[codex] Add Ruby Bundler cooldown conventions

[michaelmwu]

Summary

• Add Ruby/Bundler supply-chain guidance for Bundler 4.0.13 cooldowns and locked CI installs.
• Add an optional stacks/ruby convention pack with a cooldown-aware Gemfile.example and setup/dev/lint/test/check wrappers.
• Update agent-facing docs and the 508 Devkit skill so future agents inspect Ruby files and verify Bundler compatibility before applying cooldown syntax.

Validation

• ./scripts/check-all.sh
• sh -n stacks/ruby/scripts/*.sh
• ruby -c stacks/ruby/Gemfile.example

Notes

No Gemfile.lock is committed for the example stack because the local Bundler is 1.17.2; the docs direct agents to generate a project-specific lockfile only after upgrading and pinning Bundler 4.0.13 or newer in the target repo.

Summary by CodeRabbit

Release Notes

• New Features

  • Added Ruby/Rails/Rack framework support to the development kit
  • New Ruby stack with example configuration and bundled development tooling (dev, test, lint, setup scripts)
  • Implemented Bundler dependency management with cooldown requirements

• Documentation

  • Updated supply-chain and tooling guides for Ruby project conventions
  • Added Ruby as an opt-in framework option for repository setup

[coderabbitai]

Warning

Review limit reached

@michaelmwu, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 44 minutes and 29 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: dbd4e27f-4a27-436e-862d-758c5e6ab0fc

📥 Commits

Reviewing files that changed from the base of the PR and between f8af63e and af13437.

📒 Files selected for processing (5)

• docs/supply-chain.md
• skills/508-devkit/SKILL.md
• stacks/ruby/README.md
• stacks/ruby/scripts/dev.sh
• stacks/ruby/scripts/test.sh

📝 Walkthrough

Walkthrough

This pull request adds comprehensive Ruby/Rails/Rack support to 508-devkit as an opt-in convention stack. It includes Bundler cooldown supply-chain policies enforcing version 4.0.13+, extends developer guidance documents, provides a reusable stacks/ruby/ template with setup validation and runtime scripts, and integrates Ruby-specific instructions into the devkit skill documentation.

Changes

Ruby and Bundler Stack Addition

Layer / File(s)	Summary
Ruby adoption messaging in core docs README.md, AGENTS.md, CLAUDE.md	README introduces Ruby as an optional stack under "What It Captures" and lists stacks/ruby/ under "Pick-And-Choose Stacks." AGENTS documents Bundler version requirements and CI frozen-install guidance. CLAUDE adds bundle exec as a preferred script runner.
Bundler cooldown and Ruby policies docs/supply-chain.md, docs/tooling.md	New Ruby/Bundler policy section defines Bundler 4.0.13+ requirement for cooldown syntax, upgrade steps, and per-source configuration. CI bundle install updated with deployment/frozen environment flags. Tooling guide covers Bundler conventions and RuboCop/RSpec checks.
Skill guidance for Ruby stack application skills/508-devkit/SKILL.md	Extends devkit instructions with Ruby stack rules, dependency file detection (Gemfile, .ruby-version, etc.), port helper conventions, and a dedicated section on Bundler cooldown version validation before configuration.
Ruby stack template, example, and setup validation stacks/ruby/README.md, stacks/ruby/Gemfile.example, stacks/ruby/scripts/setup.sh	Stack README documents copy/install steps and Bundler 4.0.13+ requirement. Gemfile.example provides Ruby 3.2+ with RSpec, RuboCop, and RuboCop-Performance. Setup script validates bundle availability and enforces Bundler version >= 4.0.13 using Gem::Version comparison before running bundle install.
Development and validation runtime scripts stacks/ruby/scripts/dev.sh, stacks/ruby/scripts/lint.sh, stacks/ruby/scripts/test.sh, stacks/ruby/scripts/check-all.sh	Dev script bootstraps environment via worktree-ports.sh, sets Rails/Rack environment defaults, then selects entrypoint at runtime: bin/dev, bin/rails server, or bundle exec rackup. Lint runs bundle exec rubocop. Test conditionally runs RSpec or Minitest loader. Check-all runs dependencies, lint, and tests in sequence.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

A Ruby stack takes root today,
With Bundler locked the safest way.
Version checks guard the cooldown gate,
Dev scripts run with state just great.
Scripts dance and tests align so fine, 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically identifies the main change: adding Ruby Bundler cooldown conventions to the codebase. It directly relates to the primary objective of introducing supply-chain guidance for Bundler 4.0.13 and the optional Ruby stack.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch michaelmwu/ruby-bundler-cooldown

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f8af63ebb6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

Adds an optional Ruby convention pack to 508 Devkit and documents Bundler “cooldown” usage (Bundler ≥ 4.0.13) so agents and downstream repos can apply supply-chain cooldown policy safely and consistently.

Changes:

• Introduces stacks/ruby with a cooldown-aware Gemfile.example plus setup/dev/lint/test/check-all shell wrappers.
• Expands agent-facing guidance (skill + docs) to inspect Ruby/Bundler artifacts and verify Bundler compatibility before adding cooldown syntax.
• Updates supply-chain and tooling docs to include Bundler cooldown and locked/frozen install guidance.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
stacks/ruby/scripts/test.sh	Adds Ruby test runner wrapper (RSpec or Minitest directory detection).
stacks/ruby/scripts/setup.sh	Adds Bundler presence/version gate and runs bundle install.
stacks/ruby/scripts/lint.sh	Adds RuboCop wrapper.
stacks/ruby/scripts/dev.sh	Adds adaptive Ruby dev entrypoint wrapper (bin/dev, Rails, Rack).
stacks/ruby/scripts/check-all.sh	Adds Ruby stack validation wrapper (bundle check + lint + test).
stacks/ruby/README.md	Documents how to apply/copy the Ruby stack and Bundler cooldown requirements.
stacks/ruby/Gemfile.example	Provides example Gemfile with cooldown: 7 on RubyGems and basic dev/test gems.
skills/508-devkit/SKILL.md	Updates agent workflow to inspect Ruby files/lockfiles and adds Bundler cooldown guidance.
README.md	Advertises Ruby stack availability and Bundler cooldown coverage.
docs/tooling.md	Documents Ruby stack usage and adds Bundler to dependency safety guidance.
docs/supply-chain.md	Adds Ruby/Bundler supply-chain policy section and CI frozen install guidance.
CLAUDE.md	Updates agent execution guidance to include bundle exec for Ruby workspaces.
AGENTS.md	Adds Bundler cooldown/version gating guidance and Ruby stack listing.

Comments suppressed due to low confidence (1)

stacks/ruby/scripts/test.sh:15

• ./scripts/check-all.sh can report success even when the project has no tests because this script prints a message and exits 0. For a validation wrapper, it should fail fast when neither spec/ nor test/ exists so CI/local checks don’t silently skip test execution.

echo "No spec/ or test/ directory found."

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

stacks/ruby/scripts/setup.sh (1)

11-11: 💤 Low value

Consider robustness of version extraction.

The awk '{print $3}' assumes bundle --version outputs in the format Bundler version X.Y.Z. While this is the standard format, consider adding a fallback or validation to handle unexpected output gracefully.

♻️ Optional: More robust version extraction

-version="$(bundle --version | awk '{print $3}')"
+version="$(bundle --version | awk '{print $3}' || echo "0.0.0")"
+if [ "$version" = "0.0.0" ]; then
+  echo "Could not parse Bundler version from 'bundle --version'." >&2
+  exit 1
+fi

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@stacks/ruby/scripts/setup.sh` at line 11, The version extraction using
version="$(bundle --version | awk '{print $3}')" can break on unexpected output;
change the assignment to capture and validate the raw output of bundle --version
(call out the command), then parse it with a regex or more resilient tool (eg.
grep -oE for semantic version) and fall back to a sensible default or error path
if no valid X.Y.Z is found; ensure you also check bundle's exit status before
parsing and assign/exit accordingly so the variable version is never left empty
or malformed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@stacks/ruby/scripts/setup.sh`:
- Line 11: The version extraction using version="$(bundle --version | awk
'{print $3}')" can break on unexpected output; change the assignment to capture
and validate the raw output of bundle --version (call out the command), then
parse it with a regex or more resilient tool (eg. grep -oE for semantic version)
and fall back to a sensible default or error path if no valid X.Y.Z is found;
ensure you also check bundle's exit status before parsing and assign/exit
accordingly so the variable version is never left empty or malformed.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d32577b2-4009-429c-acef-13e13ba67293

📥 Commits

Reviewing files that changed from the base of the PR and between bc37e91 and f8af63e.

📒 Files selected for processing (13)

• AGENTS.md
• CLAUDE.md
• README.md
• docs/supply-chain.md
• docs/tooling.md
• skills/508-devkit/SKILL.md
• stacks/ruby/Gemfile.example
• stacks/ruby/README.md
• stacks/ruby/scripts/check-all.sh
• stacks/ruby/scripts/dev.sh
• stacks/ruby/scripts/lint.sh
• stacks/ruby/scripts/setup.sh
• stacks/ruby/scripts/test.sh

[Copilot]

Pull request overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bb36a6e087

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".