stega 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 501c850e45a2cebf99cd7e9ca8189dccb25d0e9f4982dfe1e92402c43e93f989
+  data.tar.gz: 1b924447c42f6e2f6efb86d70bd1bec64f6a9bef6c0df6f9b86f37ff3aa8c527
+SHA512:
+  metadata.gz: e56737e0a7cdc7e84c22db82ac4db40aa7633b18560f86e0a6dac3b1fad561df66f7f9a0f49d247fea1b2bae6485c97c09852c2f0d8e0fced16072ae0fe4eda7
+  data.tar.gz: 809b6c65037f0c8d8e308b7ce3ea29b987408200376a2adb5a70c8e8db3e0659a9e79c41091609677c95c136d3603036e989934471bbf3c4f2ac0173bfac051a

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+# Change log
+
+## master

data/LICENSE.txt

@@ -0,0 +1,23 @@
+Copyright (c) 2026 Theodor Tonum
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,46 @@
+[![Gem Version](https://badge.fury.io/rb/stega.svg)](https://rubygems.org/gems/stega)
+
+# Stega
+
+TBD
+
+## Installation
+
+Adding to a gem:
+
+```ruby
+# my-cool-gem.gemspec
+Gem::Specification.new do |spec|
+  # ...
+  spec.add_dependency "stega"
+  # ...
+end
+```
+
+Or adding to your project:
+
+```ruby
+# Gemfile
+gem "stega"
+```
+
+### Supported Ruby versions
+
+- Ruby (MRI) >= 3.0
+
+## Usage
+
+TBD
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/rorkjop/stega](https://github.com/rorkjop/stega).
+
+## Credits
+
+This gem is generated via [`newgem` template](https://github.com/palkan/newgem) by [@palkan](https://github.com/palkan).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/lib/stega/decoder.rb

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+module Stega
+  module Decoder
+    # Reverse lookup: invisible character → base-4 digit
+    BASE4_REVERSE_MAP = Encoder::BASE4_CHARS.each_with_index.to_h { |char, idx| [char, idx] }.freeze
+
+    # Reverse lookup: invisible codepoint → hex digit
+    HEX_REVERSE_MAP = LegacyEncoder::HEX_CHAR_MAP.to_h { |hex_digit, codepoint| [codepoint, hex_digit] }.freeze
+
+    # Regex character class matching all invisible stega characters
+    STEGA_CHAR_CLASS = LegacyEncoder::HEX_CHAR_MAP.values.map { |cp| format("\\u{%x}", cp) }.join
+
+    # Regex to match encoded strings (4+ invisible characters)
+    REGEX = Regexp.new("[#{STEGA_CHAR_CLASS}]{4,}")
+
+    NULL_CHAR = "\x00"
+
+    # Decode the first steganographic payload from a string.
+    def self.decode(str)
+      match = str.match(REGEX)
+      return nil unless match
+
+      decode_payload(match[0], first_only: true).first
+    end
+
+    # Decode all steganographic payloads from a string.
+    def self.decode_all(str)
+      matches = str.scan(REGEX)
+      return nil if matches.empty?
+
+      matches.flat_map { |m| decode_payload(m) }
+    end
+
+    # Decode an invisible-character payload back into JSON value(s).
+    # Detects whether it's new (base-4 with prefix) or legacy (hex-pair) encoding.
+    def self.decode_payload(encoded, first_only: false)
+      chars = encoded.chars
+
+      # If even length but not divisible by 4 or missing prefix → legacy encoding
+      if chars.length.even?
+        if (chars.length % 4 != 0) || !encoded.start_with?(Encoder::STEGA_PREFIX)
+          return decode_legacy_payload(chars, first_only)
+        end
+      else
+        raise ArgumentError, "Encoded data has invalid length"
+      end
+
+      # New base-4 encoding: skip 4-char prefix
+      data_chars = chars[4..]
+      bytes = Array.new(data_chars.length / 4)
+
+      bytes.length.times do |i|
+        bytes[i] = (BASE4_REVERSE_MAP[data_chars[i * 4]] << 6) |
+          (BASE4_REVERSE_MAP[data_chars[i * 4 + 1]] << 4) |
+          (BASE4_REVERSE_MAP[data_chars[i * 4 + 2]] << 2) |
+          BASE4_REVERSE_MAP[data_chars[i * 4 + 3]]
+      end
+
+      decoded = bytes.pack("C*").force_encoding(Encoding::UTF_8)
+
+      if first_only
+        null_index = decoded.index(NULL_CHAR) || decoded.length
+        return [JSON.parse(decoded[0...null_index])]
+      end
+
+      decoded.split(NULL_CHAR).reject(&:empty?).map { |segment| JSON.parse(segment) }
+    end
+
+    # Decode legacy hex-pair encoded payload.
+    # Each pair of invisible characters represents one hex byte → one ASCII character.
+    def self.decode_legacy_payload(chars, first_only)
+      ascii_chars = []
+
+      (chars.length / 2).times do |i|
+        idx = (chars.length / 2) - 1 - i
+        hex_str = HEX_REVERSE_MAP[chars[idx * 2].ord].to_s +
+          HEX_REVERSE_MAP[chars[idx * 2 + 1].ord].to_s
+        ascii_chars.unshift(hex_str.to_i(16).chr)
+      end
+
+      results = []
+      queue = [ascii_chars.join]
+      max_retries = 10
+
+      # Try to parse concatenated JSON values by splitting at parse error positions
+      until queue.empty?
+        str = queue.shift
+        begin
+          results << JSON.parse(str)
+          return results if first_only
+        rescue JSON::ParserError => e
+          max_retries -= 1
+          raise e if max_retries <= 0
+
+          # Extract position from error message
+          pos_match = e.message.match(/at (?:line \d+, )?column (\d+)/)
+          error_pos = pos_match ? pos_match[1].to_i : nil
+
+          # Ruby's JSON parser reports 1-based column, convert to 0-based index
+          # Also try to find the actual position by looking for unexpected token position
+          if error_pos.nil? || error_pos == 0
+            # Try alternate pattern
+            pos_match = e.message.match(/position (\d+)/)
+            error_pos = pos_match ? pos_match[1].to_i : nil
+          end
+
+          raise e if error_pos.nil? || error_pos == 0
+
+          # For 1-based column, subtract 1 for 0-based index
+          error_pos -= 1 if error_pos > 0
+          queue.unshift(str[0...error_pos], str[error_pos..])
+        end
+      end
+
+      results
+    end
+  end
+end

data/lib/stega/encoder.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Stega
+  module Encoder
+    # Base-4 encoding uses 4 invisible characters
+    BASE4_CHARS = [
+      "\u200B", # ZERO WIDTH SPACE
+      "\u200C", # ZERO WIDTH NON-JOINER
+      "\u200D", # ZERO WIDTH JOINER
+      "\uFEFF"  # ZERO WIDTH NO-BREAK SPACE (BOM)
+    ].freeze
+
+    # Prefix: 4 zero-width spaces used as a magic marker
+    STEGA_PREFIX = (BASE4_CHARS[0] * 4)
+
+    # Encode a value into an invisible steganographic string (base-4 encoding).
+    # Each byte is split into four 2-bit groups, each mapped to an invisible character.
+    def self.encode(value)
+      json = JSON.generate(value)
+      bytes = json.encode(Encoding::UTF_8).bytes
+
+      encoded = bytes.map do |byte|
+        BASE4_CHARS[(byte >> 6) & 3] +
+          BASE4_CHARS[(byte >> 4) & 3] +
+          BASE4_CHARS[(byte >> 2) & 3] +
+          BASE4_CHARS[byte & 3]
+      end.join
+
+      STEGA_PREFIX + encoded
+    end
+  end
+end

data/lib/stega/legacy_encoder.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Stega
+  module LegacyEncoder
+    # Unicode zero-width and invisible characters used for hex encoding
+    HEX_CHAR_MAP = {
+      "0" => 8203,   # ZERO WIDTH SPACE
+      "1" => 8204,   # ZERO WIDTH NON-JOINER
+      "2" => 8205,   # ZERO WIDTH JOINER
+      "3" => 8290,   # INVISIBLE TIMES
+      "4" => 8291,   # INVISIBLE SEPARATOR
+      "5" => 8288,   # WORD JOINER
+      "6" => 65279,  # ZERO WIDTH NO-BREAK SPACE (BOM)
+      "7" => 8289,   # INVISIBLE PLUS
+      "8" => 119_155, # MUSICAL SYMBOL BEGIN BEAM
+      "9" => 119_156, # MUSICAL SYMBOL END BEAM
+      "a" => 119_157, # MUSICAL SYMBOL BEGIN TIE
+      "b" => 119_158, # MUSICAL SYMBOL END TIE
+      "c" => 119_159, # MUSICAL SYMBOL BEGIN SLUR
+      "d" => 119_160, # MUSICAL SYMBOL END SLUR
+      "e" => 119_161, # MUSICAL SYMBOL BEGIN PHRASE
+      "f" => 119_162  # MUSICAL SYMBOL END PHRASE
+    }.freeze
+
+    # Legacy encoding: each ASCII character is encoded as two hex digits,
+    # each mapped to an invisible Unicode character.
+    def self.legacy_encode(value)
+      json = JSON.generate(value)
+
+      json.chars.map do |char|
+        code = char.ord
+        if code > 255
+          raise ArgumentError,
+            "Only ASCII edit info can be encoded. Error attempting to encode #{json} on character #{char} (#{code})"
+        end
+
+        hex = code.to_s(16).rjust(2, "0")
+        hex.chars.map { |hex_digit| [HEX_CHAR_MAP[hex_digit]].pack("U") }.join
+      end.join
+    end
+  end
+end

data/lib/stega/sanity.rb

@@ -0,0 +1,173 @@
+# frozen_string_literal: true
+
+require "set"
+
+module Stega
+  module Sanity
+    SKIP_KEYS = Set.new(%w[_id _type _ref _key _createdAt _updatedAt _rev _originalId _system slug]).freeze
+
+    class << self
+      def encode_source_map(result, source_map, config)
+        validate_config!(config)
+        return result unless source_map
+
+        encode_into_result(result, source_map, config)
+      end
+
+      private
+
+      def validate_config!(config)
+        raise TypeError, "enabled must be true" unless config[:enabled]
+        raise TypeError, "studio_url must be defined" unless config[:studio_url]
+      end
+
+      def encode_into_result(result, source_map, config)
+        documents = source_map[:documents] || []
+        paths = source_map[:paths] || []
+        mappings = (source_map[:mappings] || {}).transform_keys(&:to_s)
+
+        deep_transform(result, []) do |value, path|
+          json_path = to_json_path(path)
+          mapping, matched_path = resolve_mapping(json_path, mappings)
+
+          next value unless mapping && value.is_a?(String)
+          next value unless (mapping[:type] || "value") == "value"
+
+          source = mapping[:source]
+          next value unless source && source[:type] == "documentValue"
+
+          doc_index = source[:document]
+          path_index = source[:path]
+          document = documents[doc_index]
+
+          next value unless document
+
+          context = {
+            value: value,
+            path: path,
+            document: document
+          }
+
+          if config[:filter]
+            next value unless config[:filter].call(context)
+          end
+
+          source_path = paths[path_index]
+          full_path = resolve_full_source_path(source_path, json_path, matched_path)
+
+          edit_url = create_edit_url(
+            studio_url: config[:studio_url],
+            document: document,
+            path: full_path,
+            omit_cross_dataset: config[:omit_cross_dataset_reference_data]
+          )
+
+          payload = {"origin" => "sanity.io", "href" => edit_url}
+          Stega.combine(value, payload)
+        end
+      end
+
+      def deep_transform(obj, path, &block)
+        case obj
+        when Hash
+          obj.each_with_object({}) do |(key, value), result|
+            result[key] = if SKIP_KEYS.include?(key.to_s)
+              value
+            else
+              deep_transform(value, path + [key], &block)
+            end
+          end
+        when Array
+          obj.each_with_index.map do |value, index|
+            deep_transform(value, path + [index], &block)
+          end
+        else
+          yield(obj, path)
+        end
+      end
+
+      def create_edit_url(studio_url:, document:, path:, omit_cross_dataset: false)
+        doc_id = document[:_id]
+        doc_type = document[:_type]
+        project_id = document[:_projectId]
+        dataset = document[:_dataset]
+
+        studio_path = json_path_to_studio_path(path)
+
+        router_parts = [
+          "mode=presentation",
+          "id=#{doc_id}",
+          "type=#{doc_type}",
+          "path=#{URI.encode_www_form_component(studio_path)}"
+        ]
+        router_params = router_parts.join(";")
+
+        search_hash = {baseUrl: studio_url, id: doc_id, type: doc_type, path: studio_path, perspective: "previewDrafts"}
+        unless omit_cross_dataset
+          search_hash[:projectId] = project_id if project_id
+          search_hash[:dataset] = dataset if dataset
+        end
+        search_params = URI.encode_www_form(search_hash)
+
+        "#{studio_url}/intent/edit/#{router_params}?#{search_params}"
+      end
+
+      def json_path_to_studio_path(json_path)
+        rest = json_path.sub(/^\$/, "")
+        segments = rest.scan(/\['([^']*)'\]|\[(\d+)\]/)
+
+        result = +""
+        segments.each_with_index do |(key, index), i|
+          if index
+            result << "[#{index}]"
+          else
+            result << "." if i > 0
+            result << key
+          end
+        end
+        result
+      end
+
+      def resolve_mapping(json_path, mappings)
+        return [mappings[json_path], json_path] if mappings.key?(json_path)
+
+        segments = parse_path_segments(json_path)
+        (segments.length - 1).downto(1) do |i|
+          candidate = "$" + segments[0...i].join
+          return [mappings[candidate], candidate] if mappings.key?(candidate)
+        end
+
+        return [mappings["$"], "$"] if mappings.key?("$")
+
+        nil
+      end
+
+      def parse_path_segments(json_path)
+        json_path.sub(/^\$/, "").scan(/\['[^']*'\]|\[\d+\]/)
+      end
+
+      def resolve_full_source_path(source_path, result_path, matched_path)
+        matched_segments = parse_path_segments(matched_path)
+        result_segments = parse_path_segments(result_path)
+        suffix_segments = result_segments[matched_segments.length..]
+
+        if suffix_segments&.any?
+          source_path + suffix_segments.join
+        else
+          source_path
+        end
+      end
+
+      def to_json_path(path)
+        json_path = path.map do |segment|
+          if segment.is_a?(Integer) || segment =~ /^\d+$/
+            "[#{segment}]"
+          else
+            "['#{segment}']"
+          end
+        end.join("")
+        "$#{json_path}"
+      end
+    end
+  end
+end

data/lib/stega/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Stega # :nodoc:
+  VERSION = "1.0.0"
+end

data/lib/stega.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+require "json"
+require "uri"
+require "date"
+
+require "stega/version"
+require "stega/encoder"
+require "stega/legacy_encoder"
+require "stega/decoder"
+require "stega/sanity"
+
+module Stega
+  # Regex to match encoded strings
+  REGEX = Decoder::REGEX
+
+  class << self
+    # Encode a value into an invisible steganographic string (base-4 encoding)
+    def encode(value)
+      Encoder.encode(value)
+    end
+
+    # Decode the first steganographic payload from a string
+    def decode(str)
+      Decoder.decode(str)
+    end
+
+    # Decode all steganographic payloads from a string
+    def decode_all(str)
+      Decoder.decode_all(str)
+    end
+
+    # Legacy encoding using hex pairs
+    def legacy_encode(value)
+      LegacyEncoder.legacy_encode(value)
+    end
+
+    # Combine a visible string with invisible encoded data
+    # mode can be :auto (default), :skip (true), or false
+    def combine(visible, data, mode = :auto)
+      skip = case mode
+      when true, :skip
+        true
+      when :auto
+        date_like?(visible) || url?(visible)
+      else
+        false
+      end
+
+      return visible if skip
+
+      "#{visible}#{encode(data)}"
+    end
+
+    # Split a string into its visible content and the encoded (invisible) portion
+    def split(str)
+      match = str.match(REGEX)
+      {
+        cleaned: str.gsub(REGEX, ""),
+        encoded: match ? match[0] : ""
+      }
+    end
+
+    # Deep-clean an object by removing all steganographic data
+    def clean(value)
+      return value unless value
+
+      JSON.parse(split(JSON.generate(value))[:cleaned])
+    end
+
+    private
+
+    # Check if a string looks like a date
+    def date_like?(str)
+      return false if str.nil? || str.empty?
+
+      # Not a date if it's a plain number
+      return false if numeric?(str)
+
+      # If it contains letters but doesn't match date pattern, not a date
+      if str.match?(/[a-z]/i) &&
+          !str.match?(/\d+(?:[-:\/]\d+){2}(?:T\d+(?:[-:\/]\d+){1,2}(\.\d+)?Z?)?/)
+        return false
+      end
+
+      # Try to parse as date
+      begin
+        Date.parse(str)
+        true
+      rescue ArgumentError, TypeError
+        false
+      end
+    end
+
+    # Check if a string is a valid URL
+    def url?(str)
+      return false if str.nil? || str.empty?
+
+      begin
+        if str.start_with?("/")
+          URI.parse("https://acme.com#{str}")
+        else
+          uri = URI.parse(str)
+          # Must have a scheme to be a valid URL
+          return false unless uri.scheme
+
+          uri
+        end
+        true
+      rescue URI::InvalidURIError
+        false
+      end
+    end
+
+    # Check if a string is numeric
+    def numeric?(str)
+      Float(str)
+      true
+    rescue ArgumentError, TypeError
+      false
+    end
+  end
+end

metadata

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: stega
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Theodor Tonum
+bindir: bin
+cert_chain: []
+date: 1980-01-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+description: A Ruby implementation of Vercel's stega encoding for embedding invisible
+  data in strings, with Sanity source map support.
+email:
+- theodor@tonum.no
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/stega.rb
+- lib/stega/decoder.rb
+- lib/stega/encoder.rb
+- lib/stega/legacy_encoder.rb
+- lib/stega/sanity.rb
+- lib/stega/version.rb
+homepage: https://github.com/rorkjop/stega
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/rorkjop/stega/issues
+  changelog_uri: https://github.com/rorkjop/stega/blob/main/CHANGELOG.md
+  documentation_uri: https://github.com/rorkjop/stega
+  homepage_uri: https://github.com/rorkjop/stega
+  source_code_uri: https://github.com/rorkjop/stega
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Steganographic encoding and decoding for strings
+test_files: []