Module: Asherah

Defined in:

lib/asherah.rb,
lib/asherah/error.rb,
lib/asherah/hooks.rb,
lib/asherah/config.rb,
lib/asherah/native.rb,
lib/asherah/session.rb,
lib/asherah/version.rb,
lib/asherah/session_factory.rb

Defined Under Namespace

Modules: Hooks, Native Classes: Config, Error, Session, SessionFactory

Constant Summary

DEFAULT_SESSION_CACHE_MAX_SIZE =

1000

VERSION =

"0.10.1"

Class Method Summary

• .clear_log_hook ⇒ Object

  Remove the active log hook, if any.

• .clear_metrics_hook ⇒ Object

  Remove the active metrics hook and disable metrics.

• .configure ⇒ Object

  Configure Asherah using a block with snake_case accessors.

• .decrypt(partition_id, data_row_record) ⇒ Object
• .decrypt_async(partition_id, data_row_record, &block) ⇒ Object

  Run decrypt in a background Thread; see ‘setup_async` for the exception-propagation contract.

• .decrypt_string(partition_id, data_row_record) ⇒ Object
• .encrypt(partition_id, payload) ⇒ Object
• .encrypt_async(partition_id, payload, &block) ⇒ Object

  Run encrypt in a background Thread; see ‘setup_async` for the exception-propagation contract.

• .encrypt_string(partition_id, text) ⇒ Object
• .get_setup_status ⇒ Object
• .set_log_hook(callback = nil, &block) ⇒ Object

  Install a log hook.

• .set_metrics_hook(callback = nil, &block) ⇒ Object

  Install a metrics hook.

• .setenv(env = {}) ⇒ Object (also: set_env)
• .setup(config) ⇒ Object

  Initialize Asherah with a PascalCase config hash.

• .setup_async(config, &block) ⇒ Object

  Run setup in a background Thread.

• .shutdown ⇒ Object
• .shutdown_async(&block) ⇒ Object

  Run shutdown in a background Thread; see ‘setup_async` for the exception-propagation contract.

Class Method Details

.clear_log_hook ⇒ Object

Remove the active log hook, if any. Idempotent.

# File 'lib/asherah.rb', line 221

def clear_log_hook
  Hooks.clear_log_hook
end

.clear_metrics_hook ⇒ Object

Remove the active metrics hook and disable metrics. Idempotent.

# File 'lib/asherah.rb', line 239

def clear_metrics_hook
  Hooks.clear_metrics_hook
end

.configure ⇒ Object

Configure Asherah using a block with snake_case accessors. Compatible with the canonical godaddy/asherah-ruby gem API.

Asherah.configure do |config|
  config.service_name = "MyService"
  config.product_id = "MyProduct"
  config.kms = "static"
  config.metastore = "memory"
end

# File 'lib/asherah.rb', line 40

def configure
  @mutex.synchronize do
    raise Error::AlreadyInitialized if @initialized

    config = Config.new
    yield config
    config.validate!

    json = config.to_json
    pointer = Native.asherah_factory_new_with_config(json)
    @factory = SessionFactory.new(pointer)
    @sessions = {}
    @initialized = true
    @session_cache_enabled = config.enable_session_caching != false
    @session_cache_max_size = positive_int(config.session_cache_max_size) || DEFAULT_SESSION_CACHE_MAX_SIZE
    @verbose = config.verbose == true
  end
end

.decrypt(partition_id, data_row_record) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/asherah.rb', line 176

def decrypt(partition_id, data_row_record)
  raise ArgumentError, "data_row_record cannot be nil" if data_row_record.nil?
  session = resolve_session(partition_id)
  session.decrypt_bytes(data_row_record).force_encoding(Encoding::UTF_8)
end

.decrypt_async(partition_id, data_row_record, &block) ⇒ Object

Run decrypt in a background Thread; see ‘setup_async` for the exception-propagation contract.

# File 'lib/asherah.rb', line 200

def decrypt_async(partition_id, data_row_record, &block)
  Thread.new do
    Thread.current.report_on_exception = true
    result = decrypt(partition_id, data_row_record)
    block&.call(result)
    result
  end
end

.decrypt_string(partition_id, data_row_record) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/asherah.rb', line 182

def decrypt_string(partition_id, data_row_record)
  raise ArgumentError, "data_row_record cannot be nil" if data_row_record.nil?
  decrypt(partition_id, data_row_record).force_encoding(Encoding::UTF_8)
end

.encrypt(partition_id, payload) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/asherah.rb', line 165

def encrypt(partition_id, payload)
  raise ArgumentError, "payload cannot be nil" if payload.nil?
  session = resolve_session(partition_id)
  session.encrypt_bytes(payload)
end

.encrypt_async(partition_id, payload, &block) ⇒ Object

Run encrypt in a background Thread; see ‘setup_async` for the exception-propagation contract.

# File 'lib/asherah.rb', line 189

def encrypt_async(partition_id, payload, &block)
  Thread.new do
    Thread.current.report_on_exception = true
    result = encrypt(partition_id, payload)
    block&.call(result)
    result
  end
end

.encrypt_string(partition_id, text) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/asherah.rb', line 171

def encrypt_string(partition_id, text)
  raise ArgumentError, "text cannot be nil" if text.nil?
  encrypt(partition_id, text)
end

.get_setup_status ⇒ Object

# File 'lib/asherah.rb', line 140

def get_setup_status
  @mutex.synchronize { @initialized }
end

.set_log_hook(callback = nil, &block) ⇒ Object

Install a log hook. Yields a Hash {level:, target:, message:} for every log record emitted by the underlying Rust crates. The block may fire from any thread; implementations must be thread-safe and non-blocking. Pass nil to clear (equivalent to clear_log_hook).

Replaces any previously installed log hook. Exceptions raised from the callback are caught and silently swallowed.

# File 'lib/asherah.rb', line 216

def set_log_hook(callback = nil, &block)
  Hooks.set_log_hook(callback, &block)
end

.set_metrics_hook(callback = nil, &block) ⇒ Object

Install a metrics hook. Yields a Hash {type:, duration_ns:, name:} for every metrics event. Timing events (:decrypt, :store, :load) carry a positive duration_ns and a nil name; cache events (:cache_miss, :cache_stale) carry duration_ns == 0 and the cache identifier in name.

Installing a hook implicitly enables the global metrics gate; clearing it disables the gate. Replaces any previously installed metrics hook. Pass nil to clear (equivalent to clear_metrics_hook).

# File 'lib/asherah.rb', line 234

def set_metrics_hook(callback = nil, &block)
  Hooks.set_metrics_hook(callback, &block)
end

.setenv(env = {}) ⇒ Object Also known as: set_env

# File 'lib/asherah.rb', line 144

def setenv(env = {})
  data = case env
         when String
           JSON.parse(env)
         else
           env
         end
  unless data.respond_to?(:each_pair)
    raise ArgumentError, "environment payload must be a Hash or JSON object"
  end
  data.each_pair do |k, v|
    if v.nil?
      ENV.delete(String(k))
    else
      ENV[String(k)] = v.to_s
    end
  end
  nil
end

.setup(config) ⇒ Object

Initialize Asherah with a PascalCase config hash. Also accepts snake_case string/symbol keys (auto-normalized).

# File 'lib/asherah.rb', line 61

def setup(config)
  normalized = normalize_config(config)
  json = JSON.generate(normalized)

  pointer = Native.asherah_factory_new_with_config(json)
  factory = SessionFactory.new(pointer)

  @mutex.synchronize do
    raise Error::AlreadyInitialized if @initialized

    @factory = factory
    @sessions = {}
    @initialized = true
    @session_cache_enabled = truthy(normalized["EnableSessionCaching"], default: true)
    @session_cache_max_size = positive_int(normalized["SessionCacheMaxSize"]) || DEFAULT_SESSION_CACHE_MAX_SIZE
    @verbose = truthy(normalized["Verbose"], default: false)
  end

  nil
rescue StandardError
  factory&.close if defined?(factory) && factory
  raise
end

.setup_async(config, &block) ⇒ Object

Run setup in a background Thread. Yields the result to block on success. Exceptions raised by setup propagate via the Thread’s joined error — the previous implementation called the block with the result on success but silently dropped the Thread’s error state on failure, leaving callers unable to distinguish completion from an unsetup factory. The Thread aborts on exception (‘Thread.report_on_exception = true`), so a stack trace lands on stderr; callers that need programmatic access should `thread.join` to re-raise. T-finding “setup_async/shutdown_async/ encrypt_async/decrypt_async swallow Thread exceptions” in `docs/review-2026-05-05-findings.md`.

# File 'lib/asherah.rb', line 96

def setup_async(config, &block)
  Thread.new do
    Thread.current.report_on_exception = true
    result = setup(config)
    block&.call(result)
    result
  end
end

.shutdown ⇒ Object

# File 'lib/asherah.rb', line 105

def shutdown
  factory = nil
  sessions = nil
  @mutex.synchronize do
    raise Error::NotInitialized unless @initialized

    factory = @factory
    sessions = @sessions.values
    @factory = nil
    @sessions = {}
    @initialized = false
  end

  Array(sessions).each do |session|
    begin
      session.close unless session.closed?
    rescue StandardError => e
      warn "asherah: error closing session during shutdown: #{e.message}"
    end
  end
  factory&.close unless factory&.closed?
  nil
end

.shutdown_async(&block) ⇒ Object

Run shutdown in a background Thread; see ‘setup_async` for the exception-propagation contract.

# File 'lib/asherah.rb', line 131

def shutdown_async(&block)
  Thread.new do
    Thread.current.report_on_exception = true
    result = shutdown
    block&.call(result)
    result
  end
end