reviewkit 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 60c611254e29010fc0ef3d4f6d9001ba303c9f35c1cfe8c3a023df0abe0a89cd
+  data.tar.gz: 6c2313db19efb6452a4875cb5458e2ad77b060fae880f9b9a3241bc63325da16
+SHA512:
+  metadata.gz: 2815eb4a720089dfad2cbbb3bf0b0c4d646527452301a1852b3559e3cbb1b9f4dcc0e655eed03113e1da6d77b8afb657e2b6a85fdee2f52955f76646d1cefbb9
+  data.tar.gz: 5d64199562f2f080fd226fa80fde98327180cd450a418f4387722a7431344ef525197fec96eaa28750fbec15ce394a85239029c55959a785606edff17baa8ad0

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.1.0] - 2026-03-31
+
+- Initial release of the `reviewkit` mountable Rails engine
+- Added split diff rendering with syntax highlighting
+- Added threaded line comments with resolve / reopen flows
+- Added TailwindCSS and Turbo-powered shipped UI
+- Added install and view-copy generators
+- Added model and controller extension generators for host apps
+- Added Launch-friendly metadata support on reviews, documents, threads, and comments
+- Added RSpec, SimpleCov, RuboCop, and CI coverage
+- Added a Rails-only asset workflow with no Node or npm requirement
+- Reworked actor persistence to use Rails-native polymorphic associations instead of `*_gid` columns
+- Replaced the custom hook DSL with standard Rails callbacks, `Reviewkit::Current`, and `ActiveSupport::Notifications`
+- Added protected controller extension points for params, scopes, redirects, and flow behavior
+- Added a RubyGems Trusted Publishing workflow and trimmed the released gem payload to engine runtime files only
+- Added a public documentation site at `https://reviewkit.dhairyagabhawala.com`
+- Added a contributor code of conduct and public release metadata cleanup
+- Consolidated the RSpec engine dummy app under `spec/dummy` and removed generated placeholder mailer/job classes
+- Narrowed the declared Rails dependency to the CI-verified `8.1` line

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,123 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and maintainers pledge to make participation in
+our community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+`gabhawaladhairya@gmail.com`.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by
+https://github.com/mozilla/diversity.
+
+[homepage]: https://www.contributor-covenant.org

data/CONTRIBUTING.md

@@ -0,0 +1,44 @@
+# Contributing
+
+Please review the [Code of Conduct](CODE_OF_CONDUCT.md) before participating.
+
+## Setup
+
+```bash
+bin/setup
+```
+
+That will:
+
+- install Ruby gems
+- build the shipped frontend assets
+- prepare the dummy app database
+
+## Development Workflow
+
+- implement changes in the engine under `app/`, `lib/`, and `db/`
+- use `spec/dummy` as the host application for manual verification
+- keep shipped CSS up to date with `bundle exec rake reviewkit:build_assets` when frontend styling changes land
+
+## Verification
+
+Before opening a pull request, run:
+
+```bash
+bin/test
+bin/lint
+bundle exec bin/rails app:zeitwerk:check
+bundle exec rake reviewkit:build_assets
+```
+
+## Scope Guidelines
+
+- keep `Reviewkit` generic and host-app friendly
+- store domain-specific context, such as Adobe Launch resource identifiers, in metadata instead of adding vendor-specific columns unless the engine truly needs them
+- preserve the shipped UI as a polished default, even when adding override points for host applications
+
+## Pull Requests
+
+- include tests for new behavior
+- update documentation when public behavior changes
+- add a changelog entry for user-visible changes

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright TODO: Write your name
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,335 @@
+<p align="center">
+  <img src=".github/assets/reviewkit-icon.jpeg" alt="ReactorSDK" width="100">
+</p>
+
+<p align="center">
+  <a href="https://github.com/dhairyagabha/reviewkit/actions/workflows/ci.yml">
+    <img src="https://github.com/dhairyagabha/reviewkit/actions/workflows/ci.yml/badge.svg" alt="CI">
+  </a>
+  <a href="https://rubygems.org/gems/reviewkit">
+    <img src="https://img.shields.io/gem/v/reviewkit.svg" alt="RubyGems version">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://reviewkit.dhairyagabhawala.com">Documentation</a>
+  ·
+  <a href="https://reviewkit.dhairyagabhawala.com/examples/live-demo">See the demo</a>
+  ·
+  <a href="https://github.com/dhairyagabha/reviewkit/blob/main/CHANGELOG.md">Changelog</a>
+  ·
+  <a href="https://rubygems.org/gems/reviewkit">RubyGems</a>
+  ·
+  <a href="https://github.com/dhairyagabha/reviewkit">GitHub</a>
+</p>
+
+# Reviewkit
+
+`reviewkit` is a mountable Rails engine for Git-like review workflows. It stores immutable review documents, renders split and unified diffs, supports threaded line comments, and ships a Rails-only UI built with Turbo, Stimulus, importmap, TailwindCSS, and Rouge.
+
+The engine stays intentionally generic. Host applications bring their own review source, metadata, permissions, and workflow logic while Reviewkit handles the review surface itself.
+
+## Features
+
+- Split and unified diff rendering for virtual files or real files
+- Threaded line comments with resolve, reopen, and outdated states
+- Immutable review snapshots built from host-provided content
+- Searchable review index and Git-style file review UI
+- Turbo Frame embedding and Turbo Stream updates
+- Rails-only frontend runtime with no Node requirement
+- JSON metadata on reviews, documents, threads, and comments
+- Rails-native extension via generated model and controller concerns
+- `ActiveSupport::Notifications` events for lifecycle and status changes
+
+## Requirements
+
+- Ruby `>= 3.2.0`
+- Rails `>= 8.1.2`, `< 8.2`
+
+CI currently verifies Ruby `3.2`, `3.3`, `3.4`, and `4.0` against the Rails `8.1` line, so the published dependency matches that support window.
+
+## Installation
+
+Add the gem to your Rails app:
+
+```ruby
+gem "reviewkit"
+```
+
+Then install it:
+
+```bash
+bundle install
+bin/rails generate reviewkit:install
+bin/rails db:migrate
+```
+
+The installer:
+
+- copies `config/initializers/reviewkit.rb`
+- mounts `Reviewkit::Engine` unless disabled
+- installs the engine migrations into the host app
+- creates a minimal `config/importmap.rb` when one does not exist
+
+By default the engine mounts at `/reviewkit`:
+
+```ruby
+mount Reviewkit::Engine => "/reviewkit"
+```
+
+If you want local copies of the shipped UI templates:
+
+```bash
+bin/rails generate reviewkit:views
+```
+
+## Create a Review
+
+Host applications provide immutable review documents. The main entry point is `Reviewkit::Reviews::Create`.
+
+```ruby
+review = Reviewkit::Reviews::Create.call(
+  title: "Checkout submission hardening",
+  description: "Review the guard clauses and status changes before merge.",
+  creator: current_user,
+  external_reference: "PR-42",
+  status: "open",
+  metadata: {
+    branch: "feature/checkout-guard",
+    base_branch: "main",
+    commit_sha: "9f3c1d2"
+  },
+  review_attributes: {
+    review_type: "code"
+  },
+  documents: [
+    {
+      path: "app/services/checkouts/submit_order.rb",
+      language: "ruby",
+      old_content: "def call(order)\n  order.submit!\nend\n",
+      new_content: "def call(order)\n  return false unless order.ready?\n\n  order.submit!\nend\n",
+      metadata: {
+        resource_id: "submit_order",
+        revision_id: "9f3c1d2",
+        base_revision_id: "8b21e6a"
+      }
+    }
+  ]
+)
+```
+
+Once created, the mounted UI is available at:
+
+```text
+/reviewkit/reviews/:id
+```
+
+## Configuration
+
+Reviewkit keeps configuration deliberately small:
+
+```ruby
+Reviewkit.configure do |config|
+  config.current_actor = lambda do |controller|
+    controller.respond_to?(:current_user, true) ? controller.send(:current_user) : nil
+  end
+
+  config.authorize_action = lambda do |_controller, action, record = nil, **_context|
+    true
+  end
+
+  config.layout = "reviewkit/application"
+  config.intraline_limits.max_review_files = 50
+  config.intraline_limits.max_changed_lines = 50
+  config.intraline_limits.max_line_length = 500
+end
+```
+
+The most important knobs are:
+
+- `config.current_actor` for comments, thread resolution, and notification context
+- `config.authorize_action` for engine permissions
+- `config.layout` for full-page rendering
+- `config.intraline_limits` for conservative intraline diff budgets on large reviews
+
+## RBS Signatures
+
+Reviewkit ships RBS for the public engine surface in [`sig/reviewkit.rbs`](sig/reviewkit.rbs).
+
+The signatures cover:
+
+- `Reviewkit.configure` and `Reviewkit.config`
+- `Reviewkit::Configuration` and `Reviewkit::Configuration::IntralineLimits`
+- `Reviewkit::Current`
+- `Reviewkit::Reviews::Create`
+- the core review records' public workflow helpers
+
+## Records and Workflow
+
+Reviewkit ships four core records:
+
+- `Reviewkit::Review`
+- `Reviewkit::Document`
+- `Reviewkit::ReviewThread`
+- `Reviewkit::Comment`
+
+Review statuses:
+
+- `draft`
+- `open`
+- `approved`
+- `rejected`
+- `closed`
+
+Document statuses:
+
+- `added`
+- `removed`
+- `modified`
+- `unchanged`
+
+Thread statuses:
+
+- `open`
+- `resolved`
+- `outdated`
+
+## Extend It the Rails Way
+
+Reviewkit is designed to be extended with normal Rails patterns:
+
+- use Active Record callbacks in host-side model concerns
+- override protected controller methods in host-side controller concerns
+- copy views only when you need UI changes
+- keep domain-specific fields in host migrations and JSON metadata
+
+Generate host-side extension concerns:
+
+```bash
+bin/rails generate reviewkit:models
+bin/rails generate reviewkit:controllers
+```
+
+After adding a host column like `review_type`, extend the engine through those concerns instead of forking the engine.
+
+Keep host extensions in the normal Rails autoloaded concern paths:
+
+- `app/models/concerns/reviewkit`
+- `app/controllers/concerns/reviewkit`
+
+The engine's `to_prepare` hooks look up those constants by name, so keeping them in the generated concern paths avoids manual requires and keeps development reloading clean.
+
+Example controller extension:
+
+```ruby
+module Reviewkit
+  module ReviewsControllerExtension
+    protected
+
+    def permitted_review_attributes
+      super + %i[review_type]
+    end
+  end
+end
+```
+
+## Embed Reviews in Turbo Frames
+
+Reviewkit review pages can be embedded inside host layouts with Turbo Frames:
+
+```erb
+<%= turbo_frame_tag "reviewkit_review", src: reviewkit.review_path(review) %>
+```
+
+Frame requests:
+
+- skip the full-page engine layout
+- keep inline comment, reply, and thread state updates working
+- preserve Turbo-driven document switching
+
+## Metadata
+
+Reviewkit intentionally keeps integration context in JSON metadata rather than dedicated vendor-specific columns.
+
+Typical examples:
+
+```ruby
+review.metadata = {
+  branch: "feature/checkout-guard",
+  base_branch: "main"
+}
+
+document.metadata = {
+  resource_id: "submit_order",
+  revision_id: "9f3c1d2"
+}
+
+thread.metadata = {
+  resource_id: "submit_order",
+  side: "new"
+}
+```
+
+## Notifications
+
+Reviewkit emits observational `ActiveSupport::Notifications` events for review, thread, and comment lifecycle/status changes.
+
+These are useful for:
+
+- analytics
+- auditing
+- background workflows
+
+Host applications should still prefer normal Rails callbacks for domain behavior attached to their own model extensions.
+
+## Documentation
+
+Full guides, live demos, API details, extension examples, and troubleshooting are available at:
+
+- https://reviewkit.dhairyagabhawala.com
+
+Recommended starting points:
+
+- https://reviewkit.dhairyagabhawala.com/docs/installation
+- https://reviewkit.dhairyagabhawala.com/docs/quick-start
+- https://reviewkit.dhairyagabhawala.com/docs/host-integration
+- https://reviewkit.dhairyagabhawala.com/examples/live-demo
+
+## Development
+
+```bash
+bin/setup
+bin/test
+bin/lint
+bundle exec bin/rails app:zeitwerk:check
+bundle exec rake reviewkit:build_assets
+```
+
+The dummy host app used for engine verification lives under `spec/dummy`.
+
+## Release Workflow
+
+Reviewkit is prepared for RubyGems Trusted Publishing with GitHub Actions.
+
+Before the first public release:
+
+1. Create the gem on RubyGems.org.
+2. Add this repository as a trusted publisher for the gem.
+3. Create a protected `release` environment in GitHub if you want an approval gate before publish.
+
+After that, publish by pushing a SemVer tag:
+
+```bash
+git tag v0.1.0
+git push origin v0.1.0
+```
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for development and contribution guidelines.
+
+Please follow the [Code of Conduct](CODE_OF_CONDUCT.md) when participating in issues, discussions, and pull requests.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](MIT-LICENSE).

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+load File.expand_path("lib/tasks/reviewkit_tasks.rake", __dir__)
+
+require "bundler/gem_tasks"

data/SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do not open public GitHub issues for security-sensitive problems.
+
+Instead, report vulnerabilities privately to:
+
+- `gabhawaladhairya@gmail.com`
+
+When reporting an issue, include:
+
+- a clear description of the problem
+- affected versions or commit ranges if known
+- reproduction steps or proof of concept if possible
+- impact assessment
+
+We will acknowledge reports as quickly as possible and work with you on coordinated disclosure.