familia 2.0.0.pre14 → 2.0.0.pre16

data/try/debugging/encryption_method_tracer.rb

@@ -22,9 +22,9 @@ module Familia
         puts "   Plaintext length: #{plaintext&.length} chars"
         puts "   AAD: #{additional_data ? 'present' : 'none'}"
 
-        start_time = Time.now
+        start_time = Familia.now
         result = orig_encrypt(plaintext, context: context, additional_data: additional_data)
-        elapsed = ((Time.now - start_time) * 1000).round(2)
+        elapsed = ((Familia.now - start_time) * 1000).round(2)
 
         puts "   Result length: #{result ? result.length : 'nil'} chars"
         puts "   Elapsed: #{elapsed}ms"
@@ -38,17 +38,17 @@ module Familia
         puts "   Encrypted length: #{encrypted_json&.length} chars"
         puts "   AAD: #{additional_data ? 'present' : 'none'}"
 
-        start_time = Time.now
+        start_time = Familia.now
         begin
           result = orig_decrypt(encrypted_json, context: context, additional_data: additional_data)
-          elapsed = ((Time.now - start_time) * 1000).round(2)
+          elapsed = ((Familia.now - start_time) * 1000).round(2)
 
           puts "   Result length: #{result ? result.length : 'nil'} chars"
           puts "   Elapsed: #{elapsed}ms"
           puts
           result
         rescue => e
-          elapsed = ((Time.now - start_time) * 1000).round(2)
+          elapsed = ((Familia.now - start_time) * 1000).round(2)
           puts "   ERROR: #{e.class}: #{e.message}"
           puts "   Elapsed: #{elapsed}ms"
           puts
@@ -66,16 +66,16 @@ module Familia
         puts "   Context: #{context}"
         puts "   Version: #{version || 'current'}"
 
-        cache = Thread.current[:familia_key_cache] ||= {}
+        cache = Fiber[:familia_key_cache] ||= {}
         cache_key = "#{version || current_key_version}:#{context}"
         puts "   Cache key: #{cache_key}"
         puts "   Cache before: #{cache.keys.inspect}"
 
-        start_time = Time.now
+        start_time = Familia.now
         result = orig_derive_key_with_provider(provider, context, version: version)
-        elapsed = ((Time.now - start_time) * 1000).round(2)
+        elapsed = ((Familia.now - start_time) * 1000).round(2)
 
-        cache_after = Thread.current[:familia_key_cache] || {}
+        cache_after = Fiber[:familia_key_cache] || {}
         puts "   Cache after: #{cache_after.keys.inspect}"
         puts "   Derived key: [#{result.bytesize} bytes]"
         puts "   Elapsed: #{elapsed}ms"
@@ -92,7 +92,7 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Clear cache
-Thread.current[:familia_key_cache] = nil
+Fiber[:familia_key_cache] = nil
 
 # Define test model
 class TraceTestModel < Familia::Horreum

data/try/edge_cases/hash_symbolization_try.rb

@@ -34,7 +34,7 @@ end
 @test_obj.config[:nested].keys
 #=> [:theme]
 
-## Get raw JSON from Redis
+## Get raw JSON from Valkey/Redis
 @raw_json = @test_obj.hget('config')
 @raw_json.class
 #=> String

data/try/edge_cases/ttl_side_effects_try.rb

@@ -16,7 +16,7 @@ begin
   session = session_class.new(session_id: 'test123', name: 'Session')
   session.save
 
-  # Set shorter TTL
+  # UnsortedSet shorter TTL
   session.expire(60)
   original_ttl = session.realttl
 

data/try/encryption/config_persistence_try.rb

@@ -90,7 +90,7 @@ end
 provider = @provider_class.new
 master_key = 'a' * 32
 context = 'TestModel:field:user123'
-# Set config with null byte
+# UnsortedSet config with null byte
 original_personal = Familia.config.encryption_personalization
 Familia.config.encryption_personalization = "bad\0config"
 begin
@@ -189,4 +189,4 @@ true
 #=> true
 
 # TEARDOWN
-Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]&.clear if Fiber[:familia_key_cache]

data/try/encryption/encryption_core_try.rb

@@ -26,7 +26,7 @@ plaintext = "sensitive data here"
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v2
 encrypted = Familia::Encryption.encrypt(plaintext, context: context)
-encrypted_data = JSON.parse(encrypted, symbolize_names: true)
+encrypted_data = Familia::JsonSerializer.parse(encrypted, symbolize_names: true)
 encrypted_data[:algorithm]
 #=> "xchacha20poly1305"
 
@@ -38,7 +38,7 @@ plaintext = "sensitive data here"
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v2
 encrypted = Familia::Encryption.encrypt(plaintext, context: context)
-encrypted_data = JSON.parse(encrypted, symbolize_names: true)
+encrypted_data = Familia::JsonSerializer.parse(encrypted, symbolize_names: true)
 encrypted_data[:key_version]
 #=> "v2"
 
@@ -109,13 +109,13 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Create encrypted data with unknown algorithm. Error should not leak algorithm details.
-invalid_encrypted = {
+invalid_encrypted = Familia::JsonSerializer.dump({
   algorithm: "unknown-cipher",
   key_version: "v1",
   nonce: Base64.strict_encode64("x" * 12),
   ciphertext: Base64.strict_encode64("encrypted_data"),
   auth_tag: Base64.strict_encode64("y" * 16)
-}.to_json
+})
 
 Familia::Encryption.decrypt(invalid_encrypted, context: context)
 #=!> Familia::EncryptionError
@@ -141,13 +141,13 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Create encrypted data with invalid base64 nonce
-invalid_encrypted = {
+invalid_encrypted = Familia::JsonSerializer.dump({
   algorithm: "aes-256-gcm",
   key_version: "v1",
   nonce: "invalid_base64!@#",
   ciphertext: Base64.strict_encode64("encrypted_data"),
   auth_tag: Base64.strict_encode64("y" * 16)
-}.to_json
+})
 
 begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
@@ -165,13 +165,13 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Create encrypted data with invalid base64 auth_tag
-invalid_encrypted = {
+invalid_encrypted = Familia::JsonSerializer.dump({
   algorithm: "aes-256-gcm",
   key_version: "v1",
   nonce: Base64.strict_encode64("x" * 12),
   ciphertext: Base64.strict_encode64("encrypted_data"),
   auth_tag: "invalid_base64!@#"
-}.to_json
+})
 
 begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
@@ -189,13 +189,13 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Create encrypted data with wrong nonce size (8 bytes instead of 12)
-invalid_encrypted = {
+invalid_encrypted = Familia::JsonSerializer.dump({
   algorithm: "aes-256-gcm",
   key_version: "v1",
   nonce: Base64.strict_encode64("x" * 8),
   ciphertext: Base64.strict_encode64("encrypted_data"),
   auth_tag: Base64.strict_encode64("y" * 16)
-}.to_json
+})
 
 begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
@@ -213,13 +213,13 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Create encrypted data with wrong auth_tag size (8 bytes instead of 16)
-invalid_encrypted = {
+invalid_encrypted = Familia::JsonSerializer.dump({
   algorithm: "aes-256-gcm",
   key_version: "v1",
   nonce: Base64.strict_encode64("x" * 12),
   ciphertext: Base64.strict_encode64("encrypted_data"),
   auth_tag: Base64.strict_encode64("y" * 8)
-}.to_json
+})
 
 begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
@@ -237,12 +237,12 @@ Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 
 # Create encrypted data missing nonce field
-invalid_encrypted = {
+invalid_encrypted = Familia::JsonSerializer.dump({
   algorithm: "aes-256-gcm",
   key_version: "v1",
   ciphertext: Base64.strict_encode64("encrypted_data"),
   auth_tag: Base64.strict_encode64("y" * 16)
-}.to_json
+})
 
 begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
@@ -284,7 +284,7 @@ plaintext = "algorithm check"
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 encrypted_xchacha = Familia::Encryption.encrypt_with('xchacha20poly1305', plaintext, context: context)
-encrypted_data_xchacha = JSON.parse(encrypted_xchacha, symbolize_names: true)
+encrypted_data_xchacha = Familia::JsonSerializer.parse(encrypted_xchacha, symbolize_names: true)
 encrypted_data_xchacha[:algorithm]
 #=> "xchacha20poly1305"
 
@@ -296,7 +296,7 @@ plaintext = "algorithm check"
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 encrypted_aes = Familia::Encryption.encrypt_with('aes-256-gcm', plaintext, context: context)
-encrypted_data_aes = JSON.parse(encrypted_aes, symbolize_names: true)
+encrypted_data_aes = Familia::JsonSerializer.parse(encrypted_aes, symbolize_names: true)
 encrypted_data_aes[:algorithm]
 #=> "aes-256-gcm"
 
@@ -308,7 +308,7 @@ plaintext = "nonce size test"
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 encrypted_xchacha = Familia::Encryption.encrypt_with('xchacha20poly1305', plaintext, context: context)
-encrypted_data_xchacha = JSON.parse(encrypted_xchacha, symbolize_names: true)
+encrypted_data_xchacha = Familia::JsonSerializer.parse(encrypted_xchacha, symbolize_names: true)
 nonce_bytes_xchacha = Base64.strict_decode64(encrypted_data_xchacha[:nonce])
 nonce_bytes_xchacha.length
 #=> 24
@@ -321,10 +321,10 @@ plaintext = "nonce size test"
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
 encrypted_aes = Familia::Encryption.encrypt_with('aes-256-gcm', plaintext, context: context)
-encrypted_data_aes = JSON.parse(encrypted_aes, symbolize_names: true)
+encrypted_data_aes = Familia::JsonSerializer.parse(encrypted_aes, symbolize_names: true)
 nonce_bytes_aes = Base64.strict_decode64(encrypted_data_aes[:nonce])
 nonce_bytes_aes.length
 #=> 12
 
 # TEARDOWN
-Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]&.clear if Fiber[:familia_key_cache]

data/try/encryption/instance_variable_scope_try.rb

@@ -20,7 +20,7 @@ require_relative '../helpers/test_helpers'
 @test_keys[:v1].nil?
 #=> false
 
-## Set config and check immediately in same test
+## UnsortedSet config and check immediately in same test
 Familia.config.encryption_keys = @test_keys
 Familia.config.current_key_version = :v1
 result = Familia::Encryption.encrypt('test', context: 'test')

data/try/encryption/module_loading_try.rb

@@ -13,12 +13,12 @@ require_relative '../helpers/test_helpers'
 defined?(Familia::Encryption)
 #=> "constant"
 
-## Set and check configuration directly in test
+## UnsortedSet and check configuration directly in test
 Familia.encryption_keys = { v1: Base64.strict_encode64('a' * 32) }
 Familia.encryption_keys.is_a?(Hash)
 #=> true
 
-## Set and check current key version directly in test
+## UnsortedSet and check current key version directly in test
 Familia.current_key_version = :v1
 Familia.current_key_version
 #=> :v1

data/try/encryption/providers/aes_gcm_provider_try.rb

@@ -175,4 +175,4 @@ derived_key1 == derived_key2
 #=> true
 
 # TEARDOWN
-Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]&.clear if Fiber[:familia_key_cache]

data/try/encryption/providers/xchacha20_poly1305_provider_try.rb

@@ -166,4 +166,4 @@ test_key.length
 #=> 0
 
 # TEARDOWN
-Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]&.clear if Fiber[:familia_key_cache]

data/try/encryption/secure_memory_handling_try.rb

@@ -122,4 +122,4 @@ nonce.bytesize
 #=> "xchacha20poly1305-secure"
 
 # TEARDOWN
-Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]&.clear if Fiber[:familia_key_cache]

data/try/features/encrypted_fields/concealed_string_core_try.rb

@@ -77,15 +77,19 @@ end
 @doc.content.to_str
 #=!> NoMethodError
 
-## JSON serialization - to_json (fails for security)
+## JSON serialization - to_json (fails for security) - Basic tryouts testcase
 begin
-  @doc.content.to_json
-  raise "Should have raised SerializerError"
+  Familia::JsonSerializer.dump(@doc.content)
 rescue Familia::SerializerError => e
   e.class
 end
 #=> Familia::SerializerError
 
+## JSON serialization - to_json (fails for security) - Robust tryout testcase
+Familia::JsonSerializer.dump(@doc.content)
+#=:> Familia::SerializerError
+#=~> /Failed to dump ConcealedString/
+
 ## JSON serialization - as_json
 @doc.content.as_json
 #=> "[CONCEALED]"
@@ -147,7 +151,7 @@ end
 
 ## Encrypted data is valid JSON
 begin
-  parsed = JSON.parse(@encrypted_data)
+  parsed = Familia::JsonSerializer.parse(@encrypted_data)
   parsed.key?('algorithm')
 rescue
   false
@@ -218,15 +222,15 @@ debug_array.map(&:to_s)
 ## Debug what's actually in the database
 @all_keys = Familia.dbclient.keys("*")
 @all_keys
-#=> ["secretdocument:test123:object"]
+#=> ["secret_document:test123:object", "secret_document:instances"]
 
 ## Check database storage - should be encrypted
-@db_hash = Familia.dbclient.hgetall("secretdocument:test123:object")
+@db_hash = Familia.dbclient.hgetall("secret_document:test123:object")
 @db_hash.keys
 #=> ["id", "title", "content", "api_key"]
 
 ## Database storage contains encrypted string
-db_content = Familia.dbclient.hget("secretdocument:test123:object", "content")
+db_content = Familia.dbclient.hget("secret_document:test123:object", "content")
 db_content&.class&.name || "nil"
 #=> "String"
 

data/try/features/encrypted_fields/encrypted_fields_core_try.rb

@@ -122,4 +122,4 @@ end
 @user2.api_key.reveal { |decrypted| decrypted }
 #=> 'secret-key-123'
 
-Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]&.clear if Fiber[:familia_key_cache]

data/try/features/encrypted_fields/encrypted_fields_integration_try.rb

@@ -138,7 +138,7 @@ end
 @model4 = FullSecureModel4.new(model_id: 'secure-126')
 @model4.password = 'secure-pass'
 @model4.activity_log << 'User logged in'
-@model4.metadata['last_login'] = Time.now.to_i.to_s
+@model4.metadata['last_login'] = Familia.now.to_i.to_s
 
 [@model4.password.to_s, @model4.activity_log.size, @model4.metadata.has_key?('last_login')]
 #=> ['[CONCEALED]', 1, true]
@@ -189,7 +189,7 @@ end
 # Test shows that algorithm parameter is currently ignored - XChaCha20Poly1305 is used by default
 concealed_data = @aes_model.secret_data
 encrypted_json = concealed_data.encrypted_value
-parsed_data = JSON.parse(encrypted_json, symbolize_names: true)
+parsed_data = Familia::JsonSerializer.parse(encrypted_json, symbolize_names: true)
 [parsed_data[:algorithm], @aes_model.secret_data.reveal { |data| data }]
 #=> ["xchacha20poly1305", "aes-gcm integration test"]
 
@@ -211,6 +211,6 @@ end
 # Verify algorithm and decryption
 concealed_data = @aes_model2.secret_data
 encrypted_json = concealed_data.encrypted_value
-parsed_data = JSON.parse(encrypted_json, symbolize_names: true)
+parsed_data = Familia::JsonSerializer.parse(encrypted_json, symbolize_names: true)
 [parsed_data[:algorithm], @aes_model2.secret_data.reveal { |data| data }]
 #=> ["xchacha20poly1305", "aes-gcm integration test"]

data/try/features/encrypted_fields/encrypted_fields_no_cache_security_try.rb

@@ -14,7 +14,7 @@ Familia.config.current_key_version = :v1
 
 ## No persistent key cache exists
 ## Verify that we don't maintain a key cache at all
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Each encryption gets fresh key derivation
@@ -30,7 +30,7 @@ end
 #=> 'secret-value'
 
 ## No cache should be created
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Reading the value also doesn't create cache
@@ -41,7 +41,7 @@ end
 #=> 'secret-value'
 
 ## repaired test
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Multiple fields don't share state
@@ -61,7 +61,7 @@ end
 #=> 'value-c'
 
 ## Still no cache after multiple operations
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## All values can be retrieved correctly
@@ -83,7 +83,7 @@ end
 #=> 'value-c'
 
 ## Still no cache
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Master keys are wiped after each operation
@@ -111,7 +111,7 @@ end.all?
 #=> true
 
 ## Still no cache after multiple operations
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Thread isolation (no shared state between threads)
@@ -132,7 +132,7 @@ end
     model.thread_secret = "thread-secret-#{i}"
 
     # Verify no cache in this thread
-    cache_state = Thread.current[:familia_key_cache]
+    cache_state = Fiber[:familia_key_cache]
 
     # Store results
     @results << {
@@ -182,7 +182,7 @@ end
 #=> true
 
 ## Still no cache after 100 operations
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Key rotation works without cache complications
@@ -200,7 +200,7 @@ end
 @model6.rotated_field = 'encrypted-with-v2'
 
 # Still no cache with new key version
-Thread.current[:familia_key_cache]
+Fiber[:familia_key_cache]
 #=> nil
 
 ## Value is correctly encrypted/decrypted with v2
@@ -214,6 +214,6 @@ Familia.config.current_key_version = :v1
 #=> :v1
 
 # Teardown
-Thread.current[:familia_key_cache] = nil
+Fiber[:familia_key_cache] = nil
 Familia.config.encryption_keys = nil
 Familia.config.current_key_version = nil

data/try/features/encrypted_fields/encrypted_fields_security_try.rb

@@ -140,12 +140,12 @@ user.password = 'test-password'
 encrypted = user.instance_variable_get(:@password)
 
 # Tamper with auth tag
-parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+parsed = Familia::JsonSerializer.parse(encrypted.encrypted_value, symbolize_names: true)
 original_auth_tag = parsed[:auth_tag]
 tampered_auth_tag = original_auth_tag.dup
 tampered_auth_tag[0] = tampered_auth_tag[0] == 'A' ? 'B' : 'A'
 parsed[:auth_tag] = tampered_auth_tag
-tampered_json = parsed.to_json
+tampered_json = Familia::JsonSerializer.dump(parsed)
 
 user.instance_variable_set(:@password, tampered_json)
 begin
@@ -166,12 +166,12 @@ user.password = 'test-password'
 encrypted = user.instance_variable_get(:@password)
 
 # Tamper with ciphertext
-parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+parsed = Familia::JsonSerializer.parse(encrypted.encrypted_value, symbolize_names: true)
 original_ciphertext = parsed[:ciphertext]
 tampered_ciphertext = original_ciphertext.dup
 tampered_ciphertext[0] = tampered_ciphertext[0] == 'A' ? 'B' : 'A'
 parsed[:ciphertext] = tampered_ciphertext
-tampered_json = parsed.to_json
+tampered_json = Familia::JsonSerializer.dump(parsed)
 
 user.instance_variable_set(:@password, tampered_json)
 begin
@@ -192,12 +192,12 @@ user.password = 'test-password'
 encrypted = user.instance_variable_get(:@password)
 
 # Tamper with nonce
-parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+parsed = Familia::JsonSerializer.parse(encrypted.encrypted_value, symbolize_names: true)
 original_nonce = parsed[:nonce]
 tampered_nonce = original_nonce.dup
 tampered_nonce[0] = tampered_nonce[0] == 'A' ? 'B' : 'A'
 parsed[:nonce] = tampered_nonce
-tampered_json = parsed.to_json
+tampered_json = Familia::JsonSerializer.dump(parsed)
 
 user.instance_variable_set(:@password, tampered_json)
 begin
@@ -219,9 +219,9 @@ encrypted_with_v1 = user.instance_variable_get(:@password)
 
 
 # Parse and change key version to non-existent version
-parsed = JSON.parse(encrypted_with_v1.encrypted_value, symbolize_names: true)
+parsed = Familia::JsonSerializer.parse(encrypted_with_v1.encrypted_value, symbolize_names: true)
 parsed[:key_version] = 'v999'
-modified_json = parsed.to_json
+modified_json = Familia::JsonSerializer.dump(parsed)
 
 user.instance_variable_set(:@password, modified_json)
 begin
@@ -239,12 +239,12 @@ user.password = 'nonce-test-xchacha'
 encrypted_with_nonce = user.instance_variable_get(:@password)
 
 # Parse and modify nonce (XChaCha20Poly1305 uses 24-byte nonces)
-parsed = JSON.parse(encrypted_with_nonce.encrypted_value, symbolize_names: true)
+parsed = Familia::JsonSerializer.parse(encrypted_with_nonce.encrypted_value, symbolize_names: true)
 original_nonce = parsed[:nonce]
 # Create a different valid base64 nonce for XChaCha20Poly1305 (24 bytes)
 different_nonce = Base64.strict_encode64('x' * 24)
 parsed[:nonce] = different_nonce
-modified_json = parsed.to_json
+modified_json = Familia::JsonSerializer.dump(parsed)
 
 user.instance_variable_set(:@password, modified_json)
 begin
@@ -264,12 +264,12 @@ encrypted_aes = Familia::Encryption.encrypt_with('aes-256-gcm', 'nonce-test-aes'
 user_aes.instance_variable_set(:@password, encrypted_aes)
 
 # Parse and modify nonce (AES-GCM uses 12-byte nonces)
-parsed_aes = JSON.parse(encrypted_aes, symbolize_names: true)
+parsed_aes = Familia::JsonSerializer.parse(encrypted_aes, symbolize_names: true)
 original_nonce_aes = parsed_aes[:nonce]
 # Create a different valid base64 nonce for AES-GCM (12 bytes)
 different_nonce_aes = Base64.strict_encode64('y' * 12)
 parsed_aes[:nonce] = different_nonce_aes
-modified_json_aes = parsed_aes.to_json
+modified_json_aes = Familia::JsonSerializer.dump(parsed_aes)
 
 user_aes.instance_variable_set(:@password, modified_json_aes)
 begin
@@ -367,9 +367,9 @@ user.password = 'algorithm-test'
 encrypted = user.instance_variable_get(:@password)
 
 # Tamper with algorithm field
-parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+parsed = Familia::JsonSerializer.parse(encrypted.encrypted_value, symbolize_names: true)
 parsed[:algorithm] = 'unsupported_algorithm'
-tampered_json = parsed.to_json
+tampered_json = Familia::JsonSerializer.dump(parsed)
 
 user.instance_variable_set(:@password, tampered_json)
 user.password

data/try/features/encrypted_fields/error_conditions_try.rb

@@ -29,9 +29,9 @@ end
 ## Tampered auth tag fails decryption
 @model.secret = 'valid-secret'
 @valid_cipher = @model.secret.encrypted_value
-@tampered = JSON.parse(@valid_cipher)
+@tampered = Familia::JsonSerializer.parse(@valid_cipher)
 @tampered['auth_tag'] = Base64.strict_encode64('tampered' * 4)
-@model.instance_variable_set(:@secret, @tampered.to_json)
+@model.instance_variable_set(:@secret, Familia::JsonSerializer.dump(@tampered))
 
 @model.secret
 #=!> Familia::EncryptionError
@@ -58,7 +58,7 @@ Familia::Encryption.reset_derivation_count!
 # Ensure keys are available for this test
 Familia.config.encryption_keys = @test_keys
 @error_model = ErrorTest.new(id: 'err-counter')
-# Set valid JSON but with invalid base64 data to trigger decrypt failure after parsing
+# UnsortedSet valid JSON but with invalid base64 data to trigger decrypt failure after parsing
 @error_model.instance_variable_set(:@secret, '{"algorithm":"aes-256-gcm","nonce":"dGVzdA==","ciphertext":"invalid-base64!!!","auth_tag":"dGVzdA==","key_version":"v1"}')
 begin
   @error_model.secret
@@ -72,9 +72,9 @@ Familia::Encryption.derivation_count.value
 # Ensure keys are available for this test
 Familia.config.encryption_keys = @test_keys
 @model.secret = 'test-data'
-@cipher_data = JSON.parse(@model.secret.encrypted_value)
+@cipher_data = Familia::JsonSerializer.parse(@model.secret.encrypted_value)
 @cipher_data['algorithm'] = 'unsupported-algorithm'
-@model.instance_variable_set(:@secret, @cipher_data.to_json)
+@model.instance_variable_set(:@secret, Familia::JsonSerializer.dump(@cipher_data))
 
 @model.secret
 #=!> Familia::EncryptionError
@@ -93,9 +93,9 @@ Familia.config.current_key_version = @original_version
 Familia.config.encryption_keys = @test_keys
 Familia.config.current_key_version = :v1
 @model.secret = 'test-data'
-@cipher_with_bad_version = JSON.parse(@model.secret.encrypted_value)
+@cipher_with_bad_version = Familia::JsonSerializer.parse(@model.secret.encrypted_value)
 @cipher_with_bad_version['key_version'] = 'nonexistent'
-@model.instance_variable_set(:@secret, @cipher_with_bad_version.to_json)
+@model.instance_variable_set(:@secret, Familia::JsonSerializer.dump(@cipher_with_bad_version))
 @model.secret
 #=!> Familia::EncryptionError
 #==> error.message.include?('No key for version: nonexistent')

data/try/features/encrypted_fields/fresh_key_try.rb

@@ -162,7 +162,7 @@ internal_empty.nil?
 ## Consistent behavior across Ruby restart simulation
 model = PersistenceTestModel.new(user_id: 'persistence-test')
 model.persistent_data = 'data-to-persist'
-Thread.current[:familia_request_cache] = nil if Thread.current[:familia_request_cache]
+Fiber[:familia_request_cache] = nil if Fiber[:familia_request_cache]
 # With secure-by-default, field access returns ConcealedString
 model.persistent_data.to_s
 #=> '[CONCEALED]'

data/try/features/encrypted_fields/nonce_uniqueness_try.rb

@@ -20,7 +20,7 @@ end
 
 ## Multiple encryptions produce unique nonces (concealed behavior)
 model = NonceTest.new(id: 'nonce-test')
-concealed_values = Set.new
+concealed_values = ::Set.new
 
 10.times do
   model.secret = 'same-value'