safire 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f9d11ee8ab8db74c9b225f12835caaf092616a0044372252617783b6187e3043
+  data.tar.gz: 8d73cdb90ed9d4ca7ec1e028bfe3e68464c7284f73e2d101a084be346e9b0085
+SHA512:
+  metadata.gz: bf3cd169be16cb9598f2de3f572d0efeeb6c0ed98826b0690588c684e15c2a95afc6cf340d35a53c0f6d9eebc11c59dafdcdd02e71b0ddb8fbf629071644d90b
+  data.tar.gz: 6beaec7923441fb46d8fc4cc193ffff16354bb60fb62f141a3a36131e22f275df3d4ddfa31dd5548eebb6ad3a8872cd952c4cc4ab9dc31968b9eb644b0d097be

data/.rspec

@@ -0,0 +1 @@
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,62 @@
+plugins:
+  - rubocop-rspec
+
+AllCops:
+  TargetRubyVersion: 4.0
+  NewCops: enable
+  Exclude:
+    - 'vendor/**/*'
+    - 'tmp/**/*'
+    - 'bin/**/*'
+
+Style/Documentation:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Max: 20
+  Exclude:
+    - 'spec/**/*'
+    - '*.gemspec'
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*'
+    - '*.gemspec'
+
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+
+RSpec/ExampleLength:
+  Max: 20
+  Exclude:
+    - 'spec/integration/**/*'
+
+RSpec/MultipleExpectations:
+  Max: 10
+  Exclude:
+    - 'spec/integration/**/*'
+
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
+RSpec/NestedGroups:
+  Enabled: false
+
+# Integration tests describe workflows, not classes
+RSpec/DescribeClass:
+  Exclude:
+    - 'spec/integration/**/*'
+
+# Live integration tests need before(:all)/after(:all) for WebMock management
+RSpec/BeforeAfterAll:
+  Exclude:
+    - 'spec/integration/**/*'

data/.tool-versions

@@ -0,0 +1 @@
+ruby 4.0.2

data/CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.0] - 2026-03-25
+
+### Added
+
+- `Safire::Client` facade with `protocol:` (`:smart`) and `client_type:`
+  (`:public`, `:confidential_symmetric`, `:confidential_asymmetric`) keywords
+- SMART on FHIR App Launch 2.2.0 support via `Safire::Protocols::Smart`:
+  - Server metadata discovery from `/.well-known/smart-configuration`
+  - Authorization URL builder for GET and POST-based authorization
+    (`authorize-post` capability)
+  - Authorization code → access token exchange
+  - Token refresh
+- PKCE (S256) support with per-request code verifier generation
+- Private key JWT assertion (`private_key_jwt`) for confidential asymmetric
+  clients; RS384 and ES384 auto-detected from the key type
+- Token response validation (`token_response_valid?`) per SMART App Launch
+  2.2.0 §Token Response
+- `Protocols::Behaviours` contract module defining the required protocol
+  interface
+- Sensitive data filtering in HTTP request/response logs
+- SSL verification warning when `ssl_options: { verify: false }` is configured
+- HTTPS-only redirect enforcement with an exception for localhost
+- Configurable logger, HTTP logging toggle, and `User-Agent` header via
+  `Safire::Configuration`
+- `Safire::ClientConfigBuilder` for constructing `ClientConfig` with a fluent
+  interface

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,17 @@
+# Contributor Covenant Code of Conduct
+
+This project has adopted the [Contributor Covenant](https://www.contributor-covenant.org/) version 2.1 as its Code of Conduct.
+
+For the full text, please see: https://www.contributor-covenant.org/version/2/1/code_of_conduct/
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a welcoming experience for everyone.
+
+## Reporting
+
+Instances of unacceptable behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.

data/CONTRIBUTION.md

@@ -0,0 +1,283 @@
+# Contributing to Safire
+
+Thank you for your interest in contributing to Safire! This document provides guidelines and instructions for contributing.
+
+## Table of Contents
+
+- [Code of Conduct](#code-of-conduct)
+- [Getting Started](#getting-started)
+- [Development Setup](#development-setup)
+- [Making Changes](#making-changes)
+- [Coding Standards](#coding-standards)
+- [Testing](#testing)
+- [Submitting Changes](#submitting-changes)
+- [Reporting Issues](#reporting-issues)
+
+## Code of Conduct
+
+This project adheres to a [Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code. Please report unacceptable behavior to the project maintainers.
+
+## Getting Started
+
+1. Fork the repository on GitHub
+2. Clone your fork locally:
+   ```bash
+   git clone https://github.com/YOUR_USERNAME/safire.git
+   cd safire
+   ```
+3. Add the upstream repository:
+   ```bash
+   git remote add upstream https://github.com/vanessuniq/safire.git
+   ```
+
+## Development Setup
+
+### Requirements
+
+- Ruby 4.0.2 or later
+- Bundler
+
+### Setup
+
+```bash
+# Install dependencies
+bin/setup
+
+# Run the test suite to verify setup
+bundle exec rspec
+
+# Start an interactive console
+bin/console
+```
+
+### Running the Demo Application
+
+```bash
+bin/demo
+```
+
+Visit http://localhost:4567 to explore Safire's features interactively.
+
+## Making Changes
+
+### Branch Naming
+
+Create a descriptive branch name:
+
+- `feature/add-udap-discovery` - New features
+- `fix/token-refresh-error` - Bug fixes
+- `docs/update-readme` - Documentation updates
+- `refactor/simplify-client-config` - Code refactoring
+
+### Commit Messages
+
+Write clear, concise commit messages:
+
+- Use the imperative mood ("Add feature" not "Added feature")
+- Keep the subject line as the entire commit message (no body)
+- Message should be 50 characters or less
+- Reference issues when applicable (`Fixes #123`)
+
+Example:
+```
+Add UDAP discovery endpoint support
+```
+
+### Small, Focused Commits
+
+- Each commit should represent a single logical change
+- Keep commits small and reviewable
+- Separate refactoring from new features
+
+## Coding Standards
+
+### Style Guide
+
+This project uses [RuboCop](https://rubocop.org/) for code style enforcement:
+
+```bash
+# Check for style violations
+bundle exec rubocop
+
+# Auto-fix correctable violations
+bundle exec rubocop -a
+```
+
+### Key Conventions
+
+- **Naming**: Use descriptive names; prefer clarity over brevity
+- **Methods**: Keep methods short and focused (under 15 lines when possible)
+- **Classes**: Follow single responsibility principle
+- **Documentation**: Add YARD documentation for public methods
+
+### Example
+
+```ruby
+# Good: Clear, documented, follows conventions
+module Safire
+  module Protocols
+    # Handles SMART on FHIR metadata discovery
+    class SmartMetadata
+      # Checks if the server supports EHR-initiated launches
+      #
+      # @return [Boolean] true if EHR launch is supported with required endpoints
+      def supports_ehr_launch?
+        ehr_launch_capability? && authorization_endpoint.present?
+      end
+
+      private
+
+      def ehr_launch_capability?
+        capability?('launch-ehr')
+      end
+    end
+  end
+end
+```
+
+## Testing
+
+### Running Tests
+
+```bash
+# Run all tests
+bundle exec rspec
+
+# Run specific test file
+bundle exec rspec spec/safire/client_spec.rb
+
+# Run with documentation format
+bundle exec rspec --format documentation
+
+# Run integration tests
+bundle exec rspec --tag live
+```
+
+### Writing Tests
+
+- Place tests in `spec/` mirroring the `lib/` structure
+- Use descriptive `describe` and `it` blocks
+- Test edge cases and error conditions
+- Use WebMock for HTTP stubbing (no real network calls in unit tests)
+
+Example:
+```ruby
+RSpec.describe Safire::Client do
+  describe '#server_metadata' do
+    context 'when server returns valid configuration' do
+      it 'returns a SmartMetadata object' do
+        stub_smart_configuration(valid_config)
+
+        metadata = client.server_metadata
+
+        expect(metadata).to be_a(Safire::Protocols::SmartMetadata)
+        expect(metadata.token_endpoint).to eq('https://example.com/token')
+      end
+    end
+
+    context 'when server returns 404' do
+      it 'raises DiscoveryError' do
+        stub_smart_configuration_not_found
+
+        expect { client.server_metadata }.to raise_error(Safire::Errors::DiscoveryError)
+      end
+    end
+  end
+end
+```
+
+### Test Coverage
+
+- Aim for high test coverage on new code
+- All public methods should have tests
+- Include both happy path and error cases
+
+## Submitting Changes
+
+### Before Submitting
+
+1. Ensure all tests pass:
+   ```bash
+   bundle exec rspec
+   ```
+
+2. Ensure code style is correct:
+   ```bash
+   bundle exec rubocop
+   ```
+
+3. Update documentation if needed:
+   ```bash
+   bundle exec yard doc
+   ```
+
+4. Verify Jekyll docs build (if you modified docs/):
+   ```bash
+   cd docs && bundle install && bundle exec jekyll build
+   ```
+
+5. Rebase on latest main:
+   ```bash
+   git fetch upstream
+   git rebase upstream/main
+   ```
+
+### Pull Request Process
+
+1. Push your branch to your fork:
+   ```bash
+   git push origin feature/your-feature
+   ```
+
+2. Open a Pull Request against `main`
+
+3. Fill out the PR template with:
+   - Summary of changes
+   - Related issues
+   - Test plan
+   - Screenshots (if UI changes)
+
+4. Wait for CI checks to pass
+
+5. Address review feedback promptly
+
+### PR Guidelines
+
+- Keep PRs focused on a single concern
+- Include tests for new functionality
+- Update documentation as needed
+- Respond to review comments constructively
+
+## Reporting Issues
+
+### Bug Reports
+
+Include:
+- Safire version (`Safire::VERSION`)
+- Ruby version
+- Steps to reproduce
+- Expected vs actual behavior
+- Error messages and stack traces
+- Minimal reproduction code if possible
+
+### Feature Requests
+
+Include:
+- Use case description
+- Proposed solution (if any)
+- Alternatives considered
+- Relevant SMART/UDAP spec references
+
+### Security Issues
+
+For security vulnerabilities, please email the maintainers directly rather than opening a public issue.
+
+## Questions?
+
+- Open a [GitHub Discussion](https://github.com/vanessuniq/safire/discussions) for questions
+- Check existing issues and documentation first
+- Be respectful and patient
+
+---
+
+Thank you for contributing to Safire!

data/Gemfile

@@ -0,0 +1,26 @@
+source 'https://rubygems.org'
+
+ruby '4.0.2'
+
+gemspec
+
+group :development, :test do
+  gem 'bundler-audit', '~> 0.9'
+  gem 'debug'
+  gem 'pry'
+  gem 'pry-byebug'
+  gem 'rspec', '~> 3.12'
+  gem 'rubocop', '~> 1.57'
+  gem 'rubocop-rspec', '~> 3.0', require: false
+  gem 'timecop', '~> 0.9'
+end
+
+group :development do
+  gem 'yard', '~> 0.9'
+end
+
+group :test do
+  gem 'simplecov', require: false
+  gem 'simplecov-cobertura', require: false
+  gem 'webmock', '~> 3.18'
+end

data/Gemfile.lock

@@ -0,0 +1,186 @@
+PATH
+  remote: .
+  specs:
+    safire (0.1.0)
+      activesupport (~> 8.0.0)
+      addressable (~> 2.8)
+      faraday (~> 2.14)
+      faraday-follow_redirects (~> 0.4)
+      jwt (~> 2.8)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (8.0.2.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
+    ast (2.4.3)
+    base64 (0.3.0)
+    benchmark (0.4.1)
+    bigdecimal (3.3.1)
+    bundler-audit (0.9.3)
+      bundler (>= 1.2.0)
+      thor (~> 1.0)
+    byebug (13.0.0)
+      reline (>= 0.6.0)
+    coderay (1.1.3)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.4)
+    crack (1.0.1)
+      bigdecimal
+      rexml
+    date (3.4.1)
+    debug (1.11.1)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
+    diff-lcs (1.6.2)
+    docile (1.4.1)
+    drb (2.2.3)
+    erb (5.0.3)
+    faraday (2.14.1)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-follow_redirects (0.5.0)
+      faraday (>= 1, < 3)
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
+    hashdiff (1.2.1)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    io-console (0.8.2)
+    irb (1.15.3)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    json (2.19.2)
+    jwt (2.10.2)
+      base64
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    logger (1.7.0)
+    method_source (1.1.0)
+    minitest (6.0.1)
+      prism (~> 1.5)
+    net-http (0.9.1)
+      uri (>= 0.11.1)
+    parallel (1.27.0)
+    parser (3.3.10.2)
+      ast (~> 2.4.1)
+      racc
+    pp (0.6.3)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.9.0)
+    pry (0.16.0)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+      reline (>= 0.6.0)
+    pry-byebug (3.12.0)
+      byebug (~> 13.0)
+      pry (>= 0.13, < 0.17)
+    psych (5.2.6)
+      date
+      stringio
+    public_suffix (6.0.2)
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rdoc (6.14.2)
+      erb
+      psych (>= 4.0.0)
+    regexp_parser (2.11.3)
+    reline (0.6.3)
+      io-console (~> 0.5)
+    rexml (3.4.4)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.6)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.6)
+    rubocop (1.86.0)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
+    rubocop-rspec (3.9.0)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.81)
+    ruby-progressbar (1.13.0)
+    securerandom (0.4.1)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-cobertura (3.1.0)
+      rexml
+      simplecov (~> 0.19)
+    simplecov-html (0.13.2)
+    simplecov_json_formatter (0.1.4)
+    stringio (3.1.9)
+    thor (1.4.0)
+    timecop (0.9.10)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
+    webmock (3.26.2)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    yard (0.9.38)
+
+PLATFORMS
+  ruby
+  x86_64-linux
+
+DEPENDENCIES
+  bundler-audit (~> 0.9)
+  debug
+  pry
+  pry-byebug
+  rspec (~> 3.12)
+  rubocop (~> 1.57)
+  rubocop-rspec (~> 3.0)
+  safire!
+  simplecov
+  simplecov-cobertura
+  timecop (~> 0.9)
+  webmock (~> 3.18)
+  yard (~> 0.9)
+
+RUBY VERSION
+   ruby 4.0.2p0
+
+BUNDLED WITH
+   2.7.1