feat: add config DSL methods for PII redaction (T7)#55
Open
feat: add config DSL methods for PII redaction (T7)#55
Conversation
…ased refactor Remove dual-layer PII redaction system (database rules + class-based redactors) to prepare for new unified pattern-based architecture. Deleted: - RedactionRule model and migration (database-backed rules) - Base, Email, Phone, CardPAN redactor classes - Related tests for legacy system Modified: - RedactionPipeline: removed apply_database_rules! method - Config: default_redactors now returns [] with TODO comment - Tests: updated to use custom_redactors instead of built-in ones Breaking change: No redactors active until new Pattern system is implemented (T1-T3). Tests pass: 123 runs, 368 assertions, 0 failures Related: #38-#54 (PII Redaction Architecture Refactor)
Implements immutable value object for tracking PII redaction operations, supporting GDPR/CCPA compliance requirements (Spec Gap 9). Key features: - Immutable instances with builder pattern methods - Tracks redaction metadata: timestamp, redactors applied, fields, counts - LLM redaction status tracking (success, failed, skipped) - Methods: record_redaction, record_llm_failure, record_llm_success, to_h - Deduplicates and sorts redactor names - Compact JSON serialization via to_h Comprehensive test suite (22 tests): - Default initialization and timestamp handling - Redaction recording and deduplication - Immutability verification - LLM status transitions - Hash serialization with nil filtering - Complex nested scenarios and chaining Next: Integrate with RedactionPipeline and NormalizedInteraction
Add public method to convert ActiveRecord actors to job-safe serialized format for background job enqueueing. Supports GlobalID extraction with fallback to type/id tuple for objects without GlobalID support. Closes #42
Add pattern-based redaction DSL to Config class: - config.redact :email, :phone - enables individual patterns - config.redact_group :api_keys - enables pattern groups - config.redact_pattern(/regex/, "[REPLACEMENT]") - custom patterns - config.active_patterns - returns all enabled Pattern objects Also includes: - T2: Validators module with Luhn and SSN range validation - T3: PATTERNS hash with 16 built-in patterns (email, phone, credit_card, ssn, openai_key, anthropic_key, aws_key, stripe_key, github_token, github_pat, bearer_token, basic_auth, private_key, ipv4, ipv6, jwt) - PATTERN_GROUPS for convenient batch enabling (pii, financial, api_keys, auth, network, crypto) Invalid pattern names raise ConfigurationError at config time for early validation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements T7 (#44): Config DSL methods for enabling pattern-based PII redaction.
New Config API
Included Changes
Validation
ConfigurationErrorat config timeConfigurationErrorat config timeTest Plan