RubyGems - rosett-ai - Versions diffs - 1.3.3 - Mend

rosett-ai 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (527) hide show

checksums.yaml +7 -0
data/.ai-provenance.yml +119 -0
data/.debride_whitelist +186 -0
data/.fasterer.yml +29 -0
data/.mdl_style.rb +10 -0
data/.mdlrc +3 -0
data/.mutant.yml +49 -0
data/.namespace-allowlist +42 -0
data/.reek.yml +1040 -0
data/.rosett-ai/config.yml +3 -0
data/.rspec +5 -0
data/.rubocop.yml +380 -0
data/.ruby-version +1 -0
data/.yamllint +51 -0
data/.yardopts +12 -0
data/AI-DISCLOSURE.md +48 -0
data/CHANGELOG.md +519 -0
data/CLAUDE.md +141 -0
data/CONTRIBUTING.md +734 -0
data/INSTALL.md +154 -0
data/LICENSE +674 -0
data/LICENSE.md +675 -0
data/QUICKSTART.md +73 -0
data/README.md +366 -0
data/Rakefile +200 -0
data/SECURITY.md +114 -0
data/bin/rai +1 -0
data/cliff.toml +52 -0
data/conf/adopt_redactions.yml +8 -0
data/conf/behaviour/.gitkeep +0 -0
data/conf/compliance/cra_rules.yml +25 -0
data/conf/compliance/license_rules.yml +20 -0
data/conf/design/aaif_alignment.yml +181 -0
data/conf/design/ab_testing.yml +172 -0
data/conf/design/accessibility.yml +84 -0
data/conf/design/ai_authorship.yml +210 -0
data/conf/design/ai_provenance.yml +224 -0
data/conf/design/ai_tool_configuration.yml +207 -0
data/conf/design/architecture.yml +139 -0
data/conf/design/autocompletion.yml +115 -0
data/conf/design/backward_compatibility.yml +112 -0
data/conf/design/behaviour_composition.yml +246 -0
data/conf/design/build_rake_extraction.yml +57 -0
data/conf/design/ci_pipeline.yml +100 -0
data/conf/design/claude_code_configuration.yml +157 -0
data/conf/design/compiler.yml +128 -0
data/conf/design/comply.yml +153 -0
data/conf/design/content_packs.yml +84 -0
data/conf/design/desktop_integration.yml +289 -0
data/conf/design/distribution.yml +216 -0
data/conf/design/doctor.yml +184 -0
data/conf/design/documentation.yml +152 -0
data/conf/design/engine_architecture.yml +257 -0
data/conf/design/error_handling.yml +103 -0
data/conf/design/feature_flags.yml +142 -0
data/conf/design/git_hooks.yml +165 -0
data/conf/design/gui_plugins.yml +475 -0
data/conf/design/i18n.yml +84 -0
data/conf/design/integration_testing.yml +56 -0
data/conf/design/licensing_system.yml +88 -0
data/conf/design/lifecycle_management.yml +208 -0
data/conf/design/mcp_integration.yml +207 -0
data/conf/design/mcp_settings.yml +126 -0
data/conf/design/migration.yml +56 -0
data/conf/design/monitoring_observability.yml +194 -0
data/conf/design/namespace_cleanup.yml +145 -0
data/conf/design/plugin_test_segregation.yml +145 -0
data/conf/design/policy_management.yml +229 -0
data/conf/design/project_management.yml +183 -0
data/conf/design/rai_mcp_asset_discovery.yml +164 -0
data/conf/design/rai_mcp_server.yml +605 -0
data/conf/design/release_management.yml +117 -0
data/conf/design/retrofit.yml +199 -0
data/conf/design/retrospective_analyzer.yml +79 -0
data/conf/design/scope_hierarchy.yml +352 -0
data/conf/design/security.yml +115 -0
data/conf/design/session_retrospective.yml +85 -0
data/conf/design/smart_ui_feedback.yml +89 -0
data/conf/design/structured_logging.yml +148 -0
data/conf/design/styles.yml +123 -0
data/conf/design/test_peer_review.yml +89 -0
data/conf/design/testing.yml +136 -0
data/conf/design/threat_model.yml +108 -0
data/conf/design/ui_framework.yml +111 -0
data/conf/design/usage_optimization.yml +122 -0
data/conf/design/version_management.yml +60 -0
data/conf/design/workflow.yml +227 -0
data/conf/mcp/server_defaults.yml +42 -0
data/conf/mcp/trust.yml +21 -0
data/conf/packaging/core.yml +12 -0
data/conf/packaging/gtk4.yml +11 -0
data/conf/packaging/qt6.yml +11 -0
data/conf/policy/default_deny_list.yml +197 -0
data/conf/review/cli-command-audit.yml +857 -0
data/conf/review/design-docs.yml +1064 -0
data/conf/review/design-questionnaire.yml +153 -0
data/conf/review/questionnaire.yml +146 -0
data/conf/review/rosett-ai-core.yml +2919 -0
data/conf/schemas/ai_config_schema.json +73 -0
data/conf/schemas/behaviour_schema.json +132 -0
data/conf/schemas/compliance_rule_schema.json +63 -0
data/conf/schemas/content_pack_manifest_schema.json +51 -0
data/conf/schemas/design_schema.json +210 -0
data/conf/schemas/engine_manifest_schema.json +144 -0
data/conf/schemas/lockfile_schema.json +74 -0
data/conf/schemas/mcp_server_schema.json +48 -0
data/conf/schemas/packaging_schema.json +70 -0
data/conf/schemas/policy_schema.json +85 -0
data/conf/schemas/provenance_schema.json +84 -0
data/conf/schemas/rai_config_schema.json +56 -0
data/conf/schemas/rai_project_schema.json +20 -0
data/conf/schemas/scope_hierarchy_schema.json +49 -0
data/conf/schemas/target_schema.json +67 -0
data/conf/schemas/tooling_schema.json +65 -0
data/conf/schemas/workflow_schema.json +112 -0
data/conf/targets/agents_md.yml +17 -0
data/conf/targets/claude.yml +12 -0
data/conf/tooling/tools.yml +58 -0
data/dist/rosett-ai-mcp.service +48 -0
data/dist/rosett-ai-mcp.yml.default +45 -0
data/doc/AAIF_POSITIONING.md +58 -0
data/doc/ADOPT.md +224 -0
data/doc/AI_PROVENANCE.md +139 -0
data/doc/ARCHITECTURE.md +920 -0
data/doc/BEHAVIOUR.md +409 -0
data/doc/BUILD.md +138 -0
data/doc/CI_CD_RECIPES.md +171 -0
data/doc/CLAUDE_SESSIONS_MOVED.md +16 -0
data/doc/COMMAND_ANALYSIS.md +229 -0
data/doc/CONFIGURATION.md +281 -0
data/doc/DESIGN_AUDIT.md +235 -0
data/doc/DESIGN_PEER_REVIEW.md +771 -0
data/doc/DESKTOP.md +447 -0
data/doc/ENGINES.md +567 -0
data/doc/ENGINE_DEVELOPMENT_GUIDE.md +417 -0
data/doc/FEATURE_AUDIT.md +218 -0
data/doc/IMPLEMENTATION_PLAN.md +669 -0
data/doc/INCIDENT_REPORT_2026-02-02.md +251 -0
data/doc/MIGRATION_GUIDE.md +88 -0
data/doc/PACKAGING.md +232 -0
data/doc/PROJECT_DASHBOARD.md +153 -0
data/doc/PULP_DEPLOYMENT.md +164 -0
data/doc/QUALITY_FIX_SUMMARY.md +110 -0
data/doc/QUICK_START.md +162 -0
data/doc/REEK_CONFIGURATION.md +166 -0
data/doc/REFERENCE.md +253 -0
data/doc/REFERENCES.md +324 -0
data/doc/SECURITY_REVIEW_CHECKLIST.md +72 -0
data/doc/SESSION_2026-02-28_GTK4_HARDENING.md +359 -0
data/doc/SETUP.md +202 -0
data/doc/TEST_PEER_REVIEW.md +152 -0
data/doc/THREAT_MODEL.md +230 -0
data/doc/USAGE.md +545 -0
data/doc/USER_MANUAL.md +585 -0
data/doc/ai_test_review_checklist.md +110 -0
data/doc/changes/2026-02-18-packaging-fpm.md +155 -0
data/doc/changes/2026-02-19-testing-infrastructure.md +221 -0
data/doc/changes/2026-02-20-security-implementation.md +281 -0
data/doc/changes/2026-02-20-styles-implementation.md +220 -0
data/doc/changes/2026-02-21-architecture-completion.md +95 -0
data/doc/changes/2026-02-21-architecture-ui-layer.md +253 -0
data/doc/changes/2026-02-21-cc-config-implementation.md +108 -0
data/doc/changes/2026-02-21-ci-pipeline-implementation.md +214 -0
data/doc/changes/2026-02-21-compiler-multi-target-pipeline.md +241 -0
data/doc/changes/2026-02-21-config-design-show-commands.md +61 -0
data/doc/changes/2026-02-21-design-implementation-overview.md +455 -0
data/doc/changes/2026-02-21-lifecycle-management.md +196 -0
data/doc/changes/2026-02-21-path-resolver.md +128 -0
data/doc/changes/2026-02-24-ci-tmpdir-mutant-fetch.md +45 -0
data/doc/changes/2026-03-01-ci-bundler-strategy.md +120 -0
data/doc/changes/2026-03-20-security-hardening-phase2.md +163 -0
data/doc/context/SESSION-HANDOFF.md +69 -0
data/doc/context/ai-engine-usage-trends-2026.md +80 -0
data/doc/context/plan-pluggable-engines.md +590 -0
data/doc/decisions/001-flog-deferred.md +32 -0
data/doc/decisions/002-path-resolution-strategy.md +158 -0
data/doc/decisions/003-ui-adapter-selection.md +193 -0
data/doc/decisions/004-design-document-validation.md +179 -0
data/doc/decisions/005-package-splitting-strategy.md +200 -0
data/doc/decisions/006-multi-engine-architecture.md +147 -0
data/doc/decisions/007-engine-agnostic-pivot.md +219 -0
data/doc/decisions/008-ci-bundler-strategy.md +129 -0
data/doc/decisions/009-core-only-v1-release.md +60 -0
data/doc/decisions/010-engine-debian-packaging.md +66 -0
data/doc/decisions/011-context-aware-cli.md +71 -0
data/doc/dependency_decisions.yml +247 -0
data/doc/issues/001-wrapper-missing-environment-variables.md +197 -0
data/doc/issues/002-embedded-ruby-wrong-prefix.md +217 -0
data/doc/issues/003-smoke-test-false-positive.md +127 -0
data/doc/issues/004-market-research-design-updates.md +109 -0
data/doc/issues/005-compile-scope-coexistence.md +161 -0
data/doc/locales/.gitkeep +0 -0
data/doc/man/rai.1.ronn +505 -0
data/doc/operations/packaging.md +133 -0
data/doc/operations/rosett-ai-release.md +65 -0
data/doc/reference/error-catalog.md +107 -0
data/doc/reference/rosett-ai-technical-reference.pdf +0 -0
data/doc/reference/src/Pictures/cover.jpg +0 -0
data/doc/reference/src/Pictures/head1.jpg +0 -0
data/doc/reference/src/Pictures/head2.jpg +0 -0
data/doc/reference/src/Pictures/head3.jpg +0 -0
data/doc/reference/src/Pictures/head4.jpg +0 -0
data/doc/reference/src/Pictures/head5.jpg +0 -0
data/doc/reference/src/Pictures/head6.jpg +0 -0
data/doc/reference/src/Pictures/head7.jpg +0 -0
data/doc/reference/src/Pictures/head8.jpg +0 -0
data/doc/reference/src/StyleInd.ist +4 -0
data/doc/reference/src/bibliography.bib +79 -0
data/doc/reference/src/main.tex +1288 -0
data/doc/reference/src/structure.tex +303 -0
data/doc/rosett-ai-bookmarks.html +301 -0
data/kitchen.yml +46 -0
data/lib/rosett_ai/adopter/executor_resolver.rb +77 -0
data/lib/rosett_ai/adopter/local_analysis_collector.rb +154 -0
data/lib/rosett_ai/adopter/rule_adopter.rb +254 -0
data/lib/rosett_ai/ai_config/config_compiler.rb +111 -0
data/lib/rosett_ai/ai_config/context_window.rb +55 -0
data/lib/rosett_ai/ai_config/cost_controls.rb +44 -0
data/lib/rosett_ai/ai_config/fallback_chain.rb +64 -0
data/lib/rosett_ai/ai_config/model_router.rb +121 -0
data/lib/rosett_ai/ai_config/validator.rb +45 -0
data/lib/rosett_ai/authorship/attribution_compiler.rb +99 -0
data/lib/rosett_ai/authorship/disclosure_policy.rb +81 -0
data/lib/rosett_ai/authorship/review_validator.rb +39 -0
data/lib/rosett_ai/authorship/trailer_generator.rb +88 -0
data/lib/rosett_ai/backup/compressor.rb +180 -0
data/lib/rosett_ai/backup/destination.rb +91 -0
data/lib/rosett_ai/behaviour/manager.rb +156 -0
data/lib/rosett_ai/compiler/backend.rb +86 -0
data/lib/rosett_ai/compiler/backends/agents_md_backend.rb +80 -0
data/lib/rosett_ai/compiler/backends/claude_backend.rb +88 -0
data/lib/rosett_ai/compiler/backends/generic_backend.rb +15 -0
data/lib/rosett_ai/compiler/behaviour_compiler.rb +40 -0
data/lib/rosett_ai/compiler/capability_checker.rb +104 -0
data/lib/rosett_ai/compiler/compilation_pipeline.rb +361 -0
data/lib/rosett_ai/compiler/compiled_output.rb +39 -0
data/lib/rosett_ai/compiler/locale_compiler.rb +250 -0
data/lib/rosett_ai/compiler/target_profile.rb +112 -0
data/lib/rosett_ai/completion/generator.rb +101 -0
data/lib/rosett_ai/completion/shells/bash_generator.rb +126 -0
data/lib/rosett_ai/completion/shells/fish_generator.rb +78 -0
data/lib/rosett_ai/completion/shells/zsh_generator.rb +126 -0
data/lib/rosett_ai/comply/checkers/cra_checker.rb +102 -0
data/lib/rosett_ai/comply/checkers/license_checker.rb +85 -0
data/lib/rosett_ai/comply/checkers/spdx_header_checker.rb +98 -0
data/lib/rosett_ai/comply/reporter.rb +113 -0
data/lib/rosett_ai/comply/runner.rb +50 -0
data/lib/rosett_ai/composition/circular_dependency_detector.rb +56 -0
data/lib/rosett_ai/composition/composer.rb +158 -0
data/lib/rosett_ai/composition/composition_result.rb +64 -0
data/lib/rosett_ai/composition/conflict_detector.rb +53 -0
data/lib/rosett_ai/composition/lockfile.rb +103 -0
data/lib/rosett_ai/composition/merge_strategy.rb +131 -0
data/lib/rosett_ai/composition/priority_sorter.rb +29 -0
data/lib/rosett_ai/composition/scope_resolver.rb +55 -0
data/lib/rosett_ai/config/compile_result.rb +37 -0
data/lib/rosett_ai/config/compiler.rb +13 -0
data/lib/rosett_ai/config/domain_transformer.rb +13 -0
data/lib/rosett_ai/config/key_map.rb +13 -0
data/lib/rosett_ai/config/masking_secret_resolver.rb +40 -0
data/lib/rosett_ai/config/scope_router.rb +13 -0
data/lib/rosett_ai/config/secret_resolver.rb +125 -0
data/lib/rosett_ai/configuration.rb +119 -0
data/lib/rosett_ai/content/content_client.rb +60 -0
data/lib/rosett_ai/content/pack_installer.rb +117 -0
data/lib/rosett_ai/content/pack_manifest.rb +50 -0
data/lib/rosett_ai/content/pack_registry.rb +68 -0
data/lib/rosett_ai/content_packs/manager.rb +50 -0
data/lib/rosett_ai/dbus/compositor_detector.rb +77 -0
data/lib/rosett_ai/dbus/focus_adapters/base.rb +59 -0
data/lib/rosett_ai/dbus/focus_adapters/gnome_adapter.rb +172 -0
data/lib/rosett_ai/dbus/focus_adapters/hyprland_adapter.rb +77 -0
data/lib/rosett_ai/dbus/focus_adapters/i3_adapter.rb +65 -0
data/lib/rosett_ai/dbus/focus_adapters/kwin_adapter.rb +103 -0
data/lib/rosett_ai/dbus/focus_adapters/x11_adapter.rb +105 -0
data/lib/rosett_ai/dbus/focus_monitor_interface.rb +103 -0
data/lib/rosett_ai/dbus/manager_interface.rb +213 -0
data/lib/rosett_ai/dbus/plugin_manager_interface.rb +169 -0
data/lib/rosett_ai/dbus/rate_limiter.rb +89 -0
data/lib/rosett_ai/dbus/service.rb +121 -0
data/lib/rosett_ai/dbus/status_notifier_interface.rb +79 -0
data/lib/rosett_ai/deprecation.rb +79 -0
data/lib/rosett_ai/desktop/dbus_client.rb +259 -0
data/lib/rosett_ai/desktop/gtk4_app.rb +371 -0
data/lib/rosett_ai/desktop/gtk4_preferences.rb +331 -0
data/lib/rosett_ai/desktop/gui_logger.rb +236 -0
data/lib/rosett_ai/doctor/check.rb +92 -0
data/lib/rosett_ai/doctor/checks/cache_health_check.rb +50 -0
data/lib/rosett_ai/doctor/checks/dbus_availability_check.rb +39 -0
data/lib/rosett_ai/doctor/checks/engine_detection_check.rb +46 -0
data/lib/rosett_ai/doctor/checks/file_permission_check.rb +44 -0
data/lib/rosett_ai/doctor/checks/gem_dependency_check.rb +55 -0
data/lib/rosett_ai/doctor/checks/ruby_version_check.rb +50 -0
data/lib/rosett_ai/doctor/checks/stale_config_nncc_check.rb +57 -0
data/lib/rosett_ai/doctor/checks/stale_home_nncc_check.rb +59 -0
data/lib/rosett_ai/doctor.rb +81 -0
data/lib/rosett_ai/documentation/reference_compiler.rb +122 -0
data/lib/rosett_ai/documentation/translator.rb +62 -0
data/lib/rosett_ai/engines/base_config_compiler.rb +203 -0
data/lib/rosett_ai/engines/detector.rb +63 -0
data/lib/rosett_ai/engines/registry.rb +50 -0
data/lib/rosett_ai/error_handler.rb +139 -0
data/lib/rosett_ai/exit_codes.rb +76 -0
data/lib/rosett_ai/feature_flags.rb +102 -0
data/lib/rosett_ai/formatting.rb +33 -0
data/lib/rosett_ai/gem_consistency_checker.rb +199 -0
data/lib/rosett_ai/git_hooks/chain_detector.rb +86 -0
data/lib/rosett_ai/git_hooks/installer.rb +175 -0
data/lib/rosett_ai/git_hooks/script_generator.rb +125 -0
data/lib/rosett_ai/gitlab/validators/supplementary_gitlab_ci_yaml_validator.rb +79 -0
data/lib/rosett_ai/i18n/locale_resolver.rb +46 -0
data/lib/rosett_ai/i18n/utf8_checker.rb +32 -0
data/lib/rosett_ai/init/config_file_writer.rb +24 -0
data/lib/rosett_ai/init/directory_builder.rb +38 -0
data/lib/rosett_ai/init/file_copier.rb +95 -0
data/lib/rosett_ai/init/global_initializer.rb +28 -0
data/lib/rosett_ai/init/local_initializer.rb +27 -0
data/lib/rosett_ai/init/mcp_registrar.rb +109 -0
data/lib/rosett_ai/init/project_initializer.rb +38 -0
data/lib/rosett_ai/licensing/license_key.rb +139 -0
data/lib/rosett_ai/licensing/license_store.rb +64 -0
data/lib/rosett_ai/licensing/license_validator.rb +60 -0
data/lib/rosett_ai/licensing/tier.rb +42 -0
data/lib/rosett_ai/mcp/admin/auditor.rb +88 -0
data/lib/rosett_ai/mcp/admin/health_checker.rb +81 -0
data/lib/rosett_ai/mcp/admin/registry.rb +100 -0
data/lib/rosett_ai/mcp/admin/schema_validator.rb +63 -0
data/lib/rosett_ai/mcp/enforcement/.gitkeep +0 -0
data/lib/rosett_ai/mcp/enforcement/hook_generator.rb +197 -0
data/lib/rosett_ai/mcp/enforcement/validator.rb +215 -0
data/lib/rosett_ai/mcp/governance.rb +160 -0
data/lib/rosett_ai/mcp/http_security_config.rb +158 -0
data/lib/rosett_ai/mcp/instructions.rb +266 -0
data/lib/rosett_ai/mcp/key_hasher.rb +66 -0
data/lib/rosett_ai/mcp/keyfile.rb +221 -0
data/lib/rosett_ai/mcp/middleware/authentication.rb +146 -0
data/lib/rosett_ai/mcp/middleware/content_type.rb +56 -0
data/lib/rosett_ai/mcp/middleware/cors.rb +83 -0
data/lib/rosett_ai/mcp/middleware/origin_validation.rb +73 -0
data/lib/rosett_ai/mcp/middleware/rate_limit.rb +106 -0
data/lib/rosett_ai/mcp/middleware/request_size.rb +51 -0
data/lib/rosett_ai/mcp/plugins.rb +143 -0
data/lib/rosett_ai/mcp/prompts/compilation_prompt.rb +40 -0
data/lib/rosett_ai/mcp/prompts/compliance_prompt.rb +41 -0
data/lib/rosett_ai/mcp/prompts/diagnostics_prompt.rb +41 -0
data/lib/rosett_ai/mcp/prompts/validation_prompt.rb +41 -0
data/lib/rosett_ai/mcp/resources/behaviour_resource.rb +127 -0
data/lib/rosett_ai/mcp/resources/config_resource.rb +72 -0
data/lib/rosett_ai/mcp/resources/design_resource.rb +58 -0
data/lib/rosett_ai/mcp/resources/hooks_resource.rb +74 -0
data/lib/rosett_ai/mcp/resources/provenance_resource.rb +51 -0
data/lib/rosett_ai/mcp/resources/rules_resource.rb +60 -0
data/lib/rosett_ai/mcp/resources/schema_resource.rb +72 -0
data/lib/rosett_ai/mcp/response_helper.rb +46 -0
data/lib/rosett_ai/mcp/security_logger.rb +60 -0
data/lib/rosett_ai/mcp/server.rb +212 -0
data/lib/rosett_ai/mcp/settings/server_installer.rb +112 -0
data/lib/rosett_ai/mcp/settings/trust_manager.rb +142 -0
data/lib/rosett_ai/mcp/tools/adopt_tool.rb +70 -0
data/lib/rosett_ai/mcp/tools/backup_tool.rb +64 -0
data/lib/rosett_ai/mcp/tools/behaviour_display_tool.rb +72 -0
data/lib/rosett_ai/mcp/tools/behaviour_list_tool.rb +56 -0
data/lib/rosett_ai/mcp/tools/behaviour_manage_tool.rb +114 -0
data/lib/rosett_ai/mcp/tools/behaviour_show_tool.rb +62 -0
data/lib/rosett_ai/mcp/tools/compile_status_tool.rb +122 -0
data/lib/rosett_ai/mcp/tools/compile_tool.rb +191 -0
data/lib/rosett_ai/mcp/tools/comply_tool.rb +79 -0
data/lib/rosett_ai/mcp/tools/config_compile_tool.rb +71 -0
data/lib/rosett_ai/mcp/tools/config_status_tool.rb +79 -0
data/lib/rosett_ai/mcp/tools/content_tool.rb +78 -0
data/lib/rosett_ai/mcp/tools/context_query_tool.rb +156 -0
data/lib/rosett_ai/mcp/tools/design_list_tool.rb +57 -0
data/lib/rosett_ai/mcp/tools/design_show_tool.rb +69 -0
data/lib/rosett_ai/mcp/tools/doctor_tool.rb +62 -0
data/lib/rosett_ai/mcp/tools/documentation_status_tool.rb +45 -0
data/lib/rosett_ai/mcp/tools/engines_tool.rb +84 -0
data/lib/rosett_ai/mcp/tools/hook_install_tool.rb +190 -0
data/lib/rosett_ai/mcp/tools/hook_preview_tool.rb +173 -0
data/lib/rosett_ai/mcp/tools/hooks_status_tool.rb +84 -0
data/lib/rosett_ai/mcp/tools/init_tool.rb +87 -0
data/lib/rosett_ai/mcp/tools/license_status_tool.rb +44 -0
data/lib/rosett_ai/mcp/tools/project_tool.rb +117 -0
data/lib/rosett_ai/mcp/tools/provenance_tool.rb +97 -0
data/lib/rosett_ai/mcp/tools/provenance_write_tool.rb +40 -0
data/lib/rosett_ai/mcp/tools/retrofit_tool.rb +81 -0
data/lib/rosett_ai/mcp/tools/rule_search_tool.rb +163 -0
data/lib/rosett_ai/mcp/tools/schema_get_tool.rb +94 -0
data/lib/rosett_ai/mcp/tools/tooling_tool.rb +86 -0
data/lib/rosett_ai/mcp/tools/validate_tool.rb +105 -0
data/lib/rosett_ai/mcp/tools/workflow_execute_tool.rb +74 -0
data/lib/rosett_ai/mcp/tools/workflow_tool.rb +78 -0
data/lib/rosett_ai/migration/detector.rb +117 -0
data/lib/rosett_ai/migration/nncc_config_migrator.rb +94 -0
data/lib/rosett_ai/migration/nncc_project_migrator.rb +90 -0
data/lib/rosett_ai/migration/xdg_migrator.rb +123 -0
data/lib/rosett_ai/package_manager/apt.rb +108 -0
data/lib/rosett_ai/package_manager/base.rb +68 -0
data/lib/rosett_ai/package_manager/gem_backend.rb +90 -0
data/lib/rosett_ai/packaging/variant_config.rb +92 -0
data/lib/rosett_ai/path_resolver.rb +115 -0
data/lib/rosett_ai/plugins/contract.rb +43 -0
data/lib/rosett_ai/plugins/engine_contract.rb +60 -0
data/lib/rosett_ai/plugins/gui_contract.rb +74 -0
data/lib/rosett_ai/plugins/mcp_contract.rb +48 -0
data/lib/rosett_ai/plugins/registry.rb +150 -0
data/lib/rosett_ai/policy/auditor.rb +41 -0
data/lib/rosett_ai/policy/deny_list.rb +71 -0
data/lib/rosett_ai/policy/opt_out_scanner.rb +37 -0
data/lib/rosett_ai/policy/policy_compiler.rb +84 -0
data/lib/rosett_ai/policy/protected_files.rb +47 -0
data/lib/rosett_ai/policy/tier_hierarchy.rb +48 -0
data/lib/rosett_ai/policy/validator.rb +35 -0
data/lib/rosett_ai/profiler.rb +79 -0
data/lib/rosett_ai/project/drift_detector.rb +126 -0
data/lib/rosett_ai/project/manager.rb +115 -0
data/lib/rosett_ai/project/sync_manager.rb +138 -0
data/lib/rosett_ai/project/template_applier.rb +105 -0
data/lib/rosett_ai/project_context.rb +82 -0
data/lib/rosett_ai/provenance/entry.rb +63 -0
data/lib/rosett_ai/provenance/file_source.rb +32 -0
data/lib/rosett_ai/provenance/source.rb +62 -0
data/lib/rosett_ai/provenance/store.rb +153 -0
data/lib/rosett_ai/provenance/tracker.rb +62 -0
data/lib/rosett_ai/provenance/trailer_generator.rb +43 -0
data/lib/rosett_ai/provenance/validator.rb +45 -0
data/lib/rosett_ai/quorum/collector.rb +59 -0
data/lib/rosett_ai/quorum/comparator.rb +81 -0
data/lib/rosett_ai/quorum/dispatcher.rb +57 -0
data/lib/rosett_ai/quorum/strategies/adopt.rb +56 -0
data/lib/rosett_ai/rai_config.rb +107 -0
data/lib/rosett_ai/retrofit/base_parser.rb +66 -0
data/lib/rosett_ai/retrofit/engine.rb +171 -0
data/lib/rosett_ai/retrofit/parsers/agents_md_parser.rb +50 -0
data/lib/rosett_ai/retrofit/parsers/claude_parser.rb +69 -0
data/lib/rosett_ai/retrofit/parsers/cursor_parser.rb +82 -0
data/lib/rosett_ai/retrofit/round_trip_validator.rb +65 -0
data/lib/rosett_ai/retrofit/scanner.rb +47 -0
data/lib/rosett_ai/retrofit/secret_detector.rb +87 -0
data/lib/rosett_ai/secrets_resolver.rb +71 -0
data/lib/rosett_ai/smart_feedback/suggester.rb +83 -0
data/lib/rosett_ai/smart_feedback/thor_middleware.rb +84 -0
data/lib/rosett_ai/structured_logger.rb +110 -0
data/lib/rosett_ai/telemetry/json_lines_writer.rb +50 -0
data/lib/rosett_ai/telemetry/log_rotator.rb +67 -0
data/lib/rosett_ai/telemetry/provider.rb +26 -0
data/lib/rosett_ai/telemetry/reporter.rb +144 -0
data/lib/rosett_ai/telemetry.rb +47 -0
data/lib/rosett_ai/text_sanitizer.rb +62 -0
data/lib/rosett_ai/thor/cli.rb +269 -0
data/lib/rosett_ai/thor/tasks/adopt.rb +250 -0
data/lib/rosett_ai/thor/tasks/backup.rb +420 -0
data/lib/rosett_ai/thor/tasks/behaviour.rb +474 -0
data/lib/rosett_ai/thor/tasks/build.rb +1162 -0
data/lib/rosett_ai/thor/tasks/compile.rb +415 -0
data/lib/rosett_ai/thor/tasks/completion.rb +123 -0
data/lib/rosett_ai/thor/tasks/comply.rb +82 -0
data/lib/rosett_ai/thor/tasks/config.rb +265 -0
data/lib/rosett_ai/thor/tasks/content.rb +193 -0
data/lib/rosett_ai/thor/tasks/dbus.rb +321 -0
data/lib/rosett_ai/thor/tasks/design.rb +258 -0
data/lib/rosett_ai/thor/tasks/desktop.rb +129 -0
data/lib/rosett_ai/thor/tasks/doctor.rb +127 -0
data/lib/rosett_ai/thor/tasks/documentation.rb +321 -0
data/lib/rosett_ai/thor/tasks/engines.rb +167 -0
data/lib/rosett_ai/thor/tasks/hooks.rb +219 -0
data/lib/rosett_ai/thor/tasks/init.rb +259 -0
data/lib/rosett_ai/thor/tasks/license.rb +120 -0
data/lib/rosett_ai/thor/tasks/mcp.rb +535 -0
data/lib/rosett_ai/thor/tasks/migrate.rb +121 -0
data/lib/rosett_ai/thor/tasks/plugins.rb +157 -0
data/lib/rosett_ai/thor/tasks/project.rb +260 -0
data/lib/rosett_ai/thor/tasks/provenance.rb +195 -0
data/lib/rosett_ai/thor/tasks/release.rb +314 -0
data/lib/rosett_ai/thor/tasks/retrofit.rb +90 -0
data/lib/rosett_ai/thor/tasks/tooling.rb +308 -0
data/lib/rosett_ai/thor/tasks/validate.rb +108 -0
data/lib/rosett_ai/thor/tasks/workflow.rb +196 -0
data/lib/rosett_ai/tooling/ci_yaml_validator.rb +37 -0
data/lib/rosett_ai/tooling/version_checker.rb +35 -0
data/lib/rosett_ai/ui/accessible_tui.rb +61 -0
data/lib/rosett_ai/ui/base.rb +46 -0
data/lib/rosett_ai/ui/gtk4.rb +98 -0
data/lib/rosett_ai/ui/kde.rb +40 -0
data/lib/rosett_ai/ui/qt6.rb +40 -0
data/lib/rosett_ai/ui/registry.rb +60 -0
data/lib/rosett_ai/ui/tty_helper.rb +74 -0
data/lib/rosett_ai/ui/tui.rb +59 -0
data/lib/rosett_ai/validators/behaviour_validator.rb +20 -0
data/lib/rosett_ai/validators/design_validator.rb +17 -0
data/lib/rosett_ai/validators/schema_validator.rb +84 -0
data/lib/rosett_ai/validators/tooling_validator.rb +17 -0
data/lib/rosett_ai/version.rb +8 -0
data/lib/rosett_ai/version_consistency_checker.rb +129 -0
data/lib/rosett_ai/workflow/audit_log.rb +86 -0
data/lib/rosett_ai/workflow/engine.rb +142 -0
data/lib/rosett_ai/workflow/manager.rb +82 -0
data/lib/rosett_ai/workflow/schema_validator.rb +71 -0
data/lib/rosett_ai/workflow/step_runner.rb +61 -0
data/lib/rosett_ai/workflow/steps/prompt_step.rb +62 -0
data/lib/rosett_ai/workflow/steps/rai_step.rb +74 -0
data/lib/rosett_ai/workflow/steps/shell_step.rb +53 -0
data/lib/rosett_ai/yaml_loader.rb +78 -0
data/lib/rosett_ai.rb +221 -0
data/lib/rubocop/cop/rosett_ai/shell_interpolation.rb +54 -0
data/lib/rubocop/cop/rosett_ai/unsafe_const_get.rb +60 -0
data/lib/rubocop/cop/rosett_ai/unsafe_send.rb +50 -0
data/lib/rubocop/cop/rosett_ai/unsafe_yaml_load.rb +40 -0
data/lib/rubocop/rosett_ai.rb +9 -0
data/lib/scripts/generated/docker_hub_tags.rb +126 -0
data/locales/.gitkeep +0 -0
data/locales/ar.yml +579 -0
data/locales/en.yml +571 -0
data/locales/fr.yml +567 -0
data/packaging/build-engine-deb.sh +81 -0
data/packaging/scripts/postinst +17 -0
data/packaging/scripts/postrm +19 -0
data/packaging/scripts/prerm +10 -0
data/packaging/wrapper.sh.template +38 -0
data/rosett-ai.gemspec +63 -0
data/rules/.gitkeep +0 -0
data/scripts/publish/pulp_upload.sh +123 -0
data/settings.json +29 -0
data/share/applications/be.neatnerds.rosettai.desktop +29 -0
data/share/dbus-1/interfaces/be.neatnerds.rosettai.xml +103 -0
data/share/dbus-1/services/be.neatnerds.rosettai.service +3 -0
data/share/templates/behaviour/criticalthinking.yml +69 -0
metadata +810 -0

data/lib/rosett_ai/mcp/admin/registry.rb ADDED Viewed

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    module Admin
+      # Registry of configured MCP servers.
+      #
+      # Manages discovery, storage, and querying of MCP server
+      # configurations from XDG-compliant paths.
+      #
+      # @author hugo
+      # @author claude
+      class Registry
+        CONFIG_DIR = '.config/rosett-ai/mcp/servers'
+        # @param config_dir [Pathname, nil] override config directory
+        def initialize(config_dir: nil)
+          @config_dir = config_dir || Pathname.new(Dir.home).join(CONFIG_DIR)
+        end
+        # Lists all registered MCP servers.
+        #
+        # @return [Array<Hash>] server entries with :name, :transport, :command/:url
+        def list
+          return [] unless @config_dir.directory?
+          @config_dir.glob('*.yml').filter_map { |path| load_server(path) }
+        end
+        # Finds a server by name.
+        #
+        # @param name [String] server name
+        # @return [Hash, nil] server entry or nil
+        def find(name)
+          list.find { |s| s[:name] == name }
+        end
+        # Adds a server configuration.
+        #
+        # @param config [Hash] server configuration
+        # @return [Pathname] path to the written file
+        def add(config)
+          FileUtils.mkdir_p(@config_dir)
+          name = config.fetch('name') { config.fetch(:name) }
+          path = @config_dir.join("#{name}.yml")
+          File.write(path, YAML.dump(stringify_keys(config)))
+          path
+        end
+        # Removes a server configuration.
+        #
+        # @param name [String] server name
+        # @return [Boolean] true if removed
+        def remove(name) # rubocop:disable Naming/PredicateMethod -- destructive action, not a predicate
+          path = @config_dir.join("#{name}.yml")
+          return false unless path.exist?
+          File.delete(path)
+          true
+        end
+        # Returns all server config file paths.
+        #
+        # @return [Array<Pathname>]
+        def config_paths
+          return [] unless @config_dir.directory?
+          @config_dir.glob('*.yml')
+        end
+        private
+        def load_server(path)
+          data = YAML.safe_load_file(path, permitted_classes: [Symbol])
+          return nil unless data.is_a?(Hash)
+          {
+            name: data['name'],
+            transport: data['transport'] || 'stdio',
+            command: data['command'],
+            url: data['url'],
+            args: data['args'],
+            env: data['env'],
+            source_file: path.to_s
+          }
+        rescue Psych::SyntaxError
+          nil
+        end
+        def stringify_keys(hash)
+          hash.transform_keys(&:to_s)
+        end
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/admin/schema_validator.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+require 'json_schemer'
+module RosettAi
+  module Mcp
+    module Admin
+      # Validates MCP server configurations against JSON Schema.
+      #
+      # Uses conf/schemas/mcp_server_schema.json for validation.
+      #
+      # @author hugo
+      # @author claude
+      class SchemaValidator
+        # @param schema_path [Pathname, nil] override schema file path
+        def initialize(schema_path: nil)
+          @schema_path = schema_path || RosettAi.root.join('conf', 'schemas', 'mcp_server_schema.json')
+        end
+        # Validates a server configuration hash.
+        #
+        # @param server [Hash] server configuration
+        # @return [Hash] result with :valid and :errors keys
+        def validate(server)
+          schema = load_schema
+          return { valid: true, errors: [] } unless schema
+          data = normalize(server)
+          errors = schema.validate(data).map { |e| e['error'] }
+          { valid: errors.empty?, errors: errors }
+        end
+        # Validates all servers in a registry.
+        #
+        # @param registry [Registry] server registry
+        # @return [Array<Hash>] validation results
+        def validate_all(registry)
+          registry.list.map do |server|
+            result = validate(server)
+            result.merge(name: server[:name])
+          end
+        end
+        private
+        def load_schema
+          return nil unless @schema_path.exist?
+          data = JSON.parse(File.read(@schema_path))
+          JSONSchemer.schema(data)
+        end
+        def normalize(server)
+          server.transform_keys(&:to_s).compact
+        end
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/enforcement/.gitkeep ADDED Viewed

File without changes

data/lib/rosett_ai/mcp/enforcement/hook_generator.rb ADDED Viewed

@@ -0,0 +1,197 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+require 'time'
+module RosettAi
+  module Mcp
+    module Enforcement
+      # Generates self-contained Ruby PreToolUse hook scripts from validated
+      # enforcement rules.
+      #
+      # Generated scripts are standalone — they require only Ruby stdlib (json)
+      # and have zero runtime dependency on rosett-ai. Each script includes:
+      # - YARD documentation
+      # - Human-readable header with generation metadata
+      # - AI client instructions comment block
+      # - Traceability (source behaviour, rule ID, version, generator version)
+      # - Enforcement logic: regex match on tool input, block/warn/log action
+      #
+      # @example Generate a hook script for validated rules
+      #   generator = HookGenerator.new
+      #   script = generator.generate(validated_rules, behaviour_name: 'session_optimization',
+      #                                                behaviour_version: '1.0.0')
+      #
+      # @author hugo
+      # @author claude
+      class HookGenerator
+        # Generates a complete PreToolUse hook script from validated rules.
+        #
+        # @param rules [Array<Hash>] validated rules from {Validator}, each with
+        #   :rule_id, :behaviour, :pattern, :applies_to, :action, :message,
+        #   :priority, :description
+        # @param behaviour_name [String] source behaviour name
+        # @param behaviour_version [String] source behaviour version
+        # @return [String] complete Ruby hook script
+        def generate(rules, behaviour_name:, behaviour_version:)
+          timestamp = Time.now.utc.iso8601
+          parts = []
+          parts << shebang_and_magic
+          parts << yard_documentation(rules)
+          parts << traceability_header(behaviour_name, behaviour_version, rules, timestamp)
+          parts << ai_client_instructions
+          parts << rule_constant(rules)
+          parts << enforcement_body
+          parts.join("\n")
+        end
+        private
+        # @return [String]
+        def shebang_and_magic
+          <<~RUBY
+            #!/usr/bin/env ruby
+            # frozen_string_literal: true
+          RUBY
+        end
+        # Generates YARD documentation block for the hook script.
+        #
+        # @param rules [Array<Hash>]
+        # @return [String]
+        def yard_documentation(rules)
+          rule_list = rules.map { |r| "#   - #{r[:behaviour]}/#{r[:rule_id]} (P#{r[:priority]})" }
+          <<~RUBY
+            # @title Rosett-AI Enforcement Hook
+            # @description Auto-generated PreToolUse hook that enforces behaviour rules
+            #   by matching tool input against regex patterns. Self-contained — no
+            #   external gem dependencies.
+            #
+            # @note This file is auto-generated by rosett-ai. Do not edit manually.
+            #   Re-generate with: raictl mcp tool rai_hook_install
+            #
+            # Enforced rules:
+            #{rule_list.join("\n")}
+          RUBY
+        end
+        # Generates traceability header with generation metadata.
+        #
+        # @param behaviour_name [String]
+        # @param behaviour_version [String]
+        # @param rules [Array<Hash>]
+        # @param timestamp [String]
+        # @return [String]
+        def traceability_header(behaviour_name, behaviour_version, rules, timestamp)
+          <<~RUBY
+            # --- Traceability ---
+            # Source behaviour: #{behaviour_name}
+            # Behaviour version: #{behaviour_version}
+            # Generator: rosett-ai v#{RosettAi::VERSION}
+            # Generated at: #{timestamp}
+            # Rule count: #{rules.size}
+            # Rule IDs: #{rules.map { |r| r[:rule_id] }.join(', ')}
+          RUBY
+        end
+        # @return [String]
+        def ai_client_instructions
+          <<~RUBY
+            # --- AI Client Instructions ---
+            # This hook is a Claude Code PreToolUse hook. It reads JSON from stdin
+            # describing the tool invocation, checks the input against enforcement
+            # rules, and exits with:
+            #   exit 0  — tool call allowed (or warn/log mode)
+            #   exit 2  — tool call blocked (block mode, non-zero = reject)
+            # Stderr output is shown to the user as hook feedback.
+            # Do NOT modify this file — re-generate via rai_hook_install.
+          RUBY
+        end
+        # Generates the RULES constant with validated rule data.
+        #
+        # @param rules [Array<Hash>]
+        # @return [String]
+        def rule_constant(rules)
+          entries = rules.map { |r| format_rule_entry(r) }
+          <<~RUBY
+            RULES = [
+            #{entries.join(",\n")}
+            ].freeze
+          RUBY
+        end
+        # Formats a single rule entry for the RULES constant.
+        #
+        # @param rule [Hash]
+        # @return [String]
+        def format_rule_entry(rule)
+          desc = sanitize_string(rule[:description], 80)
+          msg = sanitize_string(rule[:message].to_s, 120)
+          tools = rule[:applies_to].map { |t| "'#{sanitize_string(t, 40)}'" }.join(', ')
+          behaviour = sanitize_string(rule[:behaviour], 100)
+          rule_id = sanitize_string(rule[:rule_id], 40)
+          [
+            "  { behaviour: '#{behaviour}',",
+            "    rule_id: '#{rule_id}',",
+            "    priority: #{rule[:priority]},",
+            "    pattern: #{format_regex(rule[:pattern])},",
+            "    applies_to: [#{tools}],",
+            "    action: :#{rule[:action]},",
+            "    message: '#{msg}',",
+            "    description: '#{desc}' }"
+          ].join("\n  ")
+        end
+        # Formats a pattern string as a Regexp literal for the generated script.
+        #
+        # @param pattern [String]
+        # @return [String]
+        def format_regex(pattern)
+          "/#{pattern.gsub('/', '\\/')}/"
+        end
+        # Sanitizes a string for safe embedding in single-quoted Ruby strings.
+        # Backslashes must be escaped before quotes to avoid double-escaping.
+        #
+        # @param value [String]
+        # @param max_length [Integer]
+        # @return [String]
+        def sanitize_string(value, max_length)
+          value.to_s.tr("\n", ' ').strip[0, max_length].gsub('\\', '\\\\\\\\').gsub("'", "\\\\'")
+        end
+        # Generates the runtime enforcement logic body.
+        # Uses non-interpolating heredoc — this code runs at hook time, not generation time.
+        #
+        # @return [String]
+        def enforcement_body
+          <<~'RUBY'
+            require 'json'
+            input = JSON.parse($stdin.read)
+            tool_name = input['tool_name'].to_s
+            tool_input = input['tool_input'].to_s
+            violations = RULES.select do |rule|
+              rule[:applies_to].include?(tool_name) && rule[:pattern].match?(tool_input)
+            end
+            exit 0 if violations.empty?
+            violations.sort_by { |v| -v[:priority] }.each do |v|
+              $stderr.puts "[rai-enforce] #{v[:behaviour]}/#{v[:rule_id]} " \
+                           "(P#{v[:priority]}, #{v[:action]}): #{v[:message].empty? ? v[:description] : v[:message]}"
+            end
+            # Block if any violation has action :block
+            blocked = violations.any? { |v| v[:action] == :block }
+            exit(blocked ? 2 : 0)
+          RUBY
+        end
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/enforcement/validator.rb ADDED Viewed

@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    module Enforcement
+      # Validates enforcement blocks in behaviour rules.
+      #
+      # Checks each rule's enforcement block for correctness:
+      # - pattern present and compilable as regex
+      # - pattern not degenerate (would match everything)
+      # - applies_to present and non-empty
+      # - action is a valid enum value
+      #
+      # Invalid enforceable rules are downgraded to advisory with warnings.
+      # Rules without enforcement blocks are skipped (backward compatible).
+      #
+      # @example
+      #   validator = Validator.new
+      #   result = validator.validate(behaviour_data)
+      #   result[:valid]       # => [{ rule_id: "rule_001", ... }]
+      #   result[:downgraded]  # => [{ rule_id: "rule_002", reason: "..." }]
+      #   result[:skipped]     # => [{ rule_id: "rule_003" }]
+      #
+      # @author hugo
+      # @author claude
+      class Validator
+        VALID_TYPES = ['enforceable', 'advisory', 'informational'].freeze
+        VALID_ACTIONS = ['block', 'warn', 'log'].freeze
+        # Patterns that match everything or nearly everything — unsafe for hooks.
+        DEGENERATE_PATTERNS = [
+          /\A\.\*\z/,       # .*
+          /\A\.\+\z/,       # .+
+          /\A\\s\*\z/,      # \s*
+          /\A\\S\*\z/,      # \S*
+          /\A\\s\+\z/,      # \s+
+          /\A\\S\+\z/,      # \S+
+          /\A\.\*\?\z/,     # .*?
+          /\A\.\+\?\z/,     # .+?
+          /\A\(\.\*\)\z/,   # (.*)
+          /\A\(\.\+\)\z/    # (.+)
+        ].freeze
+        # @!attribute [r] behaviour
+        #   @return [String] behaviour name for error messages
+        # @!attribute [r] rule_id
+        #   @return [String] current rule ID for error messages
+        RuleContext = Struct.new(:behaviour, :rule_id)
+        # Validates all enforcement blocks in a behaviour.
+        #
+        # @param behaviour [Hash] parsed behaviour YAML data
+        # @return [Hash] result with :valid, :downgraded, :skipped, :errors keys
+        def validate(behaviour)
+          @result = { valid: [], downgraded: [], skipped: [], errors: [] }
+          rules = behaviour['rules']
+          return @result unless rules.is_a?(Array)
+          behaviour_name = behaviour['name'].to_s
+          rules.each { |rule| validate_rule(rule, behaviour_name) }
+          @result
+        end
+        private
+        # Validates a single rule's enforcement block.
+        #
+        # @param rule [Hash] rule data from behaviour YAML
+        # @param behaviour_name [String] parent behaviour name
+        def validate_rule(rule, behaviour_name)
+          return unless rule.is_a?(Hash)
+          ctx = RuleContext.new(behaviour: behaviour_name, rule_id: rule['id'].to_s)
+          enforcement = rule['enforcement']
+          unless enforcement.is_a?(Hash)
+            @result[:skipped] << { rule_id: ctx.rule_id, behaviour: ctx.behaviour }
+            return
+          end
+          classify_enforcement(rule, enforcement, ctx)
+        end
+        # Classifies a rule that has an enforcement block.
+        #
+        # @param rule [Hash]
+        # @param enforcement [Hash]
+        # @param ctx [RuleContext]
+        def classify_enforcement(rule, enforcement, ctx)
+          type = enforcement['type'].to_s
+          unless VALID_TYPES.include?(type)
+            @result[:errors] << { rule_id: ctx.rule_id, behaviour: ctx.behaviour,
+                                  reason: "invalid enforcement type '#{type}' " \
+                                          "(must be one of: #{VALID_TYPES.join(', ')})" }
+            return
+          end
+          return record_non_enforceable(rule, ctx, type) unless type == 'enforceable'
+          validate_enforceable(rule, enforcement, ctx)
+        end
+        # Validates and classifies an enforceable rule.
+        #
+        # @param rule [Hash]
+        # @param enforcement [Hash]
+        # @param ctx [RuleContext]
+        def validate_enforceable(rule, enforcement, ctx)
+          warnings = collect_warnings(enforcement, ctx)
+          if warnings.empty?
+            @result[:valid] << build_valid_entry(rule, enforcement, ctx)
+          else
+            @result[:downgraded] << { rule_id: ctx.rule_id, behaviour: ctx.behaviour,
+                                      original_type: 'enforceable', downgraded_to: 'advisory',
+                                      warnings: warnings }
+          end
+        end
+        # Records advisory/informational rules (no field validation needed).
+        #
+        # @param rule [Hash]
+        # @param ctx [RuleContext]
+        # @param type [String]
+        def record_non_enforceable(rule, ctx, type)
+          @result[:valid] << { rule_id: rule['id'].to_s, behaviour: ctx.behaviour, type: type }
+        end
+        # Collects all warnings for an enforceable enforcement block.
+        #
+        # @param enforcement [Hash] the enforcement block
+        # @param ctx [RuleContext]
+        # @return [Array<String>]
+        def collect_warnings(enforcement, ctx)
+          prefix = "#{ctx.behaviour}/#{ctx.rule_id}"
+          [].concat(check_pattern(enforcement['pattern'], prefix))
+            .concat(check_applies_to(enforcement['applies_to'], prefix))
+            .concat(check_action(enforcement['action'], prefix))
+        end
+        # Validates the pattern field.
+        #
+        # @param pattern [String, nil]
+        # @param prefix [String] error message prefix
+        # @return [Array<String>]
+        def check_pattern(pattern, prefix)
+          return ["#{prefix}: pattern missing or empty"] if pattern.nil? || blank?(pattern)
+          Regexp.new(pattern)
+          return ["#{prefix}: pattern '#{pattern}' is degenerate (matches everything)"] if degenerate?(pattern)
+          []
+        rescue RegexpError => e
+          ["#{prefix}: pattern does not compile: #{e.message}"]
+        end
+        # Validates the applies_to field.
+        #
+        # @param applies_to [Array, nil]
+        # @param prefix [String] error message prefix
+        # @return [Array<String>]
+        def check_applies_to(applies_to, prefix)
+          return ["#{prefix}: applies_to missing or empty"] unless applies_to.is_a?(Array) && !applies_to.empty?
+          []
+        end
+        # Validates the action field.
+        #
+        # @param action [String, nil]
+        # @param prefix [String] error message prefix
+        # @return [Array<String>]
+        def check_action(action, prefix)
+          return [] if VALID_ACTIONS.include?(action)
+          allowed = VALID_ACTIONS.join(', ')
+          ["#{prefix}: action '#{action}' invalid (must be one of: #{allowed})"]
+        end
+        # Tests whether a string is blank (nil, empty, or whitespace-only).
+        #
+        # @param value [String]
+        # @return [Boolean]
+        def blank?(value)
+          value.is_a?(String) && value.strip.empty?
+        end
+        # Tests whether a pattern is degenerate (matches everything).
+        #
+        # @param pattern [String] regex pattern string
+        # @return [Boolean]
+        def degenerate?(pattern)
+          DEGENERATE_PATTERNS.any? { |dp| dp.match?(pattern.strip) }
+        end
+        # Builds a valid entry hash for an enforceable rule.
+        #
+        # @param rule [Hash]
+        # @param enforcement [Hash]
+        # @param ctx [RuleContext]
+        # @return [Hash]
+        def build_valid_entry(rule, enforcement, ctx)
+          { rule_id: ctx.rule_id, behaviour: ctx.behaviour, type: 'enforceable',
+            pattern: enforcement['pattern'], applies_to: enforcement['applies_to'],
+            action: enforcement['action'], message: enforcement['message'],
+            priority: rule['priority'] || 0, description: rule['description'].to_s.strip }
+        end
+      end
+    end
+  end
+end