orfeas_lyra 0.6.0

data/app/workflows/es_async_mode_workflow.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+# Auto-generated by Lyra::Verification::WorkflowGenerator
+# Generated at: 2026-01-04 17:33:03 UTC
+# Updated: Fork pattern for true async parallelism
+
+# Event Sourcing Async Mode Workflow
+# Full event sourcing with asynchronous (non-blocking) projection
+#
+# Uses Petri net FORK pattern to model true parallelism:
+# After events are stored, a single fork transition places tokens in
+# BOTH response_returned AND job_processing simultaneously.
+# This correctly models async behavior where:
+# 1. Response returns immediately to caller (non-blocking)
+# 2. Background worker processes projection independently
+class EsAsyncModeWorkflow < PetriFlow::Workflow
+  workflow_name "Event Sourcing Async Mode Workflow"
+
+  places :idle, :command_received, :aggregate_loading, :aggregate_loaded,
+         :command_applying, :events_generated, :events_storing, :events_stored,
+         :response_returned, :job_processing, :projecting_async, :projection_complete
+  initial_place :idle
+  terminal_places :response_returned, :projection_complete
+
+  # Command processing flow (sequential)
+  transition :receive_command,
+             from: :idle,
+             to: :command_received,
+             trigger: "CommandHandler receives command"
+
+  transition :load_aggregate,
+             from: :command_received,
+             to: :aggregate_loading,
+             trigger: "Load aggregate from event stream"
+
+  transition :aggregate_ready,
+             from: :aggregate_loading,
+             to: :aggregate_loaded,
+             trigger: "Aggregate hydrated from events"
+
+  transition :apply_command,
+             from: :aggregate_loaded,
+             to: :command_applying,
+             trigger: "Aggregate.apply(command)"
+
+  transition :generate_events,
+             from: :command_applying,
+             to: :events_generated,
+             trigger: "Domain events created"
+
+  transition :store_events,
+             from: :events_generated,
+             to: :events_storing,
+             trigger: "EventStore.append_to_stream"
+
+  transition :events_persisted,
+             from: :events_storing,
+             to: :events_stored,
+             trigger: "Events committed to store"
+
+  # FORK: Parallel split - one transition produces tokens in TWO places
+  # This models the async behavior where both happen simultaneously:
+  # - Response returns immediately to caller
+  # - Background job is enqueued for processing
+  transition :async_fork,
+             from: :events_stored,
+             to: [:response_returned, :job_processing],
+             trigger: "Enqueue job & return response (parallel)"
+
+  # Background projection flow (runs independently after fork)
+  transition :project_async,
+             from: :job_processing,
+             to: :projecting_async,
+             trigger: "ModelProjection.apply (async)"
+
+  transition :async_complete,
+             from: :projecting_async,
+             to: :projection_complete,
+             trigger: "Read model eventually consistent"
+
+end

data/app/workflows/es_sync_mode_workflow.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+# Auto-generated by Lyra::Verification::WorkflowGenerator
+# Generated at: 2026-01-04 17:33:03 UTC
+
+# Event Sourcing Sync Mode Workflow
+# Full event sourcing with synchronous (blocking) projection
+class EsSyncModeWorkflow < PetriFlow::Workflow
+  workflow_name "Event Sourcing Sync Mode Workflow"
+
+  places :idle, :command_received, :aggregate_loading, :aggregate_loaded, :command_applying, :events_generated, :events_storing, :events_stored, :projecting_sync, :projection_complete, :completed
+  initial_place :idle
+  terminal_places :completed
+
+  transition :receive_command,
+             from: :idle,
+             to: :command_received,
+             trigger: "CommandHandler receives command"
+
+  transition :load_aggregate,
+             from: :command_received,
+             to: :aggregate_loading,
+             trigger: "Load aggregate from event stream"
+
+  transition :aggregate_ready,
+             from: :aggregate_loading,
+             to: :aggregate_loaded,
+             trigger: "Aggregate hydrated from events"
+
+  transition :apply_command,
+             from: :aggregate_loaded,
+             to: :command_applying,
+             trigger: "Aggregate.apply(command)"
+
+  transition :generate_events,
+             from: :command_applying,
+             to: :events_generated,
+             trigger: "Domain events created"
+
+  transition :store_events,
+             from: :events_generated,
+             to: :events_storing,
+             trigger: "EventStore.append_to_stream"
+
+  transition :events_persisted,
+             from: :events_storing,
+             to: :events_stored,
+             trigger: "Events committed to store"
+
+  transition :project_sync,
+             from: :events_stored,
+             to: :projecting_sync,
+             trigger: "ModelProjection.apply (synchronous)"
+
+  transition :sync_complete,
+             from: :projecting_sync,
+             to: :projection_complete,
+             trigger: "Read model updated"
+
+  transition :finalize,
+             from: :projection_complete,
+             to: :completed,
+             trigger: "Response returned to caller"
+
+end

data/app/workflows/hijack_mode_workflow.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+# Auto-generated by Lyra::Verification::WorkflowGenerator
+# Generated at: 2026-01-04 17:33:03 UTC
+
+# Hijack Mode Workflow
+# Intercepts CRUD operations and converts to event sourcing
+class HijackModeWorkflow < PetriFlow::Workflow
+  workflow_name "Hijack Mode Workflow"
+
+  places :idle, :crud_intercepted, :command_created, :command_validating, :command_valid, :event_created, :event_stored, :projecting, :completed
+  initial_place :idle
+  terminal_places :completed
+
+  transition :intercept_crud,
+             from: :idle,
+             to: :crud_intercepted,
+             trigger: "before_* callback intercepts operation"
+
+  transition :create_command,
+             from: :crud_intercepted,
+             to: :command_created,
+             trigger: "Convert CRUD to Lyra::Command"
+
+  transition :validate_command,
+             from: :command_created,
+             to: :command_validating,
+             trigger: "CommandHandler.validate"
+
+  transition :command_passes,
+             from: :command_validating,
+             to: :command_valid,
+             trigger: "Validation passes"
+
+  transition :emit_event,
+             from: :command_valid,
+             to: :event_created,
+             trigger: "CommandHandler.execute creates event"
+
+  transition :store_event,
+             from: :event_created,
+             to: :event_stored,
+             trigger: "RailsEventStore.publish"
+
+  transition :project_state,
+             from: :event_stored,
+             to: :projecting,
+             trigger: "Projection.apply(event)"
+
+  transition :projection_complete,
+             from: :projecting,
+             to: :completed,
+             trigger: "Model state updated from event"
+
+end

data/app/workflows/lifecycle_workflow.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+# Auto-generated by Lyra::Verification::WorkflowGenerator
+# Generated at: 2026-01-04 17:33:03 UTC
+
+# CRUD Entity Lifecycle (Generated)
+class LifecycleWorkflow < PetriFlow::Workflow
+  workflow_name "CRUD Entity Lifecycle (Generated)"
+
+  places :nonexistent, :created, :persisted, :updated, :destroyed, :deleted
+  initial_place :nonexistent
+  terminal_places :deleted
+
+  transition :create,
+             from: :nonexistent,
+             to: :created,
+             trigger: "after_create"
+
+  transition :emit_created_event,
+             from: :created,
+             to: :persisted,
+             trigger: "publish Created event"
+
+  transition :update,
+             from: :persisted,
+             to: :updated,
+             trigger: "after_update"
+
+  transition :emit_updated_event,
+             from: :updated,
+             to: :persisted,
+             trigger: "publish Updated event"
+
+  transition :destroy,
+             from: :persisted,
+             to: :destroyed,
+             trigger: "after_destroy"
+
+  transition :emit_destroyed_event,
+             from: :destroyed,
+             to: :deleted,
+             trigger: "publish Destroyed event"
+
+end

data/app/workflows/monitor_mode_workflow.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+# Auto-generated by Lyra::Verification::WorkflowGenerator
+# Generated at: 2026-01-04 17:33:03 UTC
+
+# Monitor Mode Workflow
+# Passively observes CRUD operations without modification
+class MonitorModeWorkflow < PetriFlow::Workflow
+  workflow_name "Monitor Mode Workflow"
+
+  places :idle, :crud_executing, :crud_completed, :event_building, :event_publishing, :completed
+  initial_place :idle
+  terminal_places :completed
+
+  transition :receive_crud,
+             from: :idle,
+             to: :crud_executing,
+             trigger: "ActiveRecord callback triggered"
+
+  transition :crud_success,
+             from: :crud_executing,
+             to: :crud_completed,
+             trigger: "CRUD operation completes successfully"
+
+  transition :build_event,
+             from: :crud_completed,
+             to: :event_building,
+             trigger: "Extract changes from model"
+
+  transition :publish_event,
+             from: :event_building,
+             to: :event_publishing,
+             trigger: "Lyra::Event.publish"
+
+  transition :store_event,
+             from: :event_publishing,
+             to: :completed,
+             trigger: "RailsEventStore.publish"
+
+end

data/config/privacy_policies.rb

@@ -0,0 +1,273 @@
+# Privacy Policies Configuration for Lyra
+# This file defines privacy policies using PAM DSL
+
+# University System Privacy Policy
+PamDsl.define_policy :university_system do
+  meta :version, "1.0.0"
+  meta :effective_date, "2025-01-01"
+  meta :organization, "University Payment System"
+
+  # Define PII fields
+  field :email, type: :email, sensitivity: :internal do
+    allow_for :authentication, :communication, :enrollment, :payment_processing
+    transform :display do |value|
+      local, domain = value.split('@')
+      "#{local[0]}***@#{domain}"
+    end
+    transform :log do |value|
+      "***EMAIL***"
+    end
+    meta :required, true
+  end
+
+  field :student_id, type: :identifier, sensitivity: :internal do
+    allow_for :enrollment, :academic_records, :payment_processing
+    transform :display do |value|
+      "***#{value[-4..]}"
+    end
+    meta :unique, true
+  end
+
+  field :name, type: :name, sensitivity: :internal do
+    allow_for :enrollment, :academic_records, :communication, :certificates
+    transform :display do |value|
+      parts = value.split(' ')
+      "#{parts.first} ***"
+    end
+  end
+
+  field :phone, type: :phone, sensitivity: :confidential do
+    allow_for :emergency_contact, :communication
+    transform :display do |value|
+      "***-***-#{value[-4..]}"
+    end
+  end
+
+  field :address, type: :address, sensitivity: :confidential do
+    allow_for :enrollment, :correspondence, :legal_compliance
+    transform :display do |value|
+      "***REDACTED***"
+    end
+  end
+
+  field :ssn, type: :ssn, sensitivity: :restricted do
+    allow_for :legal_compliance, :financial_aid
+    transform :display do |value|
+      "***-**-#{value[-4..]}"
+    end
+    meta :encryption_required, true
+  end
+
+  field :date_of_birth, type: :date_of_birth, sensitivity: :confidential do
+    allow_for :enrollment, :age_verification, :legal_compliance
+  end
+
+  field :payment_method, type: :financial, sensitivity: :restricted do
+    allow_for :payment_processing
+    transform :display do |value|
+      "****-****-****-#{value[-4..]}"
+    end
+    meta :pci_dss_scope, true
+  end
+
+  field :bank_account, type: :financial, sensitivity: :restricted do
+    allow_for :payment_processing, :refunds
+    transform :display do |value|
+      "***REDACTED***"
+    end
+    meta :encryption_required, true
+  end
+
+  field :academic_records, type: :custom, sensitivity: :confidential do
+    allow_for :academic_records, :transcripts, :legal_compliance
+    meta :ferpa_protected, true
+  end
+
+  # Define processing purposes
+  purpose :enrollment do
+    describe "Student enrollment and registration"
+    basis :contract
+    requires :email, :name, :student_id, :date_of_birth
+    optionally :phone, :address
+    meta :retention_reason, "Academic records requirement"
+  end
+
+  purpose :authentication do
+    describe "User authentication and session management"
+    basis :contract
+    requires :email
+    optionally :student_id
+  end
+
+  purpose :payment_processing do
+    describe "Processing tuition and fee payments"
+    basis :contract
+    requires :email, :student_id, :payment_method
+    optionally :bank_account
+    meta :compliance, ["PCI-DSS", "SOX"]
+  end
+
+  purpose :communication do
+    describe "Important academic and administrative communications"
+    basis :legitimate_interests
+    requires :email
+    optionally :phone, :name
+    meta :balancing_test_performed, true
+  end
+
+  purpose :academic_records do
+    describe "Maintaining academic transcripts and records"
+    basis :legal_obligation
+    requires :student_id, :name, :academic_records
+    meta :compliance, "FERPA"
+  end
+
+  purpose :legal_compliance do
+    describe "Compliance with educational and tax regulations"
+    basis :legal_obligation
+    requires :student_id, :name
+    optionally :ssn, :address, :date_of_birth
+    meta :regulations, ["FERPA", "IRS", "State Education Laws"]
+  end
+
+  purpose :marketing do
+    describe "Marketing communications about events and programs"
+    basis :consent
+    requires :email
+    optionally :name, :phone
+  end
+
+  purpose :analytics do
+    describe "Improving educational services and user experience"
+    basis :legitimate_interests
+    requires :student_id
+    meta :anonymization_applied, true
+  end
+
+  # Configure retention policies
+  retention do
+    default 7.years
+
+    for_model 'Student' do
+      keep_for 10.years  # Educational records retention
+      field :email, duration: 2.years
+      field :academic_records, duration: 50.years  # Permanent academic record
+      on_expiry :archive
+    end
+
+    for_model 'Enrollment' do
+      keep_for 10.years
+      on_expiry :archive
+    end
+
+    for_model 'Payment' do
+      keep_for 10.years  # Financial records retention
+      on_expiry :archive
+    end
+
+    for_model 'Invoice' do
+      keep_for 10.years
+      on_expiry :archive
+    end
+
+    for_model 'Course' do
+      keep_for 20.years  # Course catalog history
+      on_expiry :archive
+    end
+  end
+
+  # Configure consent requirements
+  consent do
+    for_purpose :marketing do
+      required!
+      granular!
+      withdrawable!
+      expires_in 2.years
+      describe "We'll send you information about upcoming events, programs, and opportunities"
+    end
+
+    for_purpose :analytics do
+      required! false
+      granular!
+      withdrawable!
+      describe "Help us improve our services by sharing anonymous usage data"
+    end
+  end
+end
+
+# E-commerce Privacy Policy Example
+PamDsl.define_policy :ecommerce do
+  meta :version, "1.0.0"
+  meta :organization, "E-commerce Platform"
+
+  # Customer fields
+  field :email, type: :email, sensitivity: :internal do
+    allow_for :account_management, :order_fulfillment, :marketing
+    transform :display do |value|
+      local, domain = value.split('@')
+      "#{local[0..1]}***@#{domain}"
+    end
+  end
+
+  field :shipping_address, type: :address, sensitivity: :confidential do
+    allow_for :order_fulfillment, :shipping
+  end
+
+  field :credit_card, type: :credit_card, sensitivity: :restricted do
+    allow_for :payment_processing
+    transform :display do |value|
+      "****-****-****-#{value[-4..]}"
+    end
+    meta :pci_dss_required, true
+  end
+
+  # Purposes
+  purpose :account_management do
+    describe "Customer account creation and management"
+    basis :contract
+    requires :email
+  end
+
+  purpose :order_fulfillment do
+    describe "Processing and shipping customer orders"
+    basis :contract
+    requires :email, :shipping_address
+  end
+
+  purpose :payment_processing do
+    describe "Processing customer payments"
+    basis :contract
+    requires :credit_card
+  end
+
+  purpose :marketing do
+    describe "Marketing communications and promotions"
+    basis :consent
+    requires :email
+  end
+
+  # Retention
+  retention do
+    default 5.years
+
+    for_model 'Order' do
+      keep_for 7.years
+      on_expiry :anonymize
+    end
+
+    for_model 'Payment' do
+      keep_for 7.years
+      on_expiry :archive
+    end
+  end
+
+  # Consent
+  consent do
+    for_purpose :marketing do
+      required!
+      granular!
+      withdrawable!
+      expires_in 1.year
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,48 @@
+Lyra::Engine.routes.draw do
+  # Root redirect to dashboard
+  root to: redirect('/lyra/dashboard')
+
+  # Dashboard routes
+  get 'dashboard', to: 'dashboard#index'
+  get 'dashboard/model/:model_class', to: 'dashboard#model_overview', as: :model_overview
+  get 'dashboard/compare/:model_class/:id', to: 'dashboard#compare', as: :compare
+  get 'dashboard/discrepancies/:model_class', to: 'dashboard#discrepancies', as: :discrepancies
+  get 'dashboard/audit_trail', to: 'dashboard#audit_trail', as: :audit_trail
+  get 'dashboard/audit_trail/:model_class/:id', to: 'dashboard#audit_trail_for_record', as: :audit_trail_for_record
+
+  # Privacy and GDPR routes
+  get 'privacy/subject/:subject_type/:subject_id', to: 'privacy#subject_data', as: :subject_data
+  get 'privacy/gdpr_report/:subject_type/:subject_id', to: 'privacy#gdpr_report', as: :gdpr_report
+  get 'privacy/portable_export/:subject_type/:subject_id', to: 'privacy#portable_export', as: :portable_export
+  get 'privacy/pii_inventory/:subject_type/:subject_id', to: 'privacy#pii_inventory', as: :pii_inventory
+  get 'privacy/data_lineage/:field_name', to: 'privacy#data_lineage', as: :data_lineage
+  get 'privacy/pii_detection', to: 'privacy#pii_detection', as: :pii_detection
+  get 'privacy/policy', to: 'privacy#policy', as: :privacy_policy
+
+  # Configuration and projections routes
+  get 'config/projections', to: 'dashboard#projections', as: :projections
+  get 'dashboard/schema', to: 'dashboard#schema', as: :schema
+  get 'dashboard/schema/history', to: 'dashboard#schema_history', as: :schema_history
+  get 'dashboard/schema/:version', to: 'dashboard#schema_version', as: :schema_version
+
+  # Event flow and visualization routes
+  get 'flow/timeline', to: 'flow#timeline', as: :timeline
+  get 'flow/event_chain/:model_class/:model_id', to: 'flow#event_chain', as: :event_chain
+  get 'flow/crud_mapping', to: 'flow#crud_mapping', as: :crud_mapping
+  get 'flow/visualization/:model_class/:model_id', to: 'flow#visualization', as: :visualization
+  get 'flow/correlation/:correlation_id', to: 'flow#correlation', as: :correlation
+  get 'flow/user_actions/:user_id', to: 'flow#user_actions', as: :user_actions
+
+  # Visualization routes (JSON API + HTML views)
+  get 'visualizations/event_graph', to: 'dashboard#event_graph_view', as: :event_graph_view
+  get 'visualizations/heatmap', to: 'dashboard#heatmap_view', as: :heatmap_view
+  get 'visualizations/event_graph.json', to: 'dashboard#event_graph', as: :event_graph_data
+  get 'visualizations/entity_graph/:model_class/:id.json', to: 'dashboard#entity_graph', as: :entity_graph_data
+  get 'visualizations/event_list.json', to: 'dashboard#event_list', as: :event_list_data
+  get 'visualizations/heatmap.json', to: 'dashboard#heatmap', as: :heatmap_data
+  get 'visualizations/model_heatmap/:model_class.json', to: 'dashboard#model_heatmap', as: :model_heatmap_data
+
+  # Formal verification routes (requires PetriFlow)
+  get 'verification', to: 'dashboard#verification', as: :verification
+  get 'verification.json', to: 'dashboard#verification_data', as: :verification_data
+end