familia 2.0.0.pre5 → 2.0.0.pre6

data/try/features/encryption_fields/secure_by_default_behavior_try.rb

@@ -0,0 +1,310 @@
+# try/features/encryption_fields/secure_by_default_behavior_try.rb
+
+require_relative '../../helpers/test_helpers'
+require 'base64'
+
+Familia.debug = false
+
+# Configure encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Test class demonstrating secure patterns
+class SecureUserAccount < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :username                      # Public field
+  field :email                         # Public field
+  encrypted_field :password_hash       # Secure field
+  encrypted_field :api_secret          # Secure field
+  encrypted_field :recovery_key        # Secure field
+end
+
+# Clean test environment
+Familia.dbclient.flushdb
+
+# Create test user
+@user = SecureUserAccount.new
+@user.id = "user123"
+@user.username = "john_doe"
+@user.email = "john@example.com"
+@user.password_hash = "bcrypt$2a$12$abcdef..."
+@user.api_secret = "sk-1234567890abcdef"
+@user.recovery_key = "recovery-key-xyz789"
+
+## Public field returns String class and value
+@user.username
+#=:> String
+#=> "john_doe"
+
+## Email field returns correct value
+@user.email
+#=> "john@example.com"
+
+## Password hash returns ConcealedString - no auto-decryption
+@user.password_hash.class.name
+#=> "ConcealedString"
+
+## API secret returns ConcealedString
+@user.api_secret.class.name
+#=> "ConcealedString"
+
+## Recovery key returns ConcealedString
+@user.recovery_key.class.name
+#=> "ConcealedString"
+
+## Explicit reveal required for password access
+revealed_password = nil
+@user.password_hash.reveal do |plaintext|
+  revealed_password = plaintext
+end
+revealed_password
+#=> "bcrypt$2a$12$abcdef..."
+
+## Multiple encrypted fields require individual reveals
+revealed_secret = nil
+@user.api_secret.reveal do |plaintext|
+  revealed_secret = plaintext
+end
+revealed_secret
+#=> "sk-1234567890abcdef"
+
+## String operations on encrypted fields are safe
+password_string = @user.password_hash.to_s
+password_string.include?("bcrypt")
+#=> false
+
+## to_s returns concealed marker
+@user.password_hash.to_s
+#=> "[CONCEALED]"
+
+## inspect is safe for debugging
+inspect_result = @user.password_hash.inspect
+inspect_result.include?("bcrypt")
+#=> false
+
+## inspect returns concealed marker
+@user.password_hash.inspect
+#=> "[CONCEALED]"
+
+## Array operations are secure
+all_fields = [@user.username, @user.password_hash, @user.api_secret]
+field_strings = all_fields.map(&:to_s)
+field_strings
+#=> ["john_doe", "[CONCEALED]", "[CONCEALED]"]
+
+## Hash serialization excludes encrypted fields
+user_hash = @user.to_h
+user_hash.keys.include?("password_hash")
+#=> false
+
+## API secret also excluded from serialization
+@user.to_h.keys.include?("api_secret")
+#=> false
+
+## Recovery key excluded from serialization
+@user.to_h.keys.include?("recovery_key")
+#=> false
+
+## Only public fields included in serialization
+@user.to_h.keys.sort
+#=> ["email", "id", "username"]
+
+## Database operations preserve security
+@user.save
+#=> true
+
+## Fresh load from database returns ConcealedString
+@fresh_user = SecureUserAccount.load("user123")
+@fresh_user.password_hash.class.name
+#=> "ConcealedString"
+
+## Fresh user API secret is concealed
+@fresh_user.api_secret.class.name
+#=> "ConcealedString"
+
+## Plaintext still requires explicit reveal after reload
+revealed_fresh = nil
+@fresh_user.password_hash.reveal do |plaintext|
+  revealed_fresh = plaintext
+end
+revealed_fresh
+#=> "bcrypt$2a$12$abcdef..."
+
+## Regular field string operations work normally
+@user.username.upcase
+#=> "JOHN_DOE"
+
+## Regular field length access
+@user.username.length
+#=> 8
+
+## Regular field substring access
+@user.username[0..3]
+#=> "john"
+
+## Encrypted field string operations are protected
+@user.password_hash.upcase
+#=> "[CONCEALED]"
+
+## Encrypted field length is concealed length
+@user.password_hash.length
+#=> 11
+
+## Encrypted field substring is from concealed text
+@user.password_hash.to_s[0..3]
+#=> "[CON"
+
+## Logging patterns are safe
+@log_message = "User #{@user.username} with password #{@user.password_hash}"
+@log_message.include?("bcrypt")
+#=> false
+
+## Log message shows concealed value
+@log_message
+#=> "User john_doe with password [CONCEALED]"
+
+## Exception messages are safe
+begin
+  raise StandardError, "Authentication failed for #{@user.password_hash}"
+rescue StandardError => e
+  e.message.include?("bcrypt")
+end
+#=> false
+
+## String method chaining is safe
+transformed = @user.password_hash.downcase.strip.gsub(/secret/, "public")
+transformed
+#=> "[CONCEALED]"
+
+## Concatenation fails safely without to_str method (prevents accidental implicit conversion)
+begin
+  @combined = "Password: " + @user.password_hash + " (encrypted)"
+  "concatenation_should_fail"
+rescue TypeError => e
+  e.message.include?("no implicit conversion")
+end
+#=> true
+
+## JSON serialization is safe
+@user_json = {
+  id: @user.id,
+  username: @user.username,
+  password: @user.password_hash
+}.to_json
+
+@user_json.include?("bcrypt")
+#=> false
+
+## JSON contains concealed marker
+@user_json.include?("[CONCEALED]")
+#=> true
+
+## Bulk field operations are secure
+@encrypted_fields = [:password_hash, :api_secret, :recovery_key]
+@field_values = @encrypted_fields.map { |field| @user.send(field) }
+
+@field_values.all? { |val| val.class.name == "ConcealedString" }
+#=> true
+
+## All serialize safely
+@safe_strings = @field_values.map(&:to_s)
+@safe_strings.all? { |str| str == "[CONCEALED]" }
+#=> true
+
+## Conditional operations are safe
+password_present = @user.password_hash.present?
+password_present
+#=> true
+
+## Empty check is safe
+password_empty = @user.password_hash.empty?
+password_empty
+#=> false
+
+## Nil check works
+(@user.password_hash.nil?)
+#=> false
+
+## Assignment maintains security
+@user.api_secret = "new-secret-key-456"
+@user.api_secret.class.name
+#=> "ConcealedString"
+
+## New assignment serializes safely
+@user.api_secret.to_s
+#=> "[CONCEALED]"
+
+## Updating with reveal access to old value
+old_value = nil
+new_value = "updated-secret-789"
+
+@user.api_secret.reveal do |current|
+  old_value = current
+  @user.api_secret = new_value
+end
+
+old_value
+#=> "new-secret-key-456"
+
+## Updated value accessible via reveal
+@user.api_secret.reveal { |x| x }
+#=> "updated-secret-789"
+
+## Nil assignment returns nil
+@user.recovery_key = nil
+@user.recovery_key
+#=> nil
+
+## Nil encrypted fields are NilClass
+@user.recovery_key.class.name
+#=> "NilClass"
+
+## Setting back to value returns to ConcealedString
+@user.recovery_key = "new-recovery-key"
+@user.recovery_key.class.name
+#=> "ConcealedString"
+
+## Common mistake patterns are secure - string interpolation
+search_pattern = "password_hash:#{@user.password_hash}"
+search_pattern.include?("bcrypt")
+#=> false
+
+## API response safety
+api_response = {
+  user_id: @user.id,
+  credentials: {
+    password: @user.password_hash,
+    api_key: @user.api_secret
+  }
+}
+
+@response_json = api_response.to_json
+@response_json.include?("bcrypt")
+#=> false
+
+## API response doesn't leak secrets
+@response_json.include?("sk-1234567890abcdef")
+#=> false
+
+## API response contains concealed markers
+@response_json.include?("[CONCEALED]")
+#=> true
+
+## Debug logging safety
+@debug_values = @user.instance_variables.map do |var|
+  "#{var}=#{@user.instance_variable_get(var)}"
+end
+
+@debug_string = @debug_values.join(", ")
+@debug_string.include?("bcrypt")
+#=> false
+
+## Debug output contains concealed markers
+@debug_string.include?("[CONCEALED]")
+#=> true
+
+# Teardown
+Familia.dbclient.flushdb

data/try/features/encryption_fields/thread_safety_try.rb

@@ -68,10 +68,10 @@ end
 @results.size
 #=> 50
 
-## Each thread did 5 write + 5 read = 10 derivations
-# Total: 10 threads * 10 derivations = 100
+## Each thread did 5 write operations = 5 derivations
+# Total: 10 threads * 5 derivations = 50 (reading returns ConcealedString without decryption)
 Familia::Encryption.derivation_count.value
-#=> 100
+#=> 50
 
 ## Key rotation operations work safely under concurrent access
 debug "Starting key rotation test with 4 threads..."
@@ -181,8 +181,8 @@ threads = 10.times.map do |i|
     model = ThreadTest.new(id: "thread-#{i}")
     begin
       5.times { |j|
-        model.secret = "value-#{i}-#{j}"
-        model.secret # decrypt
+        model.secret = "value-#{i}-#{j}"  # encrypt (derivation)
+        model.secret # returns ConcealedString (no derivation)
       }
     rescue => e
       errors << e
@@ -191,7 +191,7 @@ threads = 10.times.map do |i|
 end
 
 threads.each(&:join)
-errors.empty? && Familia::Encryption.derivation_count.value == 100
+errors.empty? && Familia::Encryption.derivation_count.value == 50
 #=> true
 
 # Cleanup

data/try/features/encryption_fields/universal_serialization_safety_try.rb

@@ -0,0 +1,174 @@
+# try/features/encryption_fields/universal_serialization_safety_try.rb
+
+require_relative '../../helpers/test_helpers'
+require 'base64'
+
+Familia.debug = false
+
+# Configure encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Test class with mixed field types
+class DataRecord < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :title                        # Public field
+  field :description                  # Public field
+  encrypted_field :api_token          # Encrypted field
+  encrypted_field :secret_notes       # Encrypted field
+  encrypted_field :user_data          # Encrypted field
+end
+
+# Clean environment
+Familia.dbclient.flushdb
+
+# Create test record with mixed data
+@record = DataRecord.new
+@record.id = "rec001"
+@record.title = "Public Record"
+@record.description = "This is public information"
+@record.api_token = "token-abc123456789"
+@record.secret_notes = "confidential information"
+@record.user_data = "sensitive user details"
+
+## Object-level to_h excludes encrypted fields
+hash_result = @record.to_h
+hash_result.keys.include?("api_token")
+#=> false
+
+## to_h excludes secret notes
+@record.to_h.keys.include?("secret_notes")
+#=> false
+
+## to_h excludes user data
+@record.to_h.keys.include?("user_data")
+#=> false
+
+## to_h only includes public fields
+@record.to_h.keys.sort
+#=> ["description", "id", "title"]
+
+## to_h contains correct public values
+@record.to_h["title"]
+#=> "Public Record"
+
+## Individual encrypted field serialization safety - to_s
+@record.api_token.to_s
+#=> "[CONCEALED]"
+
+## to_str serialization
+@record.api_token.to_str
+#=!> NoMethodError
+
+## inspect serialization
+@record.api_token.inspect
+#=> "[CONCEALED]"
+
+## JSON serialization - to_json
+@record.api_token.to_json
+#=> "\"[CONCEALED]\""
+
+## JSON serialization - as_json
+@record.api_token.as_json
+#=> "[CONCEALED]"
+
+## Hash serialization
+@record.api_token.to_h
+#=> "[CONCEALED]"
+
+## Array serialization
+@record.api_token.to_a
+#=> ["[CONCEALED]"]
+
+## Numeric serialization - to_i
+@record.api_token.to_i
+#=!> NoMethodError
+
+## Float serialization
+@record.api_token.to_f
+#=!> NoMethodError
+
+## Complex nested JSON structure
+@nested_data = {
+  record: @record,
+  fields: {
+    public: [@record.title, @record.description],
+    encrypted: [@record.api_token, @record.secret_notes]
+  }
+}
+
+@serialized = @nested_data.to_json
+@serialized.include?("token-abc123456789")
+#=> false
+
+## Nested JSON contains concealed markers
+@nested_data.to_json.include?("[CONCEALED]")
+#=> true
+
+## Array of mixed field types safety
+@mixed_array = [
+  @record.title,
+  @record.api_token,
+  @record.description,
+  @record.secret_notes
+]
+
+@mixed_array.to_json.include?("token-abc123456789")
+#=> false
+
+## Mixed array preserves public data
+@mixed_array.to_json.include?("Public Record")
+#=> true
+
+## String interpolation safety
+@debug_message = "Record #{@record.id}: token=#{@record.api_token}"
+@debug_message.include?("token-abc123456789")
+#=> false
+
+## Interpolation shows concealed values
+@debug_message.include?("[CONCEALED]")
+#=> true
+
+## Hash merge operations safety
+merged_hash = @record.to_h.merge({
+  runtime_token: @record.api_token
+})
+
+merged_hash.values.any? { |v| v.to_s.include?("token-abc123456789") }
+#=> false
+
+## Database persistence maintains safety
+@record.save
+#=> true
+
+## Fresh load serialization safety
+@fresh_record = DataRecord.load("rec001")
+@fresh_record.to_h.keys.include?("api_token")
+#=> false
+
+## Fresh record field safety
+@fresh_record.api_token.to_s
+#=> "[CONCEALED]"
+
+## Exception handling safety
+begin
+  raise StandardError, "Auth failed: #{@record.api_token}"
+rescue StandardError => e
+  e.message.include?("token-abc123456789")
+end
+#=> false
+
+## String formatting safety
+@formatted = "Token: %s" % [@record.api_token]
+@formatted.include?("token-abc123456789")
+#=> false
+
+## Formatted string shows concealed
+@formatted.include?("[CONCEALED]")
+#=> true
+
+# Teardown
+Familia.dbclient.flushdb

data/try/features/feature_dependencies_try.rb

@@ -7,7 +7,7 @@ Familia.debug = false
 # Create test features with dependencies for testing
 module TestFeatureA
   def self.included(base)
-    Familia.ld "[#{base}] Loaded #{self}"
+    Familia.trace :included, base, self, caller(1..1) if Familia.debug?
     base.extend ClassMethods
   end
 
@@ -24,7 +24,7 @@ end
 
 module TestFeatureB
   def self.included(base)
-    Familia.ld "[#{base}] Loaded #{self}"
+    Familia.trace :INCLUDED, base, self, caller(1..1) if Familia.debug?
     base.extend ClassMethods
   end
 
@@ -41,7 +41,7 @@ end
 
 module TestFeatureCWithDeps
   def self.included(base)
-    Familia.ld "[#{base}] Loaded #{self}"
+    Familia.trace :feature_load, base, self, caller(1..1) if Familia.debug?
     base.extend ClassMethods
   end
 

data/try/features/transient_fields_core_try.rb

@@ -92,7 +92,7 @@ already_redacted = RedactedString.new('already_wrapped')
 ## Serialization to_h only includes persistent fields
 hash_result = @service.to_h
 hash_result.keys.sort
-#=> [:endpoint_url, :name]
+#=> ["endpoint_url", "name"]
 
 ## Serialization to_h excludes api_key transient field
 hash_result = @service.to_h

data/try/features/transient_fields_integration_try.rb

@@ -102,7 +102,7 @@ already_redacted = RedactedString.new("already_wrapped")
 ## Serialization to_h only includes persistent fields
 hash_result = @service.to_h
 hash_result.keys.sort
-#=> [:endpoint_url, :name, :service_id]
+#=> ["endpoint_url", "name", "service_id"]
 
 ## Serialization to_h excludes api_key transient field
 hash_result = @service.to_h

data/try/helpers/test_helpers.rb

@@ -20,6 +20,8 @@ class Bone < Familia::Horreum
   zset      :metrics
   hashkey   :props
   string    :value, default: 'GREAT!'
+  counter   :counter, default: 0
+  lock      :lock
 end
 
 class Blone < Familia::Horreum
@@ -204,3 +206,26 @@ module SingleUseRedactedStringTestHelper
     end
   end
 end
+
+# ConcealedString test helper for accessing encrypted values in tests
+unless defined?(ConcealedString)
+  require_relative '../../lib/familia/features/encrypted_fields/concealed_string'
+end
+module ConcealedStringTestHelper
+  refine ConcealedString do
+    # TEST-ONLY: Direct access to decrypted value
+    #
+    # This method bypasses the reveal block pattern and directly returns
+    # the decrypted plaintext. It should ONLY be used in test environments
+    # through refinements to keep this dangerous method out of production.
+    #
+    # @return [String] The decrypted plaintext value
+    #
+    def reveal_for_testing
+      raise SecurityError, 'Encrypted data already cleared' if cleared?
+      raise SecurityError, 'No encrypted data to reveal' if @encrypted_data.nil?
+
+      @field_type.decrypt_value(@record, @encrypted_data)
+    end
+  end
+end

data/try/horreum/enhanced_conflict_handling_try.rb

@@ -10,7 +10,7 @@ Familia::VALID_STRATEGIES.include?(:raise)
 
 ## Valid strategies include all expected options
 Familia::VALID_STRATEGIES
-#=> [:raise, :skip, :warn, :overwrite]
+#=> [:raise, :skip, :ignore, :warn, :overwrite]
 
 ## Overwrite strategy removes existing method and defines new one
 class OverwriteStrategyTest < Familia::Horreum

data/try/horreum/initialization_try.rb

@@ -49,7 +49,7 @@ Familia.debug = false
 #=> ["mixed@test.com", "Mixed Test", nil, "user"]
 
 ## to_h works correctly with keyword-initialized objects
-@customer2.to_h[:name]
+@customer2.to_h["name"]
 #=> "Jane Smith"
 
 ## to_a works correctly with keyword-initialized objects

data/try/horreum/relations_try.rb

@@ -106,7 +106,7 @@ prefs = @test_user.preferences
 @test_product.views.increment
 @test_product.views.incrementby(5)
 @test_product.views.value
-#=> "6"
+#=> 6
 
 ## Database types maintain parent reference
 @test_user.sessions.parent == @test_user

data/try/horreum/serialization_persistent_fields_try.rb

@@ -60,18 +60,18 @@ end
 ## to_h excludes transient fields
 @hash_result = @serialization_test.to_h
 @hash_result.keys.sort
-#=> [:description, :email, :id, :metadata, :name]
+#=> ["description", "email", "id", "metadata", "name"]
 
 ## to_h includes all persistent fields
-@hash_result.key?(:name)
+@hash_result.key?("name")
 #=> true
 
 ## to_h includes encrypted persistent fields
-@hash_result.key?(:email)
+@hash_result.key?("email")
 #=> true
 
 ## to_h includes explicitly persistent fields
-@hash_result.key?(:description)
+@hash_result.key?("description")
 #=> true
 
 ## to_h excludes transient fields from serialization
@@ -83,7 +83,7 @@ end
 #=> false
 
 ## to_h serializes complex values correctly
-@hash_result[:metadata]
+@hash_result["metadata"]
 #=:> String
 
 ## to_a excludes transient fields
@@ -127,7 +127,7 @@ SerializationCategoryTest.persistent_fields.include?(:email)
 
 ## to_h with only id field when all others are transient
 @all_transient.to_h
-#=> { id: "transient_test_1" }
+#=> {"id" => "transient_test_1"}
 
 ## to_a with only id field when all others are transient
 @all_transient.to_a
@@ -136,7 +136,7 @@ SerializationCategoryTest.persistent_fields.include?(:email)
 ## Aliased fields serialization uses original field names
 @aliased_hash = @aliased_test.to_h
 @aliased_hash.keys.sort
-#=> [:id, :internal_name, :user_data]
+#=> ["id", "internal_name", "user_data"]
 
 ## Aliased transient fields are excluded
 @aliased_hash.key?(:temp_cache)
@@ -144,7 +144,7 @@ SerializationCategoryTest.persistent_fields.include?(:email)
 
 ## Serialization works with accessor methods through aliases
 @aliased_test.display_name = 'Updated Name'
-@aliased_test.to_h[:internal_name]
+@aliased_test.to_h["internal_name"]
 #=> "Updated Name"
 
 ## Clear fields respects field method map