envoy_publisher 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4071a859fbc8ce8899ee0ab98c014b3f097641f1088a2fd53e6cdcfbe3cfbdee
+  data.tar.gz: 63ad7bcdb207da1732af6c9ad23586461b0a721a35cad8ffef323032f412f33c
+SHA512:
+  metadata.gz: 0321c157c4150cba0d12df28d504a5ad1cca7e00ac7a57de7461ab211a40163515569a9c255b0dba4c8fc7568eb60abb281de209703ae1417d7c703731728a62
+  data.tar.gz: 14dee978e725fb38afe9fa060a96b65375b9ea922625cebfa500751a1efb27969f0d03e999bc14497ea4738f5c338e80a3c3a8dbce1a2ceedb49ba5f5d5aa009

data/.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# Default CODEOWNERS - 2 User Policy
+* @rtulin841_comcast
+* @cadams959_comcast

data/.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

data/.github/scripts/README.md

@@ -0,0 +1,128 @@
+# GitHub Actions Scripts
+
+This directory contains JavaScript scripts used by GitHub Actions workflows.
+
+## Scripts
+
+### pr-report.js
+
+Generates a Slack-formatted report of open pull requests, including:
+- Check run status (passing, failing, in progress)
+- Approval status
+- PR age with color-coded indicators
+
+**Used by:** `.github/workflows/pr-report.yml`
+
+## Local Testing
+
+### Prerequisites
+
+- Node.js (v12 or higher)
+- For live testing: A GitHub personal access token with `repo` scope
+
+### Running Mock Tests
+
+Run tests with mock data (no GitHub API calls):
+
+```bash
+node .github/scripts/pr-report.test.js
+```
+
+Expected output:
+```
+🧪 Running mock test...
+
+Output [has_prs]: true
+Output [blocks]: [{"type":"section",...
+
+✅ Validations:
+  ✓ has_prs is "true"
+  ✓ blocks contains 4 sections
+  ✓ First block is header section
+
+📋 Slack Blocks Preview:
+[
+  {
+    "type": "section",
+    "text": {
+      "type": "mrkdwn",
+      "text": ":clipboard: *Open Pull Requests Report* (3 total)"
+    }
+  },
+  ...
+]
+
+🧪 Testing empty PR list...
+Output [has_prs]: false
+  ✓ Empty PR list handled correctly
+
+✅ All tests passed!
+```
+
+### Running Live Tests
+
+Test against a real GitHub repository:
+
+```bash
+GITHUB_TOKEN=ghp_your_token GITHUB_REPO=owner/repo node .github/scripts/pr-report.test.js --live
+```
+
+Example:
+```bash
+GITHUB_TOKEN=ghp_abc123 GITHUB_REPO=myorg/selfscan node .github/scripts/pr-report.test.js --live
+```
+
+**Note:** The live test requires the `@octokit/rest` package. Install it first if needed:
+```bash
+npm install @octokit/rest
+```
+
+## Configuration
+
+The `pr-report.js` script has configurable constants at the top of the file:
+
+| Constant | Default | Description |
+|----------|---------|-------------|
+| `AGE_THRESHOLDS.WARNING` | 3 days | PRs older than this show yellow indicator |
+| `AGE_THRESHOLDS.CRITICAL` | 7 days | PRs older than this show red indicator |
+| `CONCURRENCY_LIMIT` | 5 | Max parallel GitHub API requests |
+
+## Adding New Scripts
+
+When adding new scripts:
+
+1. Create the script in this directory (e.g., `my-script.js`)
+2. Export a function that accepts `{ github, context, core }`
+3. Create a test file (e.g., `my-script.test.js`)
+4. Update this README with documentation
+
+### Script Template
+
+```javascript
+module.exports = async ({ github, context, core }) => {
+  const { owner, repo } = context.repo;
+
+  try {
+    // Your logic here
+    
+    core.setOutput('result', 'value');
+  } catch (error) {
+    core.setFailed(`Script failed: ${error.message}`);
+  }
+};
+```
+
+### Using in Workflow
+
+```yaml
+- name: Checkout repository
+  uses: actions/checkout@v4
+
+- name: Run script
+  uses: actions/github-script@v8
+  with:
+    script: |
+      const script = require('./.github/scripts/my-script.js');
+      await script({ github, context, core });
+```
+

data/.github/scripts/pr-report.js

@@ -0,0 +1,188 @@
+// Script to gather open PR details and format for Slack notification
+
+// Time constants
+const MS_PER_HOUR = 60 * 60 * 1000;
+const MS_PER_DAY = 24 * MS_PER_HOUR;
+
+// Constants for age thresholds (in days)
+const AGE_THRESHOLDS = {
+  WARNING: 3,
+  CRITICAL: 7
+};
+
+// Slack emoji constants
+const EMOJI = {
+  CLIPBOARD: ':clipboard:',
+  CHECK: ':white_check_mark:',
+  WARNING: ':warning:',
+  FAIL: ':x:',
+  HOURGLASS: ':hourglass:',
+  UNKNOWN: ':grey_question:',
+  GREEN: ':green_circle:',
+  YELLOW: ':yellow_circle:',
+  RED: ':red_circle:'
+};
+
+/**
+ * Calculate human-readable age string and emoji based on thresholds
+ */
+function calculateAge(createdAt, now) {
+  const ageMs = now - new Date(createdAt);
+  const ageDays = Math.floor(ageMs / MS_PER_DAY);
+  const ageHours = Math.floor((ageMs % MS_PER_DAY) / MS_PER_HOUR);
+
+  const parts = [];
+  if (ageDays > 0) {
+    parts.push(`${ageDays} day${ageDays !== 1 ? 's' : ''}`);
+  }
+  if (ageHours > 0 || ageDays === 0) {
+    parts.push(`${ageHours} hour${ageHours !== 1 ? 's' : ''}`);
+  }
+
+  let emoji = EMOJI.GREEN;
+  if (ageDays >= AGE_THRESHOLDS.CRITICAL) {
+    emoji = EMOJI.RED;
+  } else if (ageDays >= AGE_THRESHOLDS.WARNING) {
+    emoji = EMOJI.YELLOW;
+  }
+
+  return { ageStr: parts.join(', '), ageEmoji: emoji, ageDays };
+}
+
+/**
+ * Determine check runs status from GitHub checks API response
+ */
+function getChecksStatus(checkRuns) {
+  if (checkRuns.total_count === 0) {
+    return `${EMOJI.UNKNOWN} No checks`;
+  }
+
+  const failedChecks = checkRuns.check_runs.filter(
+    check => check.status === 'completed' && check.conclusion === 'failure'
+  );
+  const pendingChecks = checkRuns.check_runs.filter(
+    check => check.status !== 'completed'
+  );
+
+  if (failedChecks.length > 0) {
+    return `${EMOJI.FAIL} Failing (${failedChecks.length} failed)`;
+  }
+  if (pendingChecks.length > 0) {
+    return `${EMOJI.HOURGLASS} In Progress`;
+  }
+  return `${EMOJI.CHECK} Passing`;
+}
+
+/**
+ * Determine approval status from reviews
+ */
+function getApprovalStatus(reviews) {
+  const isApproved = reviews.some(review => review.state === 'APPROVED');
+  return isApproved ? `${EMOJI.CHECK} Approved` : `${EMOJI.WARNING} Not Approved`;
+}
+
+/**
+ * Build Slack blocks for the PR report
+ */
+function buildSlackBlocks(prDetails) {
+  const headerBlock = {
+    type: 'section',
+    text: {
+      type: 'mrkdwn',
+      text: `${EMOJI.CLIPBOARD} *Open Pull Requests Report* (${prDetails.length} total)`
+    }
+  };
+
+  const prBlocks = prDetails.map(pr => ({
+    type: 'section',
+    text: {
+      type: 'mrkdwn',
+      text: [
+        `*<${pr.url}|#${pr.number}: ${pr.title}>* (${pr.author})`,
+        `• Status: ${pr.checksStatus}`,
+        `• Approval: ${pr.approvalStatus}`,
+        `• Age: ${pr.ageEmoji} ${pr.age}`
+      ].join('\n')
+    }
+  }));
+
+  return [headerBlock, ...prBlocks];
+}
+
+/**
+ * Fetch PR details including reviews and check runs
+ */
+async function fetchPRDetails(github, owner, repo, pr, now) {
+  // Fetch reviews and check runs in parallel for better performance
+  const [reviewsResponse, checkRunsResponse] = await Promise.all([
+    github.rest.pulls.listReviews({
+      owner,
+      repo,
+      pull_number: pr.number
+    }),
+    github.rest.checks.listForRef({
+      owner,
+      repo,
+      ref: pr.head.sha
+    })
+  ]);
+
+  const { ageStr, ageEmoji, ageDays } = calculateAge(pr.created_at, now);
+
+  return {
+    number: pr.number,
+    title: pr.title,
+    author: pr.user.login,
+    url: pr.html_url,
+    branch: pr.head.ref,
+    approvalStatus: getApprovalStatus(reviewsResponse.data),
+    checksStatus: getChecksStatus(checkRunsResponse.data),
+    age: ageStr,
+    ageEmoji,
+    ageDays
+  };
+}
+
+module.exports = async ({ github, context, core }) => {
+  const { owner, repo } = context.repo;
+
+  try {
+    const { data: pullRequests } = await github.rest.pulls.list({
+      owner,
+      repo,
+      state: 'open',
+      sort: 'created',
+      direction: 'asc'
+    });
+
+    if (pullRequests.length === 0) {
+      core.setOutput('has_prs', 'false');
+      return;
+    }
+
+    const now = new Date();
+
+    // Fetch all PR details in parallel (with concurrency limit to avoid rate limiting)
+    const CONCURRENCY_LIMIT = 5;
+    const prDetails = [];
+
+    for (let i = 0; i < pullRequests.length; i += CONCURRENCY_LIMIT) {
+      const batch = pullRequests.slice(i, i + CONCURRENCY_LIMIT);
+      const batchResults = await Promise.all(
+        batch.map(pr => fetchPRDetails(github, owner, repo, pr, now))
+      );
+      prDetails.push(...batchResults);
+    }
+
+    // Sort by age (oldest first)
+    prDetails.sort((a, b) => b.ageDays - a.ageDays);
+
+    const blocks = buildSlackBlocks(prDetails);
+
+    core.setOutput('has_prs', 'true');
+    core.setOutput('blocks', JSON.stringify(blocks));
+  } catch (error) {
+    core.setFailed(`Failed to generate PR report: ${error.message}`);
+  }
+};
+

data/.github/scripts/pr-report.test.js

@@ -0,0 +1,230 @@
+/**
+ * Local test script for pr-report.js
+ *
+ * Run with: node .github/scripts/pr-report.test.js
+ *
+ * You can also test against real GitHub API:
+ *   GITHUB_TOKEN=your_token GITHUB_REPO=owner/repo node .github/scripts/pr-report.test.js --live
+ */
+
+const prReport = require('./pr-report.js');
+
+// Constants
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+
+// Mock data for testing
+const mockPullRequests = [
+  {
+    number: 101,
+    title: 'Add new feature',
+    user: { login: 'developer1' },
+    html_url: 'https://github.com/example/repo/pull/101',
+    head: { ref: 'feature-branch', sha: 'abc123' },
+    created_at: new Date(Date.now() - 2 * MS_PER_DAY).toISOString() // 2 days ago
+  },
+  {
+    number: 102,
+    title: 'Fix critical bug',
+    user: { login: 'developer2' },
+    html_url: 'https://github.com/example/repo/pull/102',
+    head: { ref: 'bugfix-branch', sha: 'def456' },
+    created_at: new Date(Date.now() - 5 * MS_PER_DAY).toISOString() // 5 days ago
+  },
+  {
+    number: 103,
+    title: 'Old stale PR',
+    user: { login: 'developer3' },
+    html_url: 'https://github.com/example/repo/pull/103',
+    head: { ref: 'stale-branch', sha: 'ghi789' },
+    created_at: new Date(Date.now() - 10 * MS_PER_DAY).toISOString() // 10 days ago
+  }
+];
+
+const mockReviews = {
+  101: [{ state: 'APPROVED' }],
+  102: [{ state: 'CHANGES_REQUESTED' }],
+  103: []
+};
+
+const mockCheckRuns = {
+  abc123: {
+    total_count: 2,
+    check_runs: [
+      { status: 'completed', conclusion: 'success' },
+      { status: 'completed', conclusion: 'success' }
+    ]
+  },
+  def456: {
+    total_count: 2,
+    check_runs: [
+      { status: 'completed', conclusion: 'success' },
+      { status: 'completed', conclusion: 'failure' }
+    ]
+  },
+  ghi789: {
+    total_count: 1,
+    check_runs: [
+      { status: 'in_progress', conclusion: null }
+    ]
+  }
+};
+
+// Create mock GitHub API
+function createMockGitHub() {
+  return {
+    rest: {
+      pulls: {
+        list: async () => ({ data: mockPullRequests }),
+        listReviews: async ({ pull_number }) => ({
+          data: mockReviews[pull_number] || []
+        })
+      },
+      checks: {
+        listForRef: async ({ ref }) => ({
+          data: mockCheckRuns[ref] || { total_count: 0, check_runs: [] }
+        })
+      }
+    }
+  };
+}
+
+// Create mock context
+function createMockContext() {
+  return {
+    repo: {
+      owner: 'example',
+      repo: 'repo'
+    }
+  };
+}
+
+// Create mock core with output capture
+function createMockCore() {
+  const outputs = {};
+  return {
+    setOutput: (name, value) => {
+      outputs[name] = value;
+      console.log(`Output [${name}]:`, typeof value === 'string' && value.length > 100
+        ? value.substring(0, 100) + '...'
+        : value);
+    },
+    setFailed: (message) => {
+      console.error('FAILED:', message);
+      process.exitCode = 1;
+    },
+    getOutputs: () => outputs
+  };
+}
+
+// Live test using real GitHub API
+async function runLiveTest() {
+  const token = process.env.GITHUB_TOKEN;
+  const repoFullName = process.env.GITHUB_REPO;
+
+  if (!token || !repoFullName) {
+    console.error('For live testing, set GITHUB_TOKEN and GITHUB_REPO environment variables');
+    console.error('Example: GITHUB_TOKEN=ghp_xxx GITHUB_REPO=owner/repo node .github/scripts/pr-report.test.js --live');
+    process.exit(1);
+  }
+
+  const [owner, repo] = repoFullName.split('/');
+  const { Octokit } = await import('@octokit/rest');
+
+  const github = {
+    rest: new Octokit({ auth: token }).rest
+  };
+
+  const context = { repo: { owner, repo } };
+  const core = createMockCore();
+
+  console.log(`\n🔴 Running LIVE test against ${repoFullName}...\n`);
+
+  await prReport({ github, context, core });
+
+  const outputs = core.getOutputs();
+  if (outputs.blocks) {
+    console.log('\n📋 Slack Blocks Preview:');
+    console.log(JSON.stringify(JSON.parse(outputs.blocks), null, 2));
+  }
+}
+
+// Mock test
+async function runMockTest() {
+  console.log('🧪 Running mock test...\n');
+
+  const github = createMockGitHub();
+  const context = createMockContext();
+  const core = createMockCore();
+
+  await prReport({ github, context, core });
+
+  const outputs = core.getOutputs();
+
+  // Validate outputs
+  console.log('\n✅ Validations:');
+
+  if (outputs.has_prs !== 'true') {
+    console.error('❌ Expected has_prs to be "true"');
+    process.exitCode = 1;
+  } else {
+    console.log('  ✓ has_prs is "true"');
+  }
+
+  if (!outputs.blocks) {
+    console.error('❌ Expected blocks output to be set');
+    process.exitCode = 1;
+  } else {
+    const blocks = JSON.parse(outputs.blocks);
+    console.log(`  ✓ blocks contains ${blocks.length} sections`);
+
+    // Verify structure
+    if (!blocks[0] || blocks[0].type !== 'section') {
+      console.error('❌ First block should be a section');
+      process.exitCode = 1;
+    } else {
+      console.log('  ✓ First block is header section');
+    }
+
+    // Print formatted output
+    console.log('\n📋 Slack Blocks Preview:');
+    console.log(JSON.stringify(blocks, null, 2));
+  }
+
+  // Test empty PR list
+  console.log('\n🧪 Testing empty PR list...');
+  const emptyGithub = {
+    rest: {
+      pulls: {
+        list: async () => ({ data: [] })
+      }
+    }
+  };
+  const emptyCore = createMockCore();
+  await prReport({ github: emptyGithub, context, core: emptyCore });
+
+  if (emptyCore.getOutputs().has_prs !== 'false') {
+    console.error('❌ Expected has_prs to be "false" for empty list');
+    process.exitCode = 1;
+  } else {
+    console.log('  ✓ Empty PR list handled correctly');
+  }
+}
+
+// Main
+(async () => {
+  try {
+    if (process.argv.includes('--live')) {
+      await runLiveTest();
+    } else {
+      await runMockTest();
+    }
+
+    if (!process.exitCode) {
+      console.log('\n✅ All tests passed!');
+    }
+  } catch (error) {
+    console.error('\n❌ Test failed with error:', error);
+    process.exitCode = 1;
+  }
+})();
+

data/.github/workflows/README.md

@@ -0,0 +1,7 @@
+# GitHub Actions README
+
+This repository uses GitHub Actions for continuous integration. The workflows are defined in the `.github/workflows/` directory.
+
+## Available Workflows
+- **CI Pipeline**: Runs tests, linters, and static analysis daily (Mon-Fri at 9am EST) and on every pull request to ensure code quality.
+- **PR Report**: Sends a daily Slack report (Mon-Fri at 9am EST) of open pull requests with status, approval, and age indicators. See [scripts/README.md](../scripts/README.md) for local testing instructions.

data/.github/workflows/ci.yml

@@ -0,0 +1,75 @@
+name: CI
+
+on:
+  pull_request:
+  schedule:
+    - cron: '0 13 * * 1-5'  # Run Monday–Friday at 8:00 AM EST / 9:00 AM EDT
+
+env:
+  SLACK_CHANNEL: envoy-dev
+
+jobs:
+  static_analysis:
+    runs-on: comcast-ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Install dependencies for static analysis
+        run: gem install bundler-audit rubocop --no-document
+
+      - name: Run bundler-audit to check for vulnerable dependencies
+        run: bundle audit update && bundle audit
+
+      - name: Lint code for consistent style
+        run: rubocop -c .rubocop.yml
+
+      - name: Notify Slack on failure
+        if: failure()
+        uses: slackapi/slack-github-action@v2.1.1
+        with:
+          method: chat.postMessage
+          token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload: |
+            channel: ${{ env.SLACK_CHANNEL }}
+            text: |
+              :x: CI Static Analysis Failed
+              *Repository:* ${{ github.repository }}
+              *Branch:* ${{ github.head_ref || github.ref_name }}
+              *Run:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Details>
+
+  test:
+    runs-on: comcast-ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rake test
+
+      - name: Notify Slack on failure
+        if: failure()
+        uses: slackapi/slack-github-action@v2.1.1
+        with:
+          method: chat.postMessage
+          token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload: |
+            channel: ${{ env.SLACK_CHANNEL }}
+            text: |
+              :x: CI Tests Failed
+              *Repository:* ${{ github.repository }}
+              *Branch:* ${{ github.head_ref || github.ref_name }}
+              *Run:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Details>

data/.github/workflows/pr-report.yml

@@ -0,0 +1,34 @@
+name: PR Report
+
+on:
+  schedule:
+    - cron: '0 13 * * 1-5'  # Run Monday-Friday at 9:00 AM EST (2:00 PM UTC)
+  workflow_dispatch:  # Allow manual trigger
+
+env:
+  SLACK_CHANNEL: envoy-dev
+
+jobs:
+  pr_report:
+    runs-on: comcast-ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Get open pull requests
+        id: get-prs
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const script = require('./.github/scripts/pr-report.js');
+            await script({ github, context, core });
+
+      - name: Send Slack notification
+        if: steps.get-prs.outputs.has_prs == 'true'
+        uses: slackapi/slack-github-action@v2.1.1
+        with:
+          method: chat.postMessage
+          token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload: |
+            channel: ${{ env.SLACK_CHANNEL }}
+            blocks: ${{ steps.get-prs.outputs.blocks }}

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/vendor/
+Gemfile.lock

data/.rubocop.yml

@@ -0,0 +1,16 @@
+AllCops:
+  TargetRubyVersion: 3.4
+  SuggestExtensions: false
+  Exclude:
+    - 'bin/**/*'
+    - 'vendor/**/*'
+  NewCops: enable
+
+Style/Documentation:
+  Enabled: false
+
+Metrics/BlockLength:
+  CountComments: false
+  Exclude:
+    - 'test/**/*'
+

data/.ruby-version

@@ -0,0 +1 @@
+3.4

data/CHANGELOG.md

@@ -0,0 +1,18 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.0] - 2026-02-03
+
+### Added
+- Initial release
+- `Envoy::Publisher` class for publishing events to AWS SNS
+- `Envoy::Configuration` for block-based configuration
+- `Envoy.publish(event_name, attributes)` convenience method
+- Structured event format with `detail-type`, `project`, `environment`, `event_name`, and `timestamp`
+- Optional logger integration

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in envoy_publisher.gemspec
+gemspec
+
+group :development, :test do
+  gem 'bundler', '>= 1.17'
+  gem 'minitest', '~> 5.0'
+  gem 'rake', '~> 13.0'
+end

data/Gemfile.lock

@@ -0,0 +1,45 @@
+PATH
+  remote: .
+  specs:
+    envoy_publisher (0.1.0)
+      aws-sdk-sns (~> 1.0)
+      rexml (~> 3.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1212.0)
+    aws-sdk-core (3.242.0)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      bigdecimal
+      jmespath (~> 1, >= 1.6.1)
+      logger
+    aws-sdk-sns (1.112.0)
+      aws-sdk-core (~> 3, >= 3.241.4)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.12.1)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.3.0)
+    bigdecimal (4.0.1)
+    jmespath (1.6.2)
+    logger (1.7.0)
+    minitest (5.27.0)
+    rake (13.3.1)
+    rexml (3.4.4)
+
+PLATFORMS
+  ruby
+  x86_64-darwin-24
+
+DEPENDENCIES
+  bundler (>= 1.17)
+  envoy_publisher!
+  minitest (~> 5.0)
+  rake (~> 13.0)
+
+BUNDLED WITH
+   2.7.2

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Comcast Cable Communications, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,164 @@
+# Envoy
+
+A lightweight Ruby gem that provides a simple, configurable wrapper around the AWS SNS SDK for publishing structured application events to SNS topics. Perfect for Rails applications and Ruby Lambda functions.
+
+## Features
+
+- Simple configuration with block syntax
+- Structured event payloads with automatic JSON serialization
+- Project and environment context in every event
+- Optional logging integration
+
+## Installation
+
+Add this line to your application's Gemfile, pointing to the GitHub repository:
+
+```ruby
+gem 'envoy_publisher', git: 'https://github.com/comcast-security-tools/envoy-publisher.git'
+```
+
+Or specify a branch or tag:
+
+```ruby
+gem 'envoy_publisher', git: 'https://github.com/comcast-security-tools/envoy-publisher.git', branch: 'main'
+gem 'envoy_publisher', git: 'https://github.com/comcast-security-tools/envoy-publisher.git', tag: 'v0.1.0'
+```
+
+Then execute:
+
+```bash
+$ bundle install
+```
+
+## Configuration
+
+### Rails Application
+
+Create an initializer at `config/initializers/envoy.rb`:
+
+```ruby
+Envoy.configure do |config|
+  # Enable or disable publishing (default: false)
+  config.enabled = %w[production staging qa].include?(Rails.env)
+  
+  # Required: The ARN of your SNS topic
+  config.sns_arn = ENV.fetch("SNS_TOPIC_ARN")
+
+  # Optional: AWS region (defaults to AWS_REGION env var or "us-east-1")
+  config.aws_region = ENV.fetch("AWS_REGION", "us-east-1")
+
+  # Optional: Project name included in every event
+  config.project = "my-application"
+
+  # Optional: Environment name included in every event
+  config.environment = Rails.env
+
+  # Optional: Logger for debugging
+  config.logger = Rails.logger
+end
+```
+
+### Ruby Lambda Function
+
+In your Lambda handler or bootstrap file:
+
+```ruby
+require 'envoy_publisher'
+
+Envoy.configure do |config|
+  config.enabled = true
+  config.sns_arn = ENV.fetch("SNS_TOPIC_ARN")
+  config.aws_region = ENV.fetch("AWS_REGION", "us-east-1")
+  config.project = "my-lambda"
+  config.environment = ENV.fetch("ENVIRONMENT", "production")
+end
+
+def handler(event:, context:)
+  Envoy.publish(:order_created, order_id: "12345", customer_id: "67890")
+
+  { statusCode: 200, body: "Event published" }
+end
+```
+
+## Usage
+
+### Basic Publishing
+
+```ruby
+# Publish an event directly through the Envoy module
+Envoy.publish(:user_signed_up, user_id: 123, email: "user@example.com")
+
+# Or get the publisher instance
+publisher = Envoy.publisher
+publisher.publish(:order_placed, order_id: "12345", total: 99.99)
+```
+
+### Event Structure
+
+Every published event includes a standardized structure:
+
+```ruby
+Envoy.publish(:user_registered, user_id: 123, plan: "premium")
+
+# This publishes a message with the following structure:
+# {
+#   "detail-type": "Application Event",
+#   "project": "my-application",
+#   "environment": "production",
+#   "event_name": "user_registered",
+#   "timestamp": "2026-02-03T12:00:00Z",
+#   "user_id": 123,
+#   "plan": "premium"
+# }
+```
+
+### Complex Events
+
+Pass any hash attributes to include additional data:
+
+```ruby
+Envoy.publish(:payment_processed,
+  order_id: "12345",
+  amount: 150.00,
+  currency: "USD",
+  payment_method: "credit_card",
+  metadata: {
+    processor: "stripe",
+    transaction_id: "txn_abc123"
+  }
+)
+```
+
+## AWS Credentials
+
+The gem uses the AWS SDK's default credential chain. Credentials can be provided via:
+
+1. **Environment variables**: `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
+2. **IAM role** (recommended for EC2/Lambda/ECS)
+3. **AWS credentials file**: `~/.aws/credentials`
+
+## Error Handling
+
+```ruby
+begin
+  Envoy.publish(:my_event, data: "test")
+rescue Envoy::ConfigurationError => e
+  # Configuration is invalid (e.g., missing sns_arn)
+  puts "Configuration error: #{e.message}"
+rescue Envoy::PublishError => e
+  # Failed to publish to SNS
+  puts "Publish error: #{e.message}"
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/comcast-security-tools/envoy-publisher.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task default: :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "envoy_publisher"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/envoy_publisher.gemspec

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'envoy/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'envoy_publisher'
+  spec.version       = Envoy::VERSION
+  spec.authors       = ['rtulin841']
+  spec.email         = ['ryan_tulino@comcast.com']
+
+  spec.summary       = 'A Ruby wrapper around AWS SNS SDK for publishing structured application events'
+  spec.description   = 'Envoy provides a simple, configurable interface for publishing application events to ' \
+                       'AWS SNS topics with project and environment context.'
+  spec.homepage      = 'https://github.com/comcast-security-tools/envoy-publisher'
+  spec.license       = 'MIT'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/comcast-security-tools/envoy-publisher'
+  spec.metadata['changelog_uri'] = 'https://github.com/comcast-security-tools/envoy-publisher/blob/main/CHANGELOG.md'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 3.4'
+
+  spec.add_dependency 'aws-sdk-sns', '~> 1.0'
+  spec.add_dependency 'rexml', '~> 3.0'
+end

data/lib/envoy/configuration.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Envoy
+  class Configuration
+    attr_accessor :sns_arn,
+                  :aws_region,
+                  :project,
+                  :environment,
+                  :enabled,
+                  :logger
+
+    def initialize
+      @enabled = false
+      @sns_arn = nil
+      @aws_region = ENV.fetch('AWS_REGION', 'us-east-1')
+      @project = nil
+      @environment = nil
+      @logger = nil
+    end
+
+    def validate!
+      raise ConfigurationError, 'sns_arn is required' if sns_arn.nil? || sns_arn.empty?
+    end
+  end
+
+  class ConfigurationError < Error; end
+end

data/lib/envoy/publisher.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-sns'
+require 'json'
+
+module Envoy
+  class Publisher
+    attr_reader :config
+
+    def initialize
+      @config = Envoy.configuration
+      @config.validate!
+    end
+
+    # Publish an event to the configured SNS topic
+    #
+    # @param event_name [Symbol, String] The name of the event
+    # @param attributes [Hash] Additional attributes to include in the event
+    # @return [Aws::SNS::Types::PublishResponse]
+    def publish(event_name, attributes = {})
+      return unless config.enabled
+
+      payload = build_event(event_name, attributes).to_json
+      log(:info, "Publishing message to SNS topic: #{config.sns_arn}")
+      log(:debug, "Payload: #{payload}")
+
+      publish_to_sns(payload)
+    rescue Aws::SNS::Errors::ServiceError => e
+      handle_publish_error(e)
+    end
+
+    private
+
+    def publish_to_sns(payload)
+      response = sns_client.publish(topic_arn: config.sns_arn, message: payload)
+      log(:info, "Message published successfully. MessageId: #{response.message_id}")
+      response
+    end
+
+    def handle_publish_error(error)
+      log(:error, "Failed to publish message: #{error.message}")
+      raise PublishError, "Failed to publish to SNS: #{error.message}"
+    end
+
+    def sns_client
+      @sns_client ||= Aws::SNS::Client.new(region: config.aws_region)
+    end
+
+    def build_event(event_name, attributes)
+      {
+        'detail-type': 'Application Event',
+        project: config.project,
+        environment: config.environment,
+        event_name: event_name,
+        timestamp: Time.now.utc.iso8601,
+        **attributes
+      }
+    end
+
+    def log(level, message)
+      return unless config.logger
+
+      config.logger.send(level, "[Envoy] #{message}")
+    end
+  end
+
+  class PublishError < Error; end
+end

data/lib/envoy/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Envoy
+  VERSION = '0.1.0'
+end

data/lib/envoy_publisher.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Envoy
+  class Error < StandardError; end
+end
+
+require 'envoy/version'
+require 'envoy/configuration'
+require 'envoy/publisher'
+
+module Envoy
+  class << self
+    # Access the current configuration
+    #
+    # @return [Configuration]
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    # Configure Envoy with a block
+    #
+    # @example
+    #   Envoy.configure do |config|
+    #     config.sns_arn = "arn:aws:sns:us-east-1:123456789:my-topic"
+    #     config.project = "my-app"
+    #   end
+    #
+    # @yield [Configuration]
+    def configure
+      yield(configuration)
+    end
+
+    # Access the Publisher instance
+    #
+    # @return [Publisher]
+    def publisher
+      @publisher ||= Publisher.new
+    end
+
+    # Convenience method to publish directly
+    #
+    # @param event_name [Symbol, String] The name of the event
+    # @param attributes [Hash] Additional attributes to include in the event
+    # @return [Aws::SNS::Types::PublishResponse]
+    def publish(event_name, attributes = {})
+      publisher.publish(event_name, attributes)
+    end
+
+    # Reset configuration and publisher (useful for testing)
+    def reset!
+      @configuration = nil
+      @publisher = nil
+    end
+  end
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: envoy_publisher
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- rtulin841
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-sns
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Envoy provides a simple, configurable interface for publishing application
+  events to AWS SNS topics with project and environment context.
+email:
+- ryan_tulino@comcast.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/CODEOWNERS"
+- ".github/dependabot.yml"
+- ".github/scripts/README.md"
+- ".github/scripts/pr-report.js"
+- ".github/scripts/pr-report.test.js"
+- ".github/workflows/README.md"
+- ".github/workflows/ci.yml"
+- ".github/workflows/pr-report.yml"
+- ".gitignore"
+- ".rubocop.yml"
+- ".ruby-version"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- envoy_publisher.gemspec
+- lib/envoy/configuration.rb
+- lib/envoy/publisher.rb
+- lib/envoy/version.rb
+- lib/envoy_publisher.rb
+homepage: https://github.com/comcast-security-tools/envoy-publisher
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/comcast-security-tools/envoy-publisher
+  source_code_uri: https://github.com/comcast-security-tools/envoy-publisher
+  changelog_uri: https://github.com/comcast-security-tools/envoy-publisher/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: A Ruby wrapper around AWS SNS SDK for publishing structured application events
+test_files: []