orfeas_pam_dsl 0.6.0

data/lib/pam_dsl/retention.rb

@@ -0,0 +1,102 @@
+module PamDsl
+  # Represents a data retention rule
+  class RetentionRule
+    attr_reader :model_class, :duration, :field_overrides, :conditions, :deletion_strategy
+
+    DELETION_STRATEGIES = [:hard_delete, :soft_delete, :anonymize, :archive].freeze
+
+    def initialize(model_class)
+      @model_class = model_class.to_s
+      @duration = nil
+      @field_overrides = {}
+      @conditions = []
+      @deletion_strategy = :soft_delete
+    end
+
+    # Set retention duration
+    def keep_for(duration)
+      @duration = duration
+      self
+    end
+
+    # Override retention for specific fields
+    def field(field_name, duration:)
+      @field_overrides[field_name.to_sym] = duration
+      self
+    end
+
+    # Add condition for retention
+    def when(&block)
+      @conditions << block
+      self
+    end
+
+    # Set deletion strategy
+    def on_expiry(strategy)
+      strategy_sym = strategy.to_sym
+      unless DELETION_STRATEGIES.include?(strategy_sym)
+        raise Error, "Invalid deletion strategy: #{strategy}. Must be one of #{DELETION_STRATEGIES.join(', ')}"
+      end
+      @deletion_strategy = strategy_sym
+      self
+    end
+
+    # Check if retention period has expired for a timestamp
+    def expired?(timestamp)
+      return false unless @duration
+      timestamp < (Time.current - @duration)
+    end
+
+    # Get retention duration for a specific field
+    def duration_for_field(field_name)
+      @field_overrides[field_name.to_sym] || @duration
+    end
+
+    # Check if conditions match for given context
+    def applies_to?(context)
+      return true if @conditions.empty?
+      @conditions.all? { |condition| condition.call(context) }
+    end
+  end
+
+  # Container for retention rules
+  class RetentionPolicy
+    attr_reader :rules, :default_duration
+
+    def initialize
+      @rules = []
+      @default_duration = 7.years
+    end
+
+    # Set default retention duration
+    def default(duration)
+      @default_duration = duration
+      self
+    end
+
+    # Define retention rule for a model
+    def for_model(model_class, &block)
+      rule = RetentionRule.new(model_class)
+      rule.instance_eval(&block) if block_given?
+      @rules << rule
+      rule
+    end
+
+    # Get retention rule for a model
+    def rule_for(model_class)
+      @rules.find { |rule| rule.model_class == model_class.to_s }
+    end
+
+    # Get retention duration for a model and field
+    def duration_for(model_class, field_name: nil)
+      rule = rule_for(model_class)
+      return @default_duration unless rule
+
+      if field_name
+        rule.duration_for_field(field_name) || rule.duration || @default_duration
+      else
+        rule.duration || @default_duration
+      end
+    end
+  end
+end

data/lib/pam_dsl/tasks/privacy.rake

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+# PAM DSL Privacy Tasks
+#
+# These tasks are automatically loaded in Rails apps that include the pam_dsl gem.
+# Configure via config/initializers/pam_dsl.rb
+
+namespace :pam_dsl do
+  namespace :report do
+    desc "Generate full privacy compliance report"
+    task full: :environment do
+      reporter = build_reporter
+      reporter.full_report
+    end
+
+    desc "Show PAM DSL policy summary"
+    task policy: :environment do
+      reporter = build_reporter
+      reporter.policy_summary
+    end
+
+    desc "Analyze PII in event store (requires Lyra)"
+    task pii: :environment do
+      reporter = build_reporter
+      reporter.pii_analysis
+    end
+
+    desc "Check retention compliance (requires Lyra)"
+    task retention: :environment do
+      reporter = build_reporter
+      reporter.retention_check
+    end
+
+    desc "Show PII access patterns (requires Lyra)"
+    task access_patterns: :environment do
+      reporter = build_reporter
+      reporter.access_patterns
+    end
+
+    desc "Generate GDPR Article 30 report"
+    task article_30: :environment do
+      reporter = build_reporter
+      reporter.article_30_report
+    end
+
+    desc "Export privacy report to JSON"
+    task :export, [:output_path] => :environment do |_t, args|
+      output_path = args[:output_path] || "tmp/privacy_report_#{Time.current.strftime('%Y%m%d_%H%M%S')}.json"
+      reporter = build_reporter
+      reporter.export_json(output_path)
+    end
+
+    desc "Compare two policies and generate a report"
+    task :compare, [:policy1, :policy2, :output_path] => :environment do |_t, args|
+      policy1_name = args[:policy1]&.to_sym
+      policy2_name = args[:policy2]&.to_sym
+
+      unless policy1_name && policy2_name
+        puts "Usage: rake pam_dsl:report:compare[policy1,policy2,output_path]"
+        puts ""
+        puts "Available policies:"
+        PamDsl.registry.policies.keys.each { |name| puts "  - #{name}" }
+        abort
+      end
+
+      output_path = args[:output_path] || "reports/policy_comparison.md"
+
+      begin
+        comparator = PamDsl::PolicyComparator.new(policy1_name, policy2_name)
+        comparator.generate_report(output_path: output_path)
+        puts "Comparison report written to: #{output_path}"
+      rescue PamDsl::PolicyNotFoundError => e
+        abort "Error: #{e.message}"
+      end
+    end
+
+    def build_reporter
+      config = Rails.application.config.pam_dsl
+
+      policy_name = config.default_policy
+      unless policy_name
+        # Try to find any defined policy
+        policy_name = PamDsl.registry.policies.keys.first
+        if policy_name
+          puts "Using policy: #{policy_name}"
+        else
+          abort "No PAM DSL policy found. Define one or set config.pam_dsl.default_policy"
+        end
+      end
+
+      # Try to get Lyra's event store if available
+      event_store = nil
+      if defined?(Lyra) && Lyra.respond_to?(:event_store)
+        event_store = Lyra.event_store
+      end
+
+      PamDsl::Reporter.new(
+        policy_name,
+        organization: config.organization,
+        dpo_contact: config.dpo_contact,
+        event_store: event_store
+      )
+    end
+  end
+
+  namespace :generate do
+    desc "Generate a PAM DSL policy file with sensible defaults"
+    task :policy, [:name] => :environment do |_t, args|
+      name = args[:name] || "application"
+      generator = PamDsl::PolicyGenerator.new(name)
+      generator.generate
+    end
+
+    desc "Generate policy from existing ActiveRecord models"
+    task :from_models, [:name] => :environment do |_t, args|
+      name = args[:name] || "application"
+      generator = PamDsl::PolicyGenerator.new(name)
+      generator.generate_from_models
+    end
+  end
+end
+
+# Shorthand aliases
+namespace :privacy do
+  desc "Generate full privacy compliance report (alias for pam_dsl:report:full)"
+  task report: "pam_dsl:report:full"
+
+  desc "Show policy summary (alias for pam_dsl:report:policy)"
+  task policy: "pam_dsl:report:policy"
+
+  desc "Check retention compliance (alias for pam_dsl:report:retention)"
+  task retention: "pam_dsl:report:retention"
+
+  desc "Generate Article 30 report (alias for pam_dsl:report:article_30)"
+  task article_30: "pam_dsl:report:article_30"
+
+  desc "Export report to JSON (alias for pam_dsl:report:export)"
+  task :export, [:output_path] => "pam_dsl:report:export"
+end

data/lib/pam_dsl/version.rb

@@ -0,0 +1,3 @@
+module PamDsl
+  VERSION = "0.6.0"
+end

data/lib/pam_dsl.rb

@@ -0,0 +1,67 @@
+require "active_support"
+require "active_support/core_ext"
+
+require_relative "pam_dsl/version"
+require_relative "pam_dsl/pii_detector"
+require_relative "pam_dsl/pii_masker"
+require_relative "pam_dsl/gdpr_compliance"
+require_relative "pam_dsl/field"
+require_relative "pam_dsl/purpose"
+require_relative "pam_dsl/retention"
+require_relative "pam_dsl/consent"
+require_relative "pam_dsl/policy"
+require_relative "pam_dsl/registry"
+require_relative "pam_dsl/reporter"
+require_relative "pam_dsl/policy_generator"
+require_relative "pam_dsl/policy_comparator"
+
+# Load Rails integration if Rails is available
+require_relative "pam_dsl/railtie" if defined?(Rails::Railtie)
+
+module PamDsl
+  class Error < StandardError; end
+  class PolicyNotFoundError < Error; end
+  class InvalidFieldError < Error; end
+  class ConsentRequiredError < Error; end
+
+  class << self
+    # Rails configuration (set by Railtie)
+    attr_accessor :rails_config
+
+    # Global registry for policies
+    def registry
+      @registry ||= Registry.new
+    end
+
+    # Define a privacy policy using block DSL
+    def define_policy(name, &block)
+      policy = Policy.new(name)
+      policy.instance_eval(&block)
+      registry.register(name, policy)
+      policy
+    end
+
+    # Get a defined policy
+    def policy(name)
+      registry.get(name) || raise(PolicyNotFoundError, "Policy '#{name}' not found")
+    end
+
+    # Reset all policies (useful for testing)
+    def reset!
+      @registry = Registry.new
+    end
+
+    # Convenience method to create a reporter
+    def reporter(policy_name = nil, **options)
+      policy_name ||= rails_config&.default_policy || registry.policies.keys.first
+      raise PolicyNotFoundError, "No policy defined" unless policy_name
+
+      Reporter.new(
+        policy_name,
+        organization: options[:organization] || rails_config&.organization,
+        dpo_contact: options[:dpo_contact] || rails_config&.dpo_contact,
+        event_store: options[:event_store]
+      )
+    end
+  end
+end

metadata

@@ -0,0 +1,136 @@
+--- !ruby/object:Gem::Specification
+name: orfeas_pam_dsl
+version: !ruby/object:Gem::Version
+  version: 0.6.0
+platform: ruby
+authors:
+- Michail Pantelelis
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+description: A declarative DSL for defining privacy policies, PII fields, consent
+  requirements, and retention rules using the Privacy Attribute Matrix (PAM) model
+  for privacy-aware event monitoring. Part of the ORFEAS (Object-Relational to Event-Sourcing
+  Architecture) framework.
+email:
+- mpantel@aegean.gr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/pam_dsl.rb
+- lib/pam_dsl/consent.rb
+- lib/pam_dsl/field.rb
+- lib/pam_dsl/gdpr_compliance.rb
+- lib/pam_dsl/pii_detector.rb
+- lib/pam_dsl/pii_masker.rb
+- lib/pam_dsl/policy.rb
+- lib/pam_dsl/policy_comparator.rb
+- lib/pam_dsl/policy_generator.rb
+- lib/pam_dsl/purpose.rb
+- lib/pam_dsl/railtie.rb
+- lib/pam_dsl/registry.rb
+- lib/pam_dsl/reporter.rb
+- lib/pam_dsl/retention.rb
+- lib/pam_dsl/tasks/privacy.rake
+- lib/pam_dsl/version.rb
+homepage: https://github.com/mpantel/lyra-engine/gems/pam-dsl
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/mpantel/lyra-engine/gems/pam-dsl
+  source_code_uri: https://github.com/mpantel/lyra-engine/gems/pam-dsl/tree/main/gems/pam_dsl
+  changelog_uri: https://github.com/mpantel/lyra-engine/gems/pam-dsl/blob/main/gems/pam_dsl/CHANGELOG.md
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.3
+specification_version: 4
+summary: Privacy Attribute Matrix (PAM) DSL for ORFEAS Framework
+test_files: []