strongmind-platform-sdk 3.27.0 → 3.27.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 810243f0c080ad6d0d3de344f35be529792ed8f8b46a2e26ec73d848cc2ec55b
-  data.tar.gz: f194d6d594cd91f90dd5cb61ef73963d2616c8ed15ac34b5dfc976a2d37f14c2
+  metadata.gz: 021a46b4ab2f6bb6309de8a95199bfcbbce20a6f7840d8f019c36b748508e2d4
+  data.tar.gz: c70de4fb236c35ebafbe6aa6d46480fb7fcf9e44b81a4c84a66a38c8d15f1a7e
 SHA512:
-  metadata.gz: 0f8a9dcb3b3084e352f3dcac40ca9f2cc59ef951e8124483ac06790cd065f555a25f08b4018bc74d7e77b06083683783bf0e8cbf000f1af1a37f55f85fb0c022
-  data.tar.gz: 77cfa7f41f67166ff0107134aaf07ca0d44d3075cb44fd4c12ccb3f4903fe9ae117acc90f2530f28e99090b724f1cbb6d28dec23fe881fbbcd358cf8457a9f7a
+  metadata.gz: 9d29eba2b361d1f35683fc3b3f37bb39829a7c8505a71516d6e3e44f3ceb681cd5db59b3522640ab4682c88551062a75ddfe6985a04df7f475edaaf25773648e
+  data.tar.gz: d369c0b967a2e1bbcc0742507f9bd25bf3da167a38694c516d62618998047c0d849c7959601d919e9becdb14998ff305713f4cc665c7fab7763974913b72cbab

data/lib/platform_sdk/logging/pii_formatter.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'active_support/parameter_filter'
+require_relative '../pii'
+
+module PlatformSdk
+  module Logging
+    # Scrubs PII from stdout
+    class PiiFormatter
+      attr_reader :original_formatter
+
+      def initialize(original_formatter:, additional_fields: [])
+        @original_formatter = original_formatter
+        fields = Pii::DEFAULT_FIELDS + additional_fields
+        @param_filter = ActiveSupport::ParameterFilter.new(
+          fields, mask: Pii::FILTERED
+        )
+      end
+
+      def call(severity, timestamp, progname, message)
+        scrubbed = scrub_message(message)
+        @original_formatter.call(severity, timestamp, progname, scrubbed)
+      end
+
+      private
+
+      def scrub_message(message)
+        case message
+        when Hash
+          @param_filter.filter(message)
+        when String
+          Pii::PII_PATTERNS.reduce(message) do |msg, pattern|
+            msg.gsub(pattern, Pii::FILTERED)
+          end
+        else
+          message
+        end
+      end
+    end
+  end
+end

data/lib/platform_sdk/logging.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative 'logging/pii_formatter'
+
+module PlatformSdk
+  # Wraps logging with built-in PII protection
+  module Logging
+    def self.apply_pii_protection(additional_fields: [])
+      logger = Rails.logger
+      return if logger.formatter.is_a?(PiiFormatter)
+
+      logger.formatter = PiiFormatter.new(
+        original_formatter: logger.formatter,
+        additional_fields:
+      )
+    end
+  end
+end

data/lib/platform_sdk/pii.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module PlatformSdk
+  module Pii
+    DEFAULT_FIELDS = [
+      :email, /\Aname\z/i, :first_name, :last_name, :student_name, :username,
+      :phone, :phone_number, :address, :street, :city, :zip, :postal_code,
+      :ssn, :social_security, :date_of_birth, :dob, :birthday,
+      :ip_address, /\Aip\z/i, :remote_ip,
+      :password, :password_confirmation, :token, :secret, :api_key,
+      :authorization
+    ].freeze
+
+    FILTERED = '[FILTERED]'
+
+    EMAIL_REGEX = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/
+    SSN_REGEX = /\b\d{3}-\d{2}-\d{4}\b/
+    PHONE_REGEX = /(\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/
+
+    PII_PATTERNS = [EMAIL_REGEX, SSN_REGEX, PHONE_REGEX].freeze
+  end
+end

data/lib/platform_sdk/sentry/pii_scrubber.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'active_support/parameter_filter'
+require_relative '../pii'
+
+module PlatformSdk
+  module Sentry
+    # Scrubs PII from Sentry events
+    class PiiScrubber
+      DEFAULT_PII_FIELDS = Pii::DEFAULT_FIELDS
+      FILTERED = Pii::FILTERED
+
+      attr_reader :filter
+
+      def initialize(additional_fields: [])
+        fields = DEFAULT_PII_FIELDS + additional_fields
+        @filter = ActiveSupport::ParameterFilter.new(fields, mask: FILTERED)
+      end
+
+      def scrub_hash(hash)
+        return {} unless hash.is_a?(Hash)
+
+        filter.filter(hash)
+      end
+
+      def scrub_event(event)
+        scrub_event_data(event)
+        scrub_request(event.request) if event.request
+        event
+      end
+
+      EMAIL_REGEX = Pii::EMAIL_REGEX
+
+      def scrub_breadcrumb(breadcrumb)
+        breadcrumb.data = scrub_hash(breadcrumb.data) if breadcrumb.data.is_a?(Hash)
+        breadcrumb.message = scrub_message(breadcrumb.message) if breadcrumb.message
+
+        breadcrumb
+      end
+
+      private
+
+      def scrub_message(message)
+        message.gsub(EMAIL_REGEX, FILTERED)
+      end
+
+      def scrub_user(user_hash)
+        id = user_hash[:id] || user_hash['id']
+        scrubbed = scrub_hash(user_hash)
+        scrubbed[:id] = id if user_hash.key?(:id)
+        scrubbed['id'] = id if user_hash.key?('id')
+        scrubbed
+      end
+
+      def scrub_request(request)
+        request.data = scrub_hash(request.data) if request.data.is_a?(Hash)
+        request.headers = scrub_hash(request.headers) if request.headers.is_a?(Hash)
+        request.query_string = FILTERED if request.query_string
+        request.cookies = FILTERED if request.cookies
+      end
+
+      def scrub_event_data(event)
+        event.user = scrub_user(event.user) if event.user.is_a?(Hash)
+        event.extra = scrub_hash(event.extra) if event.extra.is_a?(Hash)
+        event.contexts = scrub_hash(event.contexts) if event.contexts.is_a?(Hash)
+      end
+    end
+  end
+end

data/lib/platform_sdk/sentry.rb

@@ -1,7 +1,30 @@
 # frozen_string_literal: true
 
+require_relative 'sentry/pii_scrubber'
+
 module PlatformSdk
   module Sentry
+    def self.apply_pii_protection(config, additional_fields: [])
+      config.send_default_pii = false
+      config.include_local_variables = false
+
+      scrubber = PiiScrubber.new(additional_fields: additional_fields)
+
+      config.before_send = lambda do |event, _hint|
+        scrubber.scrub_event(event)
+      end
+
+      config.before_breadcrumb = lambda do |breadcrumb, _hint|
+        scrubber.scrub_breadcrumb(breadcrumb)
+      end
+
+      config.before_send_transaction = lambda do |event, _hint|
+        return nil if sentry_ignored(event)
+
+        scrubber.scrub_event(event)
+      end
+    end
+
     def self.sentry_ignored(event, ignored_urls = sentry_ignored_urls)
       return false if event.transaction_info[:source] != :url
       return true if ignored_urls.any? { |url| event.transaction.match?(url) }

data/lib/platform_sdk/version.rb

@@ -3,7 +3,7 @@
 module PlatformSdk
   MAJOR = 3
   MINOR = 27
-  PATCH = 0
+  PATCH = 2
 
   VERSION = "#{PlatformSdk::MAJOR}.#{PlatformSdk::MINOR}.#{PlatformSdk::PATCH}"
 end

data/lib/platform_sdk.rb

@@ -1,32 +1,34 @@
 # frozen_string_literal: true
 
-require_relative "platform_sdk/version"
-require "platform_sdk/one_roster"
-require "platform_sdk/identity"
-require "platform_sdk/power_school"
-require "platform_sdk/aws"
-require "platform_sdk/id_mapper"
-require "platform_sdk/edkey"
-require "platform_sdk/data_pipeline"
-require "platform_sdk/pencil_spaces"
-require "platform_sdk/edfi"
-require "platform_sdk/sentry"
-require "platform_sdk/learnosity_api"
-require "platform_sdk/canvas_api"
-require "platform_sdk/bynder"
-require "platform_sdk/events"
-require "platform_sdk/central"
-require "platform_sdk/active_record/data_pipelineable"
-require "platform_sdk/spec_support"
-require "asset_sync"
-require "fog-aws"
-require "platform_sdk/asset_sync_initializer"
-require "platform_sdk/sidekiq/ecs_task_protection_middleware"
-require "platform_sdk/sidekiq"
-require "platform_sdk/jobs/send_noun_to_pipeline_job"
-require "platform_sdk/jira"
-require "platform_sdk/catalog_manager"
-require "platform_sdk/llm_gateway"
+require_relative 'platform_sdk/version'
+require 'platform_sdk/one_roster'
+require 'platform_sdk/identity'
+require 'platform_sdk/power_school'
+require 'platform_sdk/aws'
+require 'platform_sdk/id_mapper'
+require 'platform_sdk/edkey'
+require 'platform_sdk/data_pipeline'
+require 'platform_sdk/pencil_spaces'
+require 'platform_sdk/edfi'
+require 'platform_sdk/pii'
+require 'platform_sdk/sentry'
+require 'platform_sdk/logging'
+require 'platform_sdk/learnosity_api'
+require 'platform_sdk/canvas_api'
+require 'platform_sdk/bynder'
+require 'platform_sdk/events'
+require 'platform_sdk/central'
+require 'platform_sdk/active_record/data_pipelineable'
+require 'platform_sdk/spec_support'
+require 'asset_sync'
+require 'fog-aws'
+require 'platform_sdk/asset_sync_initializer'
+require 'platform_sdk/sidekiq/ecs_task_protection_middleware'
+require 'platform_sdk/sidekiq'
+require 'platform_sdk/jobs/send_noun_to_pipeline_job'
+require 'platform_sdk/jira'
+require 'platform_sdk/catalog_manager'
+require 'platform_sdk/llm_gateway'
 
 module PlatformSdk
   class Error < StandardError; end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: strongmind-platform-sdk
 version: !ruby/object:Gem::Version
-  version: 3.27.0
+  version: 3.27.2
 platform: ruby
 authors:
 - Platform Team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-04-03 00:00:00.000000000 Z
+date: 2026-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -284,6 +284,8 @@ files:
 - lib/platform_sdk/learnosity_api/client.rb
 - lib/platform_sdk/llm_gateway.rb
 - lib/platform_sdk/llm_gateway/client.rb
+- lib/platform_sdk/logging.rb
+- lib/platform_sdk/logging/pii_formatter.rb
 - lib/platform_sdk/one_roster.rb
 - lib/platform_sdk/one_roster/client.rb
 - lib/platform_sdk/ops_genie.rb
@@ -293,10 +295,12 @@ files:
 - lib/platform_sdk/pencil_spaces/constants.rb
 - lib/platform_sdk/pencil_spaces/models.rb
 - lib/platform_sdk/pencil_spaces/models/user_with_role.rb
+- lib/platform_sdk/pii.rb
 - lib/platform_sdk/power_school.rb
 - lib/platform_sdk/power_school/client.rb
 - lib/platform_sdk/power_school/special_program.rb
 - lib/platform_sdk/sentry.rb
+- lib/platform_sdk/sentry/pii_scrubber.rb
 - lib/platform_sdk/sidekiq.rb
 - lib/platform_sdk/sidekiq/ecs_task_protection_middleware.rb
 - lib/platform_sdk/spec_support.rb