dumpling-cli 0.2.0__tar.gz → 0.3.0__tar.gz

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/.dumplingconf.example

@@ -26,13 +26,17 @@ salt = "${DUMPLING_GLOBAL_SALT}"
 #
 # Each column maps to an anonymizer spec: { strategy = "…", <options> }
 # ---------------------------------------------------------------------------
+# Faker strategy: `faker = "module::Type"` matches the Rust `fake` crate layout.
+#   Crate docs: https://docs.rs/fake/latest/fake/
+#   Faker modules: https://docs.rs/fake/latest/fake/faker/index.html
+#   Upstream repo: https://github.com/cksac/fake-rs
 [rules."public.users"]
-# email  — random-looking email at example.com; force quoted string output
-email         = { strategy = "email", domain = "customer_identity", unique_within_domain = true }
-# name   — random placeholder full name
-full_name     = { strategy = "name" }
-first_name    = { strategy = "first_name" }
-last_name     = { strategy = "last_name" }
+# email  — fake email via Rust `fake` crate; force quoted string output
+email         = { strategy = "faker", faker = "internet::SafeEmail", domain = "customer_identity", unique_within_domain = true }
+# name   — locale-aware full name (see `locale`); other generators use `faker = "module::Type"`
+full_name     = { strategy = "faker", faker = "name::Name" }
+first_name    = { strategy = "faker", faker = "name::FirstName" }
+last_name     = { strategy = "faker", faker = "name::LastName" }
 # phone  — US-style (xxx) xxx-xxxx
 phone         = { strategy = "phone" }
 # ssn    — SHA-256 hex of original; use per-column salt for extra protection
@@ -58,7 +62,7 @@ wake_time     = { strategy = "time_fuzz", min_seconds = -3600, max_seconds = 360
 # credit card — redact entirely; force as quoted string
 credit_card   = { strategy = "redact", as_string = true }
 # keep the same anonymized email as users table via shared domain
-customer_email = { strategy = "email", domain = "customer_identity" }
+customer_email = { strategy = "faker", faker = "internet::SafeEmail", domain = "customer_identity" }
 
 [rules."public.audit_log"]
 # unqualified table name also works (matches any schema)

dumpling_cli-0.3.0/.github/workflows/docs-pr.yml

@@ -0,0 +1,35 @@
+# mdBook verification on pull requests only (no GitHub Pages upload or deploy).
+# Pages build + deploy live in docs.yml and run on pushes to main.
+name: Docs (PR)
+
+on:
+  pull_request:
+    paths:
+      - "README.md"
+      - "book.toml"
+      - "docs/**"
+      - ".github/workflows/docs.yml"
+      - ".github/workflows/docs-pr.yml"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: docs-pr-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  verify:
+    name: Build mdBook (verify)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install mdBook
+        uses: peaceiris/actions-mdbook@v2
+        with:
+          mdbook-version: "0.4.52"
+
+      - name: Build documentation site
+        run: mdbook build

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/.github/workflows/docs.yml

@@ -1,12 +1,8 @@
+# Build and deploy the mdBook site to GitHub Pages (main branch only).
+# Pull-request verification runs in docs-pr.yml — this workflow does not run on PRs.
 name: Docs
 
 on:
-  pull_request:
-    paths:
-      - "README.md"
-      - "book.toml"
-      - "docs/**"
-      - ".github/workflows/docs.yml"
   push:
     branches:
       - main
@@ -18,16 +14,16 @@ on:
 
 permissions:
   contents: read
-  pages: write
-  id-token: write
 
 concurrency:
-  group: docs-${{ github.ref }}
+  group: docs-pages-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -40,15 +36,17 @@ jobs:
       - name: Build documentation site
         run: mdbook build
 
-      - name: Upload docs artifact
+      - name: Upload Pages deployment artifact
         uses: actions/upload-pages-artifact@v3
         with:
           path: docs/book
 
   deploy:
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      pages: write
+      id-token: write
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/.gitignore

@@ -1,2 +1,3 @@
 /target/
 /docs/book/
+/.tools/

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/AGENTS.md

@@ -223,6 +223,8 @@ Follow these steps in order. Do not skip any step.
 
 8. **`README.md`**: Add a row to the "Anonymization strategies" table.
 
+**`faker` strategy:** Config only carries string identifiers; Dumpling never evaluates user Rust from config. To ship a new generator, add dispatch in `src/faker_dispatch.rs` and validation in `validate_anonymizer_spec` for the `faker` branch. Upstream reference: [`fake` on docs.rs](https://docs.rs/fake/latest/fake/), [`fake::faker` module index](https://docs.rs/fake/latest/fake/faker/index.html), [source on GitHub](https://github.com/cksac/fake-rs).
+
 ---
 
 ## How to Add a New Row Filter Predicate Operator
@@ -274,15 +276,29 @@ Follow these steps in order. Do not skip any step.
 
 This is a pure Rust CLI project with **no external services** (no database, Docker, or network dependencies). The Rust stable toolchain (rustc + cargo) is the only prerequisite.
 
+### One-shot environment (agents and humans)
+
+From the repository root:
+
+```bash
+./scripts/setup-dev.sh
+```
+
+This installs the **stable** toolchain with **rustfmt** and **clippy** (via `rustup` when available), runs **`cargo fetch`**, and installs a pinned **mdBook** binary under `.tools/` (same version as the Docs CI workflow) so you can run `mdbook build` without a global install. Add `.tools` to `PATH` for convenience, or invoke `.tools/mdbook build` directly.
+
+The repo root **`rust-toolchain.toml`** pins **stable** and the **components** CI uses, so `cargo` automatically selects the right toolchain in fresh checkouts.
+
 ### Quick reference
 
 | Task | Command |
 |------|---------|
+| Setup (toolchain + fetch + mdbook) | `./scripts/setup-dev.sh` |
 | Build | `cargo build` |
 | Test | `cargo test --all-targets --all-features` |
 | Lint | `cargo clippy --all-targets --all-features` |
 | Format check | `cargo fmt --all -- --check` |
 | Auto-format | `cargo fmt` |
+| Docs site (mdBook) | `mdbook build` or `.tools/mdbook build` after setup |
 | Run CLI | `./target/debug/dumpling --help` |
 
 ### Running the CLI
@@ -295,6 +311,6 @@ Dumpling is fail-closed by default — it exits non-zero without a config file.
 
 ### Notes
 
-- All 94 tests are inline `#[cfg(test)]` modules; there are no separate test files or fixtures to manage.
+- All tests are inline `#[cfg(test)]` modules; there are no separate test files or fixtures to manage.
 - The update script uses `cargo fetch` to pre-download crate dependencies. A full `cargo build` or `cargo test` will then compile from the local cache without network access.
 - No environment variables or secrets are required for building, testing, or running the CLI locally.

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/CHANGELOG.md

@@ -7,6 +7,19 @@ and this project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.ht
 
 ## [Unreleased]
 
+## [0.3.0] - 2026-05-02
+
+### Added
+
+- **`faker` anonymization strategy** backed by the Rust [`fake`](https://crates.io/crates/fake) crate: select generators with `faker = "module::Type"` (for example `internet::SafeEmail`, `name::Name`). Unsupported targets fail at config load with a clear error; extending the allowlist requires a Dumpling release (see `src/faker_dispatch.rs`).
+- **JSON path rules in `[rules]`**: column keys such as `payload.profile.email` or `payload__profile__email` apply strategies to nested fields inside JSON text columns while preserving document structure. Conflicts between a whole-column rule and JSON path rules for the same base column are rejected at validation.
+- **`format` on `AnonymizerSpec`** for pattern-based faker generators such as `number::NumberWithFormat`.
+
+### Changed
+
+- **Legacy strategy names** `email`, `name`, `first_name`, and `last_name` in config are normalized at load time to `strategy = "faker"` with the same defaults as before (`internet::SafeEmail`, `name::Name`, `name::FirstName`, `name::LastName`), so existing configs keep working.
+- **`locale`** applies to both `faker` and `phone` strategies.
+
 ## [0.2.0] - 2026-05-02
 
 ### Added
@@ -30,4 +43,5 @@ and this project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.ht
 - Configurable output scan severities and per-category thresholds via `[output_scan]`.
 - JSON report section for output scan findings including category, count, threshold, severity, and sample locations.
 
+[0.3.0]: https://github.com/ababic/dumpling/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/ababic/dumpling/compare/v0.1.0...v0.2.0

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/CONTRIBUTING.md

@@ -13,6 +13,14 @@ For AI coding agents: also read `AGENTS.md`, which contains more detailed techni
 - **Rust stable toolchain** — install via [rustup.rs](https://rustup.rs/).
 - No database, Docker, or external services are required. Dumpling is a pure CLI tool.
 
+### One-shot setup (recommended)
+
+```bash
+./scripts/setup-dev.sh
+```
+
+Installs stable + `rustfmt` + `clippy`, prefetches crates, and downloads a pinned **mdBook** under `.tools/` (for `mdbook build`, same version as CI). Optional: `export PATH="$PWD/.tools:$PATH"`.
+
 ### Build and run
 
 ```bash

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/Cargo.lock

@@ -262,7 +262,7 @@ dependencies = [
 
 [[package]]
 name = "dumpling"
-version = "0.2.0"
+version = "0.3.0"
 dependencies = [
  "anyhow",
  "chrono",

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dumpling"
-version = "0.2.0"
+version = "0.3.0"
 edition = "2021"
 readme = "README.md"
 

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dumpling-cli
-Version: 0.2.0
+Version: 0.3.0
 Classifier: Development Status :: 4 - Beta
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers
@@ -112,8 +112,8 @@ salt = "${DUMPLING_GLOBAL_SALT}"
 
 # Rules are keyed by either "table" or "schema.table"
 [rules."public.users"]
-email = { strategy = "email", domain = "customer_identity", unique_within_domain = true }
-name  = { strategy = "name", locale = "de_de" }   # German-locale name
+email = { strategy = "faker", faker = "internet::SafeEmail", domain = "customer_identity", unique_within_domain = true }
+name  = { strategy = "faker", faker = "name::Name", locale = "de_de" }   # German-locale name
 ssn   = { strategy = "hash", salt = "${env:DUMPLING_USERS_SSN_SALT}", as_string = true }   # SHA-256 of original (salted)
 age   = { strategy = "int_range", min = 18, max = 90 }
 
@@ -153,8 +153,7 @@ token = "high"
 | `redact` | Replace with `REDACTED` (string) |
 | `uuid` | Random UUIDv4-like string |
 | `hash` | SHA-256 hex of original value; supports per-column `salt` and global `salt` |
-| `email` | Random-looking email at `example.com` |
-| `name` / `first_name` / `last_name` | Locale-aware fake name (configurable via `locale`); defaults to English |
+| `faker` | Values from the Rust [`fake`](https://crates.io/crates/fake) crate ([docs.rs](https://docs.rs/fake/latest/fake/), [`faker` modules](https://docs.rs/fake/latest/fake/faker/index.html)), chosen by a **string identifier** only (`faker = "module::Type"`, e.g. `internet::SafeEmail`). Config is **data only**: nothing from TOML is compiled or executed as Rust at runtime. Use `locale` for locale-aware generators; optional `min`/`max`, `length`, `format` as documented. Unsupported targets fail at config load. New generators require a **new Dumpling release** (or your own fork), not config-side code. |
 | `phone` | Locale-aware fake phone number (configurable via `locale`); defaults to English format |
 | `int_range` | Random integer in `[min, max]` |
 | `string` | Random alphanumeric string (`length = 12` by default) |
@@ -162,6 +161,12 @@ token = "high"
 | `time_fuzz` | Shifts a time-of-day by a random number of seconds in `[min_seconds, max_seconds]` with 24h wraparound (defaults: `-300..300`) |
 | `datetime_fuzz` | Shifts a timestamp/timestamptz by a random number of seconds in `[min_seconds, max_seconds]` (defaults: `-86400..86400`) |
 
+**`faker` reference (upstream `fake` crate):** Dumpling’s `faker = "module::Type"` strings mirror the Rust [`fake`](https://crates.io/crates/fake) crate’s [`faker`](https://docs.rs/fake/latest/fake/faker/index.html) module layout. Use these when picking or extending generators:
+
+- [docs.rs — `fake` crate root](https://docs.rs/fake/latest/fake/) (overview, `Fake` / `Dummy` traits, locales)
+- [docs.rs — `fake::faker` module index](https://docs.rs/fake/latest/fake/faker/index.html) (per-domain submodules: `address`, `internet`, `name`, …)
+- [GitHub — `cksac/fake-rs`](https://github.com/cksac/fake-rs) (source, README with the CLI’s generator name list)
+
 ### Secret references
 
 Dumpling resolves secret references in string config fields so plaintext salts/keys
@@ -209,7 +214,9 @@ dumpling --security-profile hardened --input dump.sql --check
 - `unique_within_domain`: when true, different source values are assigned unique pseudonyms within the configured `domain`. NULL values are unaffected and always remain NULL.
 - `min_days` / `max_days`: used by `date_fuzz`.
 - `min_seconds` / `max_seconds`: used by `time_fuzz` and `datetime_fuzz`.
-- `locale`: selects the language/regional format for the `name`, `first_name`, `last_name`, and `phone` strategies. Supported values: `en`, `fr_fr`, `de_de`, `it_it`, `pt_br`, `pt_pt`, `ar_sa`, `zh_cn`, `zh_tw`, `ja_jp`, `cy_gb`. Defaults to `en` when not specified.
+- `locale`: selects the language/regional format for the `faker` and `phone` strategies. Supported values: `en`, `fr_fr`, `de_de`, `it_it`, `pt_br`, `pt_pt`, `ar_sa`, `zh_cn`, `zh_tw`, `ja_jp`, `cy_gb`. Defaults to `en` when not specified.
+- `faker`: required when `strategy = "faker"`. A plain string `"module::Type"` (case-insensitive) that maps to a **built-in** generator compiled into Dumpling—not arbitrary Rust or expressions. Names follow [`fake::faker`](https://docs.rs/fake/latest/fake/faker/index.html) (e.g. `internet::SafeEmail` → `faker::internet::SafeEmail` in the crate).
+- `format`: used with `faker = "number::NumberWithFormat"`; pattern uses `#` (0–9) and `^` (1–9) per the [`fake` crate docs](https://docs.rs/fake/latest/fake/).
 
 > **Note:** `table_options` are no longer supported; use explicit `rules` and optional `column_cases`.
 
@@ -353,7 +360,7 @@ Define default strategies in `rules."<table>"` and add ordered per-column cases
 ```toml
 [rules."public.users"]
 email = { strategy = "hash", as_string = true }   # default
-name  = { strategy = "name" }
+name  = { strategy = "faker", faker = "name::Name" }
 
 [[column_cases."public.users".email]]
 when.any = [{ column = "is_admin", op = "eq", value = "true" }]
@@ -404,7 +411,7 @@ salt = "${DUMPLING_HMAC_KEY}"
 
 [rules."public.users"]
 ssn = { strategy = "hash", as_string = true }
-email = { strategy = "email", domain = "users" }
+email = { strategy = "faker", faker = "internet::SafeEmail", domain = "users" }
 ```
 
 ```bash

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/README.md

@@ -91,8 +91,8 @@ salt = "${DUMPLING_GLOBAL_SALT}"
 
 # Rules are keyed by either "table" or "schema.table"
 [rules."public.users"]
-email = { strategy = "email", domain = "customer_identity", unique_within_domain = true }
-name  = { strategy = "name", locale = "de_de" }   # German-locale name
+email = { strategy = "faker", faker = "internet::SafeEmail", domain = "customer_identity", unique_within_domain = true }
+name  = { strategy = "faker", faker = "name::Name", locale = "de_de" }   # German-locale name
 ssn   = { strategy = "hash", salt = "${env:DUMPLING_USERS_SSN_SALT}", as_string = true }   # SHA-256 of original (salted)
 age   = { strategy = "int_range", min = 18, max = 90 }
 
@@ -132,8 +132,7 @@ token = "high"
 | `redact` | Replace with `REDACTED` (string) |
 | `uuid` | Random UUIDv4-like string |
 | `hash` | SHA-256 hex of original value; supports per-column `salt` and global `salt` |
-| `email` | Random-looking email at `example.com` |
-| `name` / `first_name` / `last_name` | Locale-aware fake name (configurable via `locale`); defaults to English |
+| `faker` | Values from the Rust [`fake`](https://crates.io/crates/fake) crate ([docs.rs](https://docs.rs/fake/latest/fake/), [`faker` modules](https://docs.rs/fake/latest/fake/faker/index.html)), chosen by a **string identifier** only (`faker = "module::Type"`, e.g. `internet::SafeEmail`). Config is **data only**: nothing from TOML is compiled or executed as Rust at runtime. Use `locale` for locale-aware generators; optional `min`/`max`, `length`, `format` as documented. Unsupported targets fail at config load. New generators require a **new Dumpling release** (or your own fork), not config-side code. |
 | `phone` | Locale-aware fake phone number (configurable via `locale`); defaults to English format |
 | `int_range` | Random integer in `[min, max]` |
 | `string` | Random alphanumeric string (`length = 12` by default) |
@@ -141,6 +140,12 @@ token = "high"
 | `time_fuzz` | Shifts a time-of-day by a random number of seconds in `[min_seconds, max_seconds]` with 24h wraparound (defaults: `-300..300`) |
 | `datetime_fuzz` | Shifts a timestamp/timestamptz by a random number of seconds in `[min_seconds, max_seconds]` (defaults: `-86400..86400`) |
 
+**`faker` reference (upstream `fake` crate):** Dumpling’s `faker = "module::Type"` strings mirror the Rust [`fake`](https://crates.io/crates/fake) crate’s [`faker`](https://docs.rs/fake/latest/fake/faker/index.html) module layout. Use these when picking or extending generators:
+
+- [docs.rs — `fake` crate root](https://docs.rs/fake/latest/fake/) (overview, `Fake` / `Dummy` traits, locales)
+- [docs.rs — `fake::faker` module index](https://docs.rs/fake/latest/fake/faker/index.html) (per-domain submodules: `address`, `internet`, `name`, …)
+- [GitHub — `cksac/fake-rs`](https://github.com/cksac/fake-rs) (source, README with the CLI’s generator name list)
+
 ### Secret references
 
 Dumpling resolves secret references in string config fields so plaintext salts/keys
@@ -188,7 +193,9 @@ dumpling --security-profile hardened --input dump.sql --check
 - `unique_within_domain`: when true, different source values are assigned unique pseudonyms within the configured `domain`. NULL values are unaffected and always remain NULL.
 - `min_days` / `max_days`: used by `date_fuzz`.
 - `min_seconds` / `max_seconds`: used by `time_fuzz` and `datetime_fuzz`.
-- `locale`: selects the language/regional format for the `name`, `first_name`, `last_name`, and `phone` strategies. Supported values: `en`, `fr_fr`, `de_de`, `it_it`, `pt_br`, `pt_pt`, `ar_sa`, `zh_cn`, `zh_tw`, `ja_jp`, `cy_gb`. Defaults to `en` when not specified.
+- `locale`: selects the language/regional format for the `faker` and `phone` strategies. Supported values: `en`, `fr_fr`, `de_de`, `it_it`, `pt_br`, `pt_pt`, `ar_sa`, `zh_cn`, `zh_tw`, `ja_jp`, `cy_gb`. Defaults to `en` when not specified.
+- `faker`: required when `strategy = "faker"`. A plain string `"module::Type"` (case-insensitive) that maps to a **built-in** generator compiled into Dumpling—not arbitrary Rust or expressions. Names follow [`fake::faker`](https://docs.rs/fake/latest/fake/faker/index.html) (e.g. `internet::SafeEmail` → `faker::internet::SafeEmail` in the crate).
+- `format`: used with `faker = "number::NumberWithFormat"`; pattern uses `#` (0–9) and `^` (1–9) per the [`fake` crate docs](https://docs.rs/fake/latest/fake/).
 
 > **Note:** `table_options` are no longer supported; use explicit `rules` and optional `column_cases`.
 
@@ -332,7 +339,7 @@ Define default strategies in `rules."<table>"` and add ordered per-column cases
 ```toml
 [rules."public.users"]
 email = { strategy = "hash", as_string = true }   # default
-name  = { strategy = "name" }
+name  = { strategy = "faker", faker = "name::Name" }
 
 [[column_cases."public.users".email]]
 when.any = [{ column = "is_admin", op = "eq", value = "true" }]
@@ -383,7 +390,7 @@ salt = "${DUMPLING_HMAC_KEY}"
 
 [rules."public.users"]
 ssn = { strategy = "hash", as_string = true }
-email = { strategy = "email", domain = "users" }
+email = { strategy = "faker", faker = "internet::SafeEmail", domain = "users" }
 ```
 
 ```bash

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/docs/src/ci-guardrails.md

@@ -29,7 +29,7 @@ violations to stderr, and exits:
 | `empty-rules-table` | warning | A `[rules]` entry has no column rules. Likely a stale or incomplete config section. |
 | `empty-column-cases-table` | warning | A `[column_cases]` entry has no column cases. |
 | `unsalted-hash` | warning | A `hash` strategy is used with no salt (neither per-column `salt` nor global `salt`). Unsalted hashes are reversible via precomputed lookup tables for low-entropy inputs (names, emails, common IDs). |
-| `inconsistent-domain-strategy` | error | The same domain name is used with two or more different strategies. This breaks referential integrity: a domain shared between `email` and `name` would try to maintain a bidirectional map between incompatible pseudonym types. |
+| `inconsistent-domain-strategy` | error | The same domain name is used with two or more different strategies. This breaks referential integrity: a domain shared between incompatible generators (for example `faker` with different `faker` targets, or `faker` vs `hash`) cannot maintain a single stable mapping. |
 | `uncovered-sensitive-column` | error | A column listed in `[sensitive_columns]` has no matching anonymization rule or case. The column will pass through unmodified, making the sensitive declaration misleading. |
 
 ---

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/docs/src/configuration.md

@@ -31,6 +31,16 @@ If no configuration is found, Dumpling fails closed by default and exits non-zer
 Error output includes every checked location. If you intentionally want a no-op
 run, pass `--allow-noop`.
 
+## Faker strategy and the `fake` crate
+
+When you use `strategy = "faker"` with `faker = "module::Type"`, those names align with the Rust [**`fake`**](https://crates.io/crates/fake) crate’s [`faker`](https://docs.rs/fake/latest/fake/faker/index.html) modules (for example `name::FirstName` ↔ `fake::faker::name::raw::FirstName`). Use the upstream docs to discover available generators and options:
+
+- [docs.rs — `fake` (crate overview)](https://docs.rs/fake/latest/fake/)
+- [docs.rs — `fake::faker` (all faker submodules)](https://docs.rs/fake/latest/fake/faker/index.html)
+- [GitHub — `cksac/fake-rs` (source + README)](https://github.com/cksac/fake-rs)
+
+Dumpling only exposes a **subset** wired in `src/faker_dispatch.rs`; unsupported `module::Type` pairs fail at config load.
+
 ## Baseline config template
 
 ```toml
@@ -38,7 +48,7 @@ salt = "${DUMPLING_GLOBAL_SALT}"
 
 [rules."public.users"]
 email = { strategy = "hash", salt = "${env:DUMPLING_USERS_EMAIL_SALT}", as_string = true }
-name = { strategy = "name" }
+full_name = { strategy = "faker", faker = "name::Name" }
 
 [sensitive_columns]
 "public.users" = ["employee_number", "tax_id"]
@@ -184,6 +194,15 @@ Nested JSON targeting is supported in predicate `column` values via either:
 When a JSON path traverses an array, Dumpling checks each element (useful for
 list-of-dicts JSON structures).
 
+### JSON path rules (`json` / `jsonb` columns)
+
+You can anonymise values **inside** a text column that holds JSON using the same path syntax as row-filter predicates, but on **`[rules]` keys**:
+
+- Dot notation: `"payload.profile.email" = { strategy = "email", domain = "orders_email", as_string = true }`
+- Django-style: `"payload__profile__email" = { strategy = "hash", salt = "${env:ORDER_SECRET_SALT}", as_string = true }`
+
+The part before the first dot or `__` is the **SQL column name**; the rest is the path inside the parsed JSON document. Use **quoted** keys in TOML when the name contains dots. For a given table, you can use **either** path-level rules for a column **or** one whole-column rule for that column’s base name, not both (Dumpling rejects the conflict at startup). If a path is missing in a given row, that rule is skipped for that row. When only path rules apply (no whole-column rule), the rest of the JSON is left unchanged. Path rules are applied in **longest-path-first** order. `column_cases` still match the SQL column name only; use `when` predicates with nested `column` paths to branch on JSON content.
+
 ## Safety recommendations
 
 - Prefer deterministic runs in CI by passing `--seed` (or `DUMPLING_SEED`).
@@ -202,7 +221,7 @@ list-of-dicts JSON structures).
 - Sensitive columns are detected by:
   1. built-in column-name patterns, and
   2. explicit per-table lists under `[sensitive_columns]`.
-- A sensitive column is considered covered only if it has an explicit `rules` or `column_cases` entry.
+- A sensitive column is considered covered only if it has an explicit `rules` or `column_cases` entry (including JSON path rules whose base name is that column, e.g. `payload.x.y` covers `payload`).
 - If uncovered sensitive columns are found, Dumpling exits non-zero.
 
 When `--report` is enabled, coverage fields are added to JSON output:

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/docs/src/getting-started.md

@@ -2,9 +2,11 @@
 
 ## Prerequisites
 
-- Rust stable toolchain (edition 2021 compatible)
+- Rust **stable** toolchain (`rustup` recommended). The repo includes `rust-toolchain.toml` (stable + `rustfmt` + `clippy`) so CI and local `cargo` stay aligned.
 - `cargo` on your `PATH`
 
+Optional: run **`./scripts/setup-dev.sh`** once from the repo root — it installs toolchain components, **`cargo fetch`**, and a pinned **mdBook** under `.tools/` for the same docs build CI uses.
+
 ## Build
 
 ```bash

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/docs/src/index.md

@@ -11,9 +11,9 @@ This documentation covers the operating model for day-to-day use:
 
 ## Documentation quality gate
 
-All documentation is built with `mdBook` in CI:
+The mdBook site is built in CI as follows:
 
-- pull requests must pass the docs build job,
-- pushes to `main` automatically publish docs to GitHub Pages.
+- **Pull requests:** the **Docs (PR)** workflow runs `mdbook build` when docs-related paths change (no deploy).
+- **`main`:** the **Docs** workflow builds and deploys to GitHub Pages when docs-related paths change.
 
 This keeps the docs in a continuously deployable state instead of drifting from the codebase.

{dumpling_cli-0.2.0 → dumpling_cli-0.3.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "maturin"
 
 [project]
 name = "dumpling-cli"
-version = "0.2.0"
+version = "0.3.0"
 description = "Static anonymizer for plain SQL dumps (PostgreSQL, SQLite, SQL Server)."
 readme = "README.md"
 requires-python = ">=3.8"

dumpling_cli-0.3.0/rust-toolchain.toml

@@ -0,0 +1,3 @@
+[toolchain]
+channel = "stable"
+components = ["rustfmt", "clippy"]

dumpling_cli-0.3.0/scripts/setup-dev.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+# One-shot dev environment for Dumpling (Rust CLI + optional mdBook for docs).
+# Safe to re-run; skips work that is already done.
+#
+# Usage: from repo root —  ./scripts/setup-dev.sh
+#
+# Environment:
+#   MDBOOK_VERSION  — mdBook release tag (default: 0.4.52, matches CI docs workflow)
+
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT"
+
+MDBOOK_VERSION="${MDBOOK_VERSION:-0.4.52}"
+TOOLS_DIR="${ROOT}/.tools"
+MDBOOK_BIN="${TOOLS_DIR}/mdbook"
+
+require_rust() {
+	if ! command -v rustc >/dev/null 2>&1 || ! command -v cargo >/dev/null 2>&1; then
+		echo "error: rustc/cargo not found. Install Rust: https://rustup.rs/" >&2
+		exit 1
+	fi
+}
+
+mdbook_download_url() {
+	local arch
+	case "$(uname -sm)" in
+	Linux\ x86_64) arch="x86_64-unknown-linux-gnu" ;;
+	Darwin\ x86_64) arch="x86_64-apple-darwin" ;;
+	Darwin\ arm64) arch="aarch64-apple-darwin" ;;
+	*)
+		echo "error: unsupported OS/arch for prebuilt mdbook: $(uname -sm)" >&2
+		echo "Install mdbook yourself: https://github.com/rust-lang/mdBook/releases" >&2
+		exit 1
+		;;
+	esac
+	echo "https://github.com/rust-lang/mdBook/releases/download/v${MDBOOK_VERSION}/mdbook-v${MDBOOK_VERSION}-${arch}.tar.gz"
+}
+
+ensure_mdbook() {
+	if [[ -x "${MDBOOK_BIN}" ]]; then
+		installed="$("${MDBOOK_BIN}" --version 2>/dev/null | awk '{print $2}' || true)"
+		if [[ "${installed}" == "${MDBOOK_VERSION}" ]]; then
+			return 0
+		fi
+	fi
+
+	mkdir -p "${TOOLS_DIR}"
+	local url tmp
+	url="$(mdbook_download_url)"
+	tmp="$(mktemp -d)"
+	trap 'rm -rf "${tmp}"' EXIT
+	echo "Downloading mdbook v${MDBOOK_VERSION}…"
+	curl -fsSL "${url}" | tar xz -C "${tmp}"
+	mv "${tmp}/mdbook" "${MDBOOK_BIN}"
+	chmod +x "${MDBOOK_BIN}"
+	trap - EXIT
+	rm -rf "${tmp}"
+}
+
+main() {
+	require_rust
+
+	if command -v rustup >/dev/null 2>&1; then
+		echo "Installing stable toolchain + rustfmt + clippy (rustup)…"
+		rustup toolchain install stable
+		rustup component add rustfmt clippy --toolchain stable
+	else
+		echo "warning: rustup not found; ensure rustfmt and clippy are installed for stable CI parity." >&2
+	fi
+
+	echo "Prefetching crates (cargo fetch)…"
+	cargo fetch
+
+	ensure_mdbook
+	echo "mdbook: ${MDBOOK_BIN} ($("${MDBOOK_BIN}" --version))"
+
+	echo
+	echo "Done. Typical checks:"
+	echo "  cargo fmt --all -- --check"
+	echo "  cargo clippy --all-targets --all-features"
+	echo "  cargo test --all-targets --all-features"
+	echo "  ${MDBOOK_BIN} build   # same as Docs CI (book.toml → docs/book)"
+	echo
+	echo "Tip: add ${TOOLS_DIR} to PATH for this shell:  export PATH=\"${TOOLS_DIR}:\${PATH}\""
+}
+
+main "$@"