foobara 0.0.82 → 0.0.85

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e9fcec0cdbeb75a6ac186a698a2f88ae28b598ccaed336d64f969cd765b0c7a5
-  data.tar.gz: edcceb30a55fe4e2850bfbb00f48219c0dbb405ef39e103a499b9cac8ed363b3
+  metadata.gz: 3447ac0c4910cce965172cfdeaa22c16558bde49b0b0bcd533e2d5dba7b27188
+  data.tar.gz: 67797d30549979ba6ef227d8c61bae996408d598b77edac19b4210a6e4e0edc6
 SHA512:
-  metadata.gz: 7d7ad23aee91daf8e88449f6c22411111b32ad578444c67155093389fc2522002854dda79eaecabfa5b6a7e5854551aafcc9fd17ceaf86ce9e469090f2e17259
-  data.tar.gz: 29009427cdae16977b1c667090213f24e526d81a13a1a2442567833a4acc95d42fe5c19f88f2a339ee03b6e17549c4fd354f91fa27224230181a2bcd9a49b489
+  metadata.gz: 2c1b45ecd837fe9f66bb5dcd7d97d3f07dcbb8876a2c913386837378197b4ba0f33fac885283806adf9afea80cef65e3445ce13aff0e491005add424353e2475
+  data.tar.gz: 4270856b98fb68dd813b3bde8e7284995f1293ec0f310122a4d136da4e2c02c094e5110c8e1363b80a8a6d699d0efec49148d4284302494f714e11edbbdd84b6

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+# [0.0.85] - 2025-03-22
+
+- Add Manifest::TypeDeclaration#sensitive?
+
+# [0.0.84] - 2025-03-22
+
+- Remove sensitive values from command connector results
+- Allow creating models in two different namespace trees and use this is the command connector
+- Use real domains/orgs in command connectors, eliminating ExposedDomain/Org concept
+- Allow Datetime to be cast from a float
+
 # [0.0.82] - 2025-03-21
 
 - Fix bug incorrectly creating model classes in Foobara::GlobalDomain module

data/projects/builtin_types/src/datetime/casters/seconds_since_epoch.rb

@@ -4,11 +4,11 @@ module Foobara
       module Casters
         class SecondsSinceEpoch < Value::Caster
           def applicable?(value)
-            value.is_a?(::Integer)
+            value.is_a?(::Integer) || value.is_a?(::Float)
           end
 
           def applies_message
-            "be a an integer representing seconds since epoch"
+            "be a an integer or float representing seconds since epoch"
           end
 
           def cast(seconds_since_epoch)

data/projects/command/src/transformed_command.rb

@@ -19,6 +19,7 @@ module Foobara
 
       def subclass(
         command_class,
+        scoped_namespace:,
         full_command_name:,
         command_name:,
         inputs_transformers:,
@@ -32,6 +33,22 @@ module Foobara
         suffix: nil,
         capture_unknown_error: false
       )
+        result_type = command_class.result_type
+
+        if result_type&.has_sensitive_types?
+          remover_class = Foobara::TypeDeclarations.sensitive_value_remover_class_for_type(result_type)
+
+          remover = Namespace.use scoped_namespace do
+            transformed_result_type = result_type_from_transformers(result_type, result_transformers)
+
+            remover_class.new(transformed_result_type).tap do |r|
+              r.scoped_path = ["SensitiveValueRemover", *transformed_result_type.scoped_full_path]
+            end
+          end
+
+          result_transformers = [*result_transformers, remover]
+        end
+
         Class.new(self).tap do |klass|
           klass.command_class = command_class
           klass.command_name = command_name
@@ -67,18 +84,20 @@ module Foobara
         type
       end
 
-      def result_type
-        type = command_class.result_type
-
-        result_transformers.each do |transformer|
+      def result_type_from_transformers(result_type, transformers)
+        Util.array(transformers).each do |transformer|
           if transformer.is_a?(Class) && transformer < TypeDeclarations::TypedTransformer
-            new_type = transformer.type(type)
+            new_type = transformer.type(result_type)
 
-            type = new_type if new_type
+            result_type = new_type if new_type
           end
         end
 
-        type
+        result_type
+      end
+
+      def result_type
+        result_type_from_transformers(command_class.result_type, result_transformers)
       end
 
       def error_context_type_map

data/projects/command_connectors/src/command_connector.rb

@@ -357,7 +357,11 @@ module Foobara
       # Drive all of this off of the list of exposed commands...
       to_include = Set.new
 
-      command_registry.foobara_each do |exposed_whatever|
+      to_include << command_registry.global_organization
+      to_include << command_registry.global_domain
+
+      # ABSOLUTE lets us get all of the children but not include dependent domains (GlobalDomain)
+      command_registry.foobara_each(mode: Namespace::LookupMode::ABSOLUTE) do |exposed_whatever|
         to_include << exposed_whatever
       end
 
@@ -408,7 +412,11 @@ module Foobara
 
         category_symbol = command_registry.foobara_category_symbol_for(object)
 
-        raise "no category symbol for #{object}" unless category_symbol
+        unless category_symbol
+          # :nocov:
+          raise "no category symbol for #{object}"
+          # :nocov:
+        end
 
         namespace = if object.is_a?(Types::Type)
                       object.created_in_namespace

data/projects/command_connectors/src/command_registry/exposed_command.rb

@@ -94,26 +94,7 @@ module Foobara
         @full_command_symbol ||= Util.underscore_sym(full_command_name)
       end
 
-      def root_registry
-        parent = scoped_namespace
-        parent = parent.scoped_namespace while parent.scoped_namespace
-        parent
-      end
-
       def foobara_manifest(to_include: Set.new, remove_sensitive: true)
-        # A bit of a hack here. We don't have an exposed type class to encapsulate including exposed domains/orgs
-        # which leads to a bug when a global command is exposed that depends on a type in a non-global domain
-        # but there being no other reason to include that non-global domain.
-        transformed_command_class.types_depended_on(remove_sensitive:).select(&:registered?).each do |type|
-          full_domain_name = type.foobara_domain.scoped_full_name
-
-          unless root_registry.foobara_lookup_domain(full_domain_name)
-            exposed_domain = root_registry.build_and_register_exposed_domain(full_domain_name)
-            to_include << exposed_domain
-            to_include << exposed_domain.foobara_organization
-          end
-        end
-
         transformed_command_class.foobara_manifest(to_include:, remove_sensitive:).merge(super).merge(
           Util.remove_blank(
             scoped_category: :command,
@@ -133,13 +114,15 @@ module Foobara
             serializers,
             allowed_rule,
             requires_authentication,
-            authenticator
+            authenticator,
+            result_has_sensitive_types?
           ]
         ) && scoped_path == command_class.scoped_path
                                          command_class
                                        else
                                          Foobara::TransformedCommand.subclass(
                                            command_class,
+                                           scoped_namespace:,
                                            full_command_name:,
                                            command_name:,
                                            capture_unknown_error:,
@@ -154,6 +137,22 @@ module Foobara
                                          )
                                        end
       end
+
+      # TODO: what to do if the whole return type is sensitive? return nil?
+      def result_has_sensitive_types?
+        result_type = command_class.result_type
+
+        if result_type.nil?
+          false
+        elsif result_type.sensitive?
+          # :nocov:
+          # TODO: we should convert it to nil I suppose
+          raise "Not sure yet how to handle a sensitive result type hmmmm..."
+          # :nocov:
+        else
+          command_class.result_type.has_sensitive_types?
+        end
+      end
     end
   end
 end

data/projects/command_connectors/src/command_registry/exposed_domain.rb

@@ -1,23 +1,18 @@
 module Foobara
   class CommandRegistry
-    class ExposedDomain
-      foobara_instances_are_namespaces!
+    module ExposedDomain
+      attr_reader :unexposed_domain
 
-      include TruncatedInspect
-      include IsManifestable
-
-      attr_accessor :domain_module
-
-      def initialize(domain_module)
-        self.domain_module = domain_module
-        self.scoped_path = domain_module.scoped_path
+      def unexposed_domain=(unexposed_domain)
+        @unexposed_domain = unexposed_domain
+        self.scoped_path = unexposed_domain.scoped_path
       end
 
       # TODO: unable to address types here so it is handled as a hack higher up...
       def foobara_manifest(to_include: Set.new, remove_sensitive: true)
         to_include << foobara_organization
 
-        domain_manifest = domain_module.foobara_manifest(to_include: Set.new, remove_sensitive:)
+        domain_manifest = unexposed_domain.foobara_manifest(to_include: Set.new, remove_sensitive:)
         mode = Foobara::Namespace::LookupMode::DIRECT
         commands = foobara_all_command(mode:).map(&:foobara_manifest_reference).sort
 
@@ -25,7 +20,7 @@ module Foobara
       end
 
       def foobara_organization
-        full_org_name = domain_module.foobara_organization.scoped_full_name
+        full_org_name = unexposed_domain.foobara_organization.scoped_full_name
         root_registry.foobara_lookup_organization(full_org_name)
       end
 
@@ -36,7 +31,7 @@ module Foobara
       end
 
       def foobara_manifest_reference
-        domain_module.foobara_manifest_reference
+        unexposed_domain.foobara_manifest_reference
       end
     end
   end

data/projects/command_connectors/src/command_registry/exposed_organization.rb

@@ -1,21 +1,16 @@
 module Foobara
   class CommandRegistry
-    class ExposedOrganization
-      foobara_instances_are_namespaces!
+    module ExposedOrganization
+      attr_reader :unexposed_organization
 
-      include TruncatedInspect
-      include IsManifestable
-
-      attr_accessor :organization_module
-
-      def initialize(organization_module)
-        self.organization_module = organization_module
-        self.scoped_path = organization_module.scoped_path
+      def unexposed_organization=(unexposed_organization)
+        @unexposed_organization = unexposed_organization
+        self.scoped_path = unexposed_organization.scoped_path
       end
 
       # TODO: unable to address types here so it is handled as a hack higher up...
       def foobara_manifest(to_include: Set.new, remove_sensitive: true)
-        organization_manifest = organization_module.foobara_manifest(to_include: Set.new, remove_sensitive:)
+        organization_manifest = unexposed_organization.foobara_manifest(to_include: Set.new, remove_sensitive:)
         mode = Foobara::Namespace::LookupMode::DIRECT
         domains = foobara_all_domain(mode:).map(&:foobara_manifest_reference).sort
 
@@ -23,7 +18,7 @@ module Foobara
       end
 
       def foobara_manifest_reference
-        organization_module.foobara_manifest_reference
+        unexposed_organization.foobara_manifest_reference
       end
     end
   end

data/projects/command_connectors/src/command_registry.rb

@@ -10,7 +10,7 @@ module Foobara
       self.scoped_path = []
       self.authenticator = authenticator
 
-      customized = %i[command domain organization]
+      customized = %i[command]
 
       Namespace.global.foobara_categories.keys.reverse.each do |symbol|
         next if customized.include?(symbol)
@@ -21,8 +21,6 @@ module Foobara
       end
 
       foobara_add_category_for_instance_of(:command, ExposedCommand)
-      foobara_add_category_for_instance_of(:domain, ExposedDomain)
-      foobara_add_category_for_instance_of(:organization, ExposedOrganization)
     end
 
     def register(command_class, **)
@@ -67,7 +65,6 @@ module Foobara
     end
 
     def build_and_register_exposed_domain(domain_full_name)
-      # TODO: would be nice to not have to do this...
       domain_module = if domain_full_name.to_s == ""
                         GlobalDomain
                       else
@@ -78,7 +75,13 @@ module Foobara
       exposed_organization = foobara_lookup_organization(full_organization_name) ||
                              build_and_register_exposed_organization(full_organization_name)
 
-      exposed_domain = ExposedDomain.new(domain_module)
+      exposed_domain = Module.new
+      exposed_domain.foobara_namespace!
+      exposed_domain.foobara_domain!
+      exposed_domain.extend(ExposedDomain)
+      exposed_domain.unexposed_domain = domain_module
+
+      exposed_domain.foobara_depends_on domain_module
 
       exposed_organization.foobara_register(exposed_domain)
       exposed_domain.foobara_parent_namespace = exposed_organization
@@ -86,6 +89,17 @@ module Foobara
       exposed_domain
     end
 
+    def global_domain
+      foobara_lookup_domain("") || build_and_register_exposed_domain("")
+    end
+
+    def global_organization
+      # TODO: test this
+      # :nocov:
+      foobara_lookup_organization("") || build_and_register_exposed_organization("")
+      # :nocov:
+    end
+
     def build_and_register_exposed_organization(full_organization_name)
       org = if full_organization_name.to_s == ""
               GlobalOrganization
@@ -93,7 +107,12 @@ module Foobara
               Namespace.global.foobara_lookup_organization!(full_organization_name)
             end
 
-      exposed_organization = ExposedOrganization.new(org)
+      exposed_organization = Module.new
+      exposed_organization.foobara_namespace!
+      exposed_organization.foobara_organization!
+      exposed_organization.extend(ExposedOrganization)
+      exposed_organization.unexposed_organization = org
+
       foobara_register(exposed_organization)
       exposed_organization.foobara_parent_namespace = self
 

data/projects/command_connectors/src/serializers/aggregate_serializer.rb

@@ -7,7 +7,7 @@ module Foobara
           when Entity
             # TODO: handle polymorphism? Would require iterating over the result type not the object!
             # Is there maybe prior art for this in the associations stuff?
-            unless object.loaded?
+            unless object.loaded? || object.built?
               object.class.load(object)
             end
 

data/projects/detached_entity/lib/foobara/detached_entity.rb

@@ -9,6 +9,7 @@ module Foobara
         TypeDeclarations.register_type_declaration(handler)
 
         TypeDeclarations.register_sensitive_type_remover(SensitiveTypeRemovers::DetachedEntity.new(handler))
+        TypeDeclarations.register_sensitive_value_remover(handler, SensitiveValueRemovers::DetachedEntity)
 
         model = Namespace.global.foobara_lookup_type!(:model)
         BuiltinTypes.build_and_register!(:detached_entity, model, nil)

data/projects/detached_entity/src/sensitive_value_removers/detached_entity.rb

@@ -0,0 +1,8 @@
+module Foobara
+  class DetachedEntity < Model
+    module SensitiveValueRemovers
+      class DetachedEntity < Model::SensitiveValueRemovers::Model
+      end
+    end
+  end
+end

data/projects/entity/lib/foobara/entity.rb

@@ -11,6 +11,7 @@ module Foobara
         TypeDeclarations.register_type_declaration(handler)
 
         TypeDeclarations.register_sensitive_type_remover(SensitiveTypeRemovers::Entity.new(handler))
+        TypeDeclarations.register_sensitive_value_remover(handler, SensitiveValueRemovers::Entity)
 
         detached_entity = Namespace.global.foobara_lookup_type!(:detached_entity)
         BuiltinTypes.build_and_register!(:entity, detached_entity, nil)

data/projects/entity/src/sensitive_value_removers/entity.rb

@@ -0,0 +1,20 @@
+module Foobara
+  class Entity < DetachedEntity
+    module SensitiveValueRemovers
+      class Entity < DetachedEntity::SensitiveValueRemovers::DetachedEntity
+        def transform(record)
+          sanitized_record = super
+
+          sanitized_record.is_loaded = record.loaded?
+          sanitized_record.is_persisted = record.persisted?
+
+          sanitized_record
+        end
+
+        def build_method
+          :build
+        end
+      end
+    end
+  end
+end

data/projects/manifest/src/foobara/manifest/type_declaration.rb

@@ -3,7 +3,7 @@ require_relative "base_manifest"
 module Foobara
   module Manifest
     class TypeDeclaration < BaseManifest
-      optional_keys(:allow_nil, :one_of)
+      optional_keys(:allow_nil, :one_of, :sensitive, :sensitive_exposed)
 
       class << self
         def new(root_manifest, path)
@@ -24,6 +24,10 @@ module Foobara
         end
       end
 
+      def sensitive?
+        sensitive || sensitive_exposed
+      end
+
       # rubocop:disable Naming/MemoizedInstanceVariableName
       # TODO: create an Attribute class to encapsulate this situation
       def attribute?

data/projects/model/lib/foobara/model.rb

@@ -12,9 +12,14 @@ module Foobara
         TypeDeclarations.register_type_declaration(extended_model_handler)
 
         TypeDeclarations.register_sensitive_type_remover(SensitiveTypeRemovers::Model.new(model_handler))
+        TypeDeclarations.register_sensitive_value_remover(model_handler, SensitiveValueRemovers::Model)
         TypeDeclarations.register_sensitive_type_remover(
           SensitiveTypeRemovers::ExtendedModel.new(extended_model_handler)
         )
+        # TypeDeclarations.register_sensitive_value_remover(
+        #   extended_model_handler,
+        #   SensitiveValueRemovers::ExtendedModel
+        # )
 
         atomic_duck = Namespace.global.foobara_lookup_type!(:atomic_duck)
         BuiltinTypes.build_and_register!(:model, atomic_duck, nil)

data/projects/model/src/extensions/type_declarations/handlers/extend_model_type_declaration/model_class_desugarizer.rb

@@ -79,6 +79,10 @@ module Foobara
               strictish_type_declaration[:name] = strictish_type_declaration[:name].to_s
             end
 
+            if strictish_type_declaration[:model_module].nil?
+              strictish_type_declaration.delete(:model_module)
+            end
+
             strictish_type_declaration[:model_class] ||= [
               *strictish_type_declaration[:model_module],
               strictish_type_declaration[:name]

data/projects/model/src/extensions/type_declarations/handlers/extend_model_type_declaration/to_type_transformer.rb

@@ -3,23 +3,46 @@ module Foobara
     module Handlers
       class ExtendModelTypeDeclaration < ExtendRegisteredTypeDeclaration
         class ToTypeTransformer < ExtendRegisteredTypeDeclaration::ToTypeTransformer
+          def existing_class_from_same_namespace_root(model_class_name)
+            if Object.const_defined?(model_class_name) && Object.const_get(model_class_name).is_a?(::Class)
+              existing_class = Object.const_get(model_class_name)
+
+              # If we are operating in some other namespace tree then we don't want to use the non-anonymous class
+              if Domain.current == GlobalDomain || Domain.current.foobara_root_namespace == Foobara::Namespace.global
+                return existing_class
+              end
+
+              model_type = existing_class.model_type
+
+              if model_type
+                if model_type.foobara_root_namespace == Foobara::Namespace.current.foobara_root_namespace
+                  # TODO: test this code path
+                  # :nocov:
+                  existing_class
+                  # :nocov:
+                end
+              end
+            end
+          end
+
           # TODO: make declaration validator for model_class and model_base_class
           def target_classes(strict_type_declaration)
             model_class_name = strict_type_declaration[:model_class]
 
-            if Object.const_defined?(model_class_name) && Object.const_get(model_class_name).is_a?(::Class)
-              Object.const_get(model_class_name)
-            else
-              base_class_name = strict_type_declaration[:model_base_class]
+            existing_class = existing_class_from_same_namespace_root(model_class_name)
 
-              base_class = if Object.const_defined?(base_class_name)
-                             Object.const_get(base_class_name)
-                           else
-                             foobara_domain.foobara_lookup_type!(base_class_name).target_class
-                           end
-
-              base_class.subclass(name: model_class_name)
+            if existing_class
+              return existing_class
             end
+
+            base_class_name = strict_type_declaration[:model_base_class]
+
+            base_class = existing_class_from_same_namespace_root(base_class_name)
+            base_class ||= lookup_type(base_class_name)&.target_class
+            # If we make it here, it's a real base class like Foobara::Entity
+            base_class ||= Object.const_get(base_class_name)
+
+            base_class.subclass(name: model_class_name)
           end
 
           # TODO: must explode if name missing...
@@ -52,7 +75,15 @@ module Foobara
                   # :nocov:
                 else
                   model_class.model_type = type
+
+                  # this is a fairly complex way of making sure that we are getting the domain from the
+                  # current namespace tree which might not be the case if we're in a command connector
+                  # namespace
                   domain = model_class.domain
+                  domain_name = domain.scoped_full_name
+                  root_namespace = Namespace.current.foobara_root_namespace
+                  domain = root_namespace.foobara_lookup_domain(domain_name)
+
                   type.type_symbol = type.declaration_data[:name]
                   model_class.description type.declaration_data[:description]
                   domain.foobara_register_model(model_class)

data/projects/model/src/sensitive_value_removers/model.rb

@@ -0,0 +1,23 @@
+module Foobara
+  class Model
+    module SensitiveValueRemovers
+      class Model < TypeDeclarations::RemoveSensitiveValuesTransformer
+        def transform(record)
+          attributes_type = from_type.element_types
+
+          sanitized_attributes, changed = sanitize_value(attributes_type, record.attributes)
+
+          if changed
+            type.target_class.send(build_method, sanitized_attributes)
+          else
+            record
+          end
+        end
+
+        def build_method
+          :new
+        end
+      end
+    end
+  end
+end

data/projects/namespace/src/is_namespace.rb

@@ -214,14 +214,16 @@ module Foobara
 
         return if mode == Namespace::LookupMode::DIRECT
 
-        if mode == Namespace::LookupMode::GENERAL
+        if [Namespace::LookupMode::GENERAL, Namespace::LookupMode::ABSOLUTE].include?(mode)
           foobara_children.each do |child|
             child.foobara_each(filter:, mode:, &)
           end
         end
 
-        foobara_depends_on_namespaces.each do |dependent|
-          dependent.foobara_each(filter:, mode:, &)
+        if mode == Namespace::LookupMode::GENERAL
+          foobara_depends_on_namespaces.each do |dependent|
+            dependent.foobara_each(filter:, mode:, &)
+          end
         end
       end
 

data/projects/persistence/src/entity_base/transaction.rb

@@ -111,7 +111,7 @@ module Foobara
           to_load = Set.new
 
           to_load_records.group_by(&:class).each_pair do |entity_class, records|
-            unloaded = records.reject(&:loaded?)
+            unloaded = records.select { |record| record.persisted? && !record.loaded? }
             entity_class.current_transaction_table.load_many(unloaded)
 
             associations = entity_class.associations

data/projects/type_declarations/lib/foobara/type_declarations.rb

@@ -70,7 +70,9 @@ module Foobara
         @sensitive_type_removers = nil
 
         register_sensitive_type_remover(SensitiveTypeRemovers::Attributes.new(attributes_handler))
+        register_sensitive_value_remover(attributes_handler, SensitiveValueRemovers::Attributes)
         register_sensitive_type_remover(SensitiveTypeRemovers::Array.new(array_handler))
+        register_sensitive_value_remover(array_handler, SensitiveValueRemovers::Array)
       end
 
       def install!

data/projects/type_declarations/src/remove_sensitive_values_transformer.rb

@@ -0,0 +1,45 @@
+require_relative "typed_transformer"
+
+module Foobara
+  module TypeDeclarations
+    class RemoveSensitiveValuesTransformer < TypedTransformer
+      class << self
+        def type_declaration(type_declaration)
+          if type_declaration.is_a?(Types::Type)
+            type_declaration = type_declaration.declaration_data
+          end
+
+          TypeDeclarations.remove_sensitive_types(type_declaration)
+        end
+      end
+
+      attr_accessor :namespace
+
+      def initialize(...)
+        super
+
+        self.namespace = Namespace.current
+
+        type
+      end
+
+      def transform(_value)
+        # :nocov:
+        raise "subclass responsibility"
+        # :nocov:
+      end
+
+      def sanitize_value(type, value)
+        if type.has_sensitive_types?
+          remover_class = TypeDeclarations.sensitive_value_remover_class_for_type(type)
+          remover = Namespace.use(namespace) { remover_class.new(type) }
+          sanitized_value = remover.process_value!(value)
+
+          [sanitized_value, sanitized_value != value]
+        else
+          [value, false]
+        end
+      end
+    end
+  end
+end

data/projects/type_declarations/src/sensitive_value_removers/array.rb

@@ -0,0 +1,30 @@
+module Foobara
+  module TypeDeclarations
+    module SensitiveValueRemovers
+      class Array < RemoveSensitiveValuesTransformer
+        def transform(array)
+          element_type = from_type.element_type
+
+          changed = false
+
+          sanitized_array = array.map do |element|
+            sanitized_value, changed2 = sanitize_value(element_type, element)
+
+            if changed2
+              changed = true
+              sanitized_value
+            else
+              element
+            end
+          end
+
+          if changed
+            sanitized_array
+          else
+            array
+          end
+        end
+      end
+    end
+  end
+end

data/projects/type_declarations/src/sensitive_value_removers/attributes.rb

@@ -0,0 +1,35 @@
+require_relative "../remove_sensitive_values_transformer"
+
+module Foobara
+  module TypeDeclarations
+    module SensitiveValueRemovers
+      class Attributes < RemoveSensitiveValuesTransformer
+        def transform(attributes)
+          element_types = from_type.element_types
+
+          sanitized_attributes = {}
+          changed = false
+
+          attributes.each_pair do |attribute_name, value|
+            element_type = element_types[attribute_name]
+
+            if element_type.sensitive?
+              changed = true
+              next
+            else
+              value, changed2 = sanitize_value(element_type, value)
+              changed ||= changed2
+              sanitized_attributes[attribute_name] = value
+            end
+          end
+
+          if changed
+            sanitized_attributes
+          else
+            attributes
+          end
+        end
+      end
+    end
+  end
+end

data/projects/type_declarations/src/type_declarations.rb

@@ -38,6 +38,28 @@ module Foobara
         end
       end
 
+      # TODO: since these are dealing with values instead of declarations maybe this should live somewhere else?
+      def register_sensitive_value_remover(handler, sensitive_value_remover)
+        sensitive_value_removers[handler.class.name] = sensitive_value_remover
+      end
+
+      def sensitive_value_removers
+        @sensitive_value_removers ||= {}
+      end
+
+      def sensitive_value_remover_class_for_type(type)
+        handler = GlobalDomain.foobara_type_builder.type_declaration_handler_for(type.declaration_data)
+        remover_class = sensitive_value_removers[handler.class.name]
+
+        unless remover_class
+          # :nocov:
+          raise "No sensitive value remover found for #{type.declaration_data}"
+          # :nocov:
+        end
+
+        remover_class
+      end
+
       def strict(&)
         using_mode(Mode::STRICT, &)
       end

data/projects/type_declarations/src/with_registries.rb

@@ -20,6 +20,10 @@ module Foobara
           Foobara::Namespace.current.foobara_lookup_type!(...)
         end
 
+        def lookup_type(...)
+          Foobara::Namespace.current.foobara_lookup_type(...)
+        end
+
         def type_registered?(...)
           Foobara::Namespace.current.foobara_type_registered?(...)
         end
@@ -31,6 +35,7 @@ module Foobara
 
       foobara_delegate :type_for_declaration,
                        :type_declaration_handler_for,
+                       :lookup_type,
                        :lookup_type!,
                        :lookup_absolute_type!,
                        :type_registered?,

data/projects/types/src/type.rb

@@ -83,6 +83,24 @@ module Foobara
         sensitive_exposed
       end
 
+      def has_sensitive_types?
+        return true if sensitive?
+
+        if element_type
+          return true if element_type.has_sensitive_types?
+        end
+
+        if element_types
+          types = if element_types.is_a?(::Hash)
+                    element_types.values
+                  else
+                    [*element_types]
+                  end
+
+          types.any?(&:has_sensitive_types?)
+        end
+      end
+
       def apply_all_processors_needing_type!
         each_processor_class_requiring_type do |processor_class|
           # TODO: is this a smell?

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: foobara
 version: !ruby/object:Gem::Version
-  version: 0.0.82
+  version: 0.0.85
 platform: ruby
 authors:
 - Miles Georgi
 bindir: bin
 cert_chain: []
-date: 2025-03-21 00:00:00.000000000 Z
+date: 2025-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bigdecimal
@@ -226,6 +226,7 @@ files:
 - projects/detached_entity/src/extensions/type_declarations/handlers/extend_detached_entity_type_declaration/validate_primary_key_present.rb
 - projects/detached_entity/src/extensions/type_declarations/handlers/extend_detached_entity_type_declaration/validate_primary_key_references_attribute.rb
 - projects/detached_entity/src/sensitive_type_removers/detached_entity.rb
+- projects/detached_entity/src/sensitive_value_removers/detached_entity.rb
 - projects/domain/lib/foobara/domain.rb
 - projects/domain/src/domain.rb
 - projects/domain/src/domain_module_extension.rb
@@ -266,6 +267,7 @@ files:
 - projects/entity/src/new_prepend.rb
 - projects/entity/src/not_found_error.rb
 - projects/entity/src/sensitive_type_removers/entity.rb
+- projects/entity/src/sensitive_value_removers/entity.rb
 - projects/enumerated/lib/foobara/enumerated.rb
 - projects/enumerated/src/accessors.rb
 - projects/enumerated/src/enumerated.rb
@@ -316,6 +318,7 @@ files:
 - projects/model/src/model.rb
 - projects/model/src/sensitive_type_removers/extended_model.rb
 - projects/model/src/sensitive_type_removers/model.rb
+- projects/model/src/sensitive_value_removers/model.rb
 - projects/model_attribute_helpers/lib/foobara/model_attribute_helpers.rb
 - projects/model_attribute_helpers/src/attribute_helper_aliases.rb
 - projects/model_attribute_helpers/src/attribute_helpers.rb
@@ -387,9 +390,12 @@ files:
 - projects/type_declarations/src/handlers/registered_type_declaration/to_type_transformer.rb
 - projects/type_declarations/src/handlers/registered_type_declaration/type_desugarizer.rb
 - projects/type_declarations/src/processor.rb
+- projects/type_declarations/src/remove_sensitive_values_transformer.rb
 - projects/type_declarations/src/sensitive_type_remover.rb
 - projects/type_declarations/src/sensitive_type_removers/array.rb
 - projects/type_declarations/src/sensitive_type_removers/attributes.rb
+- projects/type_declarations/src/sensitive_value_removers/array.rb
+- projects/type_declarations/src/sensitive_value_removers/attributes.rb
 - projects/type_declarations/src/to_type_transformer.rb
 - projects/type_declarations/src/transformer.rb
 - projects/type_declarations/src/type_builder.rb