frame_payments 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 390427c524406aa69715b0bb8edae7e13ff8a07b0744cfee4904a3ed26ab121c
+  data.tar.gz: 5d22279caa8be8244554acbca9bba373018fbfcf7d8c581fa06c77970f474b64
+SHA512:
+  metadata.gz: 8d0e7eebd1b8809c134df770e8e6b5b9636fb13af58cdf68c4b37f2e5ddb82b675bfc6bfed3fe0a20f14f5260eeacee2d803ff8a1d8c8c3257add979d895bf81
+  data.tar.gz: 6279b04d112c2ac4ff7b2fa85f9007008f646907e7d07297431a3ea5210844305cb82cc6835ca1f98aa41c7376a26c17191ef040e5c31ff60a82fa7dbf0d7b7f

data/.standard.yml

@@ -0,0 +1,3 @@
+# For available configuration options, see:
+#   https://github.com/standardrb/standard
+ruby_version: 3.1

data/CHANGELOG.md

@@ -0,0 +1,48 @@
+## [Unreleased]
+
+## [0.1.0] - 2025-03-11
+
+### Added
+
+#### Core Features
+- Complete Ruby SDK for Frame Payments API
+- Thread-safe client initialization
+- Comprehensive error handling with specific error types
+- SSL certificate verification (enabled by default)
+- API key validation
+- Configurable timeouts and connection settings
+- Optional request/response logging with sensitive data redaction
+
+#### API Resources
+- **Customers**: Create, retrieve, update, delete, list, search, block, and unblock customers
+- **Charge Intents**: Create, retrieve, update, list, authorize, capture, and cancel charge intents
+- **Payment Methods**: Create, retrieve, update, delete, list, attach, and detach payment methods
+- **Refunds**: Create, retrieve, list, and cancel refunds
+- **Invoices**: Create, retrieve, update, delete, list, finalize, pay, and void invoices
+- **Invoice Line Items**: Create, retrieve, update, delete, and list invoice line items
+- **Subscriptions**: Create, retrieve, update, delete, list, cancel, pause, and resume subscriptions
+- **Subscription Phases**: Create, retrieve, update, delete, and list subscription phases
+- **Products**: Create, retrieve, update, delete, and list products
+- **Product Phases**: Create, retrieve, update, delete, and list product phases
+- **Webhook Endpoints**: Create, retrieve, update, delete, list, enable, and disable webhook endpoints
+- **Customer Identity Verifications**: Create, retrieve, list, and verify customer identity verifications
+
+#### Features
+- Dynamic attribute access for all API response fields
+- Automatic object type conversion from API responses
+- Pagination support for list endpoints
+- Comprehensive test suite with 100+ tests
+- Full documentation with examples for all resources
+- Error handling with detailed error information
+
+### Security
+- SSL certificate verification enabled by default
+- API key validation before requests
+- Sensitive data redaction in logs (API keys, card numbers, etc.)
+- Secure handling of authentication headers
+
+### Documentation
+- Complete README with usage examples for all resources
+- YARD-style documentation comments
+- Error handling examples
+- Configuration examples

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Sean Winner
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/PRODUCTION_READINESS.md

@@ -0,0 +1,148 @@
+# Production Readiness Review
+
+## ✅ What's Ready
+
+1. **Core Functionality**: All API resources implemented and tested
+2. **Test Coverage**: 100 tests, 342 assertions, all passing
+3. **Documentation**: Comprehensive README with examples for all resources
+4. **Code Organization**: Clean structure with good separation of concerns
+5. **Error Handling**: Comprehensive error types and handling
+6. **Dependencies**: Minimal, production-ready dependencies
+
+## 🔴 Critical Issues (Must Fix Before Release)
+
+### 1. SSL Verification Not Applied (SECURITY ISSUE)
+**Location**: `lib/frame/frame_client.rb:50-59`
+
+**Issue**: The `verify_ssl_certs` configuration is stored but never actually applied to the Faraday connection.
+
+**Fix Required**:
+```ruby
+def create_connection
+  Faraday.new(url: @config[:api_base]) do |faraday|
+    faraday.request :json
+    faraday.response :json, content_type: /\bjson$/
+    faraday.adapter Faraday.default_adapter
+    
+    # Apply SSL verification setting
+    faraday.ssl.verify = @config[:verify_ssl_certs]
+    
+    faraday.options.timeout = @config[:read_timeout]
+    faraday.options.open_timeout = @config[:open_timeout]
+  end
+end
+```
+
+## ⚠️ Important Issues (Should Fix)
+
+### 2. Missing API Key Validation
+**Issue**: No validation that API key is set before making requests.
+
+**Recommendation**: Add validation in `FrameClient#execute_request`:
+```ruby
+def execute_request(method, path, params, opts)
+  unless @config[:api_key]
+    raise AuthenticationError.new("API key is required. Set Frame.api_key before making requests.")
+  end
+  # ... rest of method
+end
+```
+
+### 3. Logging Not Implemented
+**Issue**: `log_level` and `logger` are in configuration but never used.
+
+**Recommendation**: Either implement logging or remove from configuration. If implementing:
+- Log requests/responses at appropriate levels
+- Never log sensitive data (API keys, card numbers, etc.)
+- Make it optional and off by default
+
+### 4. Missing 5xx Error Handling
+**Issue**: Only handles 400, 401, 404, 429 explicitly. 500+ errors might not be handled optimally.
+
+**Recommendation**: Ensure all error cases are covered, possibly with retry logic documentation.
+
+### 5. Thread Safety
+**Issue**: `default_client` uses class variable `@default_client` which might not be thread-safe.
+
+**Recommendation**: Use `Mutex` or ensure thread-safety for default client initialization.
+
+## 📋 Nice-to-Have Improvements
+
+### 6. Gemspec Metadata
+- ✅ Homepage set
+- ✅ Source code URI set
+- ✅ Changelog URI set
+- ❌ Missing: Issue tracker URI
+- ❌ Missing: Documentation URI (if separate from homepage)
+
+### 7. CHANGELOG
+- Current version is 0.1.0 with "Initial release"
+- Should be updated with all the resources and features added
+
+### 8. Version Number
+- Currently 0.1.0
+- Consider if this should be 0.1.0 (initial release) or higher given the feature set
+
+### 9. README Improvements
+- ✅ Comprehensive examples
+- ✅ Error handling examples
+- ❌ Could add: Installation troubleshooting
+- ❌ Could add: Migration guide (if applicable)
+- ❌ Could add: Common patterns/recipes
+
+### 10. API Key Security
+- ✅ API keys stored in memory (good)
+- ⚠️ Consider: Warning in documentation about not committing API keys
+- ⚠️ Consider: Support for environment variables out of the box
+
+### 11. Response Parsing Edge Cases
+- Handle malformed JSON responses gracefully
+- Handle empty responses
+- Handle non-JSON responses (API might return HTML error pages)
+
+### 12. Rate Limiting
+- RateLimitError is defined but no automatic retry
+- Consider: Exponential backoff utility
+- Consider: Retry configuration
+
+## 🔍 Additional Recommendations
+
+1. **Add integration tests**: Current tests are unit tests with mocked responses. Consider adding optional integration tests against a sandbox.
+
+2. **Add request ID tracking**: Frame API might return request IDs that should be included in errors for support.
+
+3. **Add request/response logging**: Optional detailed logging for debugging (with sensitive data redaction).
+
+4. **Add webhook signature verification**: If Frame provides webhook signatures, add verification utility.
+
+5. **Document thread safety**: Document whether SDK is thread-safe and any limitations.
+
+6. **Add connection pooling**: Consider connection pooling for high-throughput scenarios.
+
+7. **Add telemetry**: Optional telemetry for SDK usage (with opt-in).
+
+## ✅ Recommended Pre-Release Checklist
+
+- [ ] Fix SSL verification (CRITICAL)
+- [ ] Add API key validation
+- [ ] Implement or remove logging
+- [ ] Update CHANGELOG with all features
+- [ ] Review and test all error paths
+- [ ] Test with actual Frame API (sandbox)
+- [ ] Review gemspec metadata
+- [ ] Consider version number (0.1.0 vs higher)
+- [ ] Add security best practices to README
+- [ ] Review thread safety
+- [ ] Test in production-like environment
+
+## 🚀 Deployment Recommendation
+
+**Do NOT deploy yet** - Fix the SSL verification issue first (CRITICAL security concern).
+
+After fixing SSL verification and addressing the "Important Issues", the SDK will be ready for a **beta release (0.1.0)**.
+
+For a **production release (1.0.0)**, also address:
+- Thread safety concerns
+- Logging implementation or removal
+- Comprehensive error handling review
+- Integration testing with real API