StandardRB fixes

config/initializers/active_record_encryption.rb

@@ -8,14 +8,14 @@
 #   - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
 
 # Use env vars if set, otherwise derive from SECRET_KEY_BASE (deterministic)
-primary_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY') do
-  Rails.application.key_generator.generate_key('active_record_encryption_primary', 32)
+primary_key = ENV.fetch("ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY") do
+  Rails.application.key_generator.generate_key("active_record_encryption_primary", 32)
 end
-deterministic_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY') do
-  Rails.application.key_generator.generate_key('active_record_encryption_deterministic', 32)
+deterministic_key = ENV.fetch("ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY") do
+  Rails.application.key_generator.generate_key("active_record_encryption_deterministic", 32)
 end
-key_derivation_salt = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT') do
-  Rails.application.key_generator.generate_key('active_record_encryption_salt', 32)
+key_derivation_salt = ENV.fetch("ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT") do
+  Rails.application.key_generator.generate_key("active_record_encryption_salt", 32)
 end
 
 # Configure Rails 7.1+ ActiveRecord encryption

config/initializers/content_security_policy.rb

@@ -56,14 +56,13 @@ Rails.application.configure do
     policy.require_trusted_types_for :none
 
     # CSP reporting using report_uri (supported method)
-    policy.report_uri  "/api/csp-violation-report"
+    policy.report_uri "/api/csp-violation-report"
   end
 
-  
   # Start with CSP in report-only mode for testing
   # Set to false after verifying everything works in production
   config.content_security_policy_report_only = Rails.env.development?
 
   # Report CSP violations (optional - uncomment to enable)
   # config.content_security_policy_report_uri = "/csp-violations"
-end
+end

config/initializers/csp_local_logger.rb

@@ -8,7 +8,7 @@ Rails.application.config.after_initialize do
   # Configure log rotation
   csp_logger = Logger.new(
     csp_log_path,
-    'daily',  # Rotate daily
+    "daily",  # Rotate daily
     30        # Keep 30 old log files
   )
 
@@ -16,7 +16,7 @@ Rails.application.config.after_initialize do
 
   # Format: [TIMESTAMP] LEVEL MESSAGE
   csp_logger.formatter = proc do |severity, datetime, progname, msg|
-    "[#{datetime.strftime('%Y-%m-%d %H:%M:%S')}] #{severity} #{msg}\n"
+    "[#{datetime.strftime("%Y-%m-%d %H:%M:%S")}] #{severity} #{msg}\n"
   end
 
   module CspViolationLocalLogger
@@ -25,9 +25,9 @@ Rails.application.config.after_initialize do
 
       # Skip logging if there's no meaningful violation data
       return if csp_data.empty? ||
-                (csp_data[:violated_directive].nil? &&
-                 csp_data[:blocked_uri].nil? &&
-                 csp_data[:document_uri].nil?)
+        (csp_data[:violated_directive].nil? &&
+         csp_data[:blocked_uri].nil? &&
+         csp_data[:document_uri].nil?)
 
       # Build a structured log message
       violated_directive = csp_data[:violated_directive] || "unknown"
@@ -69,7 +69,6 @@ Rails.application.config.after_initialize do
 
       # Also log to main Rails logger for visibility
       Rails.logger.info "CSP violation logged to csp_violations.log: #{violated_directive} - #{blocked_uri}"
-
     rescue => e
       # Ensure logger errors don't break the CSP reporting flow
       Rails.logger.error "Failed to log CSP violation to file: #{e.message}"
@@ -81,12 +80,12 @@ Rails.application.config.after_initialize do
         csp_log_path = Rails.root.join("log", "csp_violations.log")
         logger = Logger.new(
           csp_log_path,
-          'daily',  # Rotate daily
+          "daily",  # Rotate daily
           30        # Keep 30 old log files
         )
         logger.level = Logger::INFO
         logger.formatter = proc do |severity, datetime, progname, msg|
-          "[#{datetime.strftime('%Y-%m-%d %H:%M:%S')}] #{severity} #{msg}\n"
+          "[#{datetime.strftime("%Y-%m-%d %H:%M:%S")}] #{severity} #{msg}\n"
         end
         logger
       end
@@ -120,9 +119,8 @@ Rails.application.config.after_initialize do
 
     # Test write to ensure permissions are correct
     csp_logger.info "CSP Logger initialized at #{Time.current}"
-
   rescue => e
     Rails.logger.error "Failed to initialize CSP local logger: #{e.message}"
     Rails.logger.error "CSP violations will only be sent to Sentry (if configured)"
   end
-end
+end

config/initializers/permissions_policy.rb

@@ -3,12 +3,12 @@
 
 Rails.application.config.permissions_policy do |f|
   # Disable sensitive browser features for security
-  f.camera           :none
-  f.gyroscope        :none
-  f.microphone       :none
-  f.payment          :none
-  f.usb              :none
-  f.magnetometer     :none
+  f.camera :none
+  f.gyroscope :none
+  f.microphone :none
+  f.payment :none
+  f.usb :none
+  f.magnetometer :none
 
   # You can enable specific features as needed:
   # f.fullscreen      :self

config/initializers/sentry.rb

@@ -74,7 +74,7 @@ Rails.application.configure do
       app_environment: Rails.env,
       # Add CSP policy status
       csp_enabled: defined?(Rails.application.config.content_security_policy) &&
-                   Rails.application.config.content_security_policy.present?
+        Rails.application.config.content_security_policy.present?
     }
   end
 
@@ -120,13 +120,13 @@ Rails.application.configure do
     if breadcrumb[:data]
       breadcrumb[:data].reject! { |key, value|
         key.to_s.match?(/password|secret|token|key|authorization/i) ||
-        value.to_s.match?(/password|secret/i)
+          value.to_s.match?(/password|secret/i)
       }
     end
 
     # Mark CSP-related events
     if breadcrumb[:message]&.include?("CSP Violation") ||
-       breadcrumb[:category]&.include?("csp")
+        breadcrumb[:category]&.include?("csp")
       breadcrumb[:data] ||= {}
       breadcrumb[:data][:security_event] = true
       breadcrumb[:data][:csp_violation] = true
@@ -137,4 +137,4 @@ Rails.application.configure do
 
   # Only send errors in production unless explicitly enabled
   config.sentry.enabled = Rails.env.production? || ENV["SENTRY_ENABLED_IN_DEVELOPMENT"] == "true"
-end
+end

config/initializers/sentry_subscriber.rb

@@ -47,7 +47,7 @@ Rails.application.config.after_initialize do
               timestamp: csp_data[:timestamp]
             }
           },
-          user: csp_data[:current_user_id] ? { id: csp_data[:current_user_id] } : nil
+          user: csp_data[:current_user_id] ? {id: csp_data[:current_user_id]} : nil
         )
 
         # Log to Rails logger for redundancy
@@ -69,10 +69,10 @@ Rails.application.config.after_initialize do
           parsed.host
         rescue URI::InvalidURIError
           # Handle cases where URI might be malformed or just a path
-          if uri.start_with?('/')
+          if uri.start_with?("/")
             nil  # It's a relative path, no domain
           else
-            uri.split('/').first  # Best effort extraction
+            uri.split("/").first  # Best effort extraction
           end
         end
       end
@@ -117,4 +117,4 @@ Rails.application.config.after_initialize do
   else
     Rails.logger.info "Sentry not initialized - CSP violations will only be logged locally"
   end
-end
+end

config/initializers/token_hmac.rb

@@ -3,5 +3,5 @@
 # Derived from SECRET_KEY_BASE - no storage needed, deterministic output
 # Optional: Set OIDC_TOKEN_PREFIX_HMAC env var to override with explicit key
 module TokenHmac
-  KEY = ENV['OIDC_TOKEN_PREFIX_HMAC'] || Rails.application.key_generator.generate_key('oidc_token_prefix', 32)
+  KEY = ENV["OIDC_TOKEN_PREFIX_HMAC"] || Rails.application.key_generator.generate_key("oidc_token_prefix", 32)
 end

config/initializers/webauthn.rb

@@ -68,4 +68,4 @@ end
 # CLINCH_RP_NAME="Example Company Identity Provider"
 # CLINCH_WEBAUTHN_ATTESTATION=none
 # CLINCH_WEBAUTHN_USER_VERIFICATION=preferred
-# CLINCH_WEBAUTHN_RESIDENT_KEY=preferred
+# CLINCH_WEBAUTHN_RESIDENT_KEY=preferred