cardinal-ai 0.0.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE +21 -0
  3. data/README.md +50 -29
  4. data/Rakefile +6 -0
  5. data/app/assets/stylesheets/application.css +10 -0
  6. data/app/assets/stylesheets/cardinal.css +514 -0
  7. data/app/controllers/application_controller.rb +7 -0
  8. data/app/controllers/boards_controller.rb +5 -0
  9. data/app/controllers/cards_controller.rb +129 -0
  10. data/app/controllers/columns_controller.rb +95 -0
  11. data/app/controllers/messages_controller.rb +25 -0
  12. data/app/controllers/runs_controller.rb +58 -0
  13. data/app/helpers/application_helper.rb +35 -0
  14. data/app/javascript/application.js +2 -0
  15. data/app/javascript/controllers/application.js +7 -0
  16. data/app/javascript/controllers/autosave_controller.js +28 -0
  17. data/app/javascript/controllers/board_column_controller.js +96 -0
  18. data/app/javascript/controllers/clipboard_controller.js +18 -0
  19. data/app/javascript/controllers/composer_controller.js +10 -0
  20. data/app/javascript/controllers/index.js +3 -0
  21. data/app/javascript/controllers/modal_controller.js +43 -0
  22. data/app/javascript/controllers/scroll_controller.js +44 -0
  23. data/app/javascript/controllers/tags_controller.js +49 -0
  24. data/app/javascript/controllers/theme_controller.js +43 -0
  25. data/app/javascript/controllers/tooltip_controller.js +37 -0
  26. data/app/jobs/ai_task_job.rb +26 -0
  27. data/app/jobs/application_job.rb +7 -0
  28. data/app/jobs/assistant_reply_job.rb +132 -0
  29. data/app/jobs/mark_pr_ready_job.rb +18 -0
  30. data/app/jobs/merge_pr_job.rb +27 -0
  31. data/app/jobs/resume_run_job.rb +30 -0
  32. data/app/jobs/start_run_job.rb +13 -0
  33. data/app/mailers/application_mailer.rb +4 -0
  34. data/app/models/agent_session.rb +8 -0
  35. data/app/models/application_record.rb +3 -0
  36. data/app/models/artifact.rb +8 -0
  37. data/app/models/board.rb +60 -0
  38. data/app/models/card.rb +83 -0
  39. data/app/models/column.rb +83 -0
  40. data/app/models/event.rb +44 -0
  41. data/app/models/run.rb +28 -0
  42. data/app/services/agent/runner.rb +379 -0
  43. data/app/services/agent/workspace.rb +138 -0
  44. data/app/services/card_transition.rb +97 -0
  45. data/app/services/claude_cli.rb +89 -0
  46. data/app/services/rules/compiler.rb +55 -0
  47. data/app/services/rules.rb +67 -0
  48. data/app/services/run_sweeper.rb +52 -0
  49. data/app/views/boards/show.html.erb +79 -0
  50. data/app/views/cards/_card.html.erb +48 -0
  51. data/app/views/cards/_detail.html.erb +190 -0
  52. data/app/views/cards/_tag_picker.html.erb +12 -0
  53. data/app/views/cards/new.html.erb +35 -0
  54. data/app/views/cards/show.html.erb +3 -0
  55. data/app/views/columns/_column.html.erb +25 -0
  56. data/app/views/columns/edit.html.erb +126 -0
  57. data/app/views/events/_event.html.erb +29 -0
  58. data/app/views/layouts/application.html.erb +46 -0
  59. data/app/views/layouts/mailer.html.erb +13 -0
  60. data/app/views/layouts/mailer.text.erb +1 -0
  61. data/app/views/pwa/manifest.json.erb +22 -0
  62. data/app/views/pwa/service-worker.js +26 -0
  63. data/bin/rails +4 -0
  64. data/bin/rake +4 -0
  65. data/cardinal.md +686 -0
  66. data/config/application.rb +60 -0
  67. data/config/boot.rb +13 -0
  68. data/config/bundler-audit.yml +5 -0
  69. data/config/cable.yml +13 -0
  70. data/config/ci.rb +20 -0
  71. data/config/credentials.yml.enc +1 -0
  72. data/config/database.yml +31 -0
  73. data/config/environment.rb +5 -0
  74. data/config/environments/development.rb +78 -0
  75. data/config/environments/production.rb +89 -0
  76. data/config/environments/test.rb +53 -0
  77. data/config/importmap.rb +6 -0
  78. data/config/initializers/assets.rb +7 -0
  79. data/config/initializers/cardinal_bootstrap.rb +12 -0
  80. data/config/initializers/cardinal_instance.rb +20 -0
  81. data/config/initializers/content_security_policy.rb +29 -0
  82. data/config/initializers/filter_parameter_logging.rb +8 -0
  83. data/config/initializers/inflections.rb +16 -0
  84. data/config/initializers/run_sweeper.rb +17 -0
  85. data/config/locales/en.yml +31 -0
  86. data/config/puma.rb +42 -0
  87. data/config/routes.rb +22 -0
  88. data/config/storage.yml +27 -0
  89. data/config.ru +6 -0
  90. data/db/migrate/20260703000001_create_cardinal_schema.rb +78 -0
  91. data/db/migrate/20260703000002_add_agent_runner_fields.rb +7 -0
  92. data/db/migrate/20260704000001_add_parent_to_cards.rb +5 -0
  93. data/db/migrate/20260704000002_add_assistant_session_to_cards.rb +5 -0
  94. data/db/seeds.rb +19 -0
  95. data/docker/agent/Dockerfile +16 -0
  96. data/exe/cardinal +111 -0
  97. data/lib/cardinal/version.rb +1 -1
  98. data/public/400.html +135 -0
  99. data/public/404.html +135 -0
  100. data/public/406-unsupported-browser.html +135 -0
  101. data/public/422.html +135 -0
  102. data/public/500.html +135 -0
  103. data/public/icon.png +0 -0
  104. data/public/icon.svg +3 -0
  105. data/public/robots.txt +1 -0
  106. data/vendor/javascript/sortablejs.js +3378 -0
  107. metadata +235 -9
@@ -0,0 +1,60 @@
1
+ require_relative "boot"
2
+
3
+ require "rails"
4
+ # Pick the frameworks you want:
5
+ require "active_model/railtie"
6
+ require "active_job/railtie"
7
+ require "active_record/railtie"
8
+ require "active_storage/engine"
9
+ require "action_controller/railtie"
10
+ require "action_mailer/railtie"
11
+ require "action_mailbox/engine"
12
+ require "action_text/engine"
13
+ require "action_view/railtie"
14
+ require "action_cable/engine"
15
+ require "rails/test_unit/railtie"
16
+
17
+ # Stdlib the app leans on — explicit because installed-gem mode has no
18
+ # Bundler incidentally loading these.
19
+ require "open3"
20
+ require "fileutils"
21
+ require "securerandom"
22
+
23
+ if ENV["CARDINAL_GEM"] == "1"
24
+ # Installed-gem mode: no Bundler — load what Bundler.require would have.
25
+ %w[propshaft importmap-rails turbo-rails stimulus-rails redcarpet sqlite3].each { |g| require g }
26
+ else
27
+ # Require the gems listed in Gemfile, including any gems
28
+ # you've limited to :test, :development, or :production.
29
+ Bundler.require(*Rails.groups)
30
+ end
31
+
32
+ module Cardinal
33
+ class Application < Rails::Application
34
+ # Portable instances (§16): the engine/gem directory is read-only — the
35
+ # log joins the rest of the instance state in the target's .cardinal/.
36
+ # (Set here, not in an initializer: the logger is built before those run.)
37
+ if ENV["CARDINAL_DATA_DIR"].present?
38
+ config.paths["log"] = File.join(File.expand_path(ENV["CARDINAL_DATA_DIR"]), "cardinal.log")
39
+ end
40
+
41
+ # Initialize configuration defaults for originally generated Rails version.
42
+ config.load_defaults 8.1
43
+
44
+ # Please, add to the `ignore` list any other `lib` subdirectories that do
45
+ # not contain `.rb` files, or that should not be reloaded or eager loaded.
46
+ # Common ones are `templates`, `generators`, or `middleware`, for example.
47
+ config.autoload_lib(ignore: %w[assets tasks])
48
+
49
+ # Configuration for the application, engines, and railties goes here.
50
+ #
51
+ # These settings can be overridden in specific environments using the files
52
+ # in config/environments, which are processed later.
53
+ #
54
+ # config.time_zone = "Central Time (US & Canada)"
55
+ # config.eager_load_paths << Rails.root.join("extras")
56
+
57
+ # Don't generate system test files.
58
+ config.generators.system_tests = nil
59
+ end
60
+ end
data/config/boot.rb ADDED
@@ -0,0 +1,13 @@
1
+ # Two boot modes:
2
+ # - Development of the engine itself: normal Bundler + Bootsnap boot.
3
+ # - Installed-gem instance (`cardinal` executable sets CARDINAL_GEM=1):
4
+ # no Gemfile, no Bundler — dependencies come from the gemspec and are
5
+ # activated by RubyGems; Bootsnap is skipped (its cache writes don't
6
+ # belong in an installed gem directory).
7
+ if ENV["CARDINAL_GEM"] == "1"
8
+ require "rubygems"
9
+ else
10
+ ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
11
+ require "bundler/setup" # Set up gems listed in the Gemfile.
12
+ require "bootsnap/setup" # Speed up boot time by caching expensive operations.
13
+ end
@@ -0,0 +1,5 @@
1
+ # Audit all gems listed in the Gemfile for known security problems by running bin/bundler-audit.
2
+ # CVEs that are not relevant to the application can be enumerated on the ignore list below.
3
+
4
+ ignore:
5
+ - CVE-THAT-DOES-NOT-APPLY
data/config/cable.yml ADDED
@@ -0,0 +1,13 @@
1
+ development:
2
+ adapter: async
3
+
4
+ test:
5
+ adapter: test
6
+
7
+ production:
8
+ adapter: solid_cable
9
+ connects_to:
10
+ database:
11
+ writing: cable
12
+ polling_interval: 0.1.seconds
13
+ message_retention: 1.day
data/config/ci.rb ADDED
@@ -0,0 +1,20 @@
1
+ # Run using bin/ci
2
+
3
+ CI.run do
4
+ step "Setup", "bin/setup --skip-server"
5
+
6
+ step "Style: Ruby", "bin/rubocop"
7
+
8
+ step "Security: Gem audit", "bin/bundler-audit"
9
+ step "Security: Importmap vulnerability audit", "bin/importmap audit"
10
+ step "Security: Brakeman code analysis", "bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error"
11
+
12
+
13
+ # Optional: set a green GitHub commit status to unblock PR merge.
14
+ # Requires the `gh` CLI and `gh extension install basecamp/gh-signoff`.
15
+ # if success?
16
+ # step "Signoff: All systems go. Ready for merge and deploy.", "gh signoff"
17
+ # else
18
+ # failure "Signoff: CI failed. Do not merge or deploy.", "Fix the issues and try again."
19
+ # end
20
+ end
@@ -0,0 +1 @@
1
+ gRbdqLwcuHenzfNXCmiHivELrqct/iaMFWc11UxhtcwPIAyQYYOpoUGziW347shIgbHjK4zVpJQ/la/Te51SO6G1NgGZyJZrFRKB8kebFYcqktQzMRTGRl0ykjWf3y0iN6YPcYC6C/0M3Zr7hasRYG8hX9MOnLFjYUYQw/yZRpM/RR2XBslITX1FubnB/CZrzQzz9WDSYG+TOmR5IUBdn28ZrQxSz8u3oXzuhwibUGf2GNffWM4nHpDmHAiwDq7o8yMrZHipJiiUmo3ffe7YbLR+RdTy3AmIatai8wCEruPvzopfV3hn8b5alhk6g8wZQMW29rV5zwKJhnfIJ/IH8LJJWtudfckYkhh4KDam6TppBdqc8rXWCqodYIt2voYM/ARkQt+CTgVZQCLjlvW2Qm4NTzQCcZZkMllQ7vvpsyZ/vzpaRyYSHIl/9Hzip/orWM7g/SNIm44mDLC8+6IoiVVDSomOaQVEEfRKO7Rny3KahfXpqEiUSfmf--B7qWHwiaPzgA3yLD--x/FY/DNjNt+OyLs4ca9tQQ==
@@ -0,0 +1,31 @@
1
+ # SQLite — the board lives inside .cardinal/, per the portable-instance model
2
+ # (cardinal.md §16). One directory = one Cardinal instance.
3
+ default: &default
4
+ adapter: sqlite3
5
+ pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
6
+ timeout: 5000
7
+
8
+ development:
9
+ <<: *default
10
+ database: <%= ENV.fetch("CARDINAL_DATA_DIR", ".cardinal") %>/cardinal.db
11
+
12
+ test:
13
+ <<: *default
14
+ database: storage/test.sqlite3
15
+
16
+ production:
17
+ primary:
18
+ <<: *default
19
+ database: <%= ENV.fetch("CARDINAL_DATA_DIR", ".cardinal") %>/cardinal.db
20
+ cache:
21
+ <<: *default
22
+ database: <%= ENV.fetch("CARDINAL_DATA_DIR", ".cardinal") %>/cache.sqlite3
23
+ migrations_paths: db/cache_migrate
24
+ queue:
25
+ <<: *default
26
+ database: <%= ENV.fetch("CARDINAL_DATA_DIR", ".cardinal") %>/queue.sqlite3
27
+ migrations_paths: db/queue_migrate
28
+ cable:
29
+ <<: *default
30
+ database: <%= ENV.fetch("CARDINAL_DATA_DIR", ".cardinal") %>/cable.sqlite3
31
+ migrations_paths: db/cable_migrate
@@ -0,0 +1,5 @@
1
+ # Load the Rails application.
2
+ require_relative "application"
3
+
4
+ # Initialize the Rails application.
5
+ Rails.application.initialize!
@@ -0,0 +1,78 @@
1
+ require "active_support/core_ext/integer/time"
2
+
3
+ Rails.application.configure do
4
+ # Settings specified here will take precedence over those in config/application.rb.
5
+
6
+ # Make code changes take effect immediately without server restart.
7
+ config.enable_reloading = true
8
+
9
+ # Do not eager load code on boot.
10
+ config.eager_load = false
11
+
12
+ # Show full error reports.
13
+ config.consider_all_requests_local = true
14
+
15
+ # Enable server timing.
16
+ config.server_timing = true
17
+
18
+ # Enable/disable Action Controller caching. By default Action Controller caching is disabled.
19
+ # Run rails dev:cache to toggle Action Controller caching.
20
+ if Rails.root.join("tmp/caching-dev.txt").exist?
21
+ config.action_controller.perform_caching = true
22
+ config.action_controller.enable_fragment_cache_logging = true
23
+ config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" }
24
+ else
25
+ config.action_controller.perform_caching = false
26
+ end
27
+
28
+ # Change to :null_store to avoid any caching.
29
+ config.cache_store = :memory_store
30
+
31
+ # Store uploaded files on the local file system (see config/storage.yml for options).
32
+ config.active_storage.service = :local
33
+
34
+ # Don't care if the mailer can't send.
35
+ config.action_mailer.raise_delivery_errors = false
36
+
37
+ # Make template changes take effect immediately.
38
+ config.action_mailer.perform_caching = false
39
+
40
+ # Set localhost to be used by links generated in mailer templates.
41
+ config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
42
+
43
+ # Print deprecation notices to the Rails logger.
44
+ config.active_support.deprecation = :log
45
+
46
+ # Raise an error on page load if there are pending migrations.
47
+ config.active_record.migration_error = :page_load
48
+
49
+ # Highlight code that triggered database queries in logs.
50
+ config.active_record.verbose_query_logs = true
51
+
52
+ # Append comments with runtime information tags to SQL queries in logs.
53
+ config.active_record.query_log_tags_enabled = true
54
+
55
+ # Highlight code that enqueued background job in logs.
56
+ config.active_job.verbose_enqueue_logs = true
57
+
58
+ # Highlight code that triggered redirect in logs.
59
+ config.action_dispatch.verbose_redirect_logs = true
60
+
61
+ # Suppress logger output for asset requests.
62
+ config.assets.quiet = true
63
+
64
+ # Raises error for missing translations.
65
+ # config.i18n.raise_on_missing_translations = true
66
+
67
+ # Annotate rendered view with file names.
68
+ config.action_view.annotate_rendered_view_with_filenames = true
69
+
70
+ # Uncomment if you wish to allow Action Cable access from any origin.
71
+ # config.action_cable.disable_request_forgery_protection = true
72
+
73
+ # Raise error when a before_action's only/except options reference missing actions.
74
+ config.action_controller.raise_on_missing_callback_actions = true
75
+
76
+ # Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
77
+ # config.generators.apply_rubocop_autocorrect_after_generate!
78
+ end
@@ -0,0 +1,89 @@
1
+ require "active_support/core_ext/integer/time"
2
+
3
+ Rails.application.configure do
4
+ # Settings specified here will take precedence over those in config/application.rb.
5
+
6
+ # Code is not reloaded between requests.
7
+ config.enable_reloading = false
8
+
9
+ # Eager load code on boot for better performance and memory savings (ignored by Rake tasks).
10
+ config.eager_load = true
11
+
12
+ # Full error reports are disabled.
13
+ config.consider_all_requests_local = false
14
+
15
+ # Turn on fragment caching in view templates.
16
+ config.action_controller.perform_caching = true
17
+
18
+ # Cache assets for far-future expiry since they are all digest stamped.
19
+ config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" }
20
+
21
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server.
22
+ # config.asset_host = "http://assets.example.com"
23
+
24
+ # Store uploaded files on the local file system (see config/storage.yml for options).
25
+ config.active_storage.service = :local
26
+
27
+ # Assume all access to the app is happening through a SSL-terminating reverse proxy.
28
+ config.assume_ssl = true
29
+
30
+ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
+ config.force_ssl = true
32
+
33
+ # Skip http-to-https redirect for the default health check endpoint.
34
+ # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } }
35
+
36
+ # Log to STDOUT with the current request id as a default log tag.
37
+ config.log_tags = [ :request_id ]
38
+ config.logger = ActiveSupport::TaggedLogging.logger(STDOUT)
39
+
40
+ # Change to "debug" to log everything (including potentially personally-identifiable information!).
41
+ config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info")
42
+
43
+ # Prevent health checks from clogging up the logs.
44
+ config.silence_healthcheck_path = "/up"
45
+
46
+ # Don't log any deprecations.
47
+ config.active_support.report_deprecations = false
48
+
49
+ # Replace the default in-process memory cache store with a durable alternative.
50
+ # config.cache_store = :mem_cache_store
51
+
52
+ # Replace the default in-process and non-durable queuing backend for Active Job.
53
+ # config.active_job.queue_adapter = :resque
54
+
55
+ # Ignore bad email addresses and do not raise email delivery errors.
56
+ # Set this to true and configure the email server for immediate delivery to raise delivery errors.
57
+ # config.action_mailer.raise_delivery_errors = false
58
+
59
+ # Set host to be used by links generated in mailer templates.
60
+ config.action_mailer.default_url_options = { host: "example.com" }
61
+
62
+ # Specify outgoing SMTP server. Remember to add smtp/* credentials via bin/rails credentials:edit.
63
+ # config.action_mailer.smtp_settings = {
64
+ # user_name: Rails.application.credentials.dig(:smtp, :user_name),
65
+ # password: Rails.application.credentials.dig(:smtp, :password),
66
+ # address: "smtp.example.com",
67
+ # port: 587,
68
+ # authentication: :plain
69
+ # }
70
+
71
+ # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
72
+ # the I18n.default_locale when a translation cannot be found).
73
+ config.i18n.fallbacks = true
74
+
75
+ # Do not dump schema after migrations.
76
+ config.active_record.dump_schema_after_migration = false
77
+
78
+ # Only use :id for inspections in production.
79
+ config.active_record.attributes_for_inspect = [ :id ]
80
+
81
+ # Enable DNS rebinding protection and other `Host` header attacks.
82
+ # config.hosts = [
83
+ # "example.com", # Allow requests from example.com
84
+ # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
85
+ # ]
86
+ #
87
+ # Skip DNS rebinding protection for the default health check endpoint.
88
+ # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
89
+ end
@@ -0,0 +1,53 @@
1
+ # The test environment is used exclusively to run your application's
2
+ # test suite. You never need to work with it otherwise. Remember that
3
+ # your test database is "scratch space" for the test suite and is wiped
4
+ # and recreated between test runs. Don't rely on the data there!
5
+
6
+ Rails.application.configure do
7
+ # Settings specified here will take precedence over those in config/application.rb.
8
+
9
+ # While tests run files are not watched, reloading is not necessary.
10
+ config.enable_reloading = false
11
+
12
+ # Eager loading loads your entire application. When running a single test locally,
13
+ # this is usually not necessary, and can slow down your test suite. However, it's
14
+ # recommended that you enable it in continuous integration systems to ensure eager
15
+ # loading is working properly before deploying your code.
16
+ config.eager_load = ENV["CI"].present?
17
+
18
+ # Configure public file server for tests with cache-control for performance.
19
+ config.public_file_server.headers = { "cache-control" => "public, max-age=3600" }
20
+
21
+ # Show full error reports.
22
+ config.consider_all_requests_local = true
23
+ config.cache_store = :null_store
24
+
25
+ # Render exception templates for rescuable exceptions and raise for other exceptions.
26
+ config.action_dispatch.show_exceptions = :rescuable
27
+
28
+ # Disable request forgery protection in test environment.
29
+ config.action_controller.allow_forgery_protection = false
30
+
31
+ # Store uploaded files on the local file system in a temporary directory.
32
+ config.active_storage.service = :test
33
+
34
+ # Tell Action Mailer not to deliver emails to the real world.
35
+ # The :test delivery method accumulates sent emails in the
36
+ # ActionMailer::Base.deliveries array.
37
+ config.action_mailer.delivery_method = :test
38
+
39
+ # Set host to be used by links generated in mailer templates.
40
+ config.action_mailer.default_url_options = { host: "example.com" }
41
+
42
+ # Print deprecation notices to the stderr.
43
+ config.active_support.deprecation = :stderr
44
+
45
+ # Raises error for missing translations.
46
+ # config.i18n.raise_on_missing_translations = true
47
+
48
+ # Annotate rendered view with file names.
49
+ # config.action_view.annotate_rendered_view_with_filenames = true
50
+
51
+ # Raise error when a before_action's only/except options reference missing actions.
52
+ config.action_controller.raise_on_missing_callback_actions = true
53
+ end
@@ -0,0 +1,6 @@
1
+ pin "application"
2
+ pin "@hotwired/turbo-rails", to: "turbo.min.js"
3
+ pin "@hotwired/stimulus", to: "stimulus.min.js"
4
+ pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
5
+ pin_all_from "app/javascript/controllers", under: "controllers"
6
+ pin "sortablejs" # 1.15.6 vendored from jsdelivr
@@ -0,0 +1,7 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Version of your assets, change this if you want to expire all your assets.
4
+ Rails.application.config.assets.version = "1.0"
5
+
6
+ # Add additional assets to the asset load path.
7
+ # Rails.application.config.assets.paths << Emoji.images_path
@@ -0,0 +1,12 @@
1
+ # Portable-instance first run (cardinal.md §16): when launched via
2
+ # `cardinal up` inside a target repo, create that repo's board on first boot.
3
+ if ENV["CARDINAL_TARGET_REPO"].present?
4
+ Rails.application.config.after_initialize do
5
+ begin
6
+ Board.bootstrap!(ENV["CARDINAL_TARGET_REPO"]) if Board.none?
7
+ rescue ActiveRecord::NoDatabaseError, ActiveRecord::StatementInvalid
8
+ # DB not created yet (e.g. during db:prepare's own boot) — the next boot
9
+ # after prepare will bootstrap.
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,20 @@
1
+ # Portable-instance hardening (§16): when running from an installed gem, the
2
+ # app directory must be treated as read-only — every write goes to the
3
+ # instance's data dir (CARDINAL_DATA_DIR, i.e. <target repo>/.cardinal).
4
+ if ENV["CARDINAL_DATA_DIR"].present?
5
+ data_dir = File.expand_path(ENV["CARDINAL_DATA_DIR"])
6
+
7
+ Rails.application.configure do
8
+ # (Log path is set in application.rb — the logger exists before initializers.)
9
+
10
+ # Stable per-instance secret, generated once — avoids Rails writing
11
+ # tmp/local_secret.txt into the gem directory.
12
+ secret_file = File.join(data_dir, "secret.key")
13
+ unless File.exist?(secret_file)
14
+ require "securerandom"
15
+ File.write(secret_file, SecureRandom.hex(64))
16
+ File.chmod(0o600, secret_file)
17
+ end
18
+ config.secret_key_base = File.read(secret_file).strip
19
+ end
20
+ end
@@ -0,0 +1,29 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Define an application-wide content security policy.
4
+ # See the Securing Rails Applications Guide for more information:
5
+ # https://guides.rubyonrails.org/security.html#content-security-policy-header
6
+
7
+ # Rails.application.configure do
8
+ # config.content_security_policy do |policy|
9
+ # policy.default_src :self, :https
10
+ # policy.font_src :self, :https, :data
11
+ # policy.img_src :self, :https, :data
12
+ # policy.object_src :none
13
+ # policy.script_src :self, :https
14
+ # policy.style_src :self, :https
15
+ # # Specify URI for violation reports
16
+ # # policy.report_uri "/csp-violation-report-endpoint"
17
+ # end
18
+ #
19
+ # # Generate session nonces for permitted importmap, inline scripts, and inline styles.
20
+ # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
21
+ # config.content_security_policy_nonce_directives = %w(script-src style-src)
22
+ #
23
+ # # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag`
24
+ # # if the corresponding directives are specified in `content_security_policy_nonce_directives`.
25
+ # # config.content_security_policy_nonce_auto = true
26
+ #
27
+ # # Report violations without enforcing the policy.
28
+ # # config.content_security_policy_report_only = true
29
+ # end
@@ -0,0 +1,8 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
4
+ # Use this to limit dissemination of sensitive information.
5
+ # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
6
+ Rails.application.config.filter_parameters += [
7
+ :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
8
+ ]
@@ -0,0 +1,16 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Add new inflection rules using the following format. Inflections
4
+ # are locale specific, and you may define rules for as many different
5
+ # locales as you wish. All of these examples are active by default:
6
+ # ActiveSupport::Inflector.inflections(:en) do |inflect|
7
+ # inflect.plural /^(ox)$/i, "\\1en"
8
+ # inflect.singular /^(ox)en/i, "\\1"
9
+ # inflect.irregular "person", "people"
10
+ # inflect.uncountable %w( fish sheep )
11
+ # end
12
+
13
+ # These inflection rules are supported but not enabled by default:
14
+ # ActiveSupport::Inflector.inflections(:en) do |inflect|
15
+ # inflect.acronym "RESTful"
16
+ # end
@@ -0,0 +1,17 @@
1
+ # Run the sweeper inside the web server process (dev-grade scheduling; a
2
+ # SolidQueue recurring task replaces this in a production deployment).
3
+ if defined?(Rails::Server) || ENV["CARDINAL_SWEEPER"] == "1"
4
+ Rails.application.config.after_initialize do
5
+ Thread.new do
6
+ sleep 15 # let boot settle, then repair anything left over from a crash
7
+ loop do
8
+ begin
9
+ RunSweeper.sweep
10
+ rescue => e
11
+ Rails.logger.error("RunSweeper: #{e.class}: #{e.message}")
12
+ end
13
+ sleep 60
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,31 @@
1
+ # Files in the config/locales directory are used for internationalization and
2
+ # are automatically loaded by Rails. If you want to use locales other than
3
+ # English, add the necessary files in this directory.
4
+ #
5
+ # To use the locales, use `I18n.t`:
6
+ #
7
+ # I18n.t "hello"
8
+ #
9
+ # In views, this is aliased to just `t`:
10
+ #
11
+ # <%= t("hello") %>
12
+ #
13
+ # To use a different locale, set it with `I18n.locale`:
14
+ #
15
+ # I18n.locale = :es
16
+ #
17
+ # This would use the information in config/locales/es.yml.
18
+ #
19
+ # To learn more about the API, please read the Rails Internationalization guide
20
+ # at https://guides.rubyonrails.org/i18n.html.
21
+ #
22
+ # Be aware that YAML interprets the following case-insensitive strings as
23
+ # booleans: `true`, `false`, `on`, `off`, `yes`, `no`. Therefore, these strings
24
+ # must be quoted to be interpreted as strings. For example:
25
+ #
26
+ # en:
27
+ # "yes": yup
28
+ # enabled: "ON"
29
+
30
+ en:
31
+ hello: "Hello world"
data/config/puma.rb ADDED
@@ -0,0 +1,42 @@
1
+ # This configuration file will be evaluated by Puma. The top-level methods that
2
+ # are invoked here are part of Puma's configuration DSL. For more information
3
+ # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
4
+ #
5
+ # Puma starts a configurable number of processes (workers) and each process
6
+ # serves each request in a thread from an internal thread pool.
7
+ #
8
+ # You can control the number of workers using ENV["WEB_CONCURRENCY"]. You
9
+ # should only set this value when you want to run 2 or more workers. The
10
+ # default is already 1. You can set it to `auto` to automatically start a worker
11
+ # for each available processor.
12
+ #
13
+ # The ideal number of threads per worker depends both on how much time the
14
+ # application spends waiting for IO operations and on how much you wish to
15
+ # prioritize throughput over latency.
16
+ #
17
+ # As a rule of thumb, increasing the number of threads will increase how much
18
+ # traffic a given process can handle (throughput), but due to CRuby's
19
+ # Global VM Lock (GVL) it has diminishing returns and will degrade the
20
+ # response time (latency) of the application.
21
+ #
22
+ # The default is set to 3 threads as it's deemed a decent compromise between
23
+ # throughput and latency for the average Rails application.
24
+ #
25
+ # Any libraries that use a connection pool or another resource pool should
26
+ # be configured to provide at least as many connections as the number of
27
+ # threads. This includes Active Record's `pool` parameter in `database.yml`.
28
+ threads_count = ENV.fetch("RAILS_MAX_THREADS", 3)
29
+ threads threads_count, threads_count
30
+
31
+ # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
32
+ port ENV.fetch("PORT", 3000)
33
+
34
+ # Allow puma to be restarted by `bin/rails restart` command.
35
+ plugin :tmp_restart
36
+
37
+ # Run the Solid Queue supervisor inside of Puma for single-server deployments.
38
+ plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"]
39
+
40
+ # Specify the PID file. Defaults to tmp/pids/server.pid in development.
41
+ # In other environments, only set the PID file if requested.
42
+ pidfile ENV["PIDFILE"] if ENV["PIDFILE"]
data/config/routes.rb ADDED
@@ -0,0 +1,22 @@
1
+ Rails.application.routes.draw do
2
+ root "boards#show"
3
+
4
+ resource :board, only: :show
5
+ resources :cards, only: [:new, :create, :show, :update, :destroy] do
6
+ member do
7
+ patch :move
8
+ post :approve
9
+ end
10
+ resources :messages, only: [:create]
11
+ end
12
+ resources :columns, only: [:create, :edit, :update, :destroy]
13
+ resources :runs, only: [] do
14
+ member do
15
+ post :cancel
16
+ post :approve
17
+ post :restart
18
+ end
19
+ end
20
+
21
+ get "up" => "rails/health#show", as: :rails_health_check
22
+ end
@@ -0,0 +1,27 @@
1
+ test:
2
+ service: Disk
3
+ root: <%= Rails.root.join("tmp/storage") %>
4
+
5
+ local:
6
+ service: Disk
7
+ root: <%= Rails.root.join("storage") %>
8
+
9
+ # Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
10
+ # amazon:
11
+ # service: S3
12
+ # access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
13
+ # secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
14
+ # region: us-east-1
15
+ # bucket: your_own_bucket-<%= Rails.env %>
16
+
17
+ # Remember not to checkin your GCS keyfile to a repository
18
+ # google:
19
+ # service: GCS
20
+ # project: your_project
21
+ # credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
22
+ # bucket: your_own_bucket-<%= Rails.env %>
23
+
24
+ # mirror:
25
+ # service: Mirror
26
+ # primary: local
27
+ # mirrors: [ amazon, google, microsoft ]
data/config.ru ADDED
@@ -0,0 +1,6 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require_relative "config/environment"
4
+
5
+ run Rails.application
6
+ Rails.application.load_server