sqreen 1.20.1 → 1.21.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7be645cedf514d1af5754fc7244738e17f817aad09761d2da7d7fa032ac55801
-  data.tar.gz: f81295c9ac98714284d6368bc5e01c1a857317c8dad98d53366b24e53cc6cc47
+  metadata.gz: 49a6c95ab34d19ae0f769e475ae67c2c3e4d19b17582ee09d8a6d231ac3d9150
+  data.tar.gz: ad1ea7a80f3582ba90ffc6aa1cef7040459c56f65ea4712a023923b8bc7801e3
 SHA512:
-  metadata.gz: 986748fc2c11ee0a6ea7a997d661246d2840e170fdcbe5d7c1221fb189e3b6a9281e4feb1025f58f1ac6712ff10f598caa7d81867a7a62898138e743eadc9262
-  data.tar.gz: 39b246ce351e780f539a0d2fe3df9791996d8203056545ab5472f0deec2e1526351bfc9cbb4f8c4cd5c145969db0b177b1b559a7491e4a8a15de4e9dd3721665
+  metadata.gz: 0da6438f20a00a84914db2bb06c24feab53e164feae1cb7d2af0b53afe24c5d5ea54a0cb68a8872a49aadedae4450de57e63da6a4f4a2ec21ac85eaa84c13acf
+  data.tar.gz: 3e75918e810529674e10d693fd2a62c0eeeeecb18bac06a25fdd686d29c45d55333abb0feea790ec1d89e29ce71097bd1de16c2d31d98a6219e985d806793008

data/lib/sqreen/attack_detected.html

@@ -1,2 +1 @@
-<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>Sqreen has detected an attack.</title> <style>html, body, div, span, h1, a{margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline}body{background: -webkit-radial-gradient(26% 19%, circle, #fff, #f4f7f9); background: radial-gradient(circle at 26% 19%, #fff, #f4f7f9); display: -webkit-box; display: -ms-flexbox; display: flex; -webkit-box-pack: center; -ms-flex-pack: center; justify-content: center; -webkit-box-align: center; -ms-flex-align: center; align-items: center; -ms-flex-line-pack: center; align-content: center; width: 100%; min-height: 100vh; line-height: 1}svg, h1, p{display: block}svg{margin: 0 auto 4vh}h1{font-family: sans-serif; font-weight: 300; font-size: 34px; color: #384886; line-height: normal}p{font-size: 18px; line-height: normal; color: #b8bccc; font-family: sans-serif; font-weight: 300}a{color: #b8bccc}.flex{text-align: center}</style></head><body> <div class="flex"> <svg xmlns="http://www.w3.org/2000/svg" width="230" height="250" viewBox="0 0 230 250" enable-background="new 0 0 230 250"> <style>.st0{opacity: 0.4; filter: url(#a);}.st1{fill: #FFFFFF;}.st2{fill: #B0ACFF;}.st3{fill: #4842B7;}.st4{fill: #1E0936;}</style> <filter id="a" width="151.7%" height="146%" x="-25.8%" y="-16%" filterUnits="objectBoundingBox"> <feOffset dy="14" in="SourceAlpha" result="shadowOffsetOuter1"/> <feGaussianBlur in="shadowOffsetOuter1" result="shadowBlurOuter1" stdDeviation="13"/> <feColorMatrix in="shadowBlurOuter1" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/> </filter> <g class="st0"> <path id="b_2_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z"/> </g> <path id="b_1_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z" class="st1"/> <g id="nest-cmyk-indigo"> <ellipse id="sqreen" cx="115.5" cy="69.9" class="st2" rx="12.7" ry="12.7"/> <path id="app" d="M113.6 91.9V71.5L95.5 61.1v18l6.4-3.7c.5 1.1 1 2.2 1.7 3.2L97 82.3l16.6 9.6zm3.7 0l16.6-9.6-6.7-3.9c.7-1 1.3-2 1.7-3.2l6.4 3.7v-18l-18.1 10.5v20.5zM96.9 57.6l18.6 10.7L134 57.6 117.3 48v7.6c-.6-.1-1.2-.1-1.8-.1-.6 0-1.2 0-1.8.1V48l-16.8 9.6zm20.2-13.9l20.3 11.7c1 .6 1.6 1.7 1.6 2.8v23.5c0 1.2-.6 2.2-1.6 2.8l-20.3 11.7c-1 .6-2.3.6-3.3 0L93.5 84.5c-1-.6-1.6-1.7-1.6-2.8V58.2c0-1.2.6-2.2 1.6-2.8l20.3-11.7c1-.6 2.3-.6 3.3 0z" class="st3"/> </g> <path id="s" d="M74.6 113c-1.8-1-3.5-1.5-5.2-1.5-1.4 0-2.3.6-2.3 1.5 0 2.7 10.1.4 10.1 7.7 0 3.3-2.9 6-7.6 6-2.1 0-4.7-.5-6.4-1.4l-.1-.1c-.3-.2-.3-.5-.2-.8l1.2-2.7c.1-.3.5-.5.9-.3.1 0 .1.1.2.1 1.5.6 3.1 1 4.6 1 2.2 0 2.9-.6 2.9-1.7 0-3-10.1-.8-10.1-7.7 0-3.1 2.7-5.8 7-5.8 2.1 0 5 .7 6.9 1.8.1 0 .1.1.2.1.3.2.4.5.3.8l-1.2 2.7c-.1.3-.5.5-.9.3h-.3z" class="st4"/> <path id="q" d="M93.6 107.8h3.2c.4 0 .7.3.7.7v25.9c0 .4-.3.7-.7.7h-3.2c-.4 0-.7-.3-.7-.7v-9.1c-1.2.8-2.9 1.4-4.7 1.4-5.4 0-9.6-4.3-9.6-9.7 0-5.4 4.1-9.7 9.6-9.7 1.8 0 3.5.6 4.7 1.4v-.1c0-.5.3-.8.7-.8zm-.7 12.4v-6.5c-1.3-1.3-2.8-2.1-4.5-2.1-2.9 0-5.1 2.3-5.1 5.4s2.2 5.4 5.1 5.4c1.7-.1 3.2-.7 4.5-2.2z" class="st4"/> <path id="r" d="M112.5 107.8c-1-.4-2-.6-3-.6-1.8 0-3.5.6-4.9 1.4v-.2c0-.3-.2-.5-.5-.5h-3.4c-.3 0-.5.2-.5.5v17.8c0 .3.2.5.5.5h3.4c.3 0 .5-.2.5-.5v-12.6c1.1-1.2 2.8-1.9 4.6-1.9.4 0 .9 0 1.5.2.3.1.6-.1.7-.4l1.3-2.9c.1-.4 0-.7-.2-.8z" class="st4"/> <path id="e" d="M129 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="e_1_" d="M148.7 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="n" d="M151.5 108.5V126c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-12.5c1.1-1.2 2.8-1.9 4.6-1.9 2.9 0 4.5 1.6 4.5 4.7v9.7c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-10.2c0-5.2-2.9-8.5-8.8-8.5-1.8 0-3.5.6-4.9 1.4v-.1c0-.4-.3-.7-.7-.7h-3.2c-.4-.1-.7.2-.7.6z" class="st4"/> </svg> <h1>Uh Oh! Sqreen has detected an attack.</h1> <p>If you are the application owner, check the Sqreen <a href="https://my.sqreen.com/">dashboard</a> for more information.</p></div></body></html>
-
+<!-- Sorry, you’ve been blocked --><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,h1,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}h1,p,svg{display:block}svg{margin:0 auto 4vh}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}h1{font-family:sans-serif;font-weight:600;font-size:34px;color:#1e0936;line-height:1.2}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><svg width="170px" height="193px" viewBox="0 0 170 193" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"><g id="exports" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Artboard" transform="translate(-186.000000, -189.000000)"><g id="logo-cmyk-indigo" transform="translate(186.000000, 189.000000)"><g id="nest-cmyk-indigo"><ellipse id="sqreen" fill="#B0ACFF" cx="85" cy="96.5" rx="45.7692308" ry="45.7966102"></ellipse><path d="M78.4615385,175.749389 L78.4615385,102.2092 L13.1398162,64.4731256 L13.1398162,129.181112 L36.352167,115.771438 C37.9764468,119.873152 40.1038639,123.720553 42.6582364,127.237412 L18.5723996,141.151695 L78.4615385,175.749389 Z M91.5384615,175.749389 L151.4276,141.151695 L127.341764,127.237412 C129.896136,123.720553 132.023553,119.873152 133.647833,115.771438 L156.860184,129.181112 L156.860184,64.4731256 L91.5384615,102.2092 L91.5384615,175.749389 Z M18.0061522,52.1754237 L85,90.8774777 L151.993848,52.1754237 L91.5384615,17.2506105 L91.5384615,44.565949 C89.3964992,44.2986903 87.2143177,44.1610169 85,44.1610169 C82.7856823,44.1610169 80.6035008,44.2986903 78.4615385,44.565949 L78.4615385,17.2506105 L18.0061522,52.1754237 Z M90.8846156,1.76392358 L164.052491,44.0326866 C167.693904,46.1363149 169.937107,50.0239804 169.937107,54.231237 L169.937107,138.768763 C169.937107,142.97602 167.693904,146.863685 164.052491,148.967313 L90.8846156,191.236076 C87.2432028,193.339705 82.7567972,193.339705 79.1153844,191.236076 L5.94750871,148.967313 C2.30609589,146.863685 0.0628930904,142.97602 0.0628930904,138.768763 L0.0628930904,54.231237 C0.0628930904,50.0239804 2.30609589,46.1363149 5.94750871,44.0326866 L79.1153844,1.76392358 C82.7567972,-0.339704735 87.2432028,-0.339704735 90.8846156,1.76392358 Z" id="app" fill="#4842B7"></path></g></g></g></g></svg><h1>Sorry, you've been blocked</h1><p>Contact the website owner</p></main><footer><p>Security provided by <a href="https://www.sqreen.com/?utm_medium=block_page" target="_blank">Sqreen</a></p></footer></body></html>

data/lib/sqreen/deliveries/batch.rb

@@ -13,6 +13,8 @@ require 'sqreen/events/attack'
 require 'sqreen/events/remote_exception'
 require 'sqreen/mono_time'
 require 'sqreen/deliveries/simple'
+require 'sqreen/kit/signals/signal'
+require 'sqreen/kit/signals/trace'
 
 module Sqreen
   module Deliveries
@@ -58,7 +60,7 @@ module Sqreen
       def post_batch_needed?(event)
         now = Sqreen.time
         # do not use any? {} due to side effects inside block
-        event_keys(event).map do |key|
+        event_keys(event).uniq.map do |key|
           was = @first_seen[key]
           @first_seen[key] ||= now
           was.nil? || current_batch.size > max_batch || now > (was + max_staleness)
@@ -86,6 +88,7 @@ module Sqreen
         res += event.observed.fetch(:sdk, []).select { |e|
             e[0] == :track
         }.map { |e| "sdk-track".freeze }
+        res += event.observed.fetch(:signals, []).map { "signal".freeze }
         return res
       end
 
@@ -97,6 +100,10 @@ module Sqreen
           "rex-#{event.klass}"
         when Sqreen::AggregatedMetric
           "agg-metric"
+        when Sqreen::Kit::Signals::Signal
+          "signal"
+        when Sqreen::Kit::Signals::Trace
+          "signal"
         end
       end
     end

data/lib/sqreen/ecosystem.rb

@@ -0,0 +1,80 @@
+require 'securerandom'
+require 'sqreen/ecosystem/module_registry'
+require 'sqreen/ecosystem/tracing/sampling_configuration'
+require 'sqreen/ecosystem/transaction_storage'
+require 'sqreen/ecosystem/tracing_id_setup'
+require 'sqreen/ecosystem/module_api/tracing_push_down'
+
+module Sqreen
+  # The API for the ecosystem client (together with the dispatch table)
+  module Ecosystem
+    class << self
+      def init(opts = {})
+        @registry = ModuleRegistry.new
+        register_modules(opts[:modules])
+        @registry.init_all
+
+        @tracing_id_setup = TracingIdSetup.new(@registry)
+        @tracing_id_setup.setup_modules
+      end
+
+      def reset
+        instance_variables.each do |ia|
+          instance_variable_set(ia, nil)
+        end
+      end
+
+      # To be called by the Ecosystem client when a new transaction
+      # (generally: request) is started
+      # In the future, it's intended that request end/start detection be handled
+      # by the Ecosystem itself, so control will flow in the other direction,
+      # from the ecosystem to its client
+      def start_transaction
+        TransactionStorage.create_thread_local
+      end
+
+      def end_transaction
+        TransactionStorage.destroy_thread_local
+      end
+
+      # @param [String] tracing_id_prefix
+      # @param [Array<Hash{String=>Object}>] sampling_config
+      def configure_sampling(tracing_id_prefix, sampling_config)
+        @tracing_id_setup.tracing_id_prefix = tracing_id_prefix
+        built_samp_cfg = Tracing::SamplingConfiguration.new(sampling_config)
+        inject_sampling_config(built_samp_cfg)
+      end
+
+      private
+
+      def register_modules(modules)
+        return register_all_modules unless modules
+
+        modules.each { |mod| register mod }
+      end
+
+      def register_all_modules
+        # replace with something more magical?
+        require_relative 'ecosystem/http/rack_request'
+        register Http::RackRequest.new
+
+        require_relative 'ecosystem/http/net_http'
+        register Http::NetHttp.new
+
+        require_relative 'ecosystem/redis/redis_connection'
+        register Redis::RedisConnection.new
+      end
+
+      def register(mod)
+        @registry.register mod
+      end
+
+      # @param [Sqreen::Ecosystem::SamplingConfiguration] config
+      def inject_sampling_config(config)
+        @registry.each_module(Sqreen::Ecosystem::ModuleApi::TracingPushDown) do |mod|
+          mod.sampling_config = config
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/dispatch_table.rb

@@ -0,0 +1,43 @@
+require 'logger'
+
+module Sqreen
+  module Ecosystem
+    # Configured by the ecosystem client
+    module DispatchTable
+      class << self
+        # data consumption
+        # argument: +Sqreen::Kit::Signals::Signal+
+        # see +Sqreen::EcosystemIntegration::SignalConsumption#consume_signal+
+        attr_accessor :consume_signal
+
+        # argument: block taking a Rack::Request
+        # see +Sqreen::EcosystemIntegration::RequestLifecycleTracking#add_start_observer+
+        attr_accessor :add_request_start_listener
+
+        attr_accessor :fetch_logger
+
+        # argument: callback taking:
+        # * the method to instrument
+        # * A Hash{Symbol=>Proc} with the advice. The proc takes the
+        # arguments and the ball, so these details of the instrumentation
+        # implementation leak through the abstraction
+        # see +Sqreen::EcosystemIntegration::InstrumentationService+
+        attr_accessor :instrument
+
+        def reset
+          instance_variables.each do |ia|
+            instance_variable_set(ia, nil)
+          end
+
+          # set default logger
+          logger = ::Logger.new(STDERR)
+          logger.level = ::Logger::WARN
+          logger.progname = 'sqreen-ecosystem'
+          self.fetch_logger = proc { logger }
+        end
+      end
+
+      reset
+    end
+  end
+end

data/lib/sqreen/ecosystem/http/net_http.rb

@@ -0,0 +1,51 @@
+require 'sqreen/ecosystem/module_api'
+require 'sqreen/ecosystem/module_api/instrumentation'
+require 'sqreen/ecosystem/module_api/tracing_push_down'
+require 'sqreen/ecosystem/module_api/signal_producer'
+require 'sqreen/ecosystem/module_api/transaction_storage'
+require 'sqreen/ecosystem/tracing/signals/tracing_client'
+
+module Sqreen
+  module Ecosystem
+    module Http
+      class NetHttp
+        include ModuleApi::Instrumentation
+        include ModuleApi::SignalProducer
+        include ModuleApi::TracingPushDown
+
+        def setup
+          instrument 'Net::HTTP#request', before: method(:before_advice)
+        end
+
+        private
+
+        # instr. def request(req, body = nil, &block)  # :yield: +response+
+        # req is of type +Net::HTTPGenericRequest+
+        def before_advice(call, _ball)
+          return unless should_sample?('client')
+
+          tracing_id = create_tracing_id
+
+          # build & submit signal
+          host = call.instance.address
+          port = call.instance.port
+
+          host += ':' + port.to_s if port != 80 && port != 443
+
+          signal = Tracing::Signals::TracingClient.new
+          signal.payload = Tracing::Signals::TracingClient::Payload.new(
+            transport: 'http',
+            host: host,
+            tracing_identifier: tracing_id
+          )
+
+          submit_signal signal
+
+          # add tracing header, if available
+          req = call.args[0]
+          req[ModuleApi::TRACE_ID_HEADER] = tracing_id
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/http/rack_request.rb

@@ -0,0 +1,38 @@
+require 'sqreen/ecosystem/module_api'
+require 'sqreen/ecosystem/module_api/event_listener'
+require 'sqreen/ecosystem/module_api/signal_producer'
+require 'sqreen/ecosystem/module_api/tracing_push_down'
+require 'sqreen/ecosystem/tracing/signals/tracing_server'
+
+module Sqreen
+  module Ecosystem
+    module Http
+      class RackRequest
+        include ModuleApi::EventListener
+        include ModuleApi::TracingPushDown
+        include ModuleApi::SignalProducer
+
+        def setup
+          on_request_start(&method(:handle_request))
+        end
+
+        private
+
+        def handle_request(rack_request)
+          return unless should_sample?('server')
+
+          trace_id = rack_request.env[ModuleApi::TRACE_ID_ENV_KEY]
+
+          signal = Tracing::Signals::TracingServer.new
+          signal.payload = Tracing::Signals::TracingServer::Payload.new(
+            transport: 'http',
+            client_ip: rack_request.ip,
+            tracing_identifier: trace_id
+          )
+
+          submit_signal signal
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/loggable.rb

@@ -0,0 +1,13 @@
+require 'sqreen/ecosystem/dispatch_table'
+
+module Sqreen
+  module Ecosystem
+    module Loggable
+      private
+
+      def logger
+        DispatchTable.fetch_logger.call
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api.rb

@@ -0,0 +1,30 @@
+require 'sqreen/ecosystem/loggable'
+
+module Sqreen
+  module Ecosystem
+    # The API that the transport/tracing modules are written against
+    module ModuleApi
+      TRACE_ID_HEADER = 'X-Sqreen-Trace-Identifier'.freeze
+      TRACE_ID_ENV_KEY = 'HTTP_X_SQREEN_TRACE_IDENTIFIER'.freeze
+
+      Loggable = Sqreen::Ecosystem::Loggable
+
+      module ClassMethods
+        attr_writer :module_name
+
+        def module_name
+          if instance_variable_defined?(:@module_name)
+            @module_name
+          else
+            # to snake case
+            @module_name = to_s.sub(/.*::/, '').gsub(/([a-z])([A-Z])/, '\1_\2').downcase
+          end
+        end
+      end
+
+      def self.included(mod)
+        mod.extend(ClassMethods)
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/event_listener.rb

@@ -0,0 +1,18 @@
+require 'sqreen/ecosystem/dispatch_table'
+
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module EventListener
+        private
+
+        # XXX: callbacks need to be wrapped in order ot handle
+        # perfcap, exceptions, and maybe other concerns applying
+        # across the board
+        def on_request_start(&cb)
+          DispatchTable.add_request_start_listener.call(cb)
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/instrumentation.rb

@@ -0,0 +1,23 @@
+require 'sqreen/ecosystem/module_api'
+
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module Instrumentation
+        def self.included(mod)
+          mod.send :include, ModuleApi unless mod.ancestors.include?(ModuleApi)
+        end
+
+        private
+
+        # Just forwards the call to the instrumentation service
+        # @param [String] method
+        # @param [Hash{Symbol=>Proc}] advice keys are one of: :before, :after,
+        #                             :raised,
+        def instrument(method, advice)
+          DispatchTable.instrument.call(self.class.module_name, method, advice)
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/signal_producer.rb

@@ -0,0 +1,26 @@
+require 'sqreen/ecosystem/dispatch_table'
+require 'sqreen/ecosystem/module_api/transaction_storage'
+
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module SignalProducer
+        include TransactionStorage
+
+        # for injection
+        attr_writer :tracing_id_producer
+
+        private
+
+        def create_tracing_id
+          @tracing_id_producer.call
+        end
+
+        # @param [Sqreen::Kit::Signals::Signal] signal
+        def submit_signal(signal)
+          DispatchTable.consume_signal.call(signal)
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/tracing_push_down.rb

@@ -0,0 +1,34 @@
+require 'sqreen/ecosystem/loggable'
+require 'sqreen/ecosystem/tracing/sampling_configuration'
+
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module TracingPushDown
+        include Loggable
+
+        # method for ecosystem to inject the config
+        # @param [Sqreen::Ecosystem::SamplingConfiguration]
+        attr_writer :sampling_config
+
+        private
+
+        def should_sample?(scope)
+          unless @sampling_config
+            logger.debug { "Scope #{scope} is disabled because tracing hasn't been enabled yet" }
+            return
+          end
+
+          result = @sampling_config.should_sample?(scope)
+          if result
+            logger.debug { "Will sample scope #{scope}. Sampling line: #{result}" }
+          else
+            logger.debug { "Will NOT sample scope #{scope}" }
+          end
+
+          result
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/transaction_storage.rb

@@ -0,0 +1,71 @@
+require 'sqreen/ecosystem/transaction_storage'
+require 'sqreen/ecosystem/loggable'
+
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module TransactionStorage
+        class TxLocalVariables
+          class << self
+            class << self
+              include Sqreen::Ecosystem::Loggable
+
+              private
+
+              def attr_reader(attr, _opts = {})
+                define_method attr do
+                  tx_storage = Ecosystem::TransactionStorage.fetch_thread_local
+                  return unless tx_storage
+                  tx_storage[attr]
+                end
+              end
+
+              def attr_accessor(attr, opts = {})
+                # reader
+                attr_reader attr, opts
+
+                # writer (2 variants)
+                do_assign = proc do |value|
+                  tx_storage = Ecosystem::TransactionStorage.fetch_thread_local
+                  unless tx_storage
+                    logger.debug do
+                      "Assignment of tx local attribute #{attr} to #{value} has no effect"
+                    end
+                    return
+                  end
+
+                  tx_storage[attr] = value
+                end
+
+                if opts.fetch(:allow_overwrite, false)
+                  define "#{attr}=", &do_assign
+                else
+                  define_method "#{attr}=" do |value|
+                    cur = public_send(attr)
+                    unless cur.nil?
+                      raise "Cannot override value of #{attr} from #{cur} with #{value}"
+                    end
+
+                    do_assign.call(value)
+                  end
+                end
+              end
+            end # TxLocalVariables.singleton_class.singleton_class
+
+            # usage:
+            # attr_reader :xxx
+
+            # in the future, we'll possibly need to expose the full
+            # TransactionStorage to the modules, at least if we don't
+            # opt for a more structured fashion of data exchange between
+            # the modules.
+          end # TxLocalVariables.singleton_class
+        end # TxLocalVariables
+
+        def tx_local_vars
+          TxLocalVariables
+        end
+      end # TransactionStorage module
+    end
+  end
+end