familia 2.0.0.pre4 → 2.0.0.pre6

data/try/features/encryption_fields/secure_by_default_behavior_try.rb

@@ -0,0 +1,310 @@
+# try/features/encryption_fields/secure_by_default_behavior_try.rb
+
+require_relative '../../helpers/test_helpers'
+require 'base64'
+
+Familia.debug = false
+
+# Configure encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Test class demonstrating secure patterns
+class SecureUserAccount < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :username                      # Public field
+  field :email                         # Public field
+  encrypted_field :password_hash       # Secure field
+  encrypted_field :api_secret          # Secure field
+  encrypted_field :recovery_key        # Secure field
+end
+
+# Clean test environment
+Familia.dbclient.flushdb
+
+# Create test user
+@user = SecureUserAccount.new
+@user.id = "user123"
+@user.username = "john_doe"
+@user.email = "john@example.com"
+@user.password_hash = "bcrypt$2a$12$abcdef..."
+@user.api_secret = "sk-1234567890abcdef"
+@user.recovery_key = "recovery-key-xyz789"
+
+## Public field returns String class and value
+@user.username
+#=:> String
+#=> "john_doe"
+
+## Email field returns correct value
+@user.email
+#=> "john@example.com"
+
+## Password hash returns ConcealedString - no auto-decryption
+@user.password_hash.class.name
+#=> "ConcealedString"
+
+## API secret returns ConcealedString
+@user.api_secret.class.name
+#=> "ConcealedString"
+
+## Recovery key returns ConcealedString
+@user.recovery_key.class.name
+#=> "ConcealedString"
+
+## Explicit reveal required for password access
+revealed_password = nil
+@user.password_hash.reveal do |plaintext|
+  revealed_password = plaintext
+end
+revealed_password
+#=> "bcrypt$2a$12$abcdef..."
+
+## Multiple encrypted fields require individual reveals
+revealed_secret = nil
+@user.api_secret.reveal do |plaintext|
+  revealed_secret = plaintext
+end
+revealed_secret
+#=> "sk-1234567890abcdef"
+
+## String operations on encrypted fields are safe
+password_string = @user.password_hash.to_s
+password_string.include?("bcrypt")
+#=> false
+
+## to_s returns concealed marker
+@user.password_hash.to_s
+#=> "[CONCEALED]"
+
+## inspect is safe for debugging
+inspect_result = @user.password_hash.inspect
+inspect_result.include?("bcrypt")
+#=> false
+
+## inspect returns concealed marker
+@user.password_hash.inspect
+#=> "[CONCEALED]"
+
+## Array operations are secure
+all_fields = [@user.username, @user.password_hash, @user.api_secret]
+field_strings = all_fields.map(&:to_s)
+field_strings
+#=> ["john_doe", "[CONCEALED]", "[CONCEALED]"]
+
+## Hash serialization excludes encrypted fields
+user_hash = @user.to_h
+user_hash.keys.include?("password_hash")
+#=> false
+
+## API secret also excluded from serialization
+@user.to_h.keys.include?("api_secret")
+#=> false
+
+## Recovery key excluded from serialization
+@user.to_h.keys.include?("recovery_key")
+#=> false
+
+## Only public fields included in serialization
+@user.to_h.keys.sort
+#=> ["email", "id", "username"]
+
+## Database operations preserve security
+@user.save
+#=> true
+
+## Fresh load from database returns ConcealedString
+@fresh_user = SecureUserAccount.load("user123")
+@fresh_user.password_hash.class.name
+#=> "ConcealedString"
+
+## Fresh user API secret is concealed
+@fresh_user.api_secret.class.name
+#=> "ConcealedString"
+
+## Plaintext still requires explicit reveal after reload
+revealed_fresh = nil
+@fresh_user.password_hash.reveal do |plaintext|
+  revealed_fresh = plaintext
+end
+revealed_fresh
+#=> "bcrypt$2a$12$abcdef..."
+
+## Regular field string operations work normally
+@user.username.upcase
+#=> "JOHN_DOE"
+
+## Regular field length access
+@user.username.length
+#=> 8
+
+## Regular field substring access
+@user.username[0..3]
+#=> "john"
+
+## Encrypted field string operations are protected
+@user.password_hash.upcase
+#=> "[CONCEALED]"
+
+## Encrypted field length is concealed length
+@user.password_hash.length
+#=> 11
+
+## Encrypted field substring is from concealed text
+@user.password_hash.to_s[0..3]
+#=> "[CON"
+
+## Logging patterns are safe
+@log_message = "User #{@user.username} with password #{@user.password_hash}"
+@log_message.include?("bcrypt")
+#=> false
+
+## Log message shows concealed value
+@log_message
+#=> "User john_doe with password [CONCEALED]"
+
+## Exception messages are safe
+begin
+  raise StandardError, "Authentication failed for #{@user.password_hash}"
+rescue StandardError => e
+  e.message.include?("bcrypt")
+end
+#=> false
+
+## String method chaining is safe
+transformed = @user.password_hash.downcase.strip.gsub(/secret/, "public")
+transformed
+#=> "[CONCEALED]"
+
+## Concatenation fails safely without to_str method (prevents accidental implicit conversion)
+begin
+  @combined = "Password: " + @user.password_hash + " (encrypted)"
+  "concatenation_should_fail"
+rescue TypeError => e
+  e.message.include?("no implicit conversion")
+end
+#=> true
+
+## JSON serialization is safe
+@user_json = {
+  id: @user.id,
+  username: @user.username,
+  password: @user.password_hash
+}.to_json
+
+@user_json.include?("bcrypt")
+#=> false
+
+## JSON contains concealed marker
+@user_json.include?("[CONCEALED]")
+#=> true
+
+## Bulk field operations are secure
+@encrypted_fields = [:password_hash, :api_secret, :recovery_key]
+@field_values = @encrypted_fields.map { |field| @user.send(field) }
+
+@field_values.all? { |val| val.class.name == "ConcealedString" }
+#=> true
+
+## All serialize safely
+@safe_strings = @field_values.map(&:to_s)
+@safe_strings.all? { |str| str == "[CONCEALED]" }
+#=> true
+
+## Conditional operations are safe
+password_present = @user.password_hash.present?
+password_present
+#=> true
+
+## Empty check is safe
+password_empty = @user.password_hash.empty?
+password_empty
+#=> false
+
+## Nil check works
+(@user.password_hash.nil?)
+#=> false
+
+## Assignment maintains security
+@user.api_secret = "new-secret-key-456"
+@user.api_secret.class.name
+#=> "ConcealedString"
+
+## New assignment serializes safely
+@user.api_secret.to_s
+#=> "[CONCEALED]"
+
+## Updating with reveal access to old value
+old_value = nil
+new_value = "updated-secret-789"
+
+@user.api_secret.reveal do |current|
+  old_value = current
+  @user.api_secret = new_value
+end
+
+old_value
+#=> "new-secret-key-456"
+
+## Updated value accessible via reveal
+@user.api_secret.reveal { |x| x }
+#=> "updated-secret-789"
+
+## Nil assignment returns nil
+@user.recovery_key = nil
+@user.recovery_key
+#=> nil
+
+## Nil encrypted fields are NilClass
+@user.recovery_key.class.name
+#=> "NilClass"
+
+## Setting back to value returns to ConcealedString
+@user.recovery_key = "new-recovery-key"
+@user.recovery_key.class.name
+#=> "ConcealedString"
+
+## Common mistake patterns are secure - string interpolation
+search_pattern = "password_hash:#{@user.password_hash}"
+search_pattern.include?("bcrypt")
+#=> false
+
+## API response safety
+api_response = {
+  user_id: @user.id,
+  credentials: {
+    password: @user.password_hash,
+    api_key: @user.api_secret
+  }
+}
+
+@response_json = api_response.to_json
+@response_json.include?("bcrypt")
+#=> false
+
+## API response doesn't leak secrets
+@response_json.include?("sk-1234567890abcdef")
+#=> false
+
+## API response contains concealed markers
+@response_json.include?("[CONCEALED]")
+#=> true
+
+## Debug logging safety
+@debug_values = @user.instance_variables.map do |var|
+  "#{var}=#{@user.instance_variable_get(var)}"
+end
+
+@debug_string = @debug_values.join(", ")
+@debug_string.include?("bcrypt")
+#=> false
+
+## Debug output contains concealed markers
+@debug_string.include?("[CONCEALED]")
+#=> true
+
+# Teardown
+Familia.dbclient.flushdb

data/try/features/encryption_fields/thread_safety_try.rb

@@ -0,0 +1,199 @@
+# try/features/encryption_fields/thread_safety_try.rb
+
+require 'concurrent'
+require 'base64'
+
+require_relative '../../helpers/test_helpers'
+
+# Setup encryption keys for testing
+test_keys = {
+  v1: Base64.strict_encode64('a' * 32),
+  v2: Base64.strict_encode64('b' * 32)
+}
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class ThreadTest < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+# Thread-safe debug logging helper
+@debug_mutex = Mutex.new
+def debug(msg)
+  return unless ENV['FAMILIA_DEBUG']
+  @debug_mutex.synchronize { puts "DEBUG: #{msg}" }
+end
+
+## Concurrent encryption operations maintain counter integrity
+Familia::Encryption.reset_derivation_count!
+@results = Concurrent::Array.new
+@errors = Concurrent::Array.new
+
+debug "Starting 10 threads for concurrent operations..."
+
+@threads = 10.times.map do |i|
+  Thread.new do
+    begin
+      model = ThreadTest.new(id: "thread-#{i}")
+      5.times do |j|
+        model.secret = "secret-#{i}-#{j}"  # encrypt (derivation)
+        retrieved = model.secret           # decrypt (derivation)
+        @results << retrieved
+      end
+      debug "Thread #{i} completed successfully"
+    rescue => e
+      debug "Thread #{i} failed: #{e.class}: #{e.message}"
+      @errors << e
+    end
+  end
+end
+
+@threads.each(&:join)
+
+debug "All threads joined. Results: #{@results.size}, Errors: #{@errors.size}"
+debug "Derivation count: #{Familia::Encryption.derivation_count.value}"
+
+if @errors.any?
+  debug "Error details:"
+  @errors.each_with_index { |e, i| debug "  #{i+1}. #{e.class}: #{e.message}" }
+end
+
+@errors.empty?
+#=> true
+
+## All expected results collected (10 threads × 5 operations = 50 results)
+@results.size
+#=> 50
+
+## Each thread did 5 write operations = 5 derivations
+# Total: 10 threads * 5 derivations = 50 (reading returns ConcealedString without decryption)
+Familia::Encryption.derivation_count.value
+#=> 50
+
+## Key rotation operations work safely under concurrent access
+debug "Starting key rotation test with 4 threads..."
+
+@rotation_errors = Concurrent::Array.new
+@rotation_results = Concurrent::Array.new
+
+@rotation_threads = 4.times.map do |i|
+  Thread.new do
+    begin
+      # Each thread alternates between v1 and v2
+      thread_version = i.even? ? :v1 : :v2
+
+      10.times do |j|
+        debug "Thread #{i}, iteration #{j}, using version #{thread_version}"
+
+        # Temporarily switch key version for this operation
+        original_version = Familia.config.current_key_version
+        Familia.config.current_key_version = thread_version
+
+        begin
+          model = ThreadTest.new(id: "race-#{i}-#{j}")
+          model.secret = "test-#{i}-#{j}"   # encrypt
+          retrieved = model.secret          # decrypt
+          @rotation_results << retrieved
+          debug "Thread #{i}, iteration #{j} completed"
+        ensure
+          # Restore original version
+          Familia.config.current_key_version = original_version
+        end
+      end
+    rescue => e
+      debug "Rotation thread #{i} failed: #{e.class}: #{e.message}"
+      @rotation_errors << e
+    end
+  end
+end
+
+@rotation_threads.each(&:join)
+
+debug "Key rotation test completed. Results: #{@rotation_results.size}, Errors: #{@rotation_errors.size}"
+
+if @rotation_errors.any?
+  debug "Rotation error details:"
+  @rotation_errors.each_with_index { |e, i| debug "  #{i+1}. #{e.class}: #{e.message}" }
+end
+
+@rotation_errors.empty?
+#=> true
+
+## All rotation operations completed successfully (4 threads × 10 operations = 40 results)
+@rotation_results.size
+#=> 40
+
+## Atomic counter maintains accuracy under maximum contention
+debug "Starting atomic counter test with 20 threads..."
+debug "Count before reset: #{Familia::Encryption.derivation_count.value}"
+
+Familia::Encryption.reset_derivation_count!
+sleep(0.01) # Minimal delay to ensure reset takes effect
+
+debug "Count after reset: #{Familia::Encryption.derivation_count.value}"
+
+barrier = Concurrent::CyclicBarrier.new(20)
+@counter_errors = Concurrent::Array.new
+
+counter_threads = 20.times.map do |i|
+  Thread.new do
+    begin
+      barrier.wait # Synchronize start for maximum contention
+      model = ThreadTest.new(id: "counter-test-#{i}")
+      model.secret = 'test'  # Single encrypt operation (1 derivation)
+      debug "Counter thread #{i} completed"
+    rescue => e
+      debug "Counter thread #{i} failed: #{e.class}: #{e.message}"
+      @counter_errors << e
+    end
+  end
+end
+
+counter_threads.each(&:join)
+
+debug "Atomic counter test completed. Final count: #{Familia::Encryption.derivation_count.value}"
+
+@counter_errors.empty?
+#=> true
+
+## Exactly 20 derivations, no lost increments
+Familia::Encryption.derivation_count.value
+#=> 20
+
+## Concurrent encryption operations maintain counter integrity
+class ThreadTest2 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+Familia::Encryption.reset_derivation_count!
+errors = Concurrent::Array.new
+barrier = Concurrent::CyclicBarrier.new(10)
+
+threads = 10.times.map do |i|
+  Thread.new do
+    barrier.wait # Synchronize start
+    model = ThreadTest.new(id: "thread-#{i}")
+    begin
+      5.times { |j|
+        model.secret = "value-#{i}-#{j}"  # encrypt (derivation)
+        model.secret # returns ConcealedString (no derivation)
+      }
+    rescue => e
+      errors << e
+    end
+  end
+end
+
+threads.each(&:join)
+errors.empty? && Familia::Encryption.derivation_count.value == 50
+#=> true
+
+# Cleanup
+Familia.config.encryption_keys = nil
+Familia.config.current_key_version = nil

data/try/features/encryption_fields/universal_serialization_safety_try.rb

@@ -0,0 +1,174 @@
+# try/features/encryption_fields/universal_serialization_safety_try.rb
+
+require_relative '../../helpers/test_helpers'
+require 'base64'
+
+Familia.debug = false
+
+# Configure encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Test class with mixed field types
+class DataRecord < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :title                        # Public field
+  field :description                  # Public field
+  encrypted_field :api_token          # Encrypted field
+  encrypted_field :secret_notes       # Encrypted field
+  encrypted_field :user_data          # Encrypted field
+end
+
+# Clean environment
+Familia.dbclient.flushdb
+
+# Create test record with mixed data
+@record = DataRecord.new
+@record.id = "rec001"
+@record.title = "Public Record"
+@record.description = "This is public information"
+@record.api_token = "token-abc123456789"
+@record.secret_notes = "confidential information"
+@record.user_data = "sensitive user details"
+
+## Object-level to_h excludes encrypted fields
+hash_result = @record.to_h
+hash_result.keys.include?("api_token")
+#=> false
+
+## to_h excludes secret notes
+@record.to_h.keys.include?("secret_notes")
+#=> false
+
+## to_h excludes user data
+@record.to_h.keys.include?("user_data")
+#=> false
+
+## to_h only includes public fields
+@record.to_h.keys.sort
+#=> ["description", "id", "title"]
+
+## to_h contains correct public values
+@record.to_h["title"]
+#=> "Public Record"
+
+## Individual encrypted field serialization safety - to_s
+@record.api_token.to_s
+#=> "[CONCEALED]"
+
+## to_str serialization
+@record.api_token.to_str
+#=!> NoMethodError
+
+## inspect serialization
+@record.api_token.inspect
+#=> "[CONCEALED]"
+
+## JSON serialization - to_json
+@record.api_token.to_json
+#=> "\"[CONCEALED]\""
+
+## JSON serialization - as_json
+@record.api_token.as_json
+#=> "[CONCEALED]"
+
+## Hash serialization
+@record.api_token.to_h
+#=> "[CONCEALED]"
+
+## Array serialization
+@record.api_token.to_a
+#=> ["[CONCEALED]"]
+
+## Numeric serialization - to_i
+@record.api_token.to_i
+#=!> NoMethodError
+
+## Float serialization
+@record.api_token.to_f
+#=!> NoMethodError
+
+## Complex nested JSON structure
+@nested_data = {
+  record: @record,
+  fields: {
+    public: [@record.title, @record.description],
+    encrypted: [@record.api_token, @record.secret_notes]
+  }
+}
+
+@serialized = @nested_data.to_json
+@serialized.include?("token-abc123456789")
+#=> false
+
+## Nested JSON contains concealed markers
+@nested_data.to_json.include?("[CONCEALED]")
+#=> true
+
+## Array of mixed field types safety
+@mixed_array = [
+  @record.title,
+  @record.api_token,
+  @record.description,
+  @record.secret_notes
+]
+
+@mixed_array.to_json.include?("token-abc123456789")
+#=> false
+
+## Mixed array preserves public data
+@mixed_array.to_json.include?("Public Record")
+#=> true
+
+## String interpolation safety
+@debug_message = "Record #{@record.id}: token=#{@record.api_token}"
+@debug_message.include?("token-abc123456789")
+#=> false
+
+## Interpolation shows concealed values
+@debug_message.include?("[CONCEALED]")
+#=> true
+
+## Hash merge operations safety
+merged_hash = @record.to_h.merge({
+  runtime_token: @record.api_token
+})
+
+merged_hash.values.any? { |v| v.to_s.include?("token-abc123456789") }
+#=> false
+
+## Database persistence maintains safety
+@record.save
+#=> true
+
+## Fresh load serialization safety
+@fresh_record = DataRecord.load("rec001")
+@fresh_record.to_h.keys.include?("api_token")
+#=> false
+
+## Fresh record field safety
+@fresh_record.api_token.to_s
+#=> "[CONCEALED]"
+
+## Exception handling safety
+begin
+  raise StandardError, "Auth failed: #{@record.api_token}"
+rescue StandardError => e
+  e.message.include?("token-abc123456789")
+end
+#=> false
+
+## String formatting safety
+@formatted = "Token: %s" % [@record.api_token]
+@formatted.include?("token-abc123456789")
+#=> false
+
+## Formatted string shows concealed
+@formatted.include?("[CONCEALED]")
+#=> true
+
+# Teardown
+Familia.dbclient.flushdb

data/try/features/expiration_try.rb

@@ -1,6 +1,5 @@
 # try/features/expiration_try.rb
 
-require_relative '../../lib/familia'
 require_relative '../helpers/test_helpers'
 
 Familia.debug = false