[codex] Add Ruby Bundler cooldown conventions#4
Conversation
|
Warning Review limit reached
More reviews will be available in 44 minutes and 29 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughThis pull request adds comprehensive Ruby/Rails/Rack support to 508-devkit as an opt-in convention stack. It includes Bundler cooldown supply-chain policies enforcing version 4.0.13+, extends developer guidance documents, provides a reusable ChangesRuby and Bundler Stack Addition
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f8af63ebb6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Pull request overview
Adds an optional Ruby convention pack to 508 Devkit and documents Bundler “cooldown” usage (Bundler ≥ 4.0.13) so agents and downstream repos can apply supply-chain cooldown policy safely and consistently.
Changes:
- Introduces
stacks/rubywith a cooldown-awareGemfile.exampleplussetup/dev/lint/test/check-allshell wrappers. - Expands agent-facing guidance (skill + docs) to inspect Ruby/Bundler artifacts and verify Bundler compatibility before adding cooldown syntax.
- Updates supply-chain and tooling docs to include Bundler cooldown and locked/frozen install guidance.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| stacks/ruby/scripts/test.sh | Adds Ruby test runner wrapper (RSpec or Minitest directory detection). |
| stacks/ruby/scripts/setup.sh | Adds Bundler presence/version gate and runs bundle install. |
| stacks/ruby/scripts/lint.sh | Adds RuboCop wrapper. |
| stacks/ruby/scripts/dev.sh | Adds adaptive Ruby dev entrypoint wrapper (bin/dev, Rails, Rack). |
| stacks/ruby/scripts/check-all.sh | Adds Ruby stack validation wrapper (bundle check + lint + test). |
| stacks/ruby/README.md | Documents how to apply/copy the Ruby stack and Bundler cooldown requirements. |
| stacks/ruby/Gemfile.example | Provides example Gemfile with cooldown: 7 on RubyGems and basic dev/test gems. |
| skills/508-devkit/SKILL.md | Updates agent workflow to inspect Ruby files/lockfiles and adds Bundler cooldown guidance. |
| README.md | Advertises Ruby stack availability and Bundler cooldown coverage. |
| docs/tooling.md | Documents Ruby stack usage and adds Bundler to dependency safety guidance. |
| docs/supply-chain.md | Adds Ruby/Bundler supply-chain policy section and CI frozen install guidance. |
| CLAUDE.md | Updates agent execution guidance to include bundle exec for Ruby workspaces. |
| AGENTS.md | Adds Bundler cooldown/version gating guidance and Ruby stack listing. |
Comments suppressed due to low confidence (1)
stacks/ruby/scripts/test.sh:15
./scripts/check-all.shcan report success even when the project has no tests because this script prints a message and exits 0. For a validation wrapper, it should fail fast when neitherspec/nortest/exists so CI/local checks don’t silently skip test execution.
echo "No spec/ or test/ directory found."
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| cd "$(dirname "$0")/.." | ||
|
|
||
| eval "$(./scripts/worktree-ports.sh export)" |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
stacks/ruby/scripts/setup.sh (1)
11-11: 💤 Low valueConsider robustness of version extraction.
The
awk '{print $3}'assumesbundle --versionoutputs in the formatBundler version X.Y.Z. While this is the standard format, consider adding a fallback or validation to handle unexpected output gracefully.♻️ Optional: More robust version extraction
-version="$(bundle --version | awk '{print $3}')" +version="$(bundle --version | awk '{print $3}' || echo "0.0.0")" +if [ "$version" = "0.0.0" ]; then + echo "Could not parse Bundler version from 'bundle --version'." >&2 + exit 1 +fi🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@stacks/ruby/scripts/setup.sh` at line 11, The version extraction using version="$(bundle --version | awk '{print $3}')" can break on unexpected output; change the assignment to capture and validate the raw output of bundle --version (call out the command), then parse it with a regex or more resilient tool (eg. grep -oE for semantic version) and fall back to a sensible default or error path if no valid X.Y.Z is found; ensure you also check bundle's exit status before parsing and assign/exit accordingly so the variable version is never left empty or malformed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@stacks/ruby/scripts/setup.sh`:
- Line 11: The version extraction using version="$(bundle --version | awk
'{print $3}')" can break on unexpected output; change the assignment to capture
and validate the raw output of bundle --version (call out the command), then
parse it with a regex or more resilient tool (eg. grep -oE for semantic version)
and fall back to a sensible default or error path if no valid X.Y.Z is found;
ensure you also check bundle's exit status before parsing and assign/exit
accordingly so the variable version is never left empty or malformed.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: d32577b2-4009-429c-acef-13e13ba67293
📒 Files selected for processing (13)
AGENTS.mdCLAUDE.mdREADME.mddocs/supply-chain.mddocs/tooling.mdskills/508-devkit/SKILL.mdstacks/ruby/Gemfile.examplestacks/ruby/README.mdstacks/ruby/scripts/check-all.shstacks/ruby/scripts/dev.shstacks/ruby/scripts/lint.shstacks/ruby/scripts/setup.shstacks/ruby/scripts/test.sh
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bb36a6e087
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Summary
stacks/rubyconvention pack with a cooldown-awareGemfile.exampleand setup/dev/lint/test/check wrappers.Validation
./scripts/check-all.shsh -n stacks/ruby/scripts/*.shruby -c stacks/ruby/Gemfile.exampleNotes
No
Gemfile.lockis committed for the example stack because the local Bundler is1.17.2; the docs direct agents to generate a project-specific lockfile only after upgrading and pinning Bundler4.0.13or newer in the target repo.Summary by CodeRabbit
Release Notes
New Features
Documentation