licensure 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6759a51d14e8f88b4d718fb1368cf9e2593660e43863949d73bb929062be7c12
+  data.tar.gz: 396ad8b96f81968fffab0dce383b368632ae6c12f71c8055589c3b361b6a0fb8
+SHA512:
+  metadata.gz: 69a98b94fe4fe29946a48d8281ce993632db4be662e6cefb70cb5826d38807546a2dc8d4d1bf8598d63265ef4613b19b1797490b83efd84754d7a1a2a59f9a49
+  data.tar.gz: df348e79ddac7e9f8bb783a6743a0706b1fac62de1100268fceaa51b895c80813ebd730d0edb734be0905a95d4b88fdc0b666670baefbb6225664bccd0f831ee

data/.licensure.yml.example

@@ -0,0 +1,14 @@
+# .licensure.yml
+allowed_licenses:
+  - MIT
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - ISC
+  - Ruby
+
+ignored_gems:
+  - bundler
+  - rake
+
+deny_unknown: true

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2026 Yudai Takada
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,116 @@
+# Licensure
+
+Licensure is a RubyGem CLI tool that inspects dependency licenses from `Gemfile.lock` and checks them against a configurable allow list.
+
+## Installation
+
+Install as a gem:
+
+```bash
+gem install licensure
+```
+
+Or add it to your `Gemfile`:
+
+```ruby
+gem "licensure"
+```
+
+## Quick Start
+
+Initialize config:
+
+```bash
+licensure init
+```
+
+List dependency licenses:
+
+```bash
+licensure list
+```
+
+Check licenses against `.licensure.yml`:
+
+```bash
+licensure check
+```
+
+## Configuration
+
+Licensure uses `.licensure.yml`:
+
+```yaml
+allowed_licenses:
+  - MIT
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - ISC
+  - Ruby
+
+ignored_gems:
+  - bundler
+  - rake
+
+deny_unknown: true
+```
+
+- `allowed_licenses`: Allowed license identifiers. Empty means allow all.
+- `ignored_gems`: Gem names excluded from checks.
+- `deny_unknown`: Treat gems without license metadata as warnings.
+
+## Commands
+
+```bash
+licensure list [--format table|csv|json|markdown] [--recursive] [--output FILE] [--gemfile-lock PATH]
+licensure check [--config FILE] [--recursive] [--format table|csv|json|markdown] [--gemfile-lock PATH]
+licensure init
+licensure version
+licensure help [command]
+```
+
+## Output Formats
+
+`list` and `check` support:
+
+- `table`
+- `csv`
+- `json`
+- `markdown`
+
+Example:
+
+```bash
+licensure list --format json
+licensure check --format markdown
+```
+
+## CI Example (GitHub Actions)
+
+```yaml
+name: License Check
+on: [push, pull_request]
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.3"
+          bundler-cache: true
+      - run: gem install licensure
+      - run: licensure check
+```
+
+## Development
+
+```bash
+bundle install
+bundle exec rake spec
+```
+
+## License
+
+Released under the MIT License. See `LICENSE.txt`.

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/exe/licensure

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
+
+require "licensure"
+require "licensure/cli"
+
+exit(Licensure::CLI.new(ARGV).run)

data/lib/licensure/cli.rb

@@ -0,0 +1,258 @@
+# frozen_string_literal: true
+
+require "optionparser"
+
+module Licensure
+  # CLI entrypoint and subcommand orchestrator.
+  class CLI
+    FORMATS = %w[table csv json markdown].freeze
+
+    # @param argv [Array<String>]
+    # @param output [IO]
+    # @param error_output [IO]
+    # @param input [IO]
+    def initialize(argv = ARGV, output: $stdout, error_output: $stderr, input: $stdin)
+      @argv = argv.dup
+      @output = output
+      @error_output = error_output
+      @input = input
+    end
+
+    # @return [Integer]
+    def run
+      command = @argv.shift
+
+      case command
+      when nil, "help", "-h", "--help"
+        run_help(@argv.shift)
+      when "list"
+        run_list
+      when "check"
+        run_check
+      when "init"
+        run_init
+      when "version"
+        run_version
+      else
+        @error_output.puts("Unknown command: #{command}")
+        2
+      end
+    rescue OptionParser::ParseError, Licensure::Error => e
+      @error_output.puts(e.message)
+      2
+    rescue StandardError => e
+      @error_output.puts("Unexpected error: #{e.message}")
+      @error_output.puts(e.backtrace.join("\n"))
+      2
+    end
+
+    private
+
+    # @return [Integer]
+    def run_list
+      options = {
+        format: "table",
+        recursive: false,
+        output: nil,
+        lockfile_path: "Gemfile.lock",
+        help: false
+      }
+
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: licensure list [options]"
+        opts.on("-f", "--format FORMAT", FORMATS, "Output format: #{FORMATS.join(', ')}") { |value| options[:format] = value }
+        opts.on("-r", "--recursive", "Include transitive dependencies") { options[:recursive] = true }
+        opts.on("-o", "--output FILE", "Write output to file") { |value| options[:output] = value }
+        opts.on("--gemfile-lock PATH", "Path to Gemfile.lock") { |value| options[:lockfile_path] = value }
+        opts.on("-h", "--help", "Show help") { options[:help] = true }
+      end
+
+      parser.parse!(@argv)
+      return print_help(parser) if options[:help]
+
+      assert_no_extra_arguments!
+
+      dependencies = DependencyResolver.new(
+        lockfile_path: options[:lockfile_path],
+        recursive: options[:recursive]
+      ).resolve
+
+      infos = LicenseFetcher.new.fetch_all(dependencies)
+      render_to(options[:format], infos: infos, output_path: options[:output])
+      0
+    end
+
+    # @return [Integer]
+    def run_check
+      options = {
+        config_path: ".licensure.yml",
+        format: "table",
+        recursive: false,
+        lockfile_path: "Gemfile.lock",
+        help: false
+      }
+
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: licensure check [options]"
+        opts.on("-c", "--config FILE", "Path to .licensure.yml") { |value| options[:config_path] = value }
+        opts.on("-r", "--recursive", "Include transitive dependencies") { options[:recursive] = true }
+        opts.on("-f", "--format FORMAT", FORMATS, "Output format: #{FORMATS.join(', ')}") { |value| options[:format] = value }
+        opts.on("--gemfile-lock PATH", "Path to Gemfile.lock") { |value| options[:lockfile_path] = value }
+        opts.on("-h", "--help", "Show help") { options[:help] = true }
+      end
+
+      parser.parse!(@argv)
+      return print_help(parser) if options[:help]
+
+      assert_no_extra_arguments!
+
+      configuration = Configuration.load(options[:config_path])
+      dependencies = DependencyResolver.new(
+        lockfile_path: options[:lockfile_path],
+        recursive: options[:recursive]
+      ).resolve
+      infos = LicenseFetcher.new.fetch_all(dependencies)
+      result = LicenseChecker.new(configuration: configuration).check(infos)
+
+      formatter_for(options[:format], output: @output).render_check_result(result)
+      result.violations.empty? ? 0 : 1
+    end
+
+    # @return [Integer]
+    def run_init
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: licensure init"
+        opts.on("-h", "--help", "Show help") { @output.puts(opts); return 0 }
+      end
+
+      parser.parse!(@argv)
+      assert_no_extra_arguments!
+
+      config_path = ".licensure.yml"
+      if File.exist?(config_path)
+        @output.print("#{config_path} already exists. Overwrite? [y/N]: ")
+        answer = @input.gets&.strip&.downcase
+        unless %w[y yes].include?(answer)
+          @output.puts("Aborted")
+          return 0
+        end
+      end
+
+      File.write(config_path, Configuration::SAMPLE_CONFIG)
+      @output.puts("Created #{config_path}")
+      0
+    end
+
+    # @return [Integer]
+    def run_version
+      @output.puts("Licensure #{Licensure::VERSION}")
+      0
+    end
+
+    # @param subcommand [String, nil]
+    # @return [Integer]
+    def run_help(subcommand)
+      return print_main_help if subcommand.nil?
+
+      case subcommand
+      when "list"
+        print_help(build_list_help_parser)
+      when "check"
+        print_help(build_check_help_parser)
+      when "init"
+        @output.puts("Usage: licensure init")
+        0
+      when "version"
+        @output.puts("Usage: licensure version")
+        0
+      else
+        @error_output.puts("Unknown help topic: #{subcommand}")
+        2
+      end
+    end
+
+    # @return [Integer]
+    def print_main_help
+      @output.puts <<~TEXT
+        Usage: licensure <command> [options]
+
+        Commands:
+          list      Show dependency license information
+          check     Validate licenses against .licensure.yml
+          init      Create .licensure.yml
+          version   Show current version
+          help      Show help
+      TEXT
+      0
+    end
+
+    # @param parser [OptionParser]
+    # @return [Integer]
+    def print_help(parser)
+      @output.puts(parser)
+      0
+    end
+
+    # @return [OptionParser]
+    def build_list_help_parser
+      OptionParser.new do |opts|
+        opts.banner = "Usage: licensure list [options]"
+        opts.on("-f", "--format FORMAT", FORMATS)
+        opts.on("-r", "--recursive")
+        opts.on("-o", "--output FILE")
+        opts.on("--gemfile-lock PATH")
+      end
+    end
+
+    # @return [OptionParser]
+    def build_check_help_parser
+      OptionParser.new do |opts|
+        opts.banner = "Usage: licensure check [options]"
+        opts.on("-c", "--config FILE")
+        opts.on("-r", "--recursive")
+        opts.on("-f", "--format FORMAT", FORMATS)
+        opts.on("--gemfile-lock PATH")
+      end
+    end
+
+    # @param format [String]
+    # @param output [IO]
+    # @return [Licensure::Formatters::Base]
+    def formatter_for(format, output:)
+      case format
+      when "table"
+        Formatters::Table.new(output: output)
+      when "csv"
+        Formatters::Csv.new(output: output)
+      when "json"
+        Formatters::Json.new(output: output)
+      when "markdown"
+        Formatters::Markdown.new(output: output)
+      else
+        raise CLIError, "Unsupported format: #{format}"
+      end
+    end
+
+    # @param format [String]
+    # @param infos [Array<Licensure::GemLicenseInfo>]
+    # @param output_path [String, nil]
+    # @return [void]
+    def render_to(format, infos:, output_path:)
+      if output_path
+        File.open(output_path, "w") do |file|
+          formatter_for(format, output: file).render(infos)
+        end
+        return
+      end
+
+      formatter_for(format, output: @output).render(infos)
+    end
+
+    # @return [void]
+    def assert_no_extra_arguments!
+      return if @argv.empty?
+
+      raise CLIError, "Unknown arguments: #{@argv.join(' ')}"
+    end
+  end
+end

data/lib/licensure/configuration.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module Licensure
+  # Loads and validates .licensure.yml configuration.
+  class Configuration
+    VALID_KEYS = %w[allowed_licenses ignored_gems deny_unknown].freeze
+
+    SAMPLE_CONFIG = <<~YAML.freeze
+      # .licensure.yml
+      allowed_licenses:
+        - MIT
+        - Apache-2.0
+        - BSD-2-Clause
+        - BSD-3-Clause
+        - ISC
+        - Ruby
+
+      ignored_gems:
+        - bundler
+        - rake
+
+      # Treat gems with unspecified licenses as warnings
+      deny_unknown: true
+    YAML
+
+    # @param path [String]
+    # @return [Licensure::Configuration]
+    def self.load(path = ".licensure.yml")
+      raise ConfigurationError, "Configuration file not found: #{path}" unless File.exist?(path)
+
+      payload = YAML.safe_load(File.read(path), aliases: false) || {}
+      unless payload.is_a?(Hash)
+        raise ConfigurationError, "Configuration must be a mapping"
+      end
+
+      new(payload.transform_keys(&:to_s))
+    rescue Psych::SyntaxError => e
+      raise ConfigurationError, "Failed to parse configuration: #{e.message}"
+    end
+
+    # @return [Licensure::Configuration]
+    def self.default
+      new({})
+    end
+
+    attr_reader :allowed_licenses, :ignored_gems
+
+    # @param data [Hash]
+    def initialize(data)
+      warn_unknown_keys(data)
+
+      @allowed_licenses = validate_array!(data.fetch("allowed_licenses", []), "allowed_licenses")
+      @ignored_gems = validate_array!(data.fetch("ignored_gems", []), "ignored_gems")
+      @deny_unknown = validate_boolean!(data.fetch("deny_unknown", true), "deny_unknown")
+    end
+
+    # @return [Boolean]
+    def deny_unknown?
+      @deny_unknown
+    end
+
+    private
+
+    # @param data [Hash]
+    # @return [void]
+    def warn_unknown_keys(data)
+      (data.keys - VALID_KEYS).each do |key|
+        $stderr.puts("Warning: Unknown configuration key '#{key}'")
+      end
+    end
+
+    # @param value [Object]
+    # @param key [String]
+    # @return [Array<String>]
+    def validate_array!(value, key)
+      unless value.is_a?(Array)
+        raise ConfigurationError, "#{key} must be an array"
+      end
+
+      value.map(&:to_s)
+    end
+
+    # @param value [Object]
+    # @param key [String]
+    # @return [Boolean]
+    def validate_boolean!(value, key)
+      unless value == true || value == false
+        raise ConfigurationError, "#{key} must be a boolean"
+      end
+
+      value
+    end
+  end
+end

data/lib/licensure/dependency_resolver.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "bundler"
+
+module Licensure
+  # Parses Gemfile.lock and resolves dependency names/versions.
+  class DependencyResolver
+    # @param lockfile_path [String]
+    # @param recursive [Boolean]
+    def initialize(lockfile_path: "Gemfile.lock", recursive: false)
+      @lockfile_path = lockfile_path
+      @recursive = recursive
+    end
+
+    # @return [Array<Hash{Symbol => String}>]
+    def resolve
+      raise DependencyResolutionError, "Gemfile.lock not found: #{@lockfile_path}" unless File.exist?(@lockfile_path)
+
+      parser = Bundler::LockfileParser.new(File.read(@lockfile_path))
+      specs_by_name = parser.specs.to_h { |spec| [spec.name, spec] }
+
+      names = if @recursive
+        parser.specs.map(&:name)
+      else
+        parser.dependencies.keys
+      end
+
+      names.uniq
+           .reject { |name| name == "bundler" }
+           .filter_map do |name|
+             spec = specs_by_name[name]
+             next unless spec
+
+             { name: name, version: spec.version.to_s }
+           end
+           .sort_by { |dependency| dependency[:name] }
+    rescue Bundler::LockfileError => e
+      raise DependencyResolutionError, "Failed to parse #{@lockfile_path}: #{e.message}"
+    end
+  end
+end

data/lib/licensure/errors.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Licensure
+  # Base error class for Licensure.
+  class Error < StandardError; end
+
+  # Raised when configuration loading or validation fails.
+  class ConfigurationError < Error; end
+
+  # Raised when Gemfile.lock parsing fails.
+  class DependencyResolutionError < Error; end
+
+  # Raised for CLI argument and execution failures.
+  class CLIError < Error; end
+end

data/lib/licensure/formatters/base.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Licensure
+  module Formatters
+    # Base formatter abstraction.
+    class Base
+      # @param output [IO]
+      def initialize(output: $stdout)
+        @output = output
+      end
+
+      # @param _gem_license_infos [Array<Licensure::GemLicenseInfo>]
+      # @return [String]
+      def render(_gem_license_infos)
+        raise NotImplementedError, "Implement #render in formatter subclasses"
+      end
+
+      # @param _check_result [Licensure::CheckResult]
+      # @return [String]
+      def render_check_result(_check_result)
+        raise NotImplementedError, "Implement #render_check_result in formatter subclasses"
+      end
+
+      protected
+
+      # @param content [String]
+      # @return [String]
+      def write_output(content)
+        @output.write(content)
+        @output.write("\n") unless content.end_with?("\n")
+        content
+      end
+
+      # @param info [Licensure::GemLicenseInfo]
+      # @return [Array<String>]
+      def gem_row(info)
+        [
+          info.name.to_s,
+          info.version.to_s,
+          info.licenses.join(" | "),
+          info.source.to_s,
+          info.homepage.to_s
+        ]
+      end
+
+      # @param violation [Licensure::Violation]
+      # @return [Array<String>]
+      def violation_row(violation)
+        row = gem_row(violation.gem_info).take(4)
+        row << violation.reason.to_s
+      end
+    end
+  end
+end

data/lib/licensure/formatters/csv.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require "csv"
+
+module Licensure
+  module Formatters
+    # Renders CSV output for list/check results.
+    class Csv < Base
+      # @param gem_license_infos [Array<Licensure::GemLicenseInfo>]
+      # @return [String]
+      def render(gem_license_infos)
+        content = ::CSV.generate do |csv|
+          csv << %w[Gem Version License Source Homepage]
+          gem_license_infos.each do |info|
+            csv << gem_row(info)
+          end
+        end
+
+        write_output(content)
+      end
+
+      # @param check_result [Licensure::CheckResult]
+      # @return [String]
+      def render_check_result(check_result)
+        content = ::CSV.generate do |csv|
+          csv << %w[Gem Version License Source Status Reason]
+
+          check_result.passed.each do |info|
+            csv << gem_row(info).take(4) + ["PASSED", ""]
+          end
+
+          check_result.violations.each do |violation|
+            csv << violation_row(violation).take(4) + ["VIOLATION", violation.reason]
+          end
+
+          check_result.warnings.each do |warning|
+            csv << violation_row(warning).take(4) + ["WARNING", warning.reason]
+          end
+        end
+
+        write_output(content)
+      end
+    end
+  end
+end

data/lib/licensure/formatters/json.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require "json"
+require "time"
+
+module Licensure
+  module Formatters
+    # Renders JSON output for list/check results.
+    class Json < Base
+      # @param gem_license_infos [Array<Licensure::GemLicenseInfo>]
+      # @return [String]
+      def render(gem_license_infos)
+        payload = {
+          generated_at: Time.now.iso8601,
+          gems: gem_license_infos.map { |info| gem_payload(info) }
+        }
+
+        write_output(JSON.pretty_generate(payload))
+      end
+
+      # @param check_result [Licensure::CheckResult]
+      # @return [String]
+      def render_check_result(check_result)
+        payload = {
+          generated_at: Time.now.iso8601,
+          summary: {
+            total: check_result.passed.size + check_result.violations.size + check_result.warnings.size,
+            passed: check_result.passed.size,
+            violations: check_result.violations.size,
+            warnings: check_result.warnings.size
+          },
+          violations: check_result.violations.map { |violation| violation_payload(violation) },
+          warnings: check_result.warnings.map { |warning| violation_payload(warning) },
+          passed: check_result.passed.map { |info| gem_payload(info) }
+        }
+
+        write_output(JSON.pretty_generate(payload))
+      end
+
+      private
+
+      # @param info [Licensure::GemLicenseInfo]
+      # @return [Hash]
+      def gem_payload(info)
+        {
+          name: info.name,
+          version: info.version,
+          licenses: info.licenses,
+          source: info.source.to_s,
+          homepage: info.homepage
+        }
+      end
+
+      # @param violation [Licensure::Violation]
+      # @return [Hash]
+      def violation_payload(violation)
+        gem_payload(violation.gem_info).merge(reason: violation.reason)
+      end
+    end
+  end
+end

data/lib/licensure/formatters/markdown.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Licensure
+  module Formatters
+    # Renders Markdown tables for list/check results.
+    class Markdown < Base
+      LIST_HEADERS = ["Gem", "Version", "License", "Source", "Homepage"].freeze
+      CHECK_HEADERS = ["Gem", "Version", "License", "Source", "Reason"].freeze
+
+      # @param gem_license_infos [Array<Licensure::GemLicenseInfo>]
+      # @return [String]
+      def render(gem_license_infos)
+        rows = gem_license_infos.map { |info| gem_row(info) }
+        write_output(markdown_table(LIST_HEADERS, rows))
+      end
+
+      # @param check_result [Licensure::CheckResult]
+      # @return [String]
+      def render_check_result(check_result)
+        sections = [
+          markdown_section("PASSED", LIST_HEADERS, check_result.passed.map { |info| gem_row(info) }),
+          markdown_section("VIOLATIONS", CHECK_HEADERS, check_result.violations.map { |item| violation_row(item) }),
+          markdown_section("WARNINGS", CHECK_HEADERS, check_result.warnings.map { |item| violation_row(item) })
+        ]
+
+        write_output(sections.join("\n\n"))
+      end
+
+      private
+
+      # @param title [String]
+      # @param headers [Array<String>]
+      # @param rows [Array<Array<String>>]
+      # @return [String]
+      def markdown_section(title, headers, rows)
+        "## #{title}\n\n#{markdown_table(headers, rows)}"
+      end
+
+      # @param headers [Array<String>]
+      # @param rows [Array<Array<String>>]
+      # @return [String]
+      def markdown_table(headers, rows)
+        header_line = "| #{headers.join(' | ')} |"
+        separator = "| #{Array.new(headers.size, '---').join(' | ')} |"
+        row_lines = rows.map { |row| "| #{row.map { |value| escape_markdown(value.to_s) }.join(' | ')} |" }
+
+        [header_line, separator, *row_lines].join("\n")
+      end
+
+      # @param value [String]
+      # @return [String]
+      def escape_markdown(value)
+        value.gsub("|", "\\|")
+      end
+    end
+  end
+end

data/lib/licensure/formatters/table.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Licensure
+  module Formatters
+    # Renders terminal-friendly ASCII tables.
+    class Table < Base
+      LIST_HEADERS = ["Gem", "Version", "License", "Source", "Homepage"].freeze
+      CHECK_HEADERS = ["Gem", "Version", "License", "Source", "Reason"].freeze
+
+      # @param gem_license_infos [Array<Licensure::GemLicenseInfo>]
+      # @return [String]
+      def render(gem_license_infos)
+        rows = gem_license_infos.map { |info| gem_row(info) }
+        write_output(build_table(LIST_HEADERS, rows))
+      end
+
+      # @param check_result [Licensure::CheckResult]
+      # @return [String]
+      def render_check_result(check_result)
+        sections = []
+        sections << section("PASSED", build_table(LIST_HEADERS, check_result.passed.map { |info| gem_row(info) }))
+        sections << section("VIOLATIONS", build_table(CHECK_HEADERS, check_result.violations.map { |item| violation_row(item) }))
+        sections << section("WARNINGS", build_table(CHECK_HEADERS, check_result.warnings.map { |item| violation_row(item) }))
+
+        write_output(sections.join("\n\n"))
+      end
+
+      private
+
+      # @param title [String]
+      # @param table [String]
+      # @return [String]
+      def section(title, table)
+        "#{title}\n#{table}"
+      end
+
+      # @param headers [Array<String>]
+      # @param rows [Array<Array<String>>]
+      # @return [String]
+      def build_table(headers, rows)
+        widths = headers.each_with_index.map do |header, index|
+          [header.length, *rows.map { |row| row[index].to_s.length }].max
+        end
+
+        border = "+-#{widths.map { |width| "-" * width }.join("-+-")}-+"
+        header_line = "| #{headers.each_with_index.map { |header, index| header.ljust(widths[index]) }.join(" | ")} |"
+
+        row_lines = rows.map do |row|
+          "| #{row.each_with_index.map { |value, index| value.to_s.ljust(widths[index]) }.join(" | ")} |"
+        end
+
+        [border, header_line, border, *row_lines, border].join("\n")
+      end
+    end
+  end
+end

data/lib/licensure/license_checker.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Licensure
+  # Checks dependency licenses against configuration rules.
+  class LicenseChecker
+    # @param configuration [Licensure::Configuration]
+    def initialize(configuration:)
+      @configuration = configuration
+    end
+
+    # @param gem_license_infos [Array<Licensure::GemLicenseInfo>]
+    # @return [Licensure::CheckResult]
+    def check(gem_license_infos)
+      filtered_infos = gem_license_infos.reject do |info|
+        @configuration.ignored_gems.include?(info.name)
+      end
+
+      violations = []
+      warnings = []
+      passed = []
+
+      filtered_infos.each do |info|
+        if info.licenses.empty?
+          if @configuration.deny_unknown?
+            warnings << Violation.new(gem_info: info, reason: "License not specified")
+          else
+            passed << info
+          end
+          next
+        end
+
+        if @configuration.allowed_licenses.empty?
+          passed << info
+          next
+        end
+
+        if allowed_license?(info.licenses)
+          passed << info
+          next
+        end
+
+        reason = "License '#{info.licenses.join(", ")}' is not in the allowed list"
+        violations << Violation.new(gem_info: info, reason: reason)
+      end
+
+      CheckResult.new(violations: violations, warnings: warnings, passed: passed)
+    end
+
+    private
+
+    # @param licenses [Array<String>]
+    # @return [Boolean]
+    def allowed_license?(licenses)
+      licenses.any? { |license| @configuration.allowed_licenses.include?(license) }
+    end
+  end
+end

data/lib/licensure/license_fetcher.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require "json"
+require "net/http"
+
+module Licensure
+  # Fetches gem license data from local gemspecs and RubyGems API.
+  class LicenseFetcher
+    RUBYGEMS_ENDPOINT = "https://rubygems.org/api/v1/gems".freeze
+    REQUEST_TIMEOUT = 5
+
+    # @param dependencies [Array<Hash{Symbol => String}>]
+    # @return [Array<Licensure::GemLicenseInfo>]
+    def fetch_all(dependencies)
+      dependencies.map { |dependency| fetch(dependency[:name], dependency[:version]) }
+    end
+
+    # @param name [String]
+    # @param version [String]
+    # @return [Licensure::GemLicenseInfo]
+    def fetch(name, version)
+      local = fetch_from_gemspec(name)
+      return build_info(name, version, local[:licenses], :gemspec, local[:homepage]) if local
+
+      remote = fetch_from_api(name)
+      return build_info(name, version, remote[:licenses], :api, remote[:homepage]) if remote
+
+      build_info(name, version, [], :unknown, nil)
+    end
+
+    private
+
+    # @param name [String]
+    # @return [Hash, nil]
+    def fetch_from_gemspec(name)
+      spec = Gem::Specification.find_by_name(name)
+      licenses = normalize_licenses(spec.licenses, spec.license)
+      return nil if licenses.empty?
+
+      { licenses: licenses, homepage: spec.homepage }
+    rescue Gem::LoadError
+      nil
+    end
+
+    # @param name [String]
+    # @return [Hash, nil]
+    def fetch_from_api(name)
+      uri = URI("#{RUBYGEMS_ENDPOINT}/#{name}.json")
+      request = Net::HTTP::Get.new(uri)
+      request["User-Agent"] = "Licensure/#{Licensure::VERSION}"
+
+      response = http_client_for(uri).request(request)
+      return nil unless response.is_a?(Net::HTTPSuccess)
+
+      payload = JSON.parse(response.body)
+      licenses = normalize_licenses(payload["licenses"], payload["license"])
+      return nil if licenses.empty?
+
+      { licenses: licenses, homepage: payload["homepage_uri"] || payload["homepage"] }
+    rescue JSON::ParserError, StandardError
+      nil
+    end
+
+    # @param uri [URI::HTTPS]
+    # @return [Net::HTTP]
+    def http_client_for(uri)
+      client = Net::HTTP.new(uri.host, uri.port)
+      client.use_ssl = true
+      client.open_timeout = REQUEST_TIMEOUT
+      client.read_timeout = REQUEST_TIMEOUT
+      client
+    end
+
+    # @param licenses [Array<String>, nil]
+    # @param license [String, nil]
+    # @return [Array<String>]
+    def normalize_licenses(licenses, license)
+      items = []
+      items.concat(Array(licenses))
+      items << license if license
+
+      items.compact
+           .map { |item| item.to_s.strip }
+           .reject(&:empty?)
+           .uniq
+    end
+
+    # @param name [String]
+    # @param version [String]
+    # @param licenses [Array<String>]
+    # @param source [Symbol]
+    # @param homepage [String, nil]
+    # @return [Licensure::GemLicenseInfo]
+    def build_info(name, version, licenses, source, homepage)
+      GemLicenseInfo.new(
+        name: name,
+        version: version,
+        licenses: licenses,
+        source: source,
+        homepage: homepage
+      )
+    end
+  end
+end

data/lib/licensure/types.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Licensure
+  # License information for a single gem dependency.
+  GemLicenseInfo = Struct.new(
+    :name,
+    :version,
+    :licenses,
+    :source,
+    :homepage,
+    keyword_init: true
+  )
+
+  # License check result aggregation.
+  CheckResult = Struct.new(
+    :violations,
+    :warnings,
+    :passed,
+    keyword_init: true
+  )
+
+  # Violation or warning entry with reason.
+  Violation = Struct.new(
+    :gem_info,
+    :reason,
+    keyword_init: true
+  )
+end

data/lib/licensure/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Licensure
+  VERSION = "0.1.0"
+end

data/lib/licensure.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "licensure/version"
+require_relative "licensure/errors"
+require_relative "licensure/types"
+require_relative "licensure/configuration"
+require_relative "licensure/dependency_resolver"
+require_relative "licensure/license_fetcher"
+require_relative "licensure/license_checker"
+require_relative "licensure/formatters/base"
+require_relative "licensure/formatters/table"
+require_relative "licensure/formatters/csv"
+require_relative "licensure/formatters/json"
+require_relative "licensure/formatters/markdown"
+require_relative "licensure/cli"
+
+# Top-level namespace for Licensure.
+module Licensure
+end

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification
+name: licensure
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yudai Takada
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: csv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Licensure collects dependency license metadata and validates it against
+  a configurable allow list.
+email:
+- t.yudai92@gmail.com
+executables:
+- licensure
+extensions: []
+extra_rdoc_files: []
+files:
+- ".licensure.yml.example"
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/licensure
+- lib/licensure.rb
+- lib/licensure/cli.rb
+- lib/licensure/configuration.rb
+- lib/licensure/dependency_resolver.rb
+- lib/licensure/errors.rb
+- lib/licensure/formatters/base.rb
+- lib/licensure/formatters/csv.rb
+- lib/licensure/formatters/json.rb
+- lib/licensure/formatters/markdown.rb
+- lib/licensure/formatters/table.rb
+- lib/licensure/license_checker.rb
+- lib/licensure/license_fetcher.rb
+- lib/licensure/types.rb
+- lib/licensure/version.rb
+homepage: https://github.com/ydah/licensure
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/ydah/licensure
+  source_code_uri: https://github.com/ydah/licensure
+  changelog_uri: https://github.com/ydah/licensure/releases
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.6
+specification_version: 4
+summary: License compliance checker for Ruby dependencies
+test_files: []