RubyGems - rosett-ai - Versions diffs - 1.3.3 - Mend

rosett-ai 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (527) hide show

checksums.yaml +7 -0
data/.ai-provenance.yml +119 -0
data/.debride_whitelist +186 -0
data/.fasterer.yml +29 -0
data/.mdl_style.rb +10 -0
data/.mdlrc +3 -0
data/.mutant.yml +49 -0
data/.namespace-allowlist +42 -0
data/.reek.yml +1040 -0
data/.rosett-ai/config.yml +3 -0
data/.rspec +5 -0
data/.rubocop.yml +380 -0
data/.ruby-version +1 -0
data/.yamllint +51 -0
data/.yardopts +12 -0
data/AI-DISCLOSURE.md +48 -0
data/CHANGELOG.md +519 -0
data/CLAUDE.md +141 -0
data/CONTRIBUTING.md +734 -0
data/INSTALL.md +154 -0
data/LICENSE +674 -0
data/LICENSE.md +675 -0
data/QUICKSTART.md +73 -0
data/README.md +366 -0
data/Rakefile +200 -0
data/SECURITY.md +114 -0
data/bin/rai +1 -0
data/cliff.toml +52 -0
data/conf/adopt_redactions.yml +8 -0
data/conf/behaviour/.gitkeep +0 -0
data/conf/compliance/cra_rules.yml +25 -0
data/conf/compliance/license_rules.yml +20 -0
data/conf/design/aaif_alignment.yml +181 -0
data/conf/design/ab_testing.yml +172 -0
data/conf/design/accessibility.yml +84 -0
data/conf/design/ai_authorship.yml +210 -0
data/conf/design/ai_provenance.yml +224 -0
data/conf/design/ai_tool_configuration.yml +207 -0
data/conf/design/architecture.yml +139 -0
data/conf/design/autocompletion.yml +115 -0
data/conf/design/backward_compatibility.yml +112 -0
data/conf/design/behaviour_composition.yml +246 -0
data/conf/design/build_rake_extraction.yml +57 -0
data/conf/design/ci_pipeline.yml +100 -0
data/conf/design/claude_code_configuration.yml +157 -0
data/conf/design/compiler.yml +128 -0
data/conf/design/comply.yml +153 -0
data/conf/design/content_packs.yml +84 -0
data/conf/design/desktop_integration.yml +289 -0
data/conf/design/distribution.yml +216 -0
data/conf/design/doctor.yml +184 -0
data/conf/design/documentation.yml +152 -0
data/conf/design/engine_architecture.yml +257 -0
data/conf/design/error_handling.yml +103 -0
data/conf/design/feature_flags.yml +142 -0
data/conf/design/git_hooks.yml +165 -0
data/conf/design/gui_plugins.yml +475 -0
data/conf/design/i18n.yml +84 -0
data/conf/design/integration_testing.yml +56 -0
data/conf/design/licensing_system.yml +88 -0
data/conf/design/lifecycle_management.yml +208 -0
data/conf/design/mcp_integration.yml +207 -0
data/conf/design/mcp_settings.yml +126 -0
data/conf/design/migration.yml +56 -0
data/conf/design/monitoring_observability.yml +194 -0
data/conf/design/namespace_cleanup.yml +145 -0
data/conf/design/plugin_test_segregation.yml +145 -0
data/conf/design/policy_management.yml +229 -0
data/conf/design/project_management.yml +183 -0
data/conf/design/rai_mcp_asset_discovery.yml +164 -0
data/conf/design/rai_mcp_server.yml +605 -0
data/conf/design/release_management.yml +117 -0
data/conf/design/retrofit.yml +199 -0
data/conf/design/retrospective_analyzer.yml +79 -0
data/conf/design/scope_hierarchy.yml +352 -0
data/conf/design/security.yml +115 -0
data/conf/design/session_retrospective.yml +85 -0
data/conf/design/smart_ui_feedback.yml +89 -0
data/conf/design/structured_logging.yml +148 -0
data/conf/design/styles.yml +123 -0
data/conf/design/test_peer_review.yml +89 -0
data/conf/design/testing.yml +136 -0
data/conf/design/threat_model.yml +108 -0
data/conf/design/ui_framework.yml +111 -0
data/conf/design/usage_optimization.yml +122 -0
data/conf/design/version_management.yml +60 -0
data/conf/design/workflow.yml +227 -0
data/conf/mcp/server_defaults.yml +42 -0
data/conf/mcp/trust.yml +21 -0
data/conf/packaging/core.yml +12 -0
data/conf/packaging/gtk4.yml +11 -0
data/conf/packaging/qt6.yml +11 -0
data/conf/policy/default_deny_list.yml +197 -0
data/conf/review/cli-command-audit.yml +857 -0
data/conf/review/design-docs.yml +1064 -0
data/conf/review/design-questionnaire.yml +153 -0
data/conf/review/questionnaire.yml +146 -0
data/conf/review/rosett-ai-core.yml +2919 -0
data/conf/schemas/ai_config_schema.json +73 -0
data/conf/schemas/behaviour_schema.json +132 -0
data/conf/schemas/compliance_rule_schema.json +63 -0
data/conf/schemas/content_pack_manifest_schema.json +51 -0
data/conf/schemas/design_schema.json +210 -0
data/conf/schemas/engine_manifest_schema.json +144 -0
data/conf/schemas/lockfile_schema.json +74 -0
data/conf/schemas/mcp_server_schema.json +48 -0
data/conf/schemas/packaging_schema.json +70 -0
data/conf/schemas/policy_schema.json +85 -0
data/conf/schemas/provenance_schema.json +84 -0
data/conf/schemas/rai_config_schema.json +56 -0
data/conf/schemas/rai_project_schema.json +20 -0
data/conf/schemas/scope_hierarchy_schema.json +49 -0
data/conf/schemas/target_schema.json +67 -0
data/conf/schemas/tooling_schema.json +65 -0
data/conf/schemas/workflow_schema.json +112 -0
data/conf/targets/agents_md.yml +17 -0
data/conf/targets/claude.yml +12 -0
data/conf/tooling/tools.yml +58 -0
data/dist/rosett-ai-mcp.service +48 -0
data/dist/rosett-ai-mcp.yml.default +45 -0
data/doc/AAIF_POSITIONING.md +58 -0
data/doc/ADOPT.md +224 -0
data/doc/AI_PROVENANCE.md +139 -0
data/doc/ARCHITECTURE.md +920 -0
data/doc/BEHAVIOUR.md +409 -0
data/doc/BUILD.md +138 -0
data/doc/CI_CD_RECIPES.md +171 -0
data/doc/CLAUDE_SESSIONS_MOVED.md +16 -0
data/doc/COMMAND_ANALYSIS.md +229 -0
data/doc/CONFIGURATION.md +281 -0
data/doc/DESIGN_AUDIT.md +235 -0
data/doc/DESIGN_PEER_REVIEW.md +771 -0
data/doc/DESKTOP.md +447 -0
data/doc/ENGINES.md +567 -0
data/doc/ENGINE_DEVELOPMENT_GUIDE.md +417 -0
data/doc/FEATURE_AUDIT.md +218 -0
data/doc/IMPLEMENTATION_PLAN.md +669 -0
data/doc/INCIDENT_REPORT_2026-02-02.md +251 -0
data/doc/MIGRATION_GUIDE.md +88 -0
data/doc/PACKAGING.md +232 -0
data/doc/PROJECT_DASHBOARD.md +153 -0
data/doc/PULP_DEPLOYMENT.md +164 -0
data/doc/QUALITY_FIX_SUMMARY.md +110 -0
data/doc/QUICK_START.md +162 -0
data/doc/REEK_CONFIGURATION.md +166 -0
data/doc/REFERENCE.md +253 -0
data/doc/REFERENCES.md +324 -0
data/doc/SECURITY_REVIEW_CHECKLIST.md +72 -0
data/doc/SESSION_2026-02-28_GTK4_HARDENING.md +359 -0
data/doc/SETUP.md +202 -0
data/doc/TEST_PEER_REVIEW.md +152 -0
data/doc/THREAT_MODEL.md +230 -0
data/doc/USAGE.md +545 -0
data/doc/USER_MANUAL.md +585 -0
data/doc/ai_test_review_checklist.md +110 -0
data/doc/changes/2026-02-18-packaging-fpm.md +155 -0
data/doc/changes/2026-02-19-testing-infrastructure.md +221 -0
data/doc/changes/2026-02-20-security-implementation.md +281 -0
data/doc/changes/2026-02-20-styles-implementation.md +220 -0
data/doc/changes/2026-02-21-architecture-completion.md +95 -0
data/doc/changes/2026-02-21-architecture-ui-layer.md +253 -0
data/doc/changes/2026-02-21-cc-config-implementation.md +108 -0
data/doc/changes/2026-02-21-ci-pipeline-implementation.md +214 -0
data/doc/changes/2026-02-21-compiler-multi-target-pipeline.md +241 -0
data/doc/changes/2026-02-21-config-design-show-commands.md +61 -0
data/doc/changes/2026-02-21-design-implementation-overview.md +455 -0
data/doc/changes/2026-02-21-lifecycle-management.md +196 -0
data/doc/changes/2026-02-21-path-resolver.md +128 -0
data/doc/changes/2026-02-24-ci-tmpdir-mutant-fetch.md +45 -0
data/doc/changes/2026-03-01-ci-bundler-strategy.md +120 -0
data/doc/changes/2026-03-20-security-hardening-phase2.md +163 -0
data/doc/context/SESSION-HANDOFF.md +69 -0
data/doc/context/ai-engine-usage-trends-2026.md +80 -0
data/doc/context/plan-pluggable-engines.md +590 -0
data/doc/decisions/001-flog-deferred.md +32 -0
data/doc/decisions/002-path-resolution-strategy.md +158 -0
data/doc/decisions/003-ui-adapter-selection.md +193 -0
data/doc/decisions/004-design-document-validation.md +179 -0
data/doc/decisions/005-package-splitting-strategy.md +200 -0
data/doc/decisions/006-multi-engine-architecture.md +147 -0
data/doc/decisions/007-engine-agnostic-pivot.md +219 -0
data/doc/decisions/008-ci-bundler-strategy.md +129 -0
data/doc/decisions/009-core-only-v1-release.md +60 -0
data/doc/decisions/010-engine-debian-packaging.md +66 -0
data/doc/decisions/011-context-aware-cli.md +71 -0
data/doc/dependency_decisions.yml +247 -0
data/doc/issues/001-wrapper-missing-environment-variables.md +197 -0
data/doc/issues/002-embedded-ruby-wrong-prefix.md +217 -0
data/doc/issues/003-smoke-test-false-positive.md +127 -0
data/doc/issues/004-market-research-design-updates.md +109 -0
data/doc/issues/005-compile-scope-coexistence.md +161 -0
data/doc/locales/.gitkeep +0 -0
data/doc/man/rai.1.ronn +505 -0
data/doc/operations/packaging.md +133 -0
data/doc/operations/rosett-ai-release.md +65 -0
data/doc/reference/error-catalog.md +107 -0
data/doc/reference/rosett-ai-technical-reference.pdf +0 -0
data/doc/reference/src/Pictures/cover.jpg +0 -0
data/doc/reference/src/Pictures/head1.jpg +0 -0
data/doc/reference/src/Pictures/head2.jpg +0 -0
data/doc/reference/src/Pictures/head3.jpg +0 -0
data/doc/reference/src/Pictures/head4.jpg +0 -0
data/doc/reference/src/Pictures/head5.jpg +0 -0
data/doc/reference/src/Pictures/head6.jpg +0 -0
data/doc/reference/src/Pictures/head7.jpg +0 -0
data/doc/reference/src/Pictures/head8.jpg +0 -0
data/doc/reference/src/StyleInd.ist +4 -0
data/doc/reference/src/bibliography.bib +79 -0
data/doc/reference/src/main.tex +1288 -0
data/doc/reference/src/structure.tex +303 -0
data/doc/rosett-ai-bookmarks.html +301 -0
data/kitchen.yml +46 -0
data/lib/rosett_ai/adopter/executor_resolver.rb +77 -0
data/lib/rosett_ai/adopter/local_analysis_collector.rb +154 -0
data/lib/rosett_ai/adopter/rule_adopter.rb +254 -0
data/lib/rosett_ai/ai_config/config_compiler.rb +111 -0
data/lib/rosett_ai/ai_config/context_window.rb +55 -0
data/lib/rosett_ai/ai_config/cost_controls.rb +44 -0
data/lib/rosett_ai/ai_config/fallback_chain.rb +64 -0
data/lib/rosett_ai/ai_config/model_router.rb +121 -0
data/lib/rosett_ai/ai_config/validator.rb +45 -0
data/lib/rosett_ai/authorship/attribution_compiler.rb +99 -0
data/lib/rosett_ai/authorship/disclosure_policy.rb +81 -0
data/lib/rosett_ai/authorship/review_validator.rb +39 -0
data/lib/rosett_ai/authorship/trailer_generator.rb +88 -0
data/lib/rosett_ai/backup/compressor.rb +180 -0
data/lib/rosett_ai/backup/destination.rb +91 -0
data/lib/rosett_ai/behaviour/manager.rb +156 -0
data/lib/rosett_ai/compiler/backend.rb +86 -0
data/lib/rosett_ai/compiler/backends/agents_md_backend.rb +80 -0
data/lib/rosett_ai/compiler/backends/claude_backend.rb +88 -0
data/lib/rosett_ai/compiler/backends/generic_backend.rb +15 -0
data/lib/rosett_ai/compiler/behaviour_compiler.rb +40 -0
data/lib/rosett_ai/compiler/capability_checker.rb +104 -0
data/lib/rosett_ai/compiler/compilation_pipeline.rb +361 -0
data/lib/rosett_ai/compiler/compiled_output.rb +39 -0
data/lib/rosett_ai/compiler/locale_compiler.rb +250 -0
data/lib/rosett_ai/compiler/target_profile.rb +112 -0
data/lib/rosett_ai/completion/generator.rb +101 -0
data/lib/rosett_ai/completion/shells/bash_generator.rb +126 -0
data/lib/rosett_ai/completion/shells/fish_generator.rb +78 -0
data/lib/rosett_ai/completion/shells/zsh_generator.rb +126 -0
data/lib/rosett_ai/comply/checkers/cra_checker.rb +102 -0
data/lib/rosett_ai/comply/checkers/license_checker.rb +85 -0
data/lib/rosett_ai/comply/checkers/spdx_header_checker.rb +98 -0
data/lib/rosett_ai/comply/reporter.rb +113 -0
data/lib/rosett_ai/comply/runner.rb +50 -0
data/lib/rosett_ai/composition/circular_dependency_detector.rb +56 -0
data/lib/rosett_ai/composition/composer.rb +158 -0
data/lib/rosett_ai/composition/composition_result.rb +64 -0
data/lib/rosett_ai/composition/conflict_detector.rb +53 -0
data/lib/rosett_ai/composition/lockfile.rb +103 -0
data/lib/rosett_ai/composition/merge_strategy.rb +131 -0
data/lib/rosett_ai/composition/priority_sorter.rb +29 -0
data/lib/rosett_ai/composition/scope_resolver.rb +55 -0
data/lib/rosett_ai/config/compile_result.rb +37 -0
data/lib/rosett_ai/config/compiler.rb +13 -0
data/lib/rosett_ai/config/domain_transformer.rb +13 -0
data/lib/rosett_ai/config/key_map.rb +13 -0
data/lib/rosett_ai/config/masking_secret_resolver.rb +40 -0
data/lib/rosett_ai/config/scope_router.rb +13 -0
data/lib/rosett_ai/config/secret_resolver.rb +125 -0
data/lib/rosett_ai/configuration.rb +119 -0
data/lib/rosett_ai/content/content_client.rb +60 -0
data/lib/rosett_ai/content/pack_installer.rb +117 -0
data/lib/rosett_ai/content/pack_manifest.rb +50 -0
data/lib/rosett_ai/content/pack_registry.rb +68 -0
data/lib/rosett_ai/content_packs/manager.rb +50 -0
data/lib/rosett_ai/dbus/compositor_detector.rb +77 -0
data/lib/rosett_ai/dbus/focus_adapters/base.rb +59 -0
data/lib/rosett_ai/dbus/focus_adapters/gnome_adapter.rb +172 -0
data/lib/rosett_ai/dbus/focus_adapters/hyprland_adapter.rb +77 -0
data/lib/rosett_ai/dbus/focus_adapters/i3_adapter.rb +65 -0
data/lib/rosett_ai/dbus/focus_adapters/kwin_adapter.rb +103 -0
data/lib/rosett_ai/dbus/focus_adapters/x11_adapter.rb +105 -0
data/lib/rosett_ai/dbus/focus_monitor_interface.rb +103 -0
data/lib/rosett_ai/dbus/manager_interface.rb +213 -0
data/lib/rosett_ai/dbus/plugin_manager_interface.rb +169 -0
data/lib/rosett_ai/dbus/rate_limiter.rb +89 -0
data/lib/rosett_ai/dbus/service.rb +121 -0
data/lib/rosett_ai/dbus/status_notifier_interface.rb +79 -0
data/lib/rosett_ai/deprecation.rb +79 -0
data/lib/rosett_ai/desktop/dbus_client.rb +259 -0
data/lib/rosett_ai/desktop/gtk4_app.rb +371 -0
data/lib/rosett_ai/desktop/gtk4_preferences.rb +331 -0
data/lib/rosett_ai/desktop/gui_logger.rb +236 -0
data/lib/rosett_ai/doctor/check.rb +92 -0
data/lib/rosett_ai/doctor/checks/cache_health_check.rb +50 -0
data/lib/rosett_ai/doctor/checks/dbus_availability_check.rb +39 -0
data/lib/rosett_ai/doctor/checks/engine_detection_check.rb +46 -0
data/lib/rosett_ai/doctor/checks/file_permission_check.rb +44 -0
data/lib/rosett_ai/doctor/checks/gem_dependency_check.rb +55 -0
data/lib/rosett_ai/doctor/checks/ruby_version_check.rb +50 -0
data/lib/rosett_ai/doctor/checks/stale_config_nncc_check.rb +57 -0
data/lib/rosett_ai/doctor/checks/stale_home_nncc_check.rb +59 -0
data/lib/rosett_ai/doctor.rb +81 -0
data/lib/rosett_ai/documentation/reference_compiler.rb +122 -0
data/lib/rosett_ai/documentation/translator.rb +62 -0
data/lib/rosett_ai/engines/base_config_compiler.rb +203 -0
data/lib/rosett_ai/engines/detector.rb +63 -0
data/lib/rosett_ai/engines/registry.rb +50 -0
data/lib/rosett_ai/error_handler.rb +139 -0
data/lib/rosett_ai/exit_codes.rb +76 -0
data/lib/rosett_ai/feature_flags.rb +102 -0
data/lib/rosett_ai/formatting.rb +33 -0
data/lib/rosett_ai/gem_consistency_checker.rb +199 -0
data/lib/rosett_ai/git_hooks/chain_detector.rb +86 -0
data/lib/rosett_ai/git_hooks/installer.rb +175 -0
data/lib/rosett_ai/git_hooks/script_generator.rb +125 -0
data/lib/rosett_ai/gitlab/validators/supplementary_gitlab_ci_yaml_validator.rb +79 -0
data/lib/rosett_ai/i18n/locale_resolver.rb +46 -0
data/lib/rosett_ai/i18n/utf8_checker.rb +32 -0
data/lib/rosett_ai/init/config_file_writer.rb +24 -0
data/lib/rosett_ai/init/directory_builder.rb +38 -0
data/lib/rosett_ai/init/file_copier.rb +95 -0
data/lib/rosett_ai/init/global_initializer.rb +28 -0
data/lib/rosett_ai/init/local_initializer.rb +27 -0
data/lib/rosett_ai/init/mcp_registrar.rb +109 -0
data/lib/rosett_ai/init/project_initializer.rb +38 -0
data/lib/rosett_ai/licensing/license_key.rb +139 -0
data/lib/rosett_ai/licensing/license_store.rb +64 -0
data/lib/rosett_ai/licensing/license_validator.rb +60 -0
data/lib/rosett_ai/licensing/tier.rb +42 -0
data/lib/rosett_ai/mcp/admin/auditor.rb +88 -0
data/lib/rosett_ai/mcp/admin/health_checker.rb +81 -0
data/lib/rosett_ai/mcp/admin/registry.rb +100 -0
data/lib/rosett_ai/mcp/admin/schema_validator.rb +63 -0
data/lib/rosett_ai/mcp/enforcement/.gitkeep +0 -0
data/lib/rosett_ai/mcp/enforcement/hook_generator.rb +197 -0
data/lib/rosett_ai/mcp/enforcement/validator.rb +215 -0
data/lib/rosett_ai/mcp/governance.rb +160 -0
data/lib/rosett_ai/mcp/http_security_config.rb +158 -0
data/lib/rosett_ai/mcp/instructions.rb +266 -0
data/lib/rosett_ai/mcp/key_hasher.rb +66 -0
data/lib/rosett_ai/mcp/keyfile.rb +221 -0
data/lib/rosett_ai/mcp/middleware/authentication.rb +146 -0
data/lib/rosett_ai/mcp/middleware/content_type.rb +56 -0
data/lib/rosett_ai/mcp/middleware/cors.rb +83 -0
data/lib/rosett_ai/mcp/middleware/origin_validation.rb +73 -0
data/lib/rosett_ai/mcp/middleware/rate_limit.rb +106 -0
data/lib/rosett_ai/mcp/middleware/request_size.rb +51 -0
data/lib/rosett_ai/mcp/plugins.rb +143 -0
data/lib/rosett_ai/mcp/prompts/compilation_prompt.rb +40 -0
data/lib/rosett_ai/mcp/prompts/compliance_prompt.rb +41 -0
data/lib/rosett_ai/mcp/prompts/diagnostics_prompt.rb +41 -0
data/lib/rosett_ai/mcp/prompts/validation_prompt.rb +41 -0
data/lib/rosett_ai/mcp/resources/behaviour_resource.rb +127 -0
data/lib/rosett_ai/mcp/resources/config_resource.rb +72 -0
data/lib/rosett_ai/mcp/resources/design_resource.rb +58 -0
data/lib/rosett_ai/mcp/resources/hooks_resource.rb +74 -0
data/lib/rosett_ai/mcp/resources/provenance_resource.rb +51 -0
data/lib/rosett_ai/mcp/resources/rules_resource.rb +60 -0
data/lib/rosett_ai/mcp/resources/schema_resource.rb +72 -0
data/lib/rosett_ai/mcp/response_helper.rb +46 -0
data/lib/rosett_ai/mcp/security_logger.rb +60 -0
data/lib/rosett_ai/mcp/server.rb +212 -0
data/lib/rosett_ai/mcp/settings/server_installer.rb +112 -0
data/lib/rosett_ai/mcp/settings/trust_manager.rb +142 -0
data/lib/rosett_ai/mcp/tools/adopt_tool.rb +70 -0
data/lib/rosett_ai/mcp/tools/backup_tool.rb +64 -0
data/lib/rosett_ai/mcp/tools/behaviour_display_tool.rb +72 -0
data/lib/rosett_ai/mcp/tools/behaviour_list_tool.rb +56 -0
data/lib/rosett_ai/mcp/tools/behaviour_manage_tool.rb +114 -0
data/lib/rosett_ai/mcp/tools/behaviour_show_tool.rb +62 -0
data/lib/rosett_ai/mcp/tools/compile_status_tool.rb +122 -0
data/lib/rosett_ai/mcp/tools/compile_tool.rb +191 -0
data/lib/rosett_ai/mcp/tools/comply_tool.rb +79 -0
data/lib/rosett_ai/mcp/tools/config_compile_tool.rb +71 -0
data/lib/rosett_ai/mcp/tools/config_status_tool.rb +79 -0
data/lib/rosett_ai/mcp/tools/content_tool.rb +78 -0
data/lib/rosett_ai/mcp/tools/context_query_tool.rb +156 -0
data/lib/rosett_ai/mcp/tools/design_list_tool.rb +57 -0
data/lib/rosett_ai/mcp/tools/design_show_tool.rb +69 -0
data/lib/rosett_ai/mcp/tools/doctor_tool.rb +62 -0
data/lib/rosett_ai/mcp/tools/documentation_status_tool.rb +45 -0
data/lib/rosett_ai/mcp/tools/engines_tool.rb +84 -0
data/lib/rosett_ai/mcp/tools/hook_install_tool.rb +190 -0
data/lib/rosett_ai/mcp/tools/hook_preview_tool.rb +173 -0
data/lib/rosett_ai/mcp/tools/hooks_status_tool.rb +84 -0
data/lib/rosett_ai/mcp/tools/init_tool.rb +87 -0
data/lib/rosett_ai/mcp/tools/license_status_tool.rb +44 -0
data/lib/rosett_ai/mcp/tools/project_tool.rb +117 -0
data/lib/rosett_ai/mcp/tools/provenance_tool.rb +97 -0
data/lib/rosett_ai/mcp/tools/provenance_write_tool.rb +40 -0
data/lib/rosett_ai/mcp/tools/retrofit_tool.rb +81 -0
data/lib/rosett_ai/mcp/tools/rule_search_tool.rb +163 -0
data/lib/rosett_ai/mcp/tools/schema_get_tool.rb +94 -0
data/lib/rosett_ai/mcp/tools/tooling_tool.rb +86 -0
data/lib/rosett_ai/mcp/tools/validate_tool.rb +105 -0
data/lib/rosett_ai/mcp/tools/workflow_execute_tool.rb +74 -0
data/lib/rosett_ai/mcp/tools/workflow_tool.rb +78 -0
data/lib/rosett_ai/migration/detector.rb +117 -0
data/lib/rosett_ai/migration/nncc_config_migrator.rb +94 -0
data/lib/rosett_ai/migration/nncc_project_migrator.rb +90 -0
data/lib/rosett_ai/migration/xdg_migrator.rb +123 -0
data/lib/rosett_ai/package_manager/apt.rb +108 -0
data/lib/rosett_ai/package_manager/base.rb +68 -0
data/lib/rosett_ai/package_manager/gem_backend.rb +90 -0
data/lib/rosett_ai/packaging/variant_config.rb +92 -0
data/lib/rosett_ai/path_resolver.rb +115 -0
data/lib/rosett_ai/plugins/contract.rb +43 -0
data/lib/rosett_ai/plugins/engine_contract.rb +60 -0
data/lib/rosett_ai/plugins/gui_contract.rb +74 -0
data/lib/rosett_ai/plugins/mcp_contract.rb +48 -0
data/lib/rosett_ai/plugins/registry.rb +150 -0
data/lib/rosett_ai/policy/auditor.rb +41 -0
data/lib/rosett_ai/policy/deny_list.rb +71 -0
data/lib/rosett_ai/policy/opt_out_scanner.rb +37 -0
data/lib/rosett_ai/policy/policy_compiler.rb +84 -0
data/lib/rosett_ai/policy/protected_files.rb +47 -0
data/lib/rosett_ai/policy/tier_hierarchy.rb +48 -0
data/lib/rosett_ai/policy/validator.rb +35 -0
data/lib/rosett_ai/profiler.rb +79 -0
data/lib/rosett_ai/project/drift_detector.rb +126 -0
data/lib/rosett_ai/project/manager.rb +115 -0
data/lib/rosett_ai/project/sync_manager.rb +138 -0
data/lib/rosett_ai/project/template_applier.rb +105 -0
data/lib/rosett_ai/project_context.rb +82 -0
data/lib/rosett_ai/provenance/entry.rb +63 -0
data/lib/rosett_ai/provenance/file_source.rb +32 -0
data/lib/rosett_ai/provenance/source.rb +62 -0
data/lib/rosett_ai/provenance/store.rb +153 -0
data/lib/rosett_ai/provenance/tracker.rb +62 -0
data/lib/rosett_ai/provenance/trailer_generator.rb +43 -0
data/lib/rosett_ai/provenance/validator.rb +45 -0
data/lib/rosett_ai/quorum/collector.rb +59 -0
data/lib/rosett_ai/quorum/comparator.rb +81 -0
data/lib/rosett_ai/quorum/dispatcher.rb +57 -0
data/lib/rosett_ai/quorum/strategies/adopt.rb +56 -0
data/lib/rosett_ai/rai_config.rb +107 -0
data/lib/rosett_ai/retrofit/base_parser.rb +66 -0
data/lib/rosett_ai/retrofit/engine.rb +171 -0
data/lib/rosett_ai/retrofit/parsers/agents_md_parser.rb +50 -0
data/lib/rosett_ai/retrofit/parsers/claude_parser.rb +69 -0
data/lib/rosett_ai/retrofit/parsers/cursor_parser.rb +82 -0
data/lib/rosett_ai/retrofit/round_trip_validator.rb +65 -0
data/lib/rosett_ai/retrofit/scanner.rb +47 -0
data/lib/rosett_ai/retrofit/secret_detector.rb +87 -0
data/lib/rosett_ai/secrets_resolver.rb +71 -0
data/lib/rosett_ai/smart_feedback/suggester.rb +83 -0
data/lib/rosett_ai/smart_feedback/thor_middleware.rb +84 -0
data/lib/rosett_ai/structured_logger.rb +110 -0
data/lib/rosett_ai/telemetry/json_lines_writer.rb +50 -0
data/lib/rosett_ai/telemetry/log_rotator.rb +67 -0
data/lib/rosett_ai/telemetry/provider.rb +26 -0
data/lib/rosett_ai/telemetry/reporter.rb +144 -0
data/lib/rosett_ai/telemetry.rb +47 -0
data/lib/rosett_ai/text_sanitizer.rb +62 -0
data/lib/rosett_ai/thor/cli.rb +269 -0
data/lib/rosett_ai/thor/tasks/adopt.rb +250 -0
data/lib/rosett_ai/thor/tasks/backup.rb +420 -0
data/lib/rosett_ai/thor/tasks/behaviour.rb +474 -0
data/lib/rosett_ai/thor/tasks/build.rb +1162 -0
data/lib/rosett_ai/thor/tasks/compile.rb +415 -0
data/lib/rosett_ai/thor/tasks/completion.rb +123 -0
data/lib/rosett_ai/thor/tasks/comply.rb +82 -0
data/lib/rosett_ai/thor/tasks/config.rb +265 -0
data/lib/rosett_ai/thor/tasks/content.rb +193 -0
data/lib/rosett_ai/thor/tasks/dbus.rb +321 -0
data/lib/rosett_ai/thor/tasks/design.rb +258 -0
data/lib/rosett_ai/thor/tasks/desktop.rb +129 -0
data/lib/rosett_ai/thor/tasks/doctor.rb +127 -0
data/lib/rosett_ai/thor/tasks/documentation.rb +321 -0
data/lib/rosett_ai/thor/tasks/engines.rb +167 -0
data/lib/rosett_ai/thor/tasks/hooks.rb +219 -0
data/lib/rosett_ai/thor/tasks/init.rb +259 -0
data/lib/rosett_ai/thor/tasks/license.rb +120 -0
data/lib/rosett_ai/thor/tasks/mcp.rb +535 -0
data/lib/rosett_ai/thor/tasks/migrate.rb +121 -0
data/lib/rosett_ai/thor/tasks/plugins.rb +157 -0
data/lib/rosett_ai/thor/tasks/project.rb +260 -0
data/lib/rosett_ai/thor/tasks/provenance.rb +195 -0
data/lib/rosett_ai/thor/tasks/release.rb +314 -0
data/lib/rosett_ai/thor/tasks/retrofit.rb +90 -0
data/lib/rosett_ai/thor/tasks/tooling.rb +308 -0
data/lib/rosett_ai/thor/tasks/validate.rb +108 -0
data/lib/rosett_ai/thor/tasks/workflow.rb +196 -0
data/lib/rosett_ai/tooling/ci_yaml_validator.rb +37 -0
data/lib/rosett_ai/tooling/version_checker.rb +35 -0
data/lib/rosett_ai/ui/accessible_tui.rb +61 -0
data/lib/rosett_ai/ui/base.rb +46 -0
data/lib/rosett_ai/ui/gtk4.rb +98 -0
data/lib/rosett_ai/ui/kde.rb +40 -0
data/lib/rosett_ai/ui/qt6.rb +40 -0
data/lib/rosett_ai/ui/registry.rb +60 -0
data/lib/rosett_ai/ui/tty_helper.rb +74 -0
data/lib/rosett_ai/ui/tui.rb +59 -0
data/lib/rosett_ai/validators/behaviour_validator.rb +20 -0
data/lib/rosett_ai/validators/design_validator.rb +17 -0
data/lib/rosett_ai/validators/schema_validator.rb +84 -0
data/lib/rosett_ai/validators/tooling_validator.rb +17 -0
data/lib/rosett_ai/version.rb +8 -0
data/lib/rosett_ai/version_consistency_checker.rb +129 -0
data/lib/rosett_ai/workflow/audit_log.rb +86 -0
data/lib/rosett_ai/workflow/engine.rb +142 -0
data/lib/rosett_ai/workflow/manager.rb +82 -0
data/lib/rosett_ai/workflow/schema_validator.rb +71 -0
data/lib/rosett_ai/workflow/step_runner.rb +61 -0
data/lib/rosett_ai/workflow/steps/prompt_step.rb +62 -0
data/lib/rosett_ai/workflow/steps/rai_step.rb +74 -0
data/lib/rosett_ai/workflow/steps/shell_step.rb +53 -0
data/lib/rosett_ai/yaml_loader.rb +78 -0
data/lib/rosett_ai.rb +221 -0
data/lib/rubocop/cop/rosett_ai/shell_interpolation.rb +54 -0
data/lib/rubocop/cop/rosett_ai/unsafe_const_get.rb +60 -0
data/lib/rubocop/cop/rosett_ai/unsafe_send.rb +50 -0
data/lib/rubocop/cop/rosett_ai/unsafe_yaml_load.rb +40 -0
data/lib/rubocop/rosett_ai.rb +9 -0
data/lib/scripts/generated/docker_hub_tags.rb +126 -0
data/locales/.gitkeep +0 -0
data/locales/ar.yml +579 -0
data/locales/en.yml +571 -0
data/locales/fr.yml +567 -0
data/packaging/build-engine-deb.sh +81 -0
data/packaging/scripts/postinst +17 -0
data/packaging/scripts/postrm +19 -0
data/packaging/scripts/prerm +10 -0
data/packaging/wrapper.sh.template +38 -0
data/rosett-ai.gemspec +63 -0
data/rules/.gitkeep +0 -0
data/scripts/publish/pulp_upload.sh +123 -0
data/settings.json +29 -0
data/share/applications/be.neatnerds.rosettai.desktop +29 -0
data/share/dbus-1/interfaces/be.neatnerds.rosettai.xml +103 -0
data/share/dbus-1/services/be.neatnerds.rosettai.service +3 -0
data/share/templates/behaviour/criticalthinking.yml +69 -0
metadata +810 -0

data/lib/rosett_ai/mcp/resources/provenance_resource.rb ADDED Viewed

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    module Resources
+      # MCP resource provider for AI provenance log.
+      #
+      # Exposes the full provenance log as an MCP resource.
+      #
+      # @author hugo
+      # @author claude
+      class ProvenanceResource
+        URI_PREFIX = 'rosett-ai://provenance/'
+        PROVENANCE_FILE = '.ai-provenance.yml'
+        # Lists available provenance resources.
+        #
+        # @return [Array<Hash>] resource entries
+        def list
+          path = RosettAi.root.join(PROVENANCE_FILE)
+          return [] unless path.exist?
+          [{
+            uri: "#{URI_PREFIX}log",
+            name: 'provenance-log',
+            description: 'Full AI provenance log',
+            mime_type: 'application/x-yaml'
+          }]
+        end
+        # Reads the provenance log.
+        #
+        # @param _name [String] resource name (only 'log' supported)
+        # @return [Hash, nil] resource content
+        def read(_name = 'log')
+          path = RosettAi.root.join(PROVENANCE_FILE)
+          return nil unless path.exist?
+          {
+            uri: "#{URI_PREFIX}log",
+            content: File.read(path),
+            mime_type: 'application/x-yaml'
+          }
+        end
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/resources/rules_resource.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    module Resources
+      # MCP resource provider for compiled rule markdown files.
+      #
+      # Exposes compiled rules (output of raictl compile) as MCP
+      # resources with URIs in the format rosett-ai://rules/{name}.
+      #
+      # @author hugo
+      # @author claude
+      class RulesResource
+        URI_PREFIX = 'rosett-ai://rules/'
+        # Lists all available compiled rule resources.
+        #
+        # @return [Array<Hash>] resource entries
+        def list
+          dir = RosettAi.paths.rules_dir
+          return [] unless dir.directory?
+          dir.glob('*.md').map { |path| resource_entry(path) }
+        end
+        # Reads a specific compiled rule.
+        #
+        # @param name [String] rule filename (without .md)
+        # @return [Hash, nil] resource content
+        def read(name)
+          path = RosettAi.paths.rules_dir.join("#{name}.md")
+          return nil unless path.exist?
+          {
+            uri: "#{URI_PREFIX}#{name}",
+            content: File.read(path),
+            mime_type: 'text/markdown'
+          }
+        end
+        private
+        # @param path [Pathname]
+        # @return [Hash]
+        def resource_entry(path)
+          name = path.basename('.md').to_s
+          {
+            uri: "#{URI_PREFIX}#{name}",
+            name: name,
+            description: "Compiled rule: #{name}",
+            mime_type: 'text/markdown'
+          }
+        end
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/resources/schema_resource.rb ADDED Viewed

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    module Resources
+      # MCP resource provider for JSON Schema files.
+      #
+      # Exposes validation schemas as MCP resources with
+      # URIs in the format rosett-ai://schema/{name}.
+      #
+      # @author hugo
+      # @author claude
+      class SchemaResource
+        URI_PREFIX = 'rosett-ai://schema/'
+        # Lists all available schema resources.
+        #
+        # @return [Array<Hash>] resource entries
+        def list
+          dir = RosettAi.root.join('conf', 'schemas')
+          return [] unless dir.directory?
+          dir.glob('*.json').map { |path| resource_entry(path) }
+        end
+        # Reads a specific schema resource.
+        #
+        # @param name [String] schema name (without _schema.json)
+        # @return [Hash, nil] resource content
+        def read(name)
+          path = resolve_path(name)
+          return nil unless path&.exist?
+          {
+            uri: "#{URI_PREFIX}#{name}",
+            content: File.read(path),
+            mime_type: 'application/json'
+          }
+        end
+        private
+        # @param name [String]
+        # @return [Pathname, nil]
+        def resolve_path(name)
+          dir = RosettAi.root.join('conf', 'schemas')
+          # Try exact filename first, then with _schema.json suffix
+          exact = dir.join("#{name}.json")
+          return exact if exact.exist?
+          suffixed = dir.join("#{name}_schema.json")
+          suffixed.exist? ? suffixed : nil
+        end
+        # @param path [Pathname]
+        # @return [Hash]
+        def resource_entry(path)
+          name = path.basename('.json').to_s
+          {
+            uri: "#{URI_PREFIX}#{name}",
+            name: name,
+            description: "JSON Schema: #{name}",
+            mime_type: 'application/json'
+          }
+        end
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/response_helper.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    # Standardized MCP tool response formatting.
+    #
+    # Provides consistent response structure for all MCP tools
+    # with success, finding, and error states.
+    #
+    # @author hugo
+    # @author claude
+    module ResponseHelper
+      module_function
+      # Build a success response hash.
+      #
+      # @param message [String] human-readable message
+      # @param data [Hash] additional response data
+      # @return [Hash] response with success: true
+      def success(message, data = {})
+        { success: true, message: message }.merge(data)
+      end
+      # Build a finding response hash (not an error, but notable).
+      #
+      # @param message [String] human-readable message
+      # @param data [Hash] additional response data
+      # @return [Hash] response with finding: true
+      def finding(message, data = {})
+        { finding: true, message: message }.merge(data)
+      end
+      # Build an error response hash.
+      #
+      # @param message [String] human-readable error message
+      # @param data [Hash] additional response data
+      # @return [Hash] response with error: true
+      def error(message, data = {})
+        { error: true, message: message }.merge(data)
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/security_logger.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    # Security event logger for MCP server.
+    #
+    # Logs authentication, rate limiting, and origin validation
+    # events to stderr in structured format.
+    #
+    # @author hugo
+    # @author claude
+    module SecurityLogger
+      module_function
+      # Log a successful authentication event.
+      #
+      # @param client_id [String] authenticated client identifier
+      # @return [void]
+      def auth_success(client_id)
+        log(:info, 'auth_success', client_id: client_id)
+      end
+      # Log a failed authentication attempt.
+      #
+      # @param reason [String] failure reason
+      # @return [void]
+      def auth_failure(reason)
+        log(:warn, 'auth_failure', reason: reason)
+      end
+      # Log a rate-limited request.
+      #
+      # @param key [String] bucket key that was limited
+      # @return [void]
+      def rate_limited(key)
+        log(:warn, 'rate_limited', bucket_key: key)
+      end
+      # Log a rejected origin.
+      #
+      # @param origin [String] the rejected origin
+      # @return [void]
+      def origin_rejected(origin)
+        log(:warn, 'origin_rejected', origin: origin)
+      end
+      # @param level [Symbol] log level
+      # @param event [String] event name
+      # @param data [Hash] event data
+      # @return [void]
+      def log(level, event, **data)
+        timestamp = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
+        warn "[rai-mcp] #{timestamp} #{level} #{event} #{data.map { |k, v| "#{k}=#{v}" }.join(' ')}"
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/server.rb ADDED Viewed

@@ -0,0 +1,212 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    # MCP server for Rosett-AI — exposes validation, compilation, and
+    # configuration management as MCP tools, resources, and prompts.
+    #
+    # Supports stdio (default) and HTTP (Puma) transports with a
+    # 6-layer Rack middleware stack for security.
+    #
+    # Requires the `mcp` gem (optional dependency, :mcp group).
+    #
+    # @author hugo
+    # @author claude
+    class Server
+      MCP_SPEC_VERSION = '2025-03-26'
+      DEFAULT_PORT = 8484
+      DEFAULT_HOST = 'localhost'
+      attr_reader :security_config
+      # @param config_path [String, nil] path to server config YAML
+      # @param plugins [Array<String>] explicit plugin names to load
+      def initialize(config_path: nil, plugins: [])
+        @config_path = config_path
+        @plugin_names = plugins
+        @security_config = load_security_config(config_path)
+      end
+      # @return [Boolean] true if the mcp gem is available
+      def self.available?
+        require 'mcp'
+        true
+      rescue LoadError
+        false
+      end
+      # Starts the MCP server on stdio transport.
+      #
+      # @return [void]
+      # @raise [RosettAi::McpError] if mcp gem is not available
+      def serve
+        ensure_mcp_available!
+        server = build_server
+        transport = ::MCP::Server::Transports::StdioTransport.new(server)
+        transport.open
+      end
+      # Starts the MCP server on HTTP transport via Puma.
+      #
+      # @param options [Hash] HTTP transport options
+      # @option options [Integer] :port HTTP port (default 8484)
+      # @option options [String] :host bind address (default localhost)
+      # @option options [String, nil] :tls_cert path to TLS certificate
+      # @option options [String, nil] :tls_key path to TLS private key
+      # @option options [Boolean] :allow_remote allow non-localhost binding
+      # @return [void]
+      # @raise [RosettAi::McpError] if puma/rackup gems are not available
+      def serve_http(**options)
+        ensure_mcp_available!
+        ensure_http_available!
+        port = options.fetch(:port, DEFAULT_PORT)
+        host = options.fetch(:host, DEFAULT_HOST)
+        tls_cert = options[:tls_cert]
+        tls_key = options[:tls_key]
+        validate_host_binding(host, options.fetch(:allow_remote, false))
+        rack_app = build_rack_app
+        start_puma(rack_app, port: port, host: host,
+                             tls_cert: tls_cert, tls_key: tls_key)
+      end
+      # Build the Rack application for HTTP transport.
+      #
+      # @return [Proc] Rack application
+      def http_app
+        ensure_mcp_available!
+        ensure_http_available!
+        build_rack_app
+      end
+      # Returns the tool registry for listing available tools.
+      #
+      # @return [Array<Hash>] tool descriptors
+      def tools
+        Governance::TOOL_CLASSES.map do |klass|
+          {
+            name: klass::TOOL_NAME,
+            description: klass::DESCRIPTION,
+            annotations: klass::ANNOTATIONS
+          }
+        end
+      end
+      private
+      def ensure_mcp_available!
+        return if self.class.available?
+        raise RosettAi::McpError,
+              'MCP gem not available. Install with: bundle install --with mcp'
+      end
+      def ensure_http_available!
+        require 'puma'
+        require 'rackup'
+      rescue LoadError => e
+        raise RosettAi::McpError,
+              "HTTP transport requires puma and rackup gems: #{e.message}"
+      end
+      def build_server
+        server = ::MCP::Server.new(
+          name: 'rosett-ai',
+          version: RosettAi::VERSION,
+          instructions: Instructions.generate
+        )
+        Governance.register(server)
+        Plugins.load_all(server, @plugin_names)
+        server
+      end
+      def build_rack_app
+        server = build_server
+        transport = ::MCP::Server::Transports::StreamableHTTPTransport.new(server)
+        app = transport.method(:call)
+        security = @security_config
+        Rack::Builder.new do
+          use Middleware::RequestSize, max_size: security.max_request_size
+          use Middleware::ContentType if security.content_type_enforcement
+          use Middleware::OriginValidation, config: security.origin
+          use Middleware::Cors, config: security.cors if security.cors.enabled
+          use Middleware::Authentication, config: security.authentication
+          use Middleware::RateLimit, config: security.rate_limiting if security.rate_limiting.enabled
+          run app
+        end.to_app
+      end
+      def start_puma(rack_app, port:, host:, tls_cert:, tls_key:)
+        puma_config = Puma::Configuration.new do |conf|
+          conf.app rack_app
+          if tls_cert && tls_key
+            conf.bind "ssl://#{host}:#{port}?cert=#{tls_cert}&key=#{tls_key}"
+          else
+            conf.bind "tcp://#{host}:#{port}"
+          end
+          conf.quiet
+        end
+        launcher = Puma::Launcher.new(puma_config)
+        launcher.run
+      end
+      def validate_host_binding(host, allow_remote)
+        return if allow_remote
+        return if ['localhost', '127.0.0.1', '::1'].include?(host)
+        raise RosettAi::McpError,
+              "Binding to #{host} requires --allow-remote flag for security"
+      end
+      def load_security_config(config_path)
+        config = HttpSecurityConfig.new
+        yaml = load_config_yaml(config_path)
+        config.apply(yaml['http']) if yaml&.dig('http')
+        config
+      end
+      def load_config_yaml(config_path)
+        path = config_path || find_config_file
+        return nil unless path && File.exist?(path)
+        YAML.safe_load_file(path, permitted_classes: [Symbol])
+      rescue Psych::SyntaxError
+        nil
+      end
+      def find_config_file
+        candidates = [
+          ENV.fetch('RAI_MCP_CONFIG', nil),
+          find_upward('.rosett-ai-mcp.yml'),
+          File.expand_path('~/.config/rosett-ai/mcp/server.yml'),
+          '/etc/rosett-ai/mcp/server.yml',
+          RosettAi.root.join('conf', 'mcp', 'server_defaults.yml').to_s
+        ].compact
+        candidates.find { |path| File.exist?(path) }
+      end
+      def find_upward(filename)
+        dir = Dir.pwd
+        loop do
+          candidate = File.join(dir, filename)
+          return candidate if File.exist?(candidate)
+          parent = File.dirname(dir)
+          break if parent == dir
+          dir = parent
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/rosett_ai/mcp/settings/server_installer.rb ADDED Viewed

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (C) 2026 Hugo Antonio Sepulveda Manriquez / NeatNerds
+module RosettAi
+  module Mcp
+    module Settings
+      # Installs MCP servers with trust-first validation.
+      #
+      # All server installations must originate from a trusted source.
+      # Untrusted sources are rejected with actionable error messages.
+      #
+      # @author hugo
+      # @author claude
+      class ServerInstaller
+        # @param trust_manager [TrustManager] trust validation
+        # @param registry [Admin::Registry] server registry
+        # @param schema_validator [Admin::SchemaValidator] config validator
+        def initialize(trust_manager:, registry:, schema_validator:)
+          @trust_manager = trust_manager
+          @registry = registry
+          @schema_validator = schema_validator
+        end
+        # Installs an MCP server from a URI with trust validation.
+        #
+        # @param name [String] server name
+        # @param uri [String] server URI or command
+        # @param transport [String] transport type (stdio, http)
+        # @return [Hash] result with :success, :message, :server
+        def install(name:, uri:, transport: 'stdio')
+          trust_result = validate_trust(uri, transport)
+          return trust_result unless trust_result[:trusted]
+          config = build_config(name, uri, transport)
+          validation = @schema_validator.validate(config)
+          return validation_failure(validation) unless validation[:valid]
+          path = @registry.add(config)
+          {
+            success: true,
+            message: "Server '#{name}' installed from #{trust_result[:source_type]} source",
+            server: config,
+            path: path.to_s
+          }
+        end
+        # Removes an MCP server by name.
+        #
+        # @param name [String] server name
+        # @param force [Boolean] skip confirmation for enterprise-managed servers
+        # @return [Hash] result with :success, :message
+        def remove(name:, force: false)
+          server = @registry.find(name)
+          return { success: false, message: "Server '#{name}' not found" } unless server
+          if managed_server?(server) && !force
+            return {
+              success: false,
+              message: "Server '#{name}' is enterprise-managed. Use --force to override."
+            }
+          end
+          @registry.remove(name)
+          { success: true, message: "Server '#{name}' removed" }
+        end
+        private
+        def validate_trust(uri, transport)
+          return { trusted: true, source_type: 'local' } if local_transport?(transport)
+          result = @trust_manager.validate_uri(uri)
+          return result if result[:trusted]
+          {
+            trusted: false,
+            success: false,
+            message: "Untrusted source: #{result[:domain]}. " \
+                     'Add trust with: rai mcp trust-sources add DOMAIN'
+          }
+        end
+        def local_transport?(transport)
+          transport == 'stdio'
+        end
+        def build_config(name, uri, transport)
+          config = { name: name, transport: transport }
+          if transport == 'stdio'
+            config[:command] = uri
+          else
+            config[:url] = uri
+          end
+          config
+        end
+        def validation_failure(validation)
+          {
+            success: false,
+            message: "Validation failed: #{validation[:errors].join(', ')}"
+          }
+        end
+        def managed_server?(server)
+          server[:source_file].to_s.include?('managed')
+        end
+      end
+    end
+  end
+end