featureflip 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74310b5e1a7545b5d289a4f09d32c7e396f3f03bcb5af9265fe970667f2aedfd
-  data.tar.gz: 6f0fd700429f63dbba04b3311c88700e9281113f0b114a6c635797745ca1cddc
+  metadata.gz: 2fdefb980d91435aca01a6f6344804e172dedef867fd826c5ac9a017ca6416ca
+  data.tar.gz: d98b0cda83055b8b984b2ea370b9717f6800dd44202ddacf21944fa19b0dc194
 SHA512:
-  metadata.gz: 6eb646f7ba550b44639e2d294ad8b171d2a9931f5004afcdb7621db46abc18dfa047732da544e74a9167a509da1fd5018e71e49f7126e0753ee87f8ac9e2bccf
-  data.tar.gz: ca59f44a28682ac0fcc5924d4a19e3bb9df8ae76809dfa133f34a57d4bf24243e3cf4b2b7a7f82a54efc0249653a6d54a1fd6ca4c5d0b685fbe2438282e27776
+  metadata.gz: 360a193a8d0557ba71c45ce1c3f341d008f34f34996434328f7aa2c1da3eee9ef7cc531953ffbd21b8f83fa2674e750139c456854e59a322c0099fe04f76cc0f
+  data.tar.gz: f4f292e068e49a8688b94c530d5cce50a060f97c57742e5aaee3f4db02aa469b0623c8b3c95065c6293e0452b71a58f3dc57212b649bc78e66044dad025c24a6

data/lib/featureflip/evaluation/condition_evaluator.rb

@@ -1,13 +1,35 @@
+require "time"
+
 module Featureflip
   module Evaluation
     class ConditionEvaluator
+      # Per-regex match timeout (seconds) for MatchesRegex, mirroring the
+      # engine's 100ms RegexMatchTimeout guard against catastrophic
+      # backtracking / ReDoS (#1460). Requires Ruby >= 3.2 (gemspec floor),
+      # which added the Regexp `timeout:` keyword.
+      REGEX_TIMEOUT_SECONDS = 0.1
+
       def evaluate_condition(condition, context)
         attr_value = context[condition.attribute]
 
         return condition.negate if attr_value.nil?
 
-        str_value = attr_value.to_s.downcase
-        targets = condition.values.map { |v| v.to_s.downcase }
+        # Issue #1458: when the attribute is a native numeric (Integer/Float —
+        # Ruby's `true`/`false` are NOT Numeric, so booleans are naturally
+        # excluded), the equality-family operators coerce the condition values to
+        # numbers and compare numerically, so 1.0 matches "1". This mirrors the
+        # engine's type-aware path and runs BEFORE stringification — a String
+        # attribute (even "1.0") stays on the string path below.
+        if attr_value.is_a?(Numeric) && NUMERIC_EQUALITY_OPERATORS.include?(condition.operator)
+          return evaluate_numeric_equality(condition, attr_value)
+        end
+
+        # Pass the raw (case-preserved) strings to the operator dispatcher.
+        # Most operators compare case-insensitively and downcase internally, but
+        # the semver operators rely on case-sensitive prerelease precedence
+        # (semver §11), so the original casing must survive to that point.
+        str_value = attr_value.to_s
+        targets = condition.values.map(&:to_s)
 
         result = evaluate_operator(condition.operator, str_value, targets)
         condition.negate ? !result : result
@@ -33,49 +55,136 @@ module Featureflip
 
       private
 
+      # The equality-family operators that get type-aware numeric coercion when
+      # the attribute is a native Numeric (Issue #1458). Relational/string ops
+      # are deliberately excluded — only these four coerce.
+      NUMERIC_EQUALITY_OPERATORS = %w[Equals NotEquals In NotIn].freeze
+      private_constant :NUMERIC_EQUALITY_OPERATORS
+
+      # A parsed semantic version: the release core as dot-separated numeric
+      # segments plus an optional dot-separated prerelease identifier list.
+      SemverVersion = Struct.new(:release, :prerelease)
+      private_constant :SemverVersion
+
+      # An ISO-8601 date-time with no timezone offset (no trailing "Z"/±hh:mm),
+      # so it must be assumed UTC before parsing.
+      ISO_NO_OFFSET = /\A\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}(:\d{2})?(\.\d+)?\z/
+      private_constant :ISO_NO_OFFSET
+
+      # A bare ISO-8601 calendar date ("2024-01-01") with no time component. The
+      # engine's DateTimeOffset.TryParse accepts these (midnight, assumed UTC),
+      # but Time.iso8601 rejects them, so they need their own midnight-UTC path.
+      ISO_DATE_ONLY = /\A\d{4}-\d{2}-\d{2}\z/
+      private_constant :ISO_DATE_ONLY
+
       def evaluate_operator(operator, value, targets)
+        # Case-insensitive views for the string/relational/date operators.
+        ci_value = value.downcase
+        ci_targets = targets.map(&:downcase)
+
         case operator
         when "Equals"
-          targets.any? { |t| value == t }
+          ci_targets.any? { |t| ci_value == t }
         when "NotEquals"
-          targets.all? { |t| value != t }
+          ci_targets.all? { |t| ci_value != t }
         when "Contains"
-          targets.any? { |t| value.include?(t) }
+          ci_targets.any? { |t| ci_value.include?(t) }
         when "NotContains"
-          targets.all? { |t| !value.include?(t) }
+          ci_targets.all? { |t| !ci_value.include?(t) }
         when "StartsWith"
-          targets.any? { |t| value.start_with?(t) }
+          ci_targets.any? { |t| ci_value.start_with?(t) }
         when "EndsWith"
-          targets.any? { |t| value.end_with?(t) }
+          ci_targets.any? { |t| ci_value.end_with?(t) }
         when "In"
-          targets.include?(value)
+          ci_targets.include?(ci_value)
         when "NotIn"
-          !targets.include?(value)
+          !ci_targets.include?(ci_value)
         when "MatchesRegex"
+          # Case-sensitive matching on the original-case value and pattern,
+          # mirroring the engine (RegexOptions.None). Case-insensitivity is
+          # opt-in via the (?i) inline flag in the pattern.
+          #
+          # A per-regex timeout bounds catastrophic backtracking / ReDoS like
+          # the engine's 100ms guard (#1460). rescue RegexpError covers BOTH an
+          # invalid pattern AND Regexp::TimeoutError (a RegexpError subclass),
+          # so either fails safe to no-match.
           targets.any? do |t|
-            Regexp.new(t, Regexp::IGNORECASE).match?(value)
+            Regexp.new(t, timeout: REGEX_TIMEOUT_SECONDS).match?(value)
           rescue RegexpError
             false
           end
+        # Relational operators match if the value satisfies the comparison
+        # against ANY condition value (mirroring the server engine), not just
+        # values[0]. `.any?` over an empty array is false, so empty values
+        # returns false without error.
         when "GreaterThan"
-          compare_numeric(value, targets[0], :>)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :>) }
         when "GreaterThanOrEqual"
-          compare_numeric(value, targets[0], :>=)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :>=) }
         when "LessThan"
-          compare_numeric(value, targets[0], :<)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :<) }
         when "LessThanOrEqual"
-          compare_numeric(value, targets[0], :<=)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :<=) }
+        # Date operators compare against the RAW value/targets, not the
+        # lowercased copies: downcasing breaks ISO-8601 parsing (the "Z" UTC
+        # designator becomes "z", which is not valid). Both operands are parsed
+        # to UTC instants — offsets are honored, no-offset strings are assumed
+        # UTC, and a bare integer is treated as Unix seconds — so an unparseable
+        # operand matches nothing instead of falling back to a string compare.
         when "Before"
-          return false if targets.empty?
-          value < targets[0]
+          targets.any? { |t| compare_datetime(value, t, :<) }
         when "After"
-          return false if targets.empty?
-          value > targets[0]
+          targets.any? { |t| compare_datetime(value, t, :>) }
+        # Semantic-version operators compare against the RAW value/targets:
+        # prerelease precedence is case-sensitive (semver §11), so the casing
+        # preserved by `evaluate_condition` must not be folded here. An
+        # unparseable version matches nothing, like the numeric/date operators.
+        when "SemverEquals"
+          targets.any? { |t| compare_semver(value, t, :==) }
+        when "SemverGreaterThan"
+          targets.any? { |t| compare_semver(value, t, :>) }
+        when "SemverGreaterThanOrEqual"
+          targets.any? { |t| compare_semver(value, t, :>=) }
+        when "SemverLessThan"
+          targets.any? { |t| compare_semver(value, t, :<) }
+        when "SemverLessThanOrEqual"
+          targets.any? { |t| compare_semver(value, t, :<=) }
         else
           false
         end
       end
 
+      # Type-aware numeric equality for a native-Numeric attribute (Issue #1458).
+      # Coerces each condition value with a strict literal parse and compares it
+      # numerically against the attribute. Equals/In match if ANY value is equal;
+      # NotEquals/NotIn are their negation. The `negate` flag is then applied,
+      # mirroring `evaluate_condition`'s tail.
+      def evaluate_numeric_equality(condition, attr_value)
+        target = attr_value.to_f
+        any_equal = condition.values.any? do |v|
+          n = parse_numeric(v)
+          n && n == target
+        end
+
+        positive = NUMERIC_EQUALITY_POSITIVE_OPERATORS.include?(condition.operator)
+        result = positive ? any_equal : !any_equal
+        condition.negate ? !result : result
+      end
+
+      # Equals/In are the "positive" members of the equality family (match on
+      # equality); NotEquals/NotIn negate the same any-equal test.
+      NUMERIC_EQUALITY_POSITIVE_OPERATORS = %w[Equals In].freeze
+      private_constant :NUMERIC_EQUALITY_POSITIVE_OPERATORS
+
+      # Strict literal parse of a condition value to a Float, reusing the same
+      # `Float()` approach as `compare_numeric`: a partial number like "1abc"
+      # raises and yields nil (no match), matching the engine's strict parse.
+      def parse_numeric(value)
+        Float(value)
+      rescue ArgumentError, TypeError
+        nil
+      end
+
       def compare_numeric(value, target, op)
         val = Float(value)
         tgt = Float(target)
@@ -83,6 +192,164 @@ module Featureflip
       rescue ArgumentError, TypeError
         false
       end
+
+      # Compares `value` and `target` as UTC date-time instants and tests the
+      # ordering against `op` (:< for Before, :> for After). Returns false when
+      # either side is not parseable, mirroring how `compare_numeric` treats
+      # non-numeric input (no lexical-string fallback).
+      def compare_datetime(value, target, op)
+        left = parse_datetime(value)
+        right = parse_datetime(target)
+        return false if left.nil? || right.nil?
+
+        left.send(op, right)
+      end
+
+      # Parses a date-time to a UTC `Time`, mirroring the engine's
+      # TryParseDateTime. ISO-8601 strings honor any timezone offset; a string
+      # without an offset is assumed UTC. A bare integer is treated as Unix time
+      # in seconds. Returns nil when the input parses as neither.
+      def parse_datetime(value)
+        s = value.to_s.strip
+
+        begin
+          # `Time.iso8601` honors offsets/"Z" but raises on a no-offset string;
+          # append the missing time/offset to assume midnight UTC for bare dates
+          # and UTC for offset-less date-times (mirroring DateTimeOffset.TryParse
+          # with AssumeUniversal).
+          iso =
+            if s.match?(ISO_DATE_ONLY)
+              "#{s}T00:00:00Z"
+            elsif s.match?(ISO_NO_OFFSET)
+              "#{s}Z"
+            else
+              s
+            end
+          return Time.iso8601(iso).utc
+        rescue ArgumentError
+          # Fall through to the Unix-seconds fallback.
+        end
+
+        # Integer fallback: treat a bare integer as Unix time in seconds.
+        if s.match?(/\A-?\d+\z/)
+          begin
+            return Time.at(Integer(s)).utc
+          rescue RangeError, ArgumentError
+            return nil
+          end
+        end
+
+        nil
+      end
+
+      # Compares `value` and `target` as semantic versions and tests the
+      # resulting precedence sign (-1/0/1) against `op`. Returns false when
+      # either side is not a parseable version, mirroring how `compare_numeric`
+      # treats non-numeric input.
+      def compare_semver(value, target, op)
+        left = parse_semver(value)
+        right = parse_semver(target)
+        return false if left.nil? || right.nil?
+
+        compare_semver_parts(left, right).send(op, 0)
+      end
+
+      # Parses a semantic version (https://semver.org). Returns a SemverVersion,
+      # or nil when the release core is missing or any release segment is
+      # non-numeric. Tolerant of an optional leading "v"/"V", "+build" metadata
+      # (ignored for precedence), and an optional "-prerelease" suffix.
+      def parse_semver(value)
+        s = value.strip
+        return nil if s.empty?
+
+        # Optional leading "v"/"V".
+        s = s[1..] if s.start_with?("v", "V")
+
+        # Build metadata ("+...") does not affect precedence.
+        plus = s.index("+")
+        s = s[0...plus] if plus
+
+        # Split the release core from the optional "-prerelease" suffix.
+        core = s
+        prerelease = []
+        dash = s.index("-")
+        if dash
+          core = s[0...dash]
+          pre = s[(dash + 1)..]
+          return nil if pre.empty? # trailing "-" with no identifiers is malformed
+
+          # `split(".", -1)` keeps trailing empty fields so "rc." / "1.0.-x" are
+          # rejected; the default `split` would silently drop them.
+          prerelease = pre.split(".", -1)
+          return nil if prerelease.any?(&:empty?)
+        end
+
+        return nil if core.empty?
+
+        release = core.split(".", -1)
+        return nil unless release.all? { |seg| all_digits?(seg) }
+
+        SemverVersion.new(release, prerelease)
+      end
+
+      # Compares two parsed versions by semantic-version precedence: release
+      # segments first (missing trailing segments treated as 0), then
+      # prerelease. Returns -1, 0, or 1.
+      def compare_semver_parts(a, b)
+        [a.release.length, b.release.length].max.times do |i|
+          seg_a = a.release[i] || "0"
+          seg_b = b.release[i] || "0"
+          cmp = compare_numeric_string(seg_a, seg_b)
+          return cmp unless cmp.zero?
+        end
+
+        compare_prerelease(a.prerelease, b.prerelease)
+      end
+
+      # Compares two prerelease identifier lists per semver §11. A version with
+      # no prerelease ranks above one that has a prerelease.
+      def compare_prerelease(a, b)
+        return 0 if a.empty? && b.empty?
+        return 1 if a.empty?
+        return -1 if b.empty?
+
+        [a.length, b.length].min.times do |i|
+          cmp = compare_prerelease_id(a[i], b[i])
+          return cmp unless cmp.zero?
+        end
+
+        # All shared identifiers equal: the longer prerelease has higher precedence.
+        a.length <=> b.length
+      end
+
+      # Compares two prerelease identifiers: numeric identifiers compare
+      # numerically and rank below alphanumeric ones; alphanumeric identifiers
+      # compare in ASCII sort order (case-sensitive) per semver §11.
+      def compare_prerelease_id(a, b)
+        a_num = all_digits?(a)
+        b_num = all_digits?(b)
+        return compare_numeric_string(a, b) if a_num && b_num
+        return -1 if a_num
+        return 1 if b_num
+
+        a <=> b
+      end
+
+      # Compares two all-digit strings as non-negative integers without parsing
+      # (overflow-free): strip leading zeros, then the longer string is the
+      # larger number; equal lengths compare ordinally. Returns -1, 0, or 1.
+      def compare_numeric_string(a, b)
+        a = a.sub(/\A0+/, "")
+        b = b.sub(/\A0+/, "")
+        return a.length <=> b.length unless a.length == b.length
+
+        a <=> b
+      end
+
+      # Reports whether `s` is non-empty and contains only ASCII digits.
+      def all_digits?(s)
+        s.match?(/\A[0-9]+\z/)
+      end
     end
   end
 end

data/lib/featureflip/evaluation/evaluator.rb

@@ -37,12 +37,21 @@ module Featureflip
 
         sorted_rules = flag.rules.sort_by(&:priority)
         sorted_rules.each do |rule|
-          conditions_match = if rule.segment_key && get_segment
-            segment = get_segment.call(rule.segment_key)
-            if segment
-              @condition_evaluator.evaluate_conditions(
-                segment.conditions, segment.condition_logic, context
-              )
+          conditions_match = if rule.segment_key && !rule.segment_key.empty?
+            # A segment-keyed rule must resolve its segment to match. If the
+            # segment source isn't wired (get_segment is nil), or the segment
+            # can't be found, fail closed (no match) -- mirroring the engine +
+            # C# SDK -- rather than falling through to the rule's condition
+            # groups (which match unconditionally when empty). See #1459.
+            if get_segment
+              segment = get_segment.call(rule.segment_key)
+              if segment
+                @condition_evaluator.evaluate_conditions(
+                  segment.conditions, segment.condition_logic, context
+                )
+              else
+                false
+              end
             else
               false
             end
@@ -138,6 +147,21 @@ module Featureflip
         bucket_value = context["userId"] if bucket_value.nil? && bucket_by == "user_id"
         bucket_value_str = bucket_value.nil? ? "" : bucket_value.to_s
 
+        # A Rollout serve can arrive with no weighted variations -- env-level PercentageRollout
+        # has nowhere to store per-variation weights, so the mapper emits type=Rollout with no
+        # variations (#1469). Degrade to the default fixed variation instead of returning an
+        # empty key. Mirrors the engine + C#/Java SDK evaluators.
+        return serve.variation || "" if (serve.variations || []).empty?
+
+        # Keyless user contexts can't be bucketed. Rather than hashing the empty value
+        # into an arbitrary salt-dependent bucket, serve the control (first) variation
+        # deterministically. The engine assigns a random GUID per eval (spreading
+        # anonymous users over HTTP); local SDK eval is deterministic, so parity is
+        # guaranteed only for keyed contexts (#1457).
+        if bucket_value_str == "" && %w[userId user_id].include?(bucket_by) && !(serve.variations || []).empty?
+          return serve.variations[0].key
+        end
+
         bucket = Bucketing.compute_bucket(serve.salt || "", bucket_value_str)
 
         cumulative = 0
@@ -146,7 +170,8 @@ module Featureflip
           return wv.key if bucket < cumulative
         end
 
-        serve.variations&.last&.key || ""
+        # Guaranteed non-empty: the no-variations case returned the default above.
+        serve.variations.last.key
       end
     end
   end

data/lib/featureflip/version.rb

@@ -1,3 +1,3 @@
 module Featureflip
-  VERSION = "2.1.0"
+  VERSION = "2.2.0"
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: featureflip
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Featureflip
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-05-27 00:00:00.000000000 Z
+date: 2026-06-19 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement