kettle-dev 1.0.8 → 1.0.10

data/exe/kettle-release

@@ -1,6 +1,8 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
+# vim: set syntax=ruby
+
 # kettle-release: Automate release steps from CONTRIBUTING.md
 # - Runs sanity checks
 # - Ensures version/changelog updated (with confirmation)
@@ -12,562 +14,19 @@
 # - Runs bin/gem_checksums
 # - Runs `bundle exec rake release` (expects PEM password and RubyGems MFA OTP)
 
+# Immediate, unbuffered output
 $stdout.sync = true
-require "rubygems"
-# Ensure we run within the host project's Bundler context (do not override BUNDLE_GEMFILE)
-begin
-  require "bundler/setup"
-rescue LoadError
-  # Allow running outside of Bundler; runtime deps should still be available via rubygems
-end
+# Depending library or project must be using bundler
+require "bundler/setup"
 
 begin
-  require "open3"
-  require "shellwords"
-  require "time"
-  require "fileutils"
-  require "net/http"
-  require "json"
-  require "uri"
-  require "kettle/dev/ci_helpers"
-  require "ruby-progressbar"
+  require "kettle/dev"
 rescue LoadError => e
-  warn("kettle-release: failed to load a required library: #{e.message}")
-  warn("Hint: Ensure the host project includes kettle-dev and its runtime deps, then run bundle install.")
-  warn(e.backtrace.join("\n")) if ENV["DEBUG"]
+  warn("kettle/dev: failed to load: #{e.message}")
+  warn("Hint: Ensure the host project includes kettle-dev and run bundle install.")
   exit(1)
 end
 
-module Kettle
-  module Dev
-    class ReleaseCLI
-      def initialize
-        # Use the host project's root, not the installed gem's directory
-        @root = Kettle::Dev::CIHelpers.project_root
-      end
-
-      def run
-        puts "== kettle-release =="
-
-        ensure_bundler_2_7_plus!
-
-        run_cmd!("bin/setup")
-        run_cmd!("bin/rake")
-
-        version = detect_version
-        puts "Detected version: #{version.inspect}"
-        puts "Have you updated lib/**/version.rb and CHANGELOG.md for v#{version}? [y/N]"
-        print("> ")
-        ans = $stdin.gets&.strip
-        abort("Aborted: please update version.rb and CHANGELOG.md, then re-run.") unless ans&.downcase&.start_with?("y")
-
-        # Re-run checks (and refresh Gemfile.lock)
-        run_cmd!("bin/setup")
-        run_cmd!("bin/rake")
-
-        # Update Appraisal gemfiles if Appraisals file is present
-        appraisals_path = File.join(@root, "Appraisals")
-        if File.file?(appraisals_path)
-          puts "Appraisals detected at #{appraisals_path}. Running: bin/rake appraisal:update"
-          run_cmd!("bin/rake appraisal:update")
-        else
-          puts "No Appraisals file found; skipping appraisal:update"
-        end
-
-        ensure_git_user!
-        commit_release_prep!(version)
-
-        trunk = detect_trunk_branch
-        feature = current_branch
-        puts "Trunk branch detected: #{trunk}"
-        ensure_trunk_synced_before_push!(trunk, feature)
-
-        push!
-
-        # After pushing, ensure the CI workflows for this project are passing
-        monitor_workflows_after_push!
-
-        # If all workflows are passing, merge the feature branch into trunk and push trunk
-        merge_feature_into_trunk_and_push!(trunk, feature)
-
-        # Ensure we are on trunk for the remaining steps
-        checkout!(trunk)
-        pull!(trunk)
-
-        ensure_signing_setup_or_skip!
-        # Build: expect PEM password prompt unless SKIP_GEM_SIGNING
-        puts "Running build (you may be prompted for the signing key password)..."
-        run_cmd!("bundle exec rake build")
-
-        # Checksums (commits, but does not push)
-        run_cmd!("bin/gem_checksums")
-        validate_checksums!(version, stage: "after build + gem_checksums")
-
-        # Release: expect PEM password + RubyGems MFA OTP
-        puts "Running release (you may be prompted for signing key password and RubyGems MFA OTP)..."
-        run_cmd!("bundle exec rake release")
-        # Some release tasks rebuild the gem; re-validate to ensure reproducibility
-        validate_checksums!(version, stage: "after release")
-
-        puts "\nRelease complete. Don't forget to push the checksums commit if needed."
-      end
-
-      private
-
-      # Monitor GitHub Actions workflows discovered by ci:act logic.
-      # Checks one workflow per second in a round-robin loop until all pass, or any fails.
-      def monitor_workflows_after_push!
-        root = Kettle::Dev::CIHelpers.project_root
-        workflows = Kettle::Dev::CIHelpers.workflows_list(root)
-        gitlab_ci = File.exist?(File.join(root, ".gitlab-ci.yml"))
-
-        branch = Kettle::Dev::CIHelpers.current_branch
-        abort("Could not determine current branch for CI checks.") unless branch
-
-        # Prefer an explicit GitHub remote if available; fall back to origin repo_info
-        gh_remote = preferred_github_remote
-        gh_owner = nil
-        gh_repo = nil
-        if gh_remote && !workflows.empty?
-          url = remote_url(gh_remote)
-          gh_owner, gh_repo = parse_github_owner_repo(url)
-        end
-
-        checks_any = false
-
-        if gh_owner && gh_repo && !workflows.empty?
-          checks_any = true
-          total = workflows.size
-          abort("No GitHub workflows found under .github/workflows; aborting.") if total.zero?
-
-          passed = {}
-          idx = 0
-          puts "Ensuring GitHub Actions workflows pass on #{branch} (#{gh_owner}/#{gh_repo}) via remote '#{gh_remote}'"
-          pbar = ProgressBar.create(title: "CI", total: total, format: "%t %b %c/%C", length: 30)
-
-          loop do
-            wf = workflows[idx]
-            run = Kettle::Dev::CIHelpers.latest_run(owner: gh_owner, repo: gh_repo, workflow_file: wf, branch: branch)
-            if run
-              if Kettle::Dev::CIHelpers.success?(run)
-                unless passed[wf]
-                  passed[wf] = true
-                  pbar.increment
-                end
-              elsif Kettle::Dev::CIHelpers.failed?(run)
-                puts
-                url = run["html_url"] || "https://github.com/#{gh_owner}/#{gh_repo}/actions/workflows/#{wf}"
-                abort("Workflow failed: #{wf} -> #{url}")
-              end
-            end
-            break if passed.size == total
-            idx = (idx + 1) % total
-            sleep(1)
-          end
-          pbar.finish unless pbar.finished?
-          puts "\nAll GitHub workflows passing (#{passed.size}/#{total})."
-        end
-
-        # Additionally, check GitLab if configured
-        gl_remote = gitlab_remote_candidates.first
-        if gitlab_ci && gl_remote
-          owner, repo = Kettle::Dev::CIHelpers.repo_info_gitlab
-          if owner && repo
-            checks_any = true
-            puts "Ensuring GitLab pipeline passes on #{branch} (#{owner}/#{repo}) via remote '#{gl_remote}'"
-            pbar = ProgressBar.create(title: "CI", total: 1, format: "%t %b %c/%C", length: 30)
-            loop do
-              pipe = Kettle::Dev::CIHelpers.gitlab_latest_pipeline(owner: owner, repo: repo, branch: branch)
-              if pipe
-                if Kettle::Dev::CIHelpers.gitlab_success?(pipe)
-                  pbar.increment unless pbar.finished?
-                  break
-                elsif Kettle::Dev::CIHelpers.gitlab_failed?(pipe)
-                  puts
-                  url = pipe["web_url"] || "https://gitlab.com/#{owner}/#{repo}/-/pipelines"
-                  abort("Pipeline failed: #{url}")
-                end
-              end
-              sleep(1)
-            end
-            pbar.finish unless pbar.finished?
-            puts "\nGitLab pipeline passing."
-          end
-        end
-
-        abort("CI configuration not detected (GitHub or GitLab). Ensure CI is configured and remotes point to the correct hosts.") unless checks_any
-      end
-
-      def run_cmd!(cmd)
-        puts "$ #{cmd}"
-        # Execute commands with the current environment
-        success = system(ENV, cmd)
-        abort("Command failed: #{cmd}") unless success
-      end
-
-      def git_output(args)
-        out, status = Open3.capture2("git", *args)
-        [out.strip, status.success?]
-      end
-
-      def check_git_clean!
-        out, ok = git_output(["status", "--porcelain"])
-        abort("Git working tree is not clean. Commit/stash changes before releasing.\n\n#{out}") unless ok && out.empty?
-      end
-
-      def ensure_git_user!
-        name, ok1 = git_output(["config", "user.name"])
-        email, ok2 = git_output(["config", "user.email"])
-        abort("Git user.name or user.email not configured.") unless ok1 && ok2 && !name.empty? && !email.empty?
-      end
-
-      def ensure_bundler_2_7_plus!
-        begin
-          require "bundler"
-        rescue LoadError
-          abort("Bundler is required. Please install bundler >= 2.7.0 and try again.")
-        end
-        ver = Gem::Version.new(Bundler::VERSION)
-        min = Gem::Version.new("2.7.0")
-        if ver < min
-          abort("kettle-release requires Bundler >= 2.7.0 for reproducible builds by default. Current: #{Bundler::VERSION}. Please upgrade bundler.")
-        end
-      end
-
-      def detect_version
-        # Look for lib/**/version.rb and extract VERSION constant string
-        candidates = Dir[File.join(@root, "lib", "**", "version.rb")]
-        abort("Could not find version.rb under lib/**.") if candidates.empty?
-        path = candidates.min
-        content = File.read(path)
-        m = content.match(/VERSION\s*=\s*(["'])([^"']+)\1/)
-        abort("VERSION constant not found in #{path}.") unless m
-        m[2]
-      end
-
-      def commit_release_prep!(version)
-        msg = "🔖 Prepare release v#{version}"
-        # Only commit if there are changes (version/changelog)
-        out, _ = git_output(["status", "--porcelain"])
-        if out.empty?
-          puts "No changes to commit for release prep (continuing)."
-        else
-          run_cmd!(%(git commit -am #{Shellwords.escape(msg)}))
-        end
-      end
-
-      def push!
-        branch = current_branch
-        abort("Could not determine current branch to push.") unless branch
-
-        if has_remote?("all")
-          puts "$ git push all #{branch}"
-          success = system("git push all #{Shellwords.escape(branch)}")
-          unless success
-            warn("Normal push to 'all' failed; retrying with force push...")
-            run_cmd!("git push -f all #{Shellwords.escape(branch)}")
-          end
-          return
-        end
-
-        # Build the list of remotes to push to
-        remotes = []
-        remotes << "origin" if has_remote?("origin")
-        remotes |= github_remote_candidates
-        remotes |= gitlab_remote_candidates
-        remotes |= codeberg_remote_candidates
-        remotes.uniq!
-
-        if remotes.empty?
-          # Fallback to default behavior if we couldn't detect any remotes
-          puts "$ git push #{branch}"
-          success = system("git push #{Shellwords.escape(branch)}")
-          unless success
-            warn("Normal push failed; retrying with force push...")
-            run_cmd!("git push -f #{Shellwords.escape(branch)}")
-          end
-          return
-        end
-
-        remotes.each do |remote|
-          puts "$ git push #{remote} #{branch}"
-          success = system("git push #{Shellwords.escape(remote)} #{Shellwords.escape(branch)}")
-          unless success
-            warn("Push to #{remote} failed; retrying with force push...")
-            run_cmd!("git push -f #{Shellwords.escape(remote)} #{Shellwords.escape(branch)}")
-          end
-        end
-      end
-
-      def detect_trunk_branch
-        out, ok = git_output(["remote", "show", "origin"])
-        abort("Failed to get origin remote info.") unless ok
-        m = out.lines.find { |l| l.include?("HEAD branch") }
-        abort("Unable to detect trunk branch from origin.") unless m
-        m.split.last
-      end
-
-      def checkout!(branch)
-        run_cmd!("git checkout #{Shellwords.escape(branch)}")
-      end
-
-      def pull!(branch)
-        run_cmd!("git pull origin #{Shellwords.escape(branch)}")
-      end
-
-      def current_branch
-        out, ok = git_output(["rev-parse", "--abbrev-ref", "HEAD"])
-        ok ? out : nil
-      end
-
-      def list_remotes
-        out, ok = git_output(["remote"])
-        ok ? out.split(/\s+/).reject(&:empty?) : []
-      end
-
-      def remotes_with_urls
-        out, ok = git_output(["remote", "-v"])
-        return {} unless ok
-        urls = {}
-        out.each_line do |line|
-          if line =~ /(\S+)\s+(\S+)\s+\((fetch|push)\)/
-            name = Regexp.last_match(1)
-            url = Regexp.last_match(2)
-            kind = Regexp.last_match(3)
-            # prefer fetch URL when available
-            urls[name] = url if kind == "fetch" || !urls.key?(name)
-          end
-        end
-        urls
-      end
-
-      def remote_url(name)
-        remotes_with_urls[name]
-      end
-
-      def github_remote_candidates
-        remotes_with_urls.select { |n, u| u.include?("github.com") }.keys
-      end
-
-      def gitlab_remote_candidates
-        remotes_with_urls.select { |n, u| u.include?("gitlab.com") }.keys
-      end
-
-      def codeberg_remote_candidates
-        remotes_with_urls.select { |n, u| u.include?("codeberg.org") }.keys
-      end
-
-      def preferred_github_remote
-        cands = github_remote_candidates
-        return if cands.empty?
-        # Prefer a remote literally named 'github', otherwise the first
-        cands.find { |n| n == "github" } || cands.first
-      end
-
-      def parse_github_owner_repo(url)
-        return [nil, nil] unless url
-        if url =~ %r{git@github.com:(.+?)/(.+?)(\.git)?$}
-          [Regexp.last_match(1), Regexp.last_match(2).sub(/\.git\z/, "")]
-        elsif url =~ %r{https://github.com/(.+?)/(.+?)(\.git)?$}
-          [Regexp.last_match(1), Regexp.last_match(2).sub(/\.git\z/, "")]
-        else
-          [nil, nil]
-        end
-      end
-
-      def has_remote?(name)
-        list_remotes.include?(name)
-      end
-
-      def remote_branch_exists?(remote, branch)
-        _out, ok = git_output(["show-ref", "--verify", "--quiet", "refs/remotes/#{remote}/#{branch}"])
-        ok
-      end
-
-      def ahead_behind_counts(local_ref, remote_ref)
-        out, ok = git_output(["rev-list", "--left-right", "--count", "#{local_ref}...#{remote_ref}"])
-        return [0, 0] unless ok && !out.empty?
-        parts = out.split
-        left = parts[0].to_i
-        right = parts[1].to_i
-        [left, right]
-      end
-
-      def trunk_behind_remote?(trunk, remote)
-        # If the remote branch doesn't exist, treat as not behind
-        return false unless remote_branch_exists?(remote, trunk)
-        _ahead, behind = ahead_behind_counts(trunk, "#{remote}/#{trunk}")
-        behind.positive?
-      end
-
-      def ensure_trunk_synced_before_push!(trunk, feature)
-        if has_remote?("all")
-          puts "Remote 'all' detected. Fetching from all remotes and enforcing strict trunk parity..."
-          run_cmd!("git fetch --all")
-          remotes = list_remotes
-          missing_from = []
-          remotes.each do |r|
-            next if r == "all"
-            if remote_branch_exists?(r, trunk)
-              _ahead, behind = ahead_behind_counts(trunk, "#{r}/#{trunk}")
-              missing_from << r if behind.positive?
-            end
-          end
-          unless missing_from.empty?
-            abort("Local #{trunk} is missing commits present on: #{missing_from.join(", ")}. Please sync trunk first.")
-          end
-          puts "Local #{trunk} has all commits from remotes: #{(remotes - ["all"]).join(", ")}"
-          return
-        end
-
-        # Ensure local trunk is in sync with origin/trunk
-        run_cmd!("git fetch origin #{Shellwords.escape(trunk)}")
-        if trunk_behind_remote?(trunk, "origin")
-          puts "Local #{trunk} is behind origin/#{trunk}. Rebasing..."
-          cur = current_branch
-          checkout!(trunk) unless cur == trunk
-          run_cmd!("git pull --rebase origin #{Shellwords.escape(trunk)}")
-          checkout!(feature) unless feature.nil? || feature == trunk
-          run_cmd!("git rebase #{Shellwords.escape(trunk)}")
-          puts "Rebase complete. Will push updated branch next."
-        else
-          puts "Local #{trunk} is up to date with origin/#{trunk}."
-        end
-
-        # If there is a GitHub remote that is not origin, ensure origin/#{trunk} incorporates it
-        gh_remote = preferred_github_remote
-        if gh_remote && gh_remote != "origin"
-          puts "GitHub remote detected: #{gh_remote}. Fetching #{trunk}..."
-          run_cmd!("git fetch #{gh_remote} #{Shellwords.escape(trunk)}")
-
-          # Compare origin/trunk vs github/trunk to see if they differ
-          left, right = ahead_behind_counts("origin/#{trunk}", "#{gh_remote}/#{trunk}")
-          if left.zero? && right.zero?
-            puts "origin/#{trunk} and #{gh_remote}/#{trunk} are already in sync."
-            return
-          end
-
-          checkout!(trunk)
-          run_cmd!("git pull --rebase origin #{Shellwords.escape(trunk)}")
-
-          if left.positive? && right.positive?
-            # Histories have diverged -> let user choose
-            puts "origin/#{trunk} and #{gh_remote}/#{trunk} have diverged (#{left} ahead of GH, #{right} behind GH)."
-            puts "Choose how to reconcile:"
-            puts "  [r] Rebase local/#{trunk} on top of #{gh_remote}/#{trunk} (push to origin)"
-            puts "  [m] Merge --no-ff #{gh_remote}/#{trunk} into #{trunk} (push to origin and #{gh_remote})"
-            puts "  [a] Abort"
-            print("> ")
-            choice = $stdin.gets&.strip&.downcase
-            case choice
-            when "r"
-              run_cmd!("git rebase #{Shellwords.escape("#{gh_remote}/#{trunk}")}")
-              run_cmd!("git push origin #{Shellwords.escape(trunk)}")
-              puts "Rebased #{trunk} onto #{gh_remote}/#{trunk} and pushed to origin."
-            when "m"
-              run_cmd!("git merge --no-ff #{Shellwords.escape("#{gh_remote}/#{trunk}")}")
-              run_cmd!("git push origin #{Shellwords.escape(trunk)}")
-              run_cmd!("git push #{Shellwords.escape(gh_remote)} #{Shellwords.escape(trunk)}")
-              puts "Merged #{gh_remote}/#{trunk} into #{trunk} and pushed to origin and #{gh_remote}."
-            else
-              abort("Aborted by user. Please reconcile trunks and re-run.")
-            end
-          elsif right.positive? && left.zero?
-            # One side can be fast-forwarded
-            puts "Fast-forwarding #{trunk} to include #{gh_remote}/#{trunk}..."
-            run_cmd!("git merge --ff-only #{Shellwords.escape("#{gh_remote}/#{trunk}")}")
-            run_cmd!("git push origin #{Shellwords.escape(trunk)}")
-          # origin is behind GH -> fast-forward merge
-          elsif left.positive? && right.zero?
-            # origin ahead of GH -> nothing required for origin, optionally inform user
-            puts "origin/#{trunk} is ahead of #{gh_remote}/#{trunk}; no action required before push."
-          end
-        end
-      end
-
-      def merge_feature_into_trunk_and_push!(trunk, feature)
-        return if feature.nil? || feature == trunk
-        puts "Merging #{feature} into #{trunk} (after CI success)..."
-        checkout!(trunk)
-        run_cmd!("git pull --rebase origin #{Shellwords.escape(trunk)}")
-        run_cmd!("git merge #{Shellwords.escape(feature)}")
-        run_cmd!("git push origin #{Shellwords.escape(trunk)}")
-        puts "Merged #{feature} into #{trunk} and pushed. The PR (if any) should auto-close."
-      end
-
-      def ensure_signing_setup_or_skip!
-        return if ENV.key?("SKIP_GEM_SIGNING")
-
-        user = ENV.fetch("GEM_CERT_USER", ENV["USER"])
-        cert_path = File.join(@root, "certs", "#{user}.pem")
-        unless File.exist?(cert_path)
-          abort(<<~MSG)
-            Gem signing appears enabled but no public cert found at:
-              #{cert_path}
-            Add your public key to certs/<USER>.pem (or set GEM_CERT_USER), or set SKIP_GEM_SIGNING to build unsigned.
-          MSG
-        end
-        puts "Found signing cert: #{cert_path}"
-        puts "When prompted during build/release, enter the PEM password for ~/.ssh/gem-private_key.pem"
-      end
-
-      # --- Checksum validation ---
-      # Validate that the sha256 of the built gem in pkg/ matches the recorded
-      # checksum stored under checksums/<gem>.gem.sha256. Abort with guidance if not.
-      # @param version [String]
-      # @param stage [String] human-readable context (e.g., "after release")
-      def validate_checksums!(version, stage: "")
-        gem_path = gem_file_for_version(version)
-        unless gem_path && File.file?(gem_path)
-          abort("Unable to locate built gem for version #{version} in pkg/. Did the build succeed?")
-        end
-        actual = compute_sha256(gem_path)
-        checks_path = File.join(@root, "checksums", "#{File.basename(gem_path)}.sha256")
-        unless File.file?(checks_path)
-          abort("Expected checksum file not found: #{checks_path}. Did bin/gem_checksums run?")
-        end
-        expected = File.read(checks_path).strip
-        if actual != expected
-          abort(<<~MSG)
-            SHA256 mismatch #{stage}:
-              gem:   #{gem_path}
-              sha256sum: #{actual}
-              file: #{checks_path}
-              file: #{expected}
-            The artifact being released must match the checksummed artifact exactly.
-            Retry locally: bundle exec rake build && bin/gem_checksums && bundle exec rake release
-          MSG
-        else
-          puts "Checksum OK #{stage}: #{File.basename(gem_path)}"
-        end
-      end
-
-      # Find the gem file in pkg/ that matches the given version
-      def gem_file_for_version(version)
-        pkg = File.join(@root, "pkg")
-        pattern = File.join(pkg, "*.gem")
-        gems = Dir[pattern].select { |p| File.basename(p).include?("-#{version}.gem") }
-        gems.sort.last
-      end
-
-      # Compute sha256 using system utilities (sha256sum or shasum -a 256),
-      # falling back to Ruby Digest if neither is available.
-      def compute_sha256(path)
-        if system("which sha256sum > /dev/null 2>&1")
-          out, _ = Open3.capture2e("sha256sum", path)
-          out.split.first
-        elsif system("which shasum > /dev/null 2>&1")
-          out, _ = Open3.capture2e("shasum", "-a", "256", path)
-          out.split.first
-        else
-          require "digest"
-          Digest::SHA256.file(path).hexdigest
-        end
-      end
-    end
-  end
-end
-
 # Always execute when this file is loaded (e.g., via a Bundler binstub).
 # Do not guard with __FILE__ == $PROGRAM_NAME because binstubs use Kernel.load.
 if ARGV.include?("-h") || ARGV.include?("--help")

data/lib/kettle/dev/ci_helpers.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+# External stdlib
 require "open3"
 require "net/http"
 require "json"

data/lib/kettle/dev/commit_msg.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Branch rule enforcement and commit message footer support for commit-msg hook.
+# Provides a lib entrypoint so the exe wrapper can be minimal.
+
+module Kettle
+  module Dev
+    module CommitMsg
+      module_function
+
+      BRANCH_RULES = {
+        "jira" => /^(?<story_type>(hotfix)|(bug)|(feature)|(candy))\/(?<story_id>\d{8,})-.+\Z/,
+      }.freeze
+
+      # Enforce branch rule by appending [type][id] to the commit message when missing.
+      # @param path [String] path to commit message file (ARGV[0] from git)
+      def enforce_branch_rule!(path)
+        validate = ENV.fetch("GIT_HOOK_BRANCH_VALIDATE", "false")
+        branch_rule_type = (!validate.casecmp("false").zero? && validate) || nil
+        return unless branch_rule_type
+        branch_rule = BRANCH_RULES[branch_rule_type]
+        return unless branch_rule
+
+        branch = %x(git branch 2> /dev/null | grep -e ^* | awk '{print $2}')
+        match_data = branch.match(branch_rule)
+        return unless match_data
+
+        commit_msg = File.read(path)
+        unless commit_msg.include?(match_data[:story_id])
+          commit_msg = <<~EOS
+            #{commit_msg.strip}
+            [#{match_data[:story_type]}][#{match_data[:story_id]}]
+          EOS
+          File.open(path, "w") { |file| file.print(commit_msg) }
+        end
+      end
+    end
+  end
+end

data/lib/kettle/dev/exit_adapter.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Kettle
+  module Dev
+    # Exit/abort indirection layer to allow controllable behavior in tests.
+    #
+    # Production/default behavior delegates to Kernel.abort / Kernel.exit,
+    # which raise SystemExit. Specs can stub these methods to avoid terminating
+    # the process or to assert on arguments without coupling to Kernel.
+    #
+    # Example (RSpec):
+    #   allow(Kettle::Dev::ExitAdapter).to receive(:abort).and_raise(SystemExit.new(1))
+    #
+    # This adapter mirrors the "mockable adapter" approach used for GitAdapter.
+    module ExitAdapter
+      module_function
+
+      # Abort the current execution with a message. By default this calls Kernel.abort,
+      # which raises SystemExit after printing the message to STDERR.
+      #
+      # @param msg [String]
+      # @return [void]
+      def abort(msg)
+        Kernel.abort(msg)
+      end
+
+      # Exit the current process with a given status code. By default this calls Kernel.exit.
+      #
+      # @param status [Integer]
+      # @return [void]
+      def exit(status = 0)
+        Kernel.exit(status)
+      end
+    end
+  end
+end