RubyGems - rosett-ai - Versions diffs - 1.3.3 - Mend

rosett-ai 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (527) hide show

checksums.yaml +7 -0
data/.ai-provenance.yml +119 -0
data/.debride_whitelist +186 -0
data/.fasterer.yml +29 -0
data/.mdl_style.rb +10 -0
data/.mdlrc +3 -0
data/.mutant.yml +49 -0
data/.namespace-allowlist +42 -0
data/.reek.yml +1040 -0
data/.rosett-ai/config.yml +3 -0
data/.rspec +5 -0
data/.rubocop.yml +380 -0
data/.ruby-version +1 -0
data/.yamllint +51 -0
data/.yardopts +12 -0
data/AI-DISCLOSURE.md +48 -0
data/CHANGELOG.md +519 -0
data/CLAUDE.md +141 -0
data/CONTRIBUTING.md +734 -0
data/INSTALL.md +154 -0
data/LICENSE +674 -0
data/LICENSE.md +675 -0
data/QUICKSTART.md +73 -0
data/README.md +366 -0
data/Rakefile +200 -0
data/SECURITY.md +114 -0
data/bin/rai +1 -0
data/cliff.toml +52 -0
data/conf/adopt_redactions.yml +8 -0
data/conf/behaviour/.gitkeep +0 -0
data/conf/compliance/cra_rules.yml +25 -0
data/conf/compliance/license_rules.yml +20 -0
data/conf/design/aaif_alignment.yml +181 -0
data/conf/design/ab_testing.yml +172 -0
data/conf/design/accessibility.yml +84 -0
data/conf/design/ai_authorship.yml +210 -0
data/conf/design/ai_provenance.yml +224 -0
data/conf/design/ai_tool_configuration.yml +207 -0
data/conf/design/architecture.yml +139 -0
data/conf/design/autocompletion.yml +115 -0
data/conf/design/backward_compatibility.yml +112 -0
data/conf/design/behaviour_composition.yml +246 -0
data/conf/design/build_rake_extraction.yml +57 -0
data/conf/design/ci_pipeline.yml +100 -0
data/conf/design/claude_code_configuration.yml +157 -0
data/conf/design/compiler.yml +128 -0
data/conf/design/comply.yml +153 -0
data/conf/design/content_packs.yml +84 -0
data/conf/design/desktop_integration.yml +289 -0
data/conf/design/distribution.yml +216 -0
data/conf/design/doctor.yml +184 -0
data/conf/design/documentation.yml +152 -0
data/conf/design/engine_architecture.yml +257 -0
data/conf/design/error_handling.yml +103 -0
data/conf/design/feature_flags.yml +142 -0
data/conf/design/git_hooks.yml +165 -0
data/conf/design/gui_plugins.yml +475 -0
data/conf/design/i18n.yml +84 -0
data/conf/design/integration_testing.yml +56 -0
data/conf/design/licensing_system.yml +88 -0
data/conf/design/lifecycle_management.yml +208 -0
data/conf/design/mcp_integration.yml +207 -0
data/conf/design/mcp_settings.yml +126 -0
data/conf/design/migration.yml +56 -0
data/conf/design/monitoring_observability.yml +194 -0
data/conf/design/namespace_cleanup.yml +145 -0
data/conf/design/plugin_test_segregation.yml +145 -0
data/conf/design/policy_management.yml +229 -0
data/conf/design/project_management.yml +183 -0
data/conf/design/rai_mcp_asset_discovery.yml +164 -0
data/conf/design/rai_mcp_server.yml +605 -0
data/conf/design/release_management.yml +117 -0
data/conf/design/retrofit.yml +199 -0
data/conf/design/retrospective_analyzer.yml +79 -0
data/conf/design/scope_hierarchy.yml +352 -0
data/conf/design/security.yml +115 -0
data/conf/design/session_retrospective.yml +85 -0
data/conf/design/smart_ui_feedback.yml +89 -0
data/conf/design/structured_logging.yml +148 -0
data/conf/design/styles.yml +123 -0
data/conf/design/test_peer_review.yml +89 -0
data/conf/design/testing.yml +136 -0
data/conf/design/threat_model.yml +108 -0
data/conf/design/ui_framework.yml +111 -0
data/conf/design/usage_optimization.yml +122 -0
data/conf/design/version_management.yml +60 -0
data/conf/design/workflow.yml +227 -0
data/conf/mcp/server_defaults.yml +42 -0
data/conf/mcp/trust.yml +21 -0
data/conf/packaging/core.yml +12 -0
data/conf/packaging/gtk4.yml +11 -0
data/conf/packaging/qt6.yml +11 -0
data/conf/policy/default_deny_list.yml +197 -0
data/conf/review/cli-command-audit.yml +857 -0
data/conf/review/design-docs.yml +1064 -0
data/conf/review/design-questionnaire.yml +153 -0
data/conf/review/questionnaire.yml +146 -0
data/conf/review/rosett-ai-core.yml +2919 -0
data/conf/schemas/ai_config_schema.json +73 -0
data/conf/schemas/behaviour_schema.json +132 -0
data/conf/schemas/compliance_rule_schema.json +63 -0
data/conf/schemas/content_pack_manifest_schema.json +51 -0
data/conf/schemas/design_schema.json +210 -0
data/conf/schemas/engine_manifest_schema.json +144 -0
data/conf/schemas/lockfile_schema.json +74 -0
data/conf/schemas/mcp_server_schema.json +48 -0
data/conf/schemas/packaging_schema.json +70 -0
data/conf/schemas/policy_schema.json +85 -0
data/conf/schemas/provenance_schema.json +84 -0
data/conf/schemas/rai_config_schema.json +56 -0
data/conf/schemas/rai_project_schema.json +20 -0
data/conf/schemas/scope_hierarchy_schema.json +49 -0
data/conf/schemas/target_schema.json +67 -0
data/conf/schemas/tooling_schema.json +65 -0
data/conf/schemas/workflow_schema.json +112 -0
data/conf/targets/agents_md.yml +17 -0
data/conf/targets/claude.yml +12 -0
data/conf/tooling/tools.yml +58 -0
data/dist/rosett-ai-mcp.service +48 -0
data/dist/rosett-ai-mcp.yml.default +45 -0
data/doc/AAIF_POSITIONING.md +58 -0
data/doc/ADOPT.md +224 -0
data/doc/AI_PROVENANCE.md +139 -0
data/doc/ARCHITECTURE.md +920 -0
data/doc/BEHAVIOUR.md +409 -0
data/doc/BUILD.md +138 -0
data/doc/CI_CD_RECIPES.md +171 -0
data/doc/CLAUDE_SESSIONS_MOVED.md +16 -0
data/doc/COMMAND_ANALYSIS.md +229 -0
data/doc/CONFIGURATION.md +281 -0
data/doc/DESIGN_AUDIT.md +235 -0
data/doc/DESIGN_PEER_REVIEW.md +771 -0
data/doc/DESKTOP.md +447 -0
data/doc/ENGINES.md +567 -0
data/doc/ENGINE_DEVELOPMENT_GUIDE.md +417 -0
data/doc/FEATURE_AUDIT.md +218 -0
data/doc/IMPLEMENTATION_PLAN.md +669 -0
data/doc/INCIDENT_REPORT_2026-02-02.md +251 -0
data/doc/MIGRATION_GUIDE.md +88 -0
data/doc/PACKAGING.md +232 -0
data/doc/PROJECT_DASHBOARD.md +153 -0
data/doc/PULP_DEPLOYMENT.md +164 -0
data/doc/QUALITY_FIX_SUMMARY.md +110 -0
data/doc/QUICK_START.md +162 -0
data/doc/REEK_CONFIGURATION.md +166 -0
data/doc/REFERENCE.md +253 -0
data/doc/REFERENCES.md +324 -0
data/doc/SECURITY_REVIEW_CHECKLIST.md +72 -0
data/doc/SESSION_2026-02-28_GTK4_HARDENING.md +359 -0
data/doc/SETUP.md +202 -0
data/doc/TEST_PEER_REVIEW.md +152 -0
data/doc/THREAT_MODEL.md +230 -0
data/doc/USAGE.md +545 -0
data/doc/USER_MANUAL.md +585 -0
data/doc/ai_test_review_checklist.md +110 -0
data/doc/changes/2026-02-18-packaging-fpm.md +155 -0
data/doc/changes/2026-02-19-testing-infrastructure.md +221 -0
data/doc/changes/2026-02-20-security-implementation.md +281 -0
data/doc/changes/2026-02-20-styles-implementation.md +220 -0
data/doc/changes/2026-02-21-architecture-completion.md +95 -0
data/doc/changes/2026-02-21-architecture-ui-layer.md +253 -0
data/doc/changes/2026-02-21-cc-config-implementation.md +108 -0
data/doc/changes/2026-02-21-ci-pipeline-implementation.md +214 -0
data/doc/changes/2026-02-21-compiler-multi-target-pipeline.md +241 -0
data/doc/changes/2026-02-21-config-design-show-commands.md +61 -0
data/doc/changes/2026-02-21-design-implementation-overview.md +455 -0
data/doc/changes/2026-02-21-lifecycle-management.md +196 -0
data/doc/changes/2026-02-21-path-resolver.md +128 -0
data/doc/changes/2026-02-24-ci-tmpdir-mutant-fetch.md +45 -0
data/doc/changes/2026-03-01-ci-bundler-strategy.md +120 -0
data/doc/changes/2026-03-20-security-hardening-phase2.md +163 -0
data/doc/context/SESSION-HANDOFF.md +69 -0
data/doc/context/ai-engine-usage-trends-2026.md +80 -0
data/doc/context/plan-pluggable-engines.md +590 -0
data/doc/decisions/001-flog-deferred.md +32 -0
data/doc/decisions/002-path-resolution-strategy.md +158 -0
data/doc/decisions/003-ui-adapter-selection.md +193 -0
data/doc/decisions/004-design-document-validation.md +179 -0
data/doc/decisions/005-package-splitting-strategy.md +200 -0
data/doc/decisions/006-multi-engine-architecture.md +147 -0
data/doc/decisions/007-engine-agnostic-pivot.md +219 -0
data/doc/decisions/008-ci-bundler-strategy.md +129 -0
data/doc/decisions/009-core-only-v1-release.md +60 -0
data/doc/decisions/010-engine-debian-packaging.md +66 -0
data/doc/decisions/011-context-aware-cli.md +71 -0
data/doc/dependency_decisions.yml +247 -0
data/doc/issues/001-wrapper-missing-environment-variables.md +197 -0
data/doc/issues/002-embedded-ruby-wrong-prefix.md +217 -0
data/doc/issues/003-smoke-test-false-positive.md +127 -0
data/doc/issues/004-market-research-design-updates.md +109 -0
data/doc/issues/005-compile-scope-coexistence.md +161 -0
data/doc/locales/.gitkeep +0 -0
data/doc/man/rai.1.ronn +505 -0
data/doc/operations/packaging.md +133 -0
data/doc/operations/rosett-ai-release.md +65 -0
data/doc/reference/error-catalog.md +107 -0
data/doc/reference/rosett-ai-technical-reference.pdf +0 -0
data/doc/reference/src/Pictures/cover.jpg +0 -0
data/doc/reference/src/Pictures/head1.jpg +0 -0
data/doc/reference/src/Pictures/head2.jpg +0 -0
data/doc/reference/src/Pictures/head3.jpg +0 -0
data/doc/reference/src/Pictures/head4.jpg +0 -0
data/doc/reference/src/Pictures/head5.jpg +0 -0
data/doc/reference/src/Pictures/head6.jpg +0 -0
data/doc/reference/src/Pictures/head7.jpg +0 -0
data/doc/reference/src/Pictures/head8.jpg +0 -0
data/doc/reference/src/StyleInd.ist +4 -0
data/doc/reference/src/bibliography.bib +79 -0
data/doc/reference/src/main.tex +1288 -0
data/doc/reference/src/structure.tex +303 -0
data/doc/rosett-ai-bookmarks.html +301 -0
data/kitchen.yml +46 -0
data/lib/rosett_ai/adopter/executor_resolver.rb +77 -0
data/lib/rosett_ai/adopter/local_analysis_collector.rb +154 -0
data/lib/rosett_ai/adopter/rule_adopter.rb +254 -0
data/lib/rosett_ai/ai_config/config_compiler.rb +111 -0
data/lib/rosett_ai/ai_config/context_window.rb +55 -0
data/lib/rosett_ai/ai_config/cost_controls.rb +44 -0
data/lib/rosett_ai/ai_config/fallback_chain.rb +64 -0
data/lib/rosett_ai/ai_config/model_router.rb +121 -0
data/lib/rosett_ai/ai_config/validator.rb +45 -0
data/lib/rosett_ai/authorship/attribution_compiler.rb +99 -0
data/lib/rosett_ai/authorship/disclosure_policy.rb +81 -0
data/lib/rosett_ai/authorship/review_validator.rb +39 -0
data/lib/rosett_ai/authorship/trailer_generator.rb +88 -0
data/lib/rosett_ai/backup/compressor.rb +180 -0
data/lib/rosett_ai/backup/destination.rb +91 -0
data/lib/rosett_ai/behaviour/manager.rb +156 -0
data/lib/rosett_ai/compiler/backend.rb +86 -0
data/lib/rosett_ai/compiler/backends/agents_md_backend.rb +80 -0
data/lib/rosett_ai/compiler/backends/claude_backend.rb +88 -0
data/lib/rosett_ai/compiler/backends/generic_backend.rb +15 -0
data/lib/rosett_ai/compiler/behaviour_compiler.rb +40 -0
data/lib/rosett_ai/compiler/capability_checker.rb +104 -0
data/lib/rosett_ai/compiler/compilation_pipeline.rb +361 -0
data/lib/rosett_ai/compiler/compiled_output.rb +39 -0
data/lib/rosett_ai/compiler/locale_compiler.rb +250 -0
data/lib/rosett_ai/compiler/target_profile.rb +112 -0
data/lib/rosett_ai/completion/generator.rb +101 -0
data/lib/rosett_ai/completion/shells/bash_generator.rb +126 -0
data/lib/rosett_ai/completion/shells/fish_generator.rb +78 -0
data/lib/rosett_ai/completion/shells/zsh_generator.rb +126 -0
data/lib/rosett_ai/comply/checkers/cra_checker.rb +102 -0
data/lib/rosett_ai/comply/checkers/license_checker.rb +85 -0
data/lib/rosett_ai/comply/checkers/spdx_header_checker.rb +98 -0
data/lib/rosett_ai/comply/reporter.rb +113 -0
data/lib/rosett_ai/comply/runner.rb +50 -0
data/lib/rosett_ai/composition/circular_dependency_detector.rb +56 -0
data/lib/rosett_ai/composition/composer.rb +158 -0
data/lib/rosett_ai/composition/composition_result.rb +64 -0
data/lib/rosett_ai/composition/conflict_detector.rb +53 -0
data/lib/rosett_ai/composition/lockfile.rb +103 -0
data/lib/rosett_ai/composition/merge_strategy.rb +131 -0
data/lib/rosett_ai/composition/priority_sorter.rb +29 -0
data/lib/rosett_ai/composition/scope_resolver.rb +55 -0
data/lib/rosett_ai/config/compile_result.rb +37 -0
data/lib/rosett_ai/config/compiler.rb +13 -0
data/lib/rosett_ai/config/domain_transformer.rb +13 -0
data/lib/rosett_ai/config/key_map.rb +13 -0
data/lib/rosett_ai/config/masking_secret_resolver.rb +40 -0
data/lib/rosett_ai/config/scope_router.rb +13 -0
data/lib/rosett_ai/config/secret_resolver.rb +125 -0
data/lib/rosett_ai/configuration.rb +119 -0
data/lib/rosett_ai/content/content_client.rb +60 -0
data/lib/rosett_ai/content/pack_installer.rb +117 -0
data/lib/rosett_ai/content/pack_manifest.rb +50 -0
data/lib/rosett_ai/content/pack_registry.rb +68 -0
data/lib/rosett_ai/content_packs/manager.rb +50 -0
data/lib/rosett_ai/dbus/compositor_detector.rb +77 -0
data/lib/rosett_ai/dbus/focus_adapters/base.rb +59 -0
data/lib/rosett_ai/dbus/focus_adapters/gnome_adapter.rb +172 -0
data/lib/rosett_ai/dbus/focus_adapters/hyprland_adapter.rb +77 -0
data/lib/rosett_ai/dbus/focus_adapters/i3_adapter.rb +65 -0
data/lib/rosett_ai/dbus/focus_adapters/kwin_adapter.rb +103 -0
data/lib/rosett_ai/dbus/focus_adapters/x11_adapter.rb +105 -0
data/lib/rosett_ai/dbus/focus_monitor_interface.rb +103 -0
data/lib/rosett_ai/dbus/manager_interface.rb +213 -0
data/lib/rosett_ai/dbus/plugin_manager_interface.rb +169 -0
data/lib/rosett_ai/dbus/rate_limiter.rb +89 -0
data/lib/rosett_ai/dbus/service.rb +121 -0
data/lib/rosett_ai/dbus/status_notifier_interface.rb +79 -0
data/lib/rosett_ai/deprecation.rb +79 -0
data/lib/rosett_ai/desktop/dbus_client.rb +259 -0
data/lib/rosett_ai/desktop/gtk4_app.rb +371 -0
data/lib/rosett_ai/desktop/gtk4_preferences.rb +331 -0
data/lib/rosett_ai/desktop/gui_logger.rb +236 -0
data/lib/rosett_ai/doctor/check.rb +92 -0
data/lib/rosett_ai/doctor/checks/cache_health_check.rb +50 -0
data/lib/rosett_ai/doctor/checks/dbus_availability_check.rb +39 -0
data/lib/rosett_ai/doctor/checks/engine_detection_check.rb +46 -0
data/lib/rosett_ai/doctor/checks/file_permission_check.rb +44 -0
data/lib/rosett_ai/doctor/checks/gem_dependency_check.rb +55 -0
data/lib/rosett_ai/doctor/checks/ruby_version_check.rb +50 -0
data/lib/rosett_ai/doctor/checks/stale_config_nncc_check.rb +57 -0
data/lib/rosett_ai/doctor/checks/stale_home_nncc_check.rb +59 -0
data/lib/rosett_ai/doctor.rb +81 -0
data/lib/rosett_ai/documentation/reference_compiler.rb +122 -0
data/lib/rosett_ai/documentation/translator.rb +62 -0
data/lib/rosett_ai/engines/base_config_compiler.rb +203 -0
data/lib/rosett_ai/engines/detector.rb +63 -0
data/lib/rosett_ai/engines/registry.rb +50 -0
data/lib/rosett_ai/error_handler.rb +139 -0
data/lib/rosett_ai/exit_codes.rb +76 -0
data/lib/rosett_ai/feature_flags.rb +102 -0
data/lib/rosett_ai/formatting.rb +33 -0
data/lib/rosett_ai/gem_consistency_checker.rb +199 -0
data/lib/rosett_ai/git_hooks/chain_detector.rb +86 -0
data/lib/rosett_ai/git_hooks/installer.rb +175 -0
data/lib/rosett_ai/git_hooks/script_generator.rb +125 -0
data/lib/rosett_ai/gitlab/validators/supplementary_gitlab_ci_yaml_validator.rb +79 -0
data/lib/rosett_ai/i18n/locale_resolver.rb +46 -0
data/lib/rosett_ai/i18n/utf8_checker.rb +32 -0
data/lib/rosett_ai/init/config_file_writer.rb +24 -0
data/lib/rosett_ai/init/directory_builder.rb +38 -0
data/lib/rosett_ai/init/file_copier.rb +95 -0
data/lib/rosett_ai/init/global_initializer.rb +28 -0
data/lib/rosett_ai/init/local_initializer.rb +27 -0
data/lib/rosett_ai/init/mcp_registrar.rb +109 -0
data/lib/rosett_ai/init/project_initializer.rb +38 -0
data/lib/rosett_ai/licensing/license_key.rb +139 -0
data/lib/rosett_ai/licensing/license_store.rb +64 -0
data/lib/rosett_ai/licensing/license_validator.rb +60 -0
data/lib/rosett_ai/licensing/tier.rb +42 -0
data/lib/rosett_ai/mcp/admin/auditor.rb +88 -0
data/lib/rosett_ai/mcp/admin/health_checker.rb +81 -0
data/lib/rosett_ai/mcp/admin/registry.rb +100 -0
data/lib/rosett_ai/mcp/admin/schema_validator.rb +63 -0
data/lib/rosett_ai/mcp/enforcement/.gitkeep +0 -0
data/lib/rosett_ai/mcp/enforcement/hook_generator.rb +197 -0
data/lib/rosett_ai/mcp/enforcement/validator.rb +215 -0
data/lib/rosett_ai/mcp/governance.rb +160 -0
data/lib/rosett_ai/mcp/http_security_config.rb +158 -0
data/lib/rosett_ai/mcp/instructions.rb +266 -0
data/lib/rosett_ai/mcp/key_hasher.rb +66 -0
data/lib/rosett_ai/mcp/keyfile.rb +221 -0
data/lib/rosett_ai/mcp/middleware/authentication.rb +146 -0
data/lib/rosett_ai/mcp/middleware/content_type.rb +56 -0
data/lib/rosett_ai/mcp/middleware/cors.rb +83 -0
data/lib/rosett_ai/mcp/middleware/origin_validation.rb +73 -0
data/lib/rosett_ai/mcp/middleware/rate_limit.rb +106 -0
data/lib/rosett_ai/mcp/middleware/request_size.rb +51 -0
data/lib/rosett_ai/mcp/plugins.rb +143 -0
data/lib/rosett_ai/mcp/prompts/compilation_prompt.rb +40 -0
data/lib/rosett_ai/mcp/prompts/compliance_prompt.rb +41 -0
data/lib/rosett_ai/mcp/prompts/diagnostics_prompt.rb +41 -0
data/lib/rosett_ai/mcp/prompts/validation_prompt.rb +41 -0
data/lib/rosett_ai/mcp/resources/behaviour_resource.rb +127 -0
data/lib/rosett_ai/mcp/resources/config_resource.rb +72 -0
data/lib/rosett_ai/mcp/resources/design_resource.rb +58 -0
data/lib/rosett_ai/mcp/resources/hooks_resource.rb +74 -0
data/lib/rosett_ai/mcp/resources/provenance_resource.rb +51 -0
data/lib/rosett_ai/mcp/resources/rules_resource.rb +60 -0
data/lib/rosett_ai/mcp/resources/schema_resource.rb +72 -0
data/lib/rosett_ai/mcp/response_helper.rb +46 -0
data/lib/rosett_ai/mcp/security_logger.rb +60 -0
data/lib/rosett_ai/mcp/server.rb +212 -0
data/lib/rosett_ai/mcp/settings/server_installer.rb +112 -0
data/lib/rosett_ai/mcp/settings/trust_manager.rb +142 -0
data/lib/rosett_ai/mcp/tools/adopt_tool.rb +70 -0
data/lib/rosett_ai/mcp/tools/backup_tool.rb +64 -0
data/lib/rosett_ai/mcp/tools/behaviour_display_tool.rb +72 -0
data/lib/rosett_ai/mcp/tools/behaviour_list_tool.rb +56 -0
data/lib/rosett_ai/mcp/tools/behaviour_manage_tool.rb +114 -0
data/lib/rosett_ai/mcp/tools/behaviour_show_tool.rb +62 -0
data/lib/rosett_ai/mcp/tools/compile_status_tool.rb +122 -0
data/lib/rosett_ai/mcp/tools/compile_tool.rb +191 -0
data/lib/rosett_ai/mcp/tools/comply_tool.rb +79 -0
data/lib/rosett_ai/mcp/tools/config_compile_tool.rb +71 -0
data/lib/rosett_ai/mcp/tools/config_status_tool.rb +79 -0
data/lib/rosett_ai/mcp/tools/content_tool.rb +78 -0
data/lib/rosett_ai/mcp/tools/context_query_tool.rb +156 -0
data/lib/rosett_ai/mcp/tools/design_list_tool.rb +57 -0
data/lib/rosett_ai/mcp/tools/design_show_tool.rb +69 -0
data/lib/rosett_ai/mcp/tools/doctor_tool.rb +62 -0
data/lib/rosett_ai/mcp/tools/documentation_status_tool.rb +45 -0
data/lib/rosett_ai/mcp/tools/engines_tool.rb +84 -0
data/lib/rosett_ai/mcp/tools/hook_install_tool.rb +190 -0
data/lib/rosett_ai/mcp/tools/hook_preview_tool.rb +173 -0
data/lib/rosett_ai/mcp/tools/hooks_status_tool.rb +84 -0
data/lib/rosett_ai/mcp/tools/init_tool.rb +87 -0
data/lib/rosett_ai/mcp/tools/license_status_tool.rb +44 -0
data/lib/rosett_ai/mcp/tools/project_tool.rb +117 -0
data/lib/rosett_ai/mcp/tools/provenance_tool.rb +97 -0
data/lib/rosett_ai/mcp/tools/provenance_write_tool.rb +40 -0
data/lib/rosett_ai/mcp/tools/retrofit_tool.rb +81 -0
data/lib/rosett_ai/mcp/tools/rule_search_tool.rb +163 -0
data/lib/rosett_ai/mcp/tools/schema_get_tool.rb +94 -0
data/lib/rosett_ai/mcp/tools/tooling_tool.rb +86 -0
data/lib/rosett_ai/mcp/tools/validate_tool.rb +105 -0
data/lib/rosett_ai/mcp/tools/workflow_execute_tool.rb +74 -0
data/lib/rosett_ai/mcp/tools/workflow_tool.rb +78 -0
data/lib/rosett_ai/migration/detector.rb +117 -0
data/lib/rosett_ai/migration/nncc_config_migrator.rb +94 -0
data/lib/rosett_ai/migration/nncc_project_migrator.rb +90 -0
data/lib/rosett_ai/migration/xdg_migrator.rb +123 -0
data/lib/rosett_ai/package_manager/apt.rb +108 -0
data/lib/rosett_ai/package_manager/base.rb +68 -0
data/lib/rosett_ai/package_manager/gem_backend.rb +90 -0
data/lib/rosett_ai/packaging/variant_config.rb +92 -0
data/lib/rosett_ai/path_resolver.rb +115 -0
data/lib/rosett_ai/plugins/contract.rb +43 -0
data/lib/rosett_ai/plugins/engine_contract.rb +60 -0
data/lib/rosett_ai/plugins/gui_contract.rb +74 -0
data/lib/rosett_ai/plugins/mcp_contract.rb +48 -0
data/lib/rosett_ai/plugins/registry.rb +150 -0
data/lib/rosett_ai/policy/auditor.rb +41 -0
data/lib/rosett_ai/policy/deny_list.rb +71 -0
data/lib/rosett_ai/policy/opt_out_scanner.rb +37 -0
data/lib/rosett_ai/policy/policy_compiler.rb +84 -0
data/lib/rosett_ai/policy/protected_files.rb +47 -0
data/lib/rosett_ai/policy/tier_hierarchy.rb +48 -0
data/lib/rosett_ai/policy/validator.rb +35 -0
data/lib/rosett_ai/profiler.rb +79 -0
data/lib/rosett_ai/project/drift_detector.rb +126 -0
data/lib/rosett_ai/project/manager.rb +115 -0
data/lib/rosett_ai/project/sync_manager.rb +138 -0
data/lib/rosett_ai/project/template_applier.rb +105 -0
data/lib/rosett_ai/project_context.rb +82 -0
data/lib/rosett_ai/provenance/entry.rb +63 -0
data/lib/rosett_ai/provenance/file_source.rb +32 -0
data/lib/rosett_ai/provenance/source.rb +62 -0
data/lib/rosett_ai/provenance/store.rb +153 -0
data/lib/rosett_ai/provenance/tracker.rb +62 -0
data/lib/rosett_ai/provenance/trailer_generator.rb +43 -0
data/lib/rosett_ai/provenance/validator.rb +45 -0
data/lib/rosett_ai/quorum/collector.rb +59 -0
data/lib/rosett_ai/quorum/comparator.rb +81 -0
data/lib/rosett_ai/quorum/dispatcher.rb +57 -0
data/lib/rosett_ai/quorum/strategies/adopt.rb +56 -0
data/lib/rosett_ai/rai_config.rb +107 -0
data/lib/rosett_ai/retrofit/base_parser.rb +66 -0
data/lib/rosett_ai/retrofit/engine.rb +171 -0
data/lib/rosett_ai/retrofit/parsers/agents_md_parser.rb +50 -0
data/lib/rosett_ai/retrofit/parsers/claude_parser.rb +69 -0
data/lib/rosett_ai/retrofit/parsers/cursor_parser.rb +82 -0
data/lib/rosett_ai/retrofit/round_trip_validator.rb +65 -0
data/lib/rosett_ai/retrofit/scanner.rb +47 -0
data/lib/rosett_ai/retrofit/secret_detector.rb +87 -0
data/lib/rosett_ai/secrets_resolver.rb +71 -0
data/lib/rosett_ai/smart_feedback/suggester.rb +83 -0
data/lib/rosett_ai/smart_feedback/thor_middleware.rb +84 -0
data/lib/rosett_ai/structured_logger.rb +110 -0
data/lib/rosett_ai/telemetry/json_lines_writer.rb +50 -0
data/lib/rosett_ai/telemetry/log_rotator.rb +67 -0
data/lib/rosett_ai/telemetry/provider.rb +26 -0
data/lib/rosett_ai/telemetry/reporter.rb +144 -0
data/lib/rosett_ai/telemetry.rb +47 -0
data/lib/rosett_ai/text_sanitizer.rb +62 -0
data/lib/rosett_ai/thor/cli.rb +269 -0
data/lib/rosett_ai/thor/tasks/adopt.rb +250 -0
data/lib/rosett_ai/thor/tasks/backup.rb +420 -0
data/lib/rosett_ai/thor/tasks/behaviour.rb +474 -0
data/lib/rosett_ai/thor/tasks/build.rb +1162 -0
data/lib/rosett_ai/thor/tasks/compile.rb +415 -0
data/lib/rosett_ai/thor/tasks/completion.rb +123 -0
data/lib/rosett_ai/thor/tasks/comply.rb +82 -0
data/lib/rosett_ai/thor/tasks/config.rb +265 -0
data/lib/rosett_ai/thor/tasks/content.rb +193 -0
data/lib/rosett_ai/thor/tasks/dbus.rb +321 -0
data/lib/rosett_ai/thor/tasks/design.rb +258 -0
data/lib/rosett_ai/thor/tasks/desktop.rb +129 -0
data/lib/rosett_ai/thor/tasks/doctor.rb +127 -0
data/lib/rosett_ai/thor/tasks/documentation.rb +321 -0
data/lib/rosett_ai/thor/tasks/engines.rb +167 -0
data/lib/rosett_ai/thor/tasks/hooks.rb +219 -0
data/lib/rosett_ai/thor/tasks/init.rb +259 -0
data/lib/rosett_ai/thor/tasks/license.rb +120 -0
data/lib/rosett_ai/thor/tasks/mcp.rb +535 -0
data/lib/rosett_ai/thor/tasks/migrate.rb +121 -0
data/lib/rosett_ai/thor/tasks/plugins.rb +157 -0
data/lib/rosett_ai/thor/tasks/project.rb +260 -0
data/lib/rosett_ai/thor/tasks/provenance.rb +195 -0
data/lib/rosett_ai/thor/tasks/release.rb +314 -0
data/lib/rosett_ai/thor/tasks/retrofit.rb +90 -0
data/lib/rosett_ai/thor/tasks/tooling.rb +308 -0
data/lib/rosett_ai/thor/tasks/validate.rb +108 -0
data/lib/rosett_ai/thor/tasks/workflow.rb +196 -0
data/lib/rosett_ai/tooling/ci_yaml_validator.rb +37 -0
data/lib/rosett_ai/tooling/version_checker.rb +35 -0
data/lib/rosett_ai/ui/accessible_tui.rb +61 -0
data/lib/rosett_ai/ui/base.rb +46 -0
data/lib/rosett_ai/ui/gtk4.rb +98 -0
data/lib/rosett_ai/ui/kde.rb +40 -0
data/lib/rosett_ai/ui/qt6.rb +40 -0
data/lib/rosett_ai/ui/registry.rb +60 -0
data/lib/rosett_ai/ui/tty_helper.rb +74 -0
data/lib/rosett_ai/ui/tui.rb +59 -0
data/lib/rosett_ai/validators/behaviour_validator.rb +20 -0
data/lib/rosett_ai/validators/design_validator.rb +17 -0
data/lib/rosett_ai/validators/schema_validator.rb +84 -0
data/lib/rosett_ai/validators/tooling_validator.rb +17 -0
data/lib/rosett_ai/version.rb +8 -0
data/lib/rosett_ai/version_consistency_checker.rb +129 -0
data/lib/rosett_ai/workflow/audit_log.rb +86 -0
data/lib/rosett_ai/workflow/engine.rb +142 -0
data/lib/rosett_ai/workflow/manager.rb +82 -0
data/lib/rosett_ai/workflow/schema_validator.rb +71 -0
data/lib/rosett_ai/workflow/step_runner.rb +61 -0
data/lib/rosett_ai/workflow/steps/prompt_step.rb +62 -0
data/lib/rosett_ai/workflow/steps/rai_step.rb +74 -0
data/lib/rosett_ai/workflow/steps/shell_step.rb +53 -0
data/lib/rosett_ai/yaml_loader.rb +78 -0
data/lib/rosett_ai.rb +221 -0
data/lib/rubocop/cop/rosett_ai/shell_interpolation.rb +54 -0
data/lib/rubocop/cop/rosett_ai/unsafe_const_get.rb +60 -0
data/lib/rubocop/cop/rosett_ai/unsafe_send.rb +50 -0
data/lib/rubocop/cop/rosett_ai/unsafe_yaml_load.rb +40 -0
data/lib/rubocop/rosett_ai.rb +9 -0
data/lib/scripts/generated/docker_hub_tags.rb +126 -0
data/locales/.gitkeep +0 -0
data/locales/ar.yml +579 -0
data/locales/en.yml +571 -0
data/locales/fr.yml +567 -0
data/packaging/build-engine-deb.sh +81 -0
data/packaging/scripts/postinst +17 -0
data/packaging/scripts/postrm +19 -0
data/packaging/scripts/prerm +10 -0
data/packaging/wrapper.sh.template +38 -0
data/rosett-ai.gemspec +63 -0
data/rules/.gitkeep +0 -0
data/scripts/publish/pulp_upload.sh +123 -0
data/settings.json +29 -0
data/share/applications/be.neatnerds.rosettai.desktop +29 -0
data/share/dbus-1/interfaces/be.neatnerds.rosettai.xml +103 -0
data/share/dbus-1/services/be.neatnerds.rosettai.service +3 -0
data/share/templates/behaviour/criticalthinking.yml +69 -0
metadata +810 -0

data/doc/changes/2026-02-21-design-implementation-overview.md ADDED Viewed

@@ -0,0 +1,455 @@
+# Design Implementation Overview (P1 + P2 in progress)
+**Branch**: `design_implementation`
+**Date range**: 2026-02-19 to 2026-02-21
+**Commits**: 20+
+**Design docs addressed**: 8 (all P1 + all P2 fully implemented)
+**ADRs**: 6 (4 accepted, 1 accepted-deferred, 1 proposed-deferred) — ADR-002 now implemented
+## Motivation
+The rai project follows a "guardrails before features" principle. Before any
+feature code can merge, the P1 foundation must exist: security constraints that
+are enforced (not suggested), a testing strategy that validates test quality
+(not just coverage), style rules that are automated (not optional), and a CI
+pipeline that turns all of this into merge-blocking gates.
+This branch implements 4 P1 design documents fully, plus initial work on 2
+P2/P3 documents (architecture UI layer and lifecycle management). The result
+is a codebase where every future commit is automatically validated against
+security, quality, and style constraints.
+## Implementation timeline
+```mermaid
+gantt
+    title design_implementation branch — 18 commits
+    dateFormat YYYY-MM-DD
+    axisFormat %b %d
+    section Security
+    fix(gitlab-ci) ruby-build PATH          :done, dc42, 2026-02-19, 1d
+    feat(security) ruby_audit + flog gems   :done, 7423, 2026-02-19, 1d
+    fix(security) Ruby 3.3.8→3.3.10        :done, fdb7, 2026-02-19, 1d
+    fix(security) shell injection + perms   :done, 9fc7, 2026-02-19, 1d
+    feat(security) cops + YAML + ANSI + NFC :done, 46aa, 2026-02-19, 1d
+    section Testing
+    feat(testing) all 9 criteria            :done, 5f35, 2026-02-19, 1d
+    test(mutant) 97.83% coverage            :done, 5470, 2026-02-19, 1d
+    section Styles + Design Docs
+    feat(design) lifecycle + styles docs    :done, 59f4, 2026-02-19, 1d
+    feat(design) security v1.1 + styles     :done, ff3d, 2026-02-19, 1d
+    section CI + Lifecycle + Architecture
+    feat(design) lifecycle + ci_pipeline    :done, bf9f, 2026-02-21, 1d
+    feat(design) security gaps + UI layer   :done, 1d0b, 2026-02-21, 1d
+    feat(ui) accessibility methods          :done, 6a8b, 2026-02-21, 1d
+    section P2 Architecture ADRs
+    docs accept ADR-002 + ADR-006           :done, a96f, 2026-02-21, 1d
+    docs accept ADR-003 UI cascade          :done, 44e8, 2026-02-21, 1d
+    docs accept ADR-004 validators          :done, d12b, 2026-02-21, 1d
+    docs accept ADR-005 package split       :done, 95ca, 2026-02-21, 1d
+    feat SchemaValidator + Design + Tooling :done, c33c, 2026-02-21, 1d
+    feat unified rai validate              :done, 95e6, 2026-02-21, 1d
+    section P2 PathResolver (ADR-002)
+    feat PathResolver + refactor 6 files   :done, ph3, 2026-02-21, 1d
+```
+## Design document dependency graph
+```mermaid
+flowchart TB
+    subgraph P1["P1 Foundation"]
+        direction TB
+        SEC[security v1.1.0<br/>IMPLEMENTED]
+        TEST[testing v1.0.0<br/>IMPLEMENTED]
+        STY[styles v1.0.0<br/>IMPLEMENTED]
+        CI[ci_pipeline v1.0.0<br/>IMPLEMENTED]
+    end
+    subgraph P2["P2 Structure"]
+        direction TB
+        ARCH[architecture v1.0.0<br/>IMPLEMENTED — 8/8 criteria]
+        COMP[compiler v1.0.0<br/>IMPLEMENTED]
+        CC[cc_configuration v0.1.0<br/>IMPLEMENTED — 17/17 criteria]
+    end
+    subgraph P3["P3 Interface"]
+        direction TB
+        UI[ui_framework v1.0.0<br/>NOT STARTED]
+        A11Y[accessibility v1.0.0<br/>NOT STARTED]
+        I18N[i18n v1.0.0<br/>NOT STARTED]
+    end
+    subgraph P4["P4 Business"]
+        direction TB
+        LIC[licensing_system v1.0.0<br/>NOT STARTED]
+        PACK[content_packs v1.0.0<br/>NOT STARTED]
+    end
+    subgraph P1_OP["P1 Operational"]
+        direction TB
+        LCM[lifecycle_management v1.0.0<br/>IMPLEMENTED]
+    end
+    SEC --> TEST
+    SEC --> STY
+    TEST --> STY
+    STY --> CI
+    SEC --> CI
+    TEST --> CI
+    SEC --> ARCH
+    TEST --> ARCH
+    CI --> ARCH
+    SEC --> COMP
+    ARCH --> COMP
+    ARCH --> CC
+    SEC --> CC
+    COMP --> CC
+    ARCH --> UI
+    A11Y --> UI
+    I18N --> UI
+    ARCH --> A11Y
+    ARCH --> I18N
+    COMP --> I18N
+    SEC --> LIC
+    ARCH --> LIC
+    SEC --> PACK
+    COMP --> PACK
+    LIC --> PACK
+    SEC --> LCM
+    TEST --> LCM
+    CI --> LCM
+    style SEC fill:#2d6a2d,color:#fff
+    style TEST fill:#2d6a2d,color:#fff
+    style STY fill:#2d6a2d,color:#fff
+    style CI fill:#2d6a2d,color:#fff
+    style LCM fill:#2d6a2d,color:#fff
+    style ARCH fill:#2d6a2d,color:#fff
+    style COMP fill:#2d6a2d,color:#fff
+    style CC fill:#2d6a2d,color:#fff
+    style UI fill:#666,color:#fff
+    style A11Y fill:#666,color:#fff
+    style I18N fill:#666,color:#fff
+    style LIC fill:#666,color:#fff
+    style PACK fill:#666,color:#fff
+```
+Legend: green = implemented, amber = partial, grey = not started.
+## Domain summary
+| Domain | Version | Impl% | Criteria met | Commits | Key files |
+|--------|---------|-------|--------------|---------|-----------|
+| security | 1.1.0 | 100% | 12/12 | dc42c3c, 7423856, fdb73e0, 9fc7e55, 46aa519, 1d0bfb9 | 17 new/modified |
+| testing | 1.0.0 | 100% | 9/9 | 5f352e6, 5470cd4 | 23 new/modified |
+| styles | 1.0.0 | 100% | 10/10 | ff3d81e, bf9f15e | 10 new/modified |
+| ci_pipeline | 1.0.0 | 100% | 11/12 | bf9f15e | 7 new/modified |
+| lifecycle_management | 1.0.0 | 100% | 7/7 | bf9f15e | 6 new/modified |
+| compiler | 1.0.0 | 100% | 9/9 | (phase 4) | 19 new, 8 modified |
+| claude_code_config | 0.1.0 | 100% | 17/17 | (phase 5) | 19 new, 10 modified |
+| architecture | 1.0.0 | 100% | 8/8 | 1d0bfb9, 6a8b27e, c33ce5d, 95e636b | 26 new/modified |
+## P2 Architecture — ADR decisions and SchemaValidator
+### Architecture Decision Records
+| ADR | Title | Status | Implementation |
+|-----|-------|--------|---------------|
+| 002 | Path Resolution Strategy | Accepted | Phase 3 (next) |
+| 003 | UI Adapter Selection (5-level cascade) | Accepted — deferred to P3 | P3 |
+| 004 | Design Document Validation (SchemaValidator) | Accepted | Phase 2 (done) |
+| 005 | Package Splitting Strategy (plugin gems) | Accepted — deferred to P3/P4 | P3/P4 |
+| 006 | Multi-Engine Architecture | Proposed — deferred | P2 compiler phase |
+### Phase 2 implementation: SchemaValidator + unified validate
+Extracted shared validation logic from `BehaviourValidator` into a generic
+`SchemaValidator` base class. All three schema validators (behaviour, design,
+tooling) are now thin wrappers. A unified `bin/raictl validate` command runs
+all validators sequentially and reports per-category results.
+| Component | Description |
+|-----------|-------------|
+| `SchemaValidator` | Generic base class; accepts `schema:` keyword; API: `valid?`, `validate`, `errors` |
+| `BehaviourValidator` | Thin wrapper (80 lines to 15 lines); 21 existing specs pass unchanged |
+| `DesignValidator` | Validates 13 design docs against `design_schema.json` |
+| `ToolingValidator` | Validates tooling files against `tooling_schema.json` |
+| `bin/raictl validate` | Unified command — aggregates all validators, summary table |
+| `bin/raictl design validate` | Per-category command for design docs |
+| `bin/raictl tooling validate` | Per-category command for tooling files |
+| CI: `validate:schemas` | Single CI job replacing per-category jobs |
+### Architecture criteria progress
+| # | Criterion | Status | Evidence |
+|---|-----------|--------|----------|
+| 1 | Headless Debian | Met | TTY gems; no GUI deps in gemspec |
+| 2 | rosett-ai-gtk4 additive | Met | Registry.register auto-discovery (ADR-005) |
+| 3 | base.rb abstract interface | Met | 7 methods + accessibility (commit 6a8b27e) |
+| 4 | registry.rb auto-discovery | Met | register/resolve/available (commit 1d0bfb9) |
+| 5 | Business logic in lib/rosett_ai/ | Met | Thor tasks are orchestration only |
+| 6 | Design docs validated | Met | DesignValidator + CLI + CI (Phase 2) |
+| 7 | Behaviour docs validated | Met | BehaviourValidator (pre-existing) |
+| 8 | Package dependencies | Met | VariantConfig + packaging schema + variant YAML configs |
+All 8 architecture criteria are now met. The `architecture.yml` status
+has been changed from `draft` to `approved`.
+## Security enforcement architecture
+```mermaid
+flowchart LR
+    subgraph PRE["Pre-commit (overcommit)"]
+        direction TB
+        RC[RuboCop<br/>+ custom cops]
+        RK[Reek]
+        BA[bundler-audit]
+        RA[ruby-audit]
+        FL[Flay]
+        MDL[mdl]
+        YL[yamllint]
+    end
+    subgraph CI_STAGES["CI Pipeline Stages"]
+        direction TB
+        V[validate]
+        CQ[code_quality]
+        SS[security_scan]
+        T[test]
+        B[build]
+    end
+    subgraph RUNTIME["Runtime Bounds"]
+        direction TB
+        YAML[YamlLoader<br/>1MB / 10 depth / 1K keys]
+        ANSI[TextSanitizer<br/>ANSI strip + NFC]
+        SEC2[SecretsResolver<br/>ENV → file 0600]
+    end
+    PRE --> CI_STAGES
+    V --> CQ --> SS --> T --> B
+    RUNTIME -.->|enforced at| T
+```
+## Three-party testing model
+```mermaid
+flowchart LR
+    DEV["Developer / AI<br/>writes code + tests"]
+    RSPEC["RSpec<br/>437 examples<br/>93% line coverage"]
+    MUTANT["Mutant<br/>555 mutations<br/>97.83% kill rate"]
+    DEV -->|code + tests| RSPEC
+    RSPEC -->|passes| MUTANT
+    MUTANT -->|validates test quality| DEV
+    style MUTANT fill:#8b0000,color:#fff
+```
+The three-party model ensures that when AI writes both the code and the tests,
+an independent validator (Mutant) mechanically confirms the tests catch real
+faults. Without this, AI-generated test suites can be perfectly consistent yet
+semantically hollow.
+## Cross-cutting achievements
+| Metric | Value |
+|--------|-------|
+| RSpec examples | 729 |
+| Line coverage | 92.38% (2532/2741) |
+| Mutant mutations | 555 total, 543 killed |
+| Mutant kill rate | 97.83% |
+| Equivalent survivors | 12 |
+| RuboCop offenses | 0 |
+| Reek warnings | 0 |
+| Security CVEs | 0 (3 resolved by Ruby upgrade) |
+| Files with SPDX headers | 115+ |
+| New files | 76 |
+| Modified files | 85 |
+| ADRs accepted | 4 (002, 003, 004, 005) |
+| ADRs proposed | 1 (006) |
+## Commit log
+| Hash | Type | Scope | Summary | Date |
+|------|------|-------|---------|------|
+| dc42c3c | fix | gitlab-ci | install ruby-build to PATH for package builds | 2026-02-19 |
+| 7423856 | feat | security | add ruby_audit + flog gems and audit all config exclusions | 2026-02-19 |
+| fdb73e0 | fix | security | upgrade Ruby 3.3.8 to 3.3.10 (CVE fixes) | 2026-02-19 |
+| 59f43d4 | feat | design | add lifecycle management doc and fix styles.yml | 2026-02-19 |
+| ff3d81e | feat | design | update security.yml to v1.1.0 and add styles domain | 2026-02-19 |
+| 9fc7e55 | fix | security | eliminate shell injection vectors and add file permissions | 2026-02-19 |
+| 46aa519 | feat | security | implement criteria 8-11 (cops, YAML bounds, ANSI, NFC) | 2026-02-19 |
+| 5f352e6 | feat | testing | implement testing.yml design document (all 9 criteria) | 2026-02-19 |
+| 5470cd4 | test | mutant | kill 99 surviving mutations, raise coverage to 97.83% | 2026-02-19 |
+| bf9f15e | feat | design | implement lifecycle_management.yml and fix ci_pipeline gaps | 2026-02-21 |
+| 1d0bfb9 | feat | design | fix security.yml gaps and implement architecture UI layer | 2026-02-21 |
+| 6a8b27e | feat | ui | add accessibility methods to UI base and TUI adapter | 2026-02-21 |
+| c2b7cf9 | fix | design | reconcile design doc inconsistencies and add ADRs 002-005 | 2026-02-21 |
+| 5af8ac3 | docs | changes | archive design implementation documentation | 2026-02-21 |
+| a96f327 | docs | architecture | accept ADR-002, add ADR-006 multi-engine | 2026-02-21 |
+| 44e8a34 | docs | architecture | accept ADR-003 revised UI adapter cascade | 2026-02-21 |
+| d12b827 | docs | architecture | accept ADR-004 with ToolingValidator and bidirectional invariant | 2026-02-21 |
+| 95caf1c | docs | architecture | accept ADR-005 with variant packaging and GUI testing | 2026-02-21 |
+| c33ce5d | feat | architecture | implement ADR-004 SchemaValidator with Design and Tooling validators | 2026-02-21 |
+| 95e636b | feat | cli | add unified rai validate command | 2026-02-21 |
+## New files by category (45 total)
+### Library code (11)
+| File | Purpose |
+|------|---------|
+| `lib/rosett_ai/yaml_loader.rb` | Centralized YAML loading with bounds checking |
+| `lib/rosett_ai/text_sanitizer.rb` | ANSI stripping and NFC normalization |
+| `lib/rosett_ai/secrets_resolver.rb` | Multi-source secret resolution (ENV, file) |
+| `lib/rosett_ai/version_consistency_checker.rb` | Cross-codebase version reference validation |
+| `lib/rosett_ai/ui/base.rb` | Abstract UI interface with accessibility methods |
+| `lib/rosett_ai/ui/registry.rb` | Plugin discovery and adapter management |
+| `lib/rosett_ai/ui/tui.rb` | Terminal UI adapter using TTY gems |
+| `lib/rubocop/cop/rosett-ai/shell_interpolation.rb` | Custom cop: flags shell injection patterns |
+| `lib/rubocop/cop/rosett-ai/unsafe_yaml_load.rb` | Custom cop: flags unsafe YAML.load |
+| `lib/rubocop/rosett_ai.rb` | Cop loader |
+| `LICENSE.md` | GPL-3.0-only full text (675 lines) |
+### Test code (16)
+| File | Purpose |
+|------|---------|
+| `spec/rosett_ai/yaml_loader_spec.rb` | YamlLoader unit tests |
+| `spec/rosett_ai/yaml_loader_property_spec.rb` | Property-based tests for YamlLoader (Rantly) |
+| `spec/rosett_ai/text_sanitizer_spec.rb` | TextSanitizer unit tests |
+| `spec/rosett_ai/secrets_resolver_spec.rb` | SecretsResolver unit tests |
+| `spec/rosett_ai/version_consistency_checker_spec.rb` | VersionConsistencyChecker unit tests (214 lines) |
+| `spec/rosett_ai/ui/base_spec.rb` | UI Base abstract interface tests |
+| `spec/rosett_ai/ui/registry_spec.rb` | UI Registry tests |
+| `spec/rosett_ai/ui/tui_spec.rb` | TUI adapter tests |
+| `spec/rubocop/cop/rosett-ai/shell_interpolation_spec.rb` | ShellInterpolation cop tests |
+| `spec/rubocop/cop/rosett-ai/unsafe_yaml_load_spec.rb` | UnsafeYamlLoad cop tests |
+| `spec/support/factories/behaviours.rb` | factory_bot behaviour hash factory |
+| `spec/support/factories/rules.rb` | factory_bot rule hash factory |
+| `spec/support/factory_bot.rb` | factory_bot RSpec configuration |
+| `spec/support/shared_examples/ui_implementation.rb` | UI interface contract (7 methods) |
+| `spec/fixtures/behaviours/*.yml` | 7 fixture files (valid, invalid, malicious, unicode) |
+### CI/CD (4)
+| File | Purpose |
+|------|---------|
+| `.gitlab-ci-files/validate/ci-yaml.yml` | CI YAML validation job |
+| `.gitlab-ci-files/validate/version-consistency.yml` | Version consistency check job |
+| `.gitlab-ci-files/security_scan/ruby-audit.yml` | Ruby stdlib CVE scanning job |
+| `.gitlab-ci-files/test/mutant.yml` | Mutation testing job (MR only) |
+### P2 Library code (4)
+| File | Purpose |
+|------|---------|
+| `lib/rosett_ai/validators/schema_validator.rb` | Generic JSON Schema validator base class |
+| `lib/rosett_ai/validators/design_validator.rb` | Design document validator (thin wrapper) |
+| `lib/rosett_ai/validators/tooling_validator.rb` | Tooling configuration validator (thin wrapper) |
+| `lib/rosett_ai/thor/tasks/design.rb` | Design document management CLI task |
+| `lib/rosett_ai/thor/tasks/validate.rb` | Unified validation aggregator CLI task |
+### P2 Test code (4)
+| File | Purpose |
+|------|---------|
+| `spec/rosett_ai/validators/schema_validator_spec.rb` | SchemaValidator base class tests |
+| `spec/rosett_ai/validators/design_validator_spec.rb` | DesignValidator tests (incl. all 13 real docs) |
+| `spec/rosett_ai/validators/tooling_validator_spec.rb` | ToolingValidator tests (incl. real tooling files) |
+| `spec/rosett_ai/thor/tasks/design_spec.rb` | Design CLI task tests |
+| `spec/rosett_ai/thor/tasks/validate_spec.rb` | Unified validate CLI task tests |
+### P2 CI/CD (3)
+| File | Purpose |
+|------|---------|
+| `.gitlab-ci-files/validate/design-docs.yml` | Design document validation job (superseded) |
+| `.gitlab-ci-files/validate/tooling-docs.yml` | Tooling validation job (superseded) |
+| `.gitlab-ci-files/validate/schema-validation.yml` | Unified schema validation job |
+### P2 Documentation (7)
+| File | Purpose |
+|------|---------|
+| `doc/decisions/002-path-resolution-strategy.md` | ADR: PathResolver for centralised paths |
+| `doc/decisions/003-ui-adapter-selection.md` | ADR: 5-level UI adapter cascade |
+| `doc/decisions/004-design-document-validation.md` | ADR: SchemaValidator with bidirectional invariant |
+| `doc/decisions/005-package-splitting-strategy.md` | ADR: Plugin gems within core repository |
+| `doc/decisions/006-multi-engine-architecture.md` | ADR: Engine-aware PathResolver + compiler adapters |
+### P2 CC Config Library (6)
+| File | Purpose |
+|------|---------|
+| `lib/rosett_ai/config/compiler.rb` | Main CC config orchestrator (YAML→JSON pipeline) |
+| `lib/rosett_ai/config/domain_transformer.rb` | Domain key mapping, env routing, validate-only checking |
+| `lib/rosett_ai/config/key_map.rb` | Explicit snake_case → camelCase mapping table (90+ entries) |
+| `lib/rosett_ai/config/scope_router.rb` | Scope → target path resolution |
+| `lib/rosett_ai/config/secret_resolver.rb` | `${secret:backend:key}` deterministic parser (NO regex) |
+| `lib/rosett_ai/config/compile_result.rb` | Structured compilation result |
+### P2 CC Config Tests (6)
+| File | Purpose |
+|------|---------|
+| `spec/rosett_ai/config/compiler_spec.rb` | Compiler integration tests |
+| `spec/rosett_ai/config/key_map_spec.rb` | KeyMap mapping tests |
+| `spec/rosett_ai/config/scope_router_spec.rb` | ScopeRouter tests |
+| `spec/rosett_ai/config/secret_resolver_spec.rb` | SecretResolver tests (3 backends, security) |
+| `spec/rosett_ai/config/compile_result_spec.rb` | CompileResult struct tests |
+| `spec/rosett_ai/thor/tasks/config_spec.rb` | Thor config task tests |
+### P2 CC Config Scope Files + Schema (5)
+| File | Purpose |
+|------|---------|
+| `conf/claude_code/managed.yml` | Enterprise managed scope config |
+| `conf/claude_code/user.yml` | User-level scope config |
+| `conf/claude_code/project.yml` | Project-level scope config |
+| `conf/claude_code/local.yml` | Local overrides scope config |
+| `conf/schemas/claude_code_config_schema.json` | JSON Schema draft 2020-12 |
+### P2 CC Config CLI + Docs (2)
+| File | Purpose |
+|------|---------|
+| `lib/rosett_ai/thor/tasks/config.rb` | Thor task: `rai config compile` |
+| `doc/changes/2026-02-21-cc-config-implementation.md` | Change document |
+### Configuration (5)
+| File | Purpose |
+|------|---------|
+| `.mutant.yml` | Mutant configuration |
+| `.mdlrc` | Markdownlint configuration |
+| `.mdl_style.rb` | Markdownlint style rules |
+| `conf/design/lifecycle_management.yml` | Lifecycle management design document |
+| `conf/design/styles.yml` | Styles design document |
+### Documentation (4)
+| File | Purpose |
+|------|---------|
+| `doc/ai_test_review_checklist.md` | 11-point AI test review checklist |
+| `doc/changes/2026-02-19-testing-infrastructure.md` | Testing implementation change doc |
+| `doc/decisions/001-flog-deferred.md` | ADR: Flog deferred in favour of RuboCop Metrics |
+| `conf/design/claude_code_configuration.yml` | CC configuration design document (P2) |
+## Related documentation
+- [CC config compiler](2026-02-21-cc-config-implementation.md)
+- [Compiler multi-target pipeline](2026-02-21-compiler-multi-target-pipeline.md)
+- [Security implementation](2026-02-20-security-implementation.md)
+- [Testing infrastructure](2026-02-19-testing-infrastructure.md) (pre-existing)
+- [Styles implementation](2026-02-20-styles-implementation.md)
+- [CI pipeline implementation](2026-02-21-ci-pipeline-implementation.md)
+- [Lifecycle management](2026-02-21-lifecycle-management.md)
+- [Architecture UI layer](2026-02-21-architecture-ui-layer.md)

data/doc/changes/2026-02-21-lifecycle-management.md ADDED Viewed

@@ -0,0 +1,196 @@
+# Implement lifecycle_management.yml design document (P1)
+**Branch**: `design_implementation`
+**Date**: 2026-02-21
+**Design doc**: `conf/design/lifecycle_management.yml` v1.0.0
+**Commit**: bf9f15e
+## Motivation
+Upgrades are security-critical operations — a missed CVE fix is a vulnerability,
+a botched upgrade is downtime. Without lifecycle management:
+- Version references drift across files (.ruby-version says one thing, CLAUDE.md another)
+- Security patches are applied late or inconsistently
+- Upgrades break things because verification was incomplete
+- Knowledge about how to upgrade is tribal, not documented
+The lifecycle management design document captures a repeatable, auditable
+upgrade methodology with 5 phases (discovery, research, scope, execute, verify)
+and automated tooling to detect version drift. It was validated against the
+concrete Ruby 3.3.8 to 3.3.10 upgrade performed earlier in this branch.
+## Acceptance criteria
+All 7 acceptance criteria from `lifecycle_management.yml` are satisfied:
+| # | Criterion | Evidence |
+|---|-----------|----------|
+| 1 | All version references consistent after upgrade | `VersionConsistencyChecker` validates; CI job enforces |
+| 2 | ruby-audit reports 0 vulnerabilities after Ruby upgrade | fdb73e0: Ruby 3.3.10 resolves 3 CVEs |
+| 3 | bundler-audit reports 0 vulnerabilities after gem upgrade | Verified: 0 vulnerabilities |
+| 4 | RuboCop, Reek, Flay run without regressions (Flog deferred) | All pass with 0 findings; ADR-001 documents Flog deferral |
+| 5 | Full RSpec suite passes with 0 failures | 437 examples, 0 failures |
+| 6 | Commit message includes CVE identifiers or rationale | fdb73e0: "upgrade Ruby 3.3.8 -> 3.3.10 (CVE fixes)" |
+| 7 | No stale version references (verified by grep) | `VersionConsistencyChecker` automates this verification |
+## Changes by area
+### VersionConsistencyChecker class
+**File**: `lib/rosett_ai/version_consistency_checker.rb` (117 lines)
+Reads the canonical Ruby version from `.ruby-version`, then scans every
+non-binary file in the project for version strings matching the same
+MAJOR.MINOR series. Reports mismatches where a file references an older
+PATCH level.
+**Design decisions**:
+- **Exclusions**: `vendor/`, `tmp/`, `coverage/`, `.git/`, `.bundle/` (generated),
+  `CHANGELOG.md` (historical), `Gemfile.lock` (managed by bundler),
+  `doc/changes/` and `doc/INCIDENT_REPORT*` (archival), `conf/design/`
+  (reference execution examples), and its own spec file
+- **Constraint line detection**: Lines containing version operators (`>=`, `~>`,
+  `<=`, `!=`) are skipped (gemspec/CI constraints reference ranges, not pins)
+- **Binary detection**: Reads first 512 bytes; skips files containing null bytes
+- **Encoding safety**: Catches `ArgumentError` and `Encoding::InvalidByteSequenceError`
+Key code excerpt:
+```ruby
+def build_version_pattern(version)
+  major, minor = version.split('.')[0..1]
+  /\b#{Regexp.escape(major)}\.#{Regexp.escape(minor)}\.\d+\b/
+end
+def scan_file(file, expected, pattern)
+  File.readlines(file, encoding: 'UTF-8').each_with_index do |line, index|
+    line.scan(pattern).each do |found|
+      next if constraint_line?(line)
+      reference = { file: relative, line: index + 1, found: found, expected: expected }
+      @results[:references] << reference
+      @results[:mismatches] << reference unless found == expected
+    end
+  end
+end
+```
+### `rai tooling check-versions` CLI command
+**File**: `lib/rosett_ai/thor/tasks/tooling.rb` (new command)
+```text
+Usage: bin/raictl tooling check-versions [--verbose] [--project-dir DIR]
+Options:
+  --verbose       Show all version references, not just mismatches
+  --project-dir   Project directory (defaults to current directory)
+```
+Output: Unicode-bordered table showing expected version, total references,
+and mismatch count. Exits non-zero if mismatches are found.
+### CI validation job
+**File**: `.gitlab-ci-files/validate/version-consistency.yml`
+Runs `bundle exec bin/raictl tooling check-versions` in the validate stage.
+Catches version drift before code quality or test stages run.
+### Upgrade methodology
+The design document codifies a 5-phase upgrade process:
+1. **Discovery** — Run security audit tools, record CVE identifiers and severity
+2. **Research** — Check official releases, verify version manager availability, read release notes
+3. **Scope** — Grep codebase for all references to current version, categorize by file type
+4. **Execute** — Install new version, update pin, reinstall dependencies, update all references
+5. **Verify** — Run full suite: ruby-audit, bundler-audit, rubocop, reek, flay, rspec
+### Reference execution: Ruby 3.3.8 to 3.3.10
+The Ruby upgrade (commit fdb73e0) served as the concrete validation of this
+methodology:
+| Phase | Action | Result |
+|-------|--------|--------|
+| Discovery | ruby-audit flagged CVE-2025-24294, CVE-2025-58767, CVE-2025-61594 | 3 CVEs identified |
+| Research | ruby-lang.org confirmed 3.3.10 resolves all 3 | Target version selected |
+| Scope | grep found 6 files with "3.3.8" references | Scope bounded |
+| Execute | rbenv install 3.3.10, bundle install, 6 files updated | Atomic update |
+| Verify | ruby-audit 0, rubocop 0, reek 0, rspec 277/0 | All gates passed |
+## Upgrade process sequence
+```mermaid
+sequenceDiagram
+    participant A as Audit Tool
+    participant D as Developer/AI
+    participant R as Official Docs
+    participant C as Codebase
+    participant V as Verification Suite
+    A->>D: CVE found (ruby-audit / bundler-audit)
+    D->>R: Check latest patched version
+    R-->>D: Version confirmed (e.g. 3.3.10)
+    D->>C: grep for current version references
+    C-->>D: File list with line numbers
+    D->>C: Install new version + update all references
+    D->>V: Run full verification suite
+    V-->>D: ruby-audit: 0 vulns
+    V-->>D: bundler-audit: 0 vulns
+    V-->>D: rubocop: 0 offenses
+    V-->>D: reek: 0 warnings
+    V-->>D: rspec: 0 failures
+    D->>C: Commit with CVE references in message
+```
+## VersionConsistencyChecker flow
+```mermaid
+flowchart TD
+    START[Read .ruby-version] --> PATTERN[Build version pattern<br/>e.g. /3\.3\.\d+/]
+    PATTERN --> SCAN[Scan all project files]
+    SCAN --> EXCLUDE{Excluded<br/>dir/file?}
+    EXCLUDE -->|yes| SKIP[Skip file]
+    EXCLUDE -->|no| BINARY{Binary<br/>file?}
+    BINARY -->|yes| SKIP
+    BINARY -->|no| MATCH[Find version pattern matches]
+    MATCH --> CONSTRAINT{Constraint<br/>line?}
+    CONSTRAINT -->|yes| SKIP2[Skip match]
+    CONSTRAINT -->|no| COMPARE{Matches<br/>expected?}
+    COMPARE -->|yes| REF[Record reference]
+    COMPARE -->|no| MISMATCH[Record mismatch]
+    SKIP --> NEXT[Next file]
+    SKIP2 --> NEXT
+    REF --> NEXT
+    MISMATCH --> NEXT
+    NEXT --> SCAN
+    SCAN -->|done| REPORT[Report: consistent or mismatches]
+```
+## Files created
+| File | Purpose |
+|------|---------|
+| `lib/rosett_ai/version_consistency_checker.rb` | Cross-codebase version reference validator |
+| `spec/rosett_ai/version_consistency_checker_spec.rb` | Unit tests (214 lines, 24 examples) |
+| `.gitlab-ci-files/validate/version-consistency.yml` | CI validation job |
+## Files modified
+| File | Change |
+|------|--------|
+| `lib/rosett_ai/thor/tasks/tooling.rb` | Added `check-versions` command with `--verbose` and `--project-dir` options |
+| `spec/rosett_ai/thor/tasks/tooling_spec.rb` | Added tests for new command |
+| `conf/design/lifecycle_management.yml` | Minor wording updates, Flog deferral annotation |
+## Verification
+- [x] `bundle exec bin/raictl tooling check-versions` — all references consistent
+- [x] `bundle exec rspec spec/rosett_ai/version_consistency_checker_spec.rb` — 24 examples, 0 failures
+- [x] `bundle exec rubocop lib/rosett_ai/version_consistency_checker.rb` — 0 offenses
+- [x] `bundle exec reek lib/rosett_ai/version_consistency_checker.rb` — 0 warnings
+- [x] Ruby 3.3.8 to 3.3.10 upgrade followed all 5 phases
+- [x] Commit fdb73e0 references 3 CVE identifiers