iriq 0.2.0 → 0.30.2

data/lib/iriq/recognizers/integer.rb

@@ -0,0 +1,37 @@
+module Iriq
+  module Recognizers
+    # Base-10 integer. Also returns :timestamp for plausible UNIX seconds /
+    # millis ranges, and :date for plausible YYYYMMDD compact dates — these
+    # share the digit-only lexical shape, and we want the most specific type.
+    class Integer < Recognizer
+      PATTERN              = /\A\d+\z/.freeze
+      COMPACT_DATE_PATTERN = /\A\d{8}\z/.freeze
+      TS_SECONDS_RANGE     = 1_000_000_000..9_999_999_999
+      TS_MILLIS_RANGE      = 1_000_000_000_000..9_999_999_999_999
+
+      def try(segment)
+        first  = segment.getbyte(0)
+        digit0 = first && first >= 0x30 && first <= 0x39
+        return nil unless digit0 && PATTERN.match?(segment)
+
+        n = segment.to_i
+        if TS_MILLIS_RANGE.cover?(n) || TS_SECONDS_RANGE.cover?(n)
+          return { type: :timestamp, confidence: 1.0, specificity: Specificity::BOUNDED }
+        end
+
+        if COMPACT_DATE_PATTERN.match?(segment)
+          y = segment[0, 4].to_i
+          m = segment[4, 2].to_i
+          d = segment[6, 2].to_i
+          if y.between?(1900, 2100) && m.between?(1, 12) && d.between?(1, 31)
+            return { type: :date, confidence: 1.0, specificity: Specificity::STRUCTURED }
+          end
+        end
+
+        { type: :integer, confidence: 1.0, specificity: Specificity::TYPED }
+      end
+    end
+
+    INTEGER = Integer.new
+  end
+end

data/lib/iriq/recognizers/uuid.rb

@@ -0,0 +1,16 @@
+module Iriq
+  module Recognizers
+    # RFC 4122 UUID. Shape-only — does not validate version/variant bits.
+    class Uuid < Recognizer
+      PATTERN = /\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/.freeze
+
+      def try(segment)
+        return nil unless segment.size == 36 && segment.include?("-") && PATTERN.match?(segment)
+
+        { type: :uuid, confidence: 1.0, specificity: Specificity::SEMANTIC }
+      end
+    end
+
+    UUID = Uuid.new
+  end
+end

data/lib/iriq/reducer.rb

@@ -0,0 +1,37 @@
+module Iriq
+  # Reducers consume the Event stream emitted by Corpus#observe and update
+  # the storage backend's materialized views. Each Reducer is a callable
+  # that takes (event, storage) and applies the appropriate storage
+  # operation; non-applicable events are no-ops via the EVENT_TYPES gate.
+  #
+  # Adding a new metric is: define a new Event subtype, write a Reducer that
+  # handles it, register it in DEFAULTS — no other module changes.
+  module Reducer
+    # Each entry: { event_class => [lambda(event, storage) -> result] }.
+    # Lambdas may return the result of the underlying storage call so
+    # callers (Corpus#observe) can pick up the cluster they need to return.
+    DEFAULTS = {
+      Event::HostSeen        => [->(e, s) { s.increment_host(e.host) }],
+      Event::PathLengthSeen  => [->(e, s) { s.increment_path_length(e.length) }],
+      Event::RawShapeSeen    => [->(e, s) { s.increment_raw_shape(e.shape) }],
+      Event::FingerprintSeen => [->(e, s) { s.increment_fingerprint(e.shape) }],
+      Event::PositionSeen    => [->(e, s) { s.observe_position(e.position, e.value, e.type) }],
+      Event::ClusterAddition => [->(e, s) { s.add_to_cluster(e.key, e.host, e.scheme, e.shape, e.identifier) }],
+    }.freeze
+
+    module_function
+
+    # Apply the event to the storage via all Reducers registered for its
+    # type. Returns the last non-nil reducer result — used by Corpus#observe
+    # to pick up the Cluster created/updated by Event::ClusterAddition.
+    def apply(event, storage, reducers: DEFAULTS)
+      results = reducers.fetch(event.class, [])
+      result  = nil
+      results.each do |r|
+        rv = r.call(event, storage)
+        result = rv unless rv.nil?
+      end
+      result
+    end
+  end
+end

data/lib/iriq/registrable_domain.rb

@@ -0,0 +1,56 @@
+module Iriq
+  # Heuristic registrable-domain extractor. Strips subdomains so that
+  # api.foo.com and app.foo.com both resolve to foo.com.
+  #
+  # Uses an inline allowlist of the ~50 most common multi-label public
+  # suffixes (.co.uk, .com.au, .gov.uk, etc.) — covers the long tail of
+  # real-world traffic without the ~3 MB cost of bundling the full Public
+  # Suffix List. Niche multi-label TLDs (.priv.no, .tas.gov.au, etc.) will
+  # be over-stripped; install the `public_suffix` gem and wire it in if
+  # accuracy on those matters for your workload.
+  module RegistrableDomain
+    # rubocop:disable Layout/LineLength
+    TWO_LABEL_SUFFIXES = %w[
+      co.uk org.uk gov.uk ac.uk net.uk me.uk ltd.uk plc.uk sch.uk
+      co.jp ac.jp or.jp ne.jp go.jp gr.jp ed.jp lg.jp
+      com.au net.au org.au edu.au gov.au asn.au id.au
+      co.nz net.nz org.nz govt.nz ac.nz school.nz
+      com.br net.br org.br gov.br edu.br
+      com.cn net.cn org.cn gov.cn edu.cn ac.cn
+      co.za net.za org.za gov.za ac.za
+      co.kr ne.kr or.kr re.kr go.kr ac.kr
+      co.in net.in org.in gov.in ac.in
+      co.il net.il org.il gov.il ac.il muni.il
+      com.mx net.mx org.mx gob.mx edu.mx
+      com.ar net.ar org.ar gov.ar
+      com.hk net.hk org.hk gov.hk edu.hk
+      com.tw net.tw org.tw gov.tw edu.tw
+      com.sg net.sg org.sg gov.sg edu.sg per.sg
+      com.tr net.tr org.tr gov.tr edu.tr k12.tr
+    ].to_set.freeze
+    # rubocop:enable Layout/LineLength
+
+    IP_V4_RE = /\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/.freeze
+
+    module_function
+
+    # Given an authority (hostname, no port), return the registrable
+    # domain. Returns the input unchanged for IP literals, single-label
+    # hosts (`localhost`), and hosts that already match a 2-label apex.
+    def for(host)
+      return host if host.nil? || host.empty?
+      return host if IP_V4_RE.match?(host)
+
+      labels = host.split(".")
+      return host if labels.size <= 2
+
+      tail_two = labels.last(2).join(".")
+      if TWO_LABEL_SUFFIXES.include?(tail_two)
+        # Multi-label public suffix — keep last 3 labels (`foo.co.uk`).
+        labels.last(3).join(".")
+      else
+        labels.last(2).join(".")
+      end
+    end
+  end
+end