaCustomer < Familia::Horreum
+  include Familia::Features::Autoloader
   field :custid
   field :username
   field :email
@@ -13,5 +15,5 @@ class MegaCustomer < Familia::Horreum
   field :updated_at
   feature :safe_dump
-  # feature :deprecated_fields
+  feature :deprecated_fields
 end

data/examples/encrypted_fields.rb ADDED Viewed

@@ -0,0 +1,378 @@
+#!/usr/bin/env ruby
+# examples/encrypted_fields.rb
+#
+# Demonstrates the EncryptedFields feature for protecting sensitive data.
+# This feature provides transparent encryption/decryption of sensitive fields
+# using strong cryptographic algorithms with field-specific key derivation.
+$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
+require 'familia'
+# Configure connection
+Familia.uri = 'redis://localhost:6379/15'
+puts '=== Encrypted Fields Feature Examples ==='
+puts
+# Configure encryption keys for examples
+Familia.configure do |config|
+  config.encryption_keys = {
+    v1: 'dGVzdGtleWZvcmV4YW1wbGVzMTIzNDU2Nzg5MA==', # Base64 encoded 32 bytes
+    v2: 'bmV3ZXJrZXlmb3JleGFtcGxlczEyMzQ1Njc4OTA=', # Base64 encoded 32 bytes
+  }
+  config.current_key_version = :v2
+  config.encryption_personalization = 'FamiliaExamples'
+end
+# Validate configuration before proceeding
+begin
+  Familia::Encryption.validate_configuration!
+  puts '✓ Encryption configuration validated'
+  puts "  Algorithm: #{Familia::Encryption.status[:default_algorithm]}"
+  puts "  Available algorithms: #{Familia::Encryption.status[:available_algorithms].join(', ')}"
+  puts "  Key versions: #{Familia::Encryption.status[:key_versions].join(', ')}"
+  puts
+rescue Familia::EncryptionError => e
+  puts "✗ Encryption configuration error: #{e.message}"
+  exit 1
+end
+# Example 1: Basic encrypted fields
+class SecureUser < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :email
+  field :email                    # stored as plaintext in the database
+  field :name
+  encrypted_field :ssn            # store as an encrypted string in the database
+  encrypted_field :credit_card
+  encrypted_field :notes
+  field :created_at
+end
+puts 'Example 1: Basic encrypted fields'
+user = SecureUser.new(
+  email: 'alice@example.com',
+  name: 'Alice Windows',
+  ssn: '123-45-6789',
+  credit_card: '4111-1111-1111-1111',
+  notes: 'VIP customer with special handling',
+  created_at: Familia.now.to_i
+)
+user.save
+puts '✓ User saved with encrypted fields'
+# Demonstrate transparent access
+puts "Name (plaintext): #{user.name}"
+puts "SSN (encrypted): #{user.ssn.class} -> #{user.ssn.reveal}"
+puts "Credit card: #{user.credit_card.reveal}"
+puts "Notes: #{user.notes.reveal}"
+# Show how ConcealedString protects data in logs
+puts "SSN to_s (safe for logging): #{user.ssn}"
+puts "SSN inspect (safe for logging): #{user.ssn.inspect}"
+puts
+# Example 2: Encrypted fields with Additional Authenticated Data (AAD)
+class SecureDocument < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :doc_id
+  field :doc_id
+  field :title                    # Plaintext
+  field :owner_id                 # Plaintext
+  field :classification # Plaintext
+  encrypted_field :content, aad_fields: %i[doc_id owner_id classification]
+  encrypted_field :summary        # No AAD
+  field :created_at               # Plaintext
+end
+puts 'Example 2: Encrypted fields with Additional Authenticated Data'
+doc = SecureDocument.new(
+  doc_id: 'DOC-2024-001',
+  title: 'Strategic Plan',
+  owner_id: 'user123',
+  classification: 'confidential',
+  content: 'This document contains sensitive strategic information...',
+  summary: 'Strategic planning document for Q1 2024',
+  created_at: Familia.now.to_i
+)
+doc.save
+puts '✓ Document saved with AAD-protected content'
+# AAD ensures content can only be decrypted with matching metadata
+puts "Title: #{doc.title}"
+puts "Content (with AAD protection): #{doc.content.reveal}"
+puts "Summary (no AAD): #{doc.summary.reveal}"
+puts
+# Example 3: Performance optimization with request caching
+class VaultEntry < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :entry_id
+  field :entry_id
+  encrypted_field :api_key
+  encrypted_field :secret_token
+  encrypted_field :private_key
+  encrypted_field :webhook_url
+end
+puts 'Example 3: Performance optimization with request caching'
+entries = []
+# Without caching - each field derives keys independently
+start_time = Time.now
+5.times do |i|
+  private_key_pem = <<~PEM
+    -----BEGIN PRIVATE KEY-----
+    FAKE_EXAMPLE_KEY_FOR_TESTING_ONLY
+    FAKE_EXAMPLE_KEY_FOR_TESTING_ONLY
+    -----END PRIVATE KEY-----
+  PEM
+  entry = VaultEntry.new(
+    entry_id: "entry_#{i}",
+    api_key: "sk_test_key_#{i}",
+    secret_token: "token_#{i}_secret",
+    private_key: private_key_pem.strip,
+    webhook_url: "https://api.example.com/webhook/#{i}"
+  )
+  entry.save
+  entries << entry
+end
+no_cache_time = Time.now - start_time
+# With caching - reuses derived keys within the block
+start_time = Time.now
+Familia::Encryption.with_request_cache do
+  5.times do |i|
+    private_key_pem = <<~PEM
+      -----BEGIN PRIVATE KEY-----
+      FAKE_EXAMPLE_KEY_FOR_TESTING_ONLY
+      FAKE_EXAMPLE_KEY_FOR_TESTING_ONLY
+      -----END PRIVATE KEY-----
+    PEM
+    entry = VaultEntry.new(
+      entry_id: "cached_entry_#{i}",
+      api_key: "sk_test_key_cached_#{i}",
+      secret_token: "token_cached_#{i}_secret",
+      private_key: private_key_pem.strip,
+      webhook_url: "https://api.example.com/webhook/cached/#{i}"
+    )
+    entry.save
+    entries << entry
+  end
+end
+cached_time = Time.now - start_time
+puts "Encryption without caching: #{(no_cache_time * 1000).round(2)}ms"
+puts "Encryption with caching: #{(cached_time * 1000).round(2)}ms"
+puts "Performance improvement: #{((no_cache_time - cached_time) / no_cache_time * 100).round(1)}%"
+puts
+# Example 4: Key rotation simulation
+class RotationTest < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :test_id
+  field :test_id
+  encrypted_field :sensitive_data
+end
+puts 'Example 4: Key rotation demonstration'
+rotation_obj = RotationTest.new(
+  test_id: 'rotation_test',
+  sensitive_data: 'Original sensitive data encrypted with v2 key'
+)
+rotation_obj.save
+puts "Original data encrypted with key version: #{Familia.config.current_key_version}"
+puts "Data: #{rotation_obj.sensitive_data.reveal}"
+# Check encryption status before rotation
+status_before = rotation_obj.encrypted_fields_status
+puts "Encryption status before rotation: #{status_before}"
+# Simulate key rotation - switch to v1 for demonstration
+Familia.config.current_key_version = :v1
+# Re-encrypt with new current key
+rotation_obj.sensitive_data = 'Updated data encrypted with v1 key'
+rotation_obj.re_encrypt_fields!
+rotation_obj.save
+puts "After rotation to key version: #{Familia.config.current_key_version}"
+puts "Data: #{rotation_obj.sensitive_data.reveal}"
+# Check encryption status after rotation
+status_after = rotation_obj.encrypted_fields_status
+puts "Encryption status after rotation: #{status_after}"
+# Switch back to v2
+Familia.config.current_key_version = :v2
+puts
+# Example 5: Memory safety and cleanup
+class MemoryTest < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :mem_id
+  field :mem_id
+  encrypted_field :secret_one
+  encrypted_field :secret_two
+  encrypted_field :secret_three
+end
+puts 'Example 5: Memory safety and cleanup'
+mem_obj = MemoryTest.new(
+  mem_id: 'memory_test',
+  secret_one: 'First secret value',
+  secret_two: 'Second secret value',
+  secret_three: 'Third secret value'
+)
+puts "Has encrypted data: #{mem_obj.encrypted_data?}"
+puts "Fields cleared: #{mem_obj.encrypted_fields_cleared?}"
+# Access some fields to load them into memory
+puts "Secret one: #{mem_obj.secret_one.reveal}"
+puts "Secret two: #{mem_obj.secret_two.reveal}"
+# Clear specific field
+mem_obj.secret_one.clear!
+puts "Secret one cleared: #{mem_obj.secret_one.cleared?}"
+# Clear all encrypted fields
+mem_obj.clear_encrypted_fields!
+puts "All fields cleared: #{mem_obj.encrypted_fields_cleared?}"
+puts
+# Example 6: Error handling and validation
+puts 'Example 6: Error handling and validation'
+# Test with invalid configuration
+begin
+  old_keys = Familia.config.encryption_keys
+  Familia.config.encryption_keys = {}
+  invalid_obj = SecureUser.new(email: 'test@example.com', ssn: 'test')
+  invalid_obj.save
+rescue Familia::EncryptionError => e
+  puts "✓ Caught expected error with invalid config: #{e.message}"
+ensure
+  Familia.config.encryption_keys = old_keys
+end
+# Test with missing key version
+begin
+  test_obj = SecureUser.new(email: 'version_test@example.com', ssn: '987-65-4321')
+  test_obj.save
+  # Simulate missing key version in config
+  old_keys = Familia.config.encryption_keys.dup
+  Familia.config.encryption_keys = { v3: old_keys[:v2] }
+  # This should fail when trying to decrypt
+  test_obj.ssn.reveal
+rescue Familia::EncryptionError => e
+  puts "✓ Caught expected error with missing key version: #{e.message}"
+ensure
+  Familia.config.encryption_keys = old_keys
+end
+puts
+# Example 7: Benchmarking encryption performance
+puts 'Example 7: Encryption performance benchmarks'
+if defined?(Familia::Encryption) && Familia::Encryption.respond_to?(:benchmark)
+  benchmark_results = Familia::Encryption.benchmark(iterations: 100)
+  puts 'Encryption benchmark results (100 iterations):'
+  benchmark_results.each do |algorithm, stats|
+    puts "  #{algorithm}:"
+    puts "    Time: #{(stats[:time] * 1000).round(2)}ms total"
+    puts "    Operations/sec: #{stats[:ops_per_sec]}"
+    puts "    Priority: #{stats[:priority]}"
+  end
+else
+  puts 'Benchmarking not available in this version'
+end
+puts
+# Example 8: Integration with safe dump feature
+class SecureProfile < Familia::Horreum
+  feature :encrypted_fields
+  feature :safe_dump
+  identifier_field :profile_id
+  field :profile_id
+  field :username                 # Safe to expose
+  field :email                    # Safe to expose
+  encrypted_field :phone          # Encrypted but can be safely exposed
+  encrypted_field :ssn            # Encrypted and should NOT be exposed
+  encrypted_field :bank_account   # Encrypted and should NOT be exposed
+  field :created_at               # Safe to expose
+  # Define safe dump fields - encrypted fields are handled automatically
+  safe_dump_field :profile_id
+  safe_dump_field :username
+  safe_dump_field :email
+  safe_dump_field :phone_display, lambda { |profile|
+    phone = profile.phone.reveal
+    phone ? "#{phone[0..2]}-***-#{phone[-4..]}" : nil
+  }
+  safe_dump_field :created_at
+end
+puts 'Example 8: Integration with SafeDump feature'
+profile = SecureProfile.new(
+  profile_id: 'profile_123',
+  username: 'alice_windows',
+  email: 'alice@example.com',
+  phone: '555-123-4567',
+  ssn: '123-45-6789',
+  bank_account: '9876543210',
+  created_at: Familia.now.to_i
+)
+profile.save
+puts 'Profile safe dump (encrypted fields handled automatically):'
+puts JSON.pretty_generate(profile.safe_dump)
+puts 'Notice: SSN and bank account are automatically excluded'
+puts 'Phone number is included but masked for display'
+puts
+# Clean up examples
+puts '=== Cleaning up test data ==='
+[SecureUser, SecureDocument, VaultEntry, RotationTest, MemoryTest, SecureProfile].each do |klass|
+  keys = klass.dbclient.keys("#{klass.name.downcase.gsub('::', '_')}:*")
+  klass.dbclient.del(*keys) unless keys.empty?
+  puts "✓ Cleaned #{klass.name} (#{keys.length} keys)"
+rescue StandardError => e
+  puts "✗ Error cleaning #{klass.name}: #{e.message}"
+end
+# Clear any request cache
+begin
+  Familia::Encryption.clear_request_cache!
+rescue StandardError => e
+  puts "⚠ Warning: Failed to clear encryption request cache: #{e.message} (#{e.backtrace.join("\n")})"
+end
+puts
+puts '=== Summary ==='
+puts 'This example demonstrated:'
+puts '• Basic encrypted field usage with transparent access'
+puts '• Additional Authenticated Data (AAD) for tamper detection'
+puts '• Performance optimization with request-level caching'
+puts '• Key rotation procedures and status monitoring'
+puts '• Memory safety with ConcealedString and cleanup methods'
+puts '• Error handling for configuration and key version issues'
+puts '• Encryption performance benchmarking'
+puts '• Integration with SafeDump for API-safe serialization'
+puts
+puts 'Encrypted Fields examples completed!'

data/examples/json_usage_patterns.rb ADDED Viewed

@@ -0,0 +1,144 @@
+# examples/json_usage_patterns.rb
+#
+# This file demonstrates the JSON serialization patterns available in Familia,
+# showing both the secure defaults and optional developer convenience features.
+require_relative '../lib/familia'
+# Example model setup
+class User < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  field :name
+  field :email
+  encrypted_field :password_hash  # This will be concealed in JSON
+  listkey :tags                   # Associates a separate ListKey field
+  set :permissions
+end
+# Configure encryption (required for encrypted_fields)
+Familia.config.encryption_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.current_key_version = :v1
+# Create and save a user
+user = User.new(
+  user_id: 'user123',
+  name: 'Alice Johnson',
+  email: 'alice@example.com',
+  password_hash: 'hashed_password_secret'
+)
+user.save
+user.tags << 'admin' << 'developer'
+user.permissions << 'read' << 'write'
+puts "=== Familia JSON Serialization Patterns ==="
+puts
+# Pattern 1: Direct object serialization (always available)
+puts "1. Direct Familia Object Serialization:"
+puts "   user.as_json  # Secure - only public fields"
+p user.as_json
+puts "   user.to_json  # Uses Familia::JsonSerializer (OJ strict mode)"
+puts user.to_json
+puts
+puts "   user.tags.as_json  # DataType objects work too"
+p user.tags.as_json
+puts "   user.tags.to_json"
+puts user.tags.to_json
+puts
+# Pattern 2: Manual mixed serialization (current secure pattern)
+puts "2. Manual Mixed Serialization (Current Pattern):"
+mixed_data = {
+  user: user.as_json,
+  tags: user.tags.as_json,
+  permissions: user.permissions.as_json,
+  meta: { timestamp: Time.now.to_i }
+}
+puts "   Manual preparation + JsonSerializer.dump:"
+puts Familia::JsonSerializer.dump(mixed_data)
+puts
+# Pattern 3: Opt-in refinement for Hash/Array (new convenience feature)
+puts "3. Opt-in Refinement Pattern (Developer Convenience):"
+puts "   # Add this line to enable refinements in your file:"
+puts "   using Familia::Refinements::DearJson"
+puts
+# Demonstrate the refinement
+require_relative '../lib/familia/refinements/dear_json'
+using Familia::Refinements::DearJson
+mixed_hash = {
+  user: user,                    # Familia object (will call as_json)
+  tags: user.tags,              # Familia DataType (will call as_json)
+  meta: { timestamp: Time.now.to_i }  # Plain hash (passes through)
+}
+mixed_array = [
+  user,                         # Familia object
+  user.tags,                   # Familia DataType
+  { type: 'example' },         # Plain hash
+  'metadata'                   # Plain string
+]
+puts "   # Now Hash and Array have secure to_json using Familia::JsonSerializer"
+puts "   mixed_hash.to_json:"
+puts mixed_hash.to_json
+puts
+puts "   mixed_array.to_json:"
+puts mixed_array.to_json
+puts
+# Pattern 4: Security demonstration
+puts "4. Security Features (Always Active):"
+puts "   # Encrypted fields are automatically concealed"
+puts "   # This is what user.password_hash looks like:"
+puts "   user.password_hash.class # => #{user.password_hash.class}"
+puts "   user.password_hash.to_s  # => #{user.password_hash.to_s}"
+puts
+begin
+  user.password_hash.to_json
+rescue Familia::SerializerError => e
+  puts "   user.password_hash.to_json # => #{e.class}: #{e.message}"
+end
+puts
+puts "   # Only public fields appear in JSON (password_hash is excluded):"
+puts "   user.as_json.keys # => #{user.as_json.keys}"
+puts
+puts "5. Framework Integration Examples:"
+puts "   # Rails controller"
+puts "   def show"
+puts "     render json: user  # Works with as_json/to_json"
+puts "   end"
+puts
+puts "   # Sinatra/Roda response"
+puts "   get '/user/:id' do"
+puts "     content_type :json"
+puts "     user.to_json  # Direct serialization"
+puts "   end"
+puts
+puts "   # API response with refinement"
+puts "   using Familia::Refinements::DearJson"
+puts "   response = {"
+puts "     user: user,"
+puts "     meta: { version: '1.0' }"
+puts "   }"
+puts "   response.to_json  # Handles mixed Familia/core objects"
+puts
+puts "=== Summary ==="
+puts "✅ Security: All JSON serialization uses OJ strict mode"
+puts "✅ Encrypted fields: Automatically concealed (ConcealedString protection)"
+puts "✅ Public fields only: Horreum objects expose only defined fields"
+puts "✅ DataType support: Lists, sets, etc. serialize their contents"
+puts "✅ Developer experience: Standard Ruby JSON interface (as_json/to_json)"
+puts "✅ Opt-in convenience: Refinements for Hash/Array when desired"
+puts "✅ Framework compatible: Works with Rails, Sinatra, Roda, etc."

data/examples/relationships.rb CHANGED Viewed

@@ -27,7 +27,7 @@ class Customer < Familia::Horreum
   # Define collections for tracking relationships
   set :domains           # Simple set of domain IDs
-  list :projects         # Ordered list of project IDs
+  listkey :projects      # Ordered list of project IDs
   sorted_set :activity   # Activity feed with timestamps
   # Create indexes for fast lookups (using class_ prefix for class-level)
@@ -35,7 +35,7 @@ class Customer < Familia::Horreum
   class_indexed_by :plan, :plan_lookup # i.e. Customer.plan_lookup
   # Track in class-level collections (using class_ prefix for class-level)
-  class_tracked_in :all_customers, score: :created_at # i.e. Customer.all_customers
+  class_participates_in :all_customers, score: :created_at # i.e. Customer.all_customers
 end
 class Domain < Familia::Horreum
@@ -49,11 +49,11 @@ class Domain < Familia::Horreum
   field :status
   # Declare membership in customer collections
-  member_of Customer, :domains # , type: :set
+  participates_in Customer, :domains # , type: :set
   # Track domains by status (using class_ prefix for class-level)
-  class_tracked_in :active_domains,
-                   score: -> { status == 'active' ? Time.now.to_i : 0 }
+  class_participates_in :active_domains,
+                        score: -> { status == 'active' ? Familia.now.to_i : 0 }
 end
 class Project < Familia::Horreum
@@ -66,7 +66,7 @@ class Project < Familia::Horreum
   field :priority
   # Member of customer projects list (ordered)
-  member_of Customer, :projects, type: :list
+  participates_in Customer, :projects, type: :list
 end
 puts '=== 1. Basic Object Creation ==='
@@ -110,7 +110,7 @@ puts '=== 2. Establishing Relationships ==='
 customer.save # Automatically adds to email_lookup, plan_lookup, and all_customers
 puts '✓ Customer automatically added to indexes and tracking on save'
-# Establish member_of relationships using clean << operator syntax
+# Establish participates_in relationships using clean << operator syntax
 customer.domains << domain1   # Clean Ruby-like syntax
 customer.domains << domain2   # Same as domain1.add_to_customer_domains(customer)
 customer.projects << project  # Same as project.add_to_customer_projects(customer)
@@ -149,7 +149,7 @@ puts "  Customer has #{customer.projects.size} projects"
 puts "  Domain IDs: #{customer.domains.members}"
 puts "  Project IDs: #{customer.projects.members}"
-# Test tracked_in collections
+# Test participates_in collections
 all_customers_count = Customer.values.size
 puts "\nClass-level tracking:"
 puts "  Total customers in system: #{all_customers_count}"
@@ -161,7 +161,7 @@ puts
 puts '=== 4. Range Queries ==='
 # Get recent customers (last 24 hours)
-yesterday = (Time.now - (24 * 3600)).to_i # 24 hours ago
+yesterday = (Familia.now - (24 * 3600)).to_i # 24 hours ago
 recent_customers = Customer.values.rangebyscore(yesterday, '+inf')
 puts "Recent customers (last 24h): #{recent_customers.size}"
@@ -178,7 +178,7 @@ puts '=== 6. Relationship Cleanup ==='
 # Remove relationships
 puts 'Cleaning up relationships...'
-# Remove from member_of relationships
+# Remove from participates_in relationships
 domain1.remove_from_customer_domains(customer)
 puts "✓ Removed #{domain1.name} from customer domains"
@@ -195,10 +195,10 @@ puts
 puts '=== Example Complete! ==='
 puts
 puts 'Key takeaways:'
-puts '• class_tracked_in: Automatic class-level collections updated on save'
+puts '• class_participates_in: Automatic class-level collections updated on save'
 puts '• class_indexed_by: Automatic class-level indexes updated on save'
-puts '• member_of: Use << operator for clean Ruby-like collection syntax'
-puts '• indexed_by with parent:: Use for relationship-scoped indexes'
+puts '• participates_in: Use << operator for clean Ruby-like collection syntax'
+puts '• indexed_by with context:: Use for relationship-scoped indexes'
 puts '• Save operations: Automatically update indexes and class-level tracking'
 puts '• << operator: Works naturally with all collection types (sets, lists, sorted sets)'
 puts

data/examples/safe_dump.rb CHANGED Viewed

@@ -38,10 +38,10 @@ puts 'Example 1: Basic SafeDump'
 user = User.new(
   email: 'alice@example.com',
   first_name: 'Alice',
-  last_name: 'Smith',
+  last_name: 'Windows',
   password_hash: 'secret123',
   ssn: '123-45-6789',
-  created_at: Time.now.to_i
+  created_at: Familia.now.to_i
 )
 puts "Full object data: #{user.to_h}"
@@ -70,7 +70,7 @@ class Product < Familia::Horreum
   # Computed fields using callables
   safe_dump_field :price, ->(product) { "$#{format('%.2f', product.price_cents.to_i / 100.0)}" }
-  safe_dump_field :in_stock, ->(product) { product.inventory_count.to_i > 0 }
+  safe_dump_field :in_stock, ->(product) { product.inventory_count.to_i.positive? }
   safe_dump_field :display_name, ->(product) { "#{product.name} (#{product.sku})" }
 end
@@ -82,7 +82,7 @@ product = Product.new(
   cost_cents: 800,       # $8.00 - sensitive, not exposed
   inventory_count: 25,
   category: 'widgets',
-  created_at: Time.now.to_i
+  created_at: Familia.now.to_i
 )
 puts "Full object data: #{product.to_h}"
@@ -140,8 +140,8 @@ order = Order.new(
   payment_method: 'credit_card',
   credit_card_number: '4111-1111-1111-1111', # Never expose this!
   processing_notes: 'Rush order - expedite shipping',
-  created_at: Time.now.to_i - 86_400, # Yesterday
-  shipped_at: Time.now.to_i - 3600 # 1 hour ago
+  created_at: Familia.now.to_i - 86_400, # Yesterday
+  shipped_at: Familia.now.to_i - 3600 # 1 hour ago
 )
 puts "Full object data: #{order.to_h}"