sequelizer 0.1.4 → 0.1.6

data/.devcontainer/.zshrc

@@ -0,0 +1,29 @@
+# Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc.
+# Initialization code that may require console input (password prompts, [y/n]
+# confirmations, etc.) must go above this block; everything else may go below.
+if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
+  source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
+fi
+
+# Suppress Powerlevel10k instant prompt warning
+typeset -g POWERLEVEL9K_INSTANT_PROMPT=quiet
+
+export LANG='en_US.UTF-8'
+export LANGUAGE='en_US:en'
+export LC_ALL='en_US.UTF-8'
+export TERM=xterm
+
+##### Zsh/Oh-my-Zsh Configuration
+export ZSH="/home/rubydev/.oh-my-zsh"
+
+ZSH_THEME="powerlevel10k/powerlevel10k"
+plugins=(git history-substring-search)
+
+
+ZSH_THEME="powerlevel10k/powerlevel10k"
+bindkey "\$terminfo[kcuu1]" history-substring-search-up
+bindkey "\$terminfo[kcud1]" history-substring-search-down
+source $ZSH/oh-my-zsh.sh
+
+# To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
+[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh

data/.devcontainer/Dockerfile

@@ -0,0 +1,137 @@
+# Start with Ruby 3.2 slim for a smaller image
+FROM ruby:3.2-slim
+
+# Set timezone argument (can be overridden in devcontainer.json)
+ARG TZ=America/Los_Angeles
+ENV TZ=$TZ
+
+# Set host home directory for copying credentials
+ARG HOST_HOME
+
+# Set DEVCONTAINER environment variable to help with orientation
+ENV DEVCONTAINER=true
+
+# Create a non-root user (following Claude Code pattern)
+ARG USERNAME=rubydev
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
+
+# Install system dependencies first, then set up GitHub CLI repository
+# (need wget/curl for GitHub CLI setup)
+RUN apt-get update && apt-get install -y \
+  # Essential build tools for Ruby gems
+  build-essential \
+  libpq-dev \
+  libvips \
+  pkg-config \
+  # Network and system tools (needed for GitHub CLI setup)
+  curl \
+  wget \
+  git \
+  openssh-client \
+  # Firewall tools (for init-firewall.sh script)
+  iptables \
+  ipset \
+  # Additional utilities from Claude Code setup
+  sudo \
+  zsh \
+  fzf \
+  jq \
+  ca-certificates \
+  locales \
+  locales-all \
+  # Node.js for potential frontend needs
+  nodejs \
+  npm \
+  && rm -rf /var/lib/apt/lists/*
+
+# Set up GitHub CLI repository (now that wget is installed)
+RUN mkdir -p -m 755 /etc/apt/keyrings && \
+  wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg > /etc/apt/keyrings/githubcli-archive-keyring.gpg && \
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list
+
+# Install GitHub CLI from the repository we just added
+RUN apt-get update && apt-get install -y gh && rm -rf /var/lib/apt/lists/*
+
+# Create the non-root user
+RUN groupadd --gid $USER_GID $USERNAME \
+  && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
+  && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+  && chmod 0440 /etc/sudoers.d/$USERNAME
+
+# Install git-delta (from Claude Code setup)
+RUN ARCH=$(dpkg --print-architecture) && \
+  wget "https://github.com/dandavison/delta/releases/download/0.18.2/git-delta_0.18.2_${ARCH}.deb" && \
+  dpkg -i "git-delta_0.18.2_${ARCH}.deb" && \
+  rm "git-delta_0.18.2_${ARCH}.deb"
+
+# Install Claude Code CLI (as root first, then fix permissions)
+RUN npm install -g @anthropic-ai/claude-code
+
+# Set up command history persistence (from Claude Code setup)
+RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
+  && mkdir /commandhistory \
+  && touch /commandhistory/.bash_history \
+  && chown -R $USERNAME /commandhistory
+
+# Create workspace and config directories
+RUN mkdir -p /workspace /home/$USERNAME/.claude /home/$USERNAME/.bundle /home/$USERNAME/.ssh \
+  && chown -R $USERNAME:$USERNAME /workspace /home/$USERNAME/.claude /home/$USERNAME/.bundle /home/$USERNAME/.ssh \
+  && chmod 700 /home/$USERNAME/.ssh
+
+# Set working directory
+WORKDIR /workspace
+
+# Switch to non-root user before gem installation
+USER $USERNAME
+
+RUN gem install overcommit:0.67.1
+
+# Set up ZSH with powerline10k theme (from Claude Code setup)
+RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v1.1.5/zsh-in-docker.sh)" -- \
+  -t https://github.com/romkatv/powerlevel10k \
+  -a 'ZSH_THEME="powerlevel10k/powerlevel10k"' \
+  -p git \
+  -p ssh-agent \
+  -p 'history-substring-search' \
+  -a 'bindkey "\$terminfo[kcuu1]" history-substring-search-up' \
+  -a 'bindkey "\$terminfo[kcud1]" history-substring-search-down'
+
+# Copy Gemfile and Gemfile.lock for better Docker layer caching
+COPY Gemfile Gemfile.lock *.gemspec ./
+COPY lib/sequelizer/version.rb ./lib/sequelizer/version.rb
+
+# Configure bundler and install gems
+RUN bundle config set --local path "/home/${USERNAME}/.bundle" \
+  && bundle config set --local bin "/home/${USERNAME}/.bundle/bin" \
+  && bundle install
+
+# Set the default shell to zsh
+ENV SHELL=/bin/zsh
+
+COPY .devcontainer/.zshrc /home/$USERNAME/.zshrc
+COPY .devcontainer/.p10k.zsh /home/$USERNAME/.p10k.zsh
+
+# Add bundle bin to PATH
+ENV PATH="/home/$USERNAME/.bundle/bin:$PATH"
+
+# Set Ruby environment variables
+ENV BUNDLE_PATH="/home/$USERNAME/.bundle"
+ENV BUNDLE_BIN="/home/$USERNAME/.bundle/bin"
+
+USER root
+
+# Copy the credential setup scripts
+COPY .devcontainer/copy-claude-credentials.sh /usr/local/bin/
+COPY .devcontainer/setup-credentials.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/copy-claude-credentials.sh \
+  && chmod +x /usr/local/bin/setup-credentials.sh
+
+# Copy the firewall initialization script
+COPY .devcontainer/init-firewall.sh /usr/local/bin/init-firewall.sh
+RUN chmod +x /usr/local/bin/init-firewall.sh
+
+USER $USERNAME
+
+# Default command
+CMD ["/bin/zsh"]

data/.devcontainer/copy-claude-credentials.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+set -euo pipefail
+
+echo "Copying Claude credentials and GitHub config from host..."
+
+# Create .claude directory if it doesn't exist
+mkdir -p ~/.claude
+
+# Copy credentials from temporary mounts to proper locations
+if [ -d "/tmp/host-claude" ]; then
+    cp -r /tmp/host-claude/* ~/.claude/ 2>/dev/null || true
+fi
+
+if [ -d "/tmp/host-claude-config" ]; then
+    cp -r /tmp/host-claude-config/* ~/.config/claude/ 2>/dev/null || true
+fi
+
+if [ -f "/tmp/host-claude.json" ]; then
+    cp /tmp/host-claude.json ~/.claude.json
+fi
+
+# Create writable GitHub config directory and copy from readonly mount
+mkdir -p ~/.config/gh
+if [ -d "/tmp/host-gh" ]; then
+    cp -r /tmp/host-gh/* ~/.config/gh/ 2>/dev/null || true
+fi
+
+# Set proper permissions
+chmod 700 ~/.claude
+chmod 700 ~/.config/gh 2>/dev/null || true
+
+echo "Done copying Claude credentials and GitHub config"

data/.devcontainer/devcontainer.json

@@ -0,0 +1,102 @@
+{
+  "name": "Ruby + Claude Code Development Environment",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": "..",
+    "args": {
+      "TZ": "${localEnv:TZ:America/Los_Angeles}",
+      "HOST_HOME": "${localEnv:HOME}"
+    }
+  },
+  "runArgs": [
+    "--cap-add=NET_ADMIN",
+    "--cap-add=NET_RAW"
+  ],
+  "mounts": [
+    "type=bind,source=${localEnv:HOME}/.claude,target=/tmp/host-claude,readonly",
+    "type=bind,source=${localEnv:HOME}/.config/claude,target=/tmp/host-claude-config,readonly",
+    "type=bind,source=${localEnv:HOME}/.claude.json,target=/tmp/host-claude.json,readonly",
+    "type=bind,source=${localEnv:HOME}/.gitconfig,target=/home/rubydev/.gitconfig,readonly",
+    "type=bind,source=${localEnv:HOME}/.ssh,target=/home/rubydev/.ssh,readonly",
+    "type=bind,source=${localEnv:HOME}/.config/gh,target=/tmp/host-gh,readonly",
+    "source=ruby-command-history,target=/commandhistory,type=volume"
+  ],
+  "postCreateCommand": "/usr/local/bin/setup-credentials.sh && /usr/local/bin/copy-claude-credentials.sh",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "rebornix.Ruby",
+        "castwide.solargraph",
+        "koichisasada.vscode-rdbg",
+        "eamodio.gitlens",
+        "esbenp.prettier-vscode",
+        "ms-vscode.vscode-json",
+        "yzhang.markdown-all-in-one",
+        "Shopify.ruby-lsp",
+        "vscodevim.vim"
+      ],
+      "settings": {
+        "editor.formatOnSave": true,
+        "editor.tabSize": 2,
+        "editor.insertSpaces": true,
+        "editor.renderWhitespace": "all",
+        "editor.wordWrap": "on",
+        "editor.smartSelect.selectSubwords": false,
+        "files.trimTrailingWhitespace": true,
+        "files.insertFinalNewline": true,
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "terminal.integrated.scrollback": 100000,
+        "terminal.integrated.profiles.linux": {
+          "bash": {
+            "path": "bash",
+            "icon": "terminal-bash"
+          },
+          "zsh": {
+            "path": "zsh"
+          }
+        },
+        "vim.easymotion": true,
+        "vim.showMarksInGutter": true,
+        "ruby.intellisense": "rubyLocate",
+        "ruby.format": "rubocop",
+        "solargraph.diagnostics": true,
+        "solargraph.completion": true,
+        "solargraph.hover": true,
+        "solargraph.symbols": true,
+        "[ruby]": {
+          "rubyLsp.formatter": "rubocop",
+          "editor.defaultFormatter": "Shopify.ruby-lsp",
+          "editor.defaultColorDecorators": "never",
+          "editor.formatOnSave": true
+        },
+        "[markdown]": {
+          "editor.defaultFormatter": "yzhang.markdown-all-in-one",
+          "editor.suggest.showWords": false,
+          "editor.inlineSuggest.enabled": false
+        },
+        "[tsv]": {
+          "files.trimTrailingWhitespace": false,
+          "editor.formatOnSave": false
+        },
+        "[csv]": {
+          "files.trimTrailingWhitespace": false,
+          "editor.formatOnSave": false
+        },
+        "git.autofetch": true,
+        "git.openRepositoryInParentFolders": "never"
+      }
+    }
+  },
+  "remoteUser": "rubydev",
+  "remoteEnv": {
+    "GH_TOKEN": "${localEnv:GH_TOKEN}",
+    "GITHUB_TOKEN": "${localEnv:GITHUB_TOKEN}"
+  },
+  "containerEnv": {
+    "BUNDLE_PATH": "/home/rubydev/.bundle",
+    "BUNDLE_BIN": "/home/rubydev/.bundle/bin",
+    "SHELL": "/bin/zsh"
+  },
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
+  "workspaceFolder": "/workspace"
+}

data/.devcontainer/init-firewall.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+set -euo pipefail  # Exit on error, undefined vars, and pipeline failures
+IFS=$'\n\t'       # Stricter word splitting
+
+echo "Initializing firewall rules..."
+
+# Flush existing rules and delete existing ipsets
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+ipset destroy allowed-domains 2>/dev/null || true
+
+# First allow DNS and localhost before any restrictions
+# Allow outbound DNS
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+# Allow inbound DNS responses
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+# Allow outbound SSH
+iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
+# Allow inbound SSH responses
+iptables -A INPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+# Allow localhost
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# Create ipset with CIDR support
+ipset create allowed-domains hash:net
+
+# Fetch GitHub meta information and aggregate + add their IP ranges
+echo "Fetching GitHub IP ranges..."
+gh_ranges=$(curl -s https://api.github.com/meta | jq -r '.git[],.web[],.api[],.pages[]' | sort -u)
+for range in $gh_ranges; do
+    echo "Adding GitHub range: $range"
+    ipset add allowed-domains "$range"
+done
+
+# Define allowed domains for Claude Code functionality
+declare -a domains=(
+    "api.anthropic.com"
+    "claude.ai"
+    "github.com"
+    "raw.githubusercontent.com"
+    "registry.npmjs.org"
+    "rubygems.org"
+    "index.rubygems.org"
+    "api.rubygems.org"
+    "bundler.rubygems.org"
+    "fastly.com"
+    "cloudflare.com"
+    "amazonaws.com"
+    "docker.io"
+    "docker.com"
+    "gcr.io"
+    "quay.io"
+)
+
+# Resolve domains to IP addresses and add to ipset
+for domain in "${domains[@]}"; do
+    echo "Resolving $domain..."
+    ips=$(dig +short "$domain" A | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$')
+
+    while read -r ip; do
+        if [[ ! "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            echo "ERROR: Invalid IP from DNS for $domain: $ip"
+            exit 1
+        fi
+        echo "Adding $ip for $domain"
+        ipset add allowed-domains "$ip"
+    done < <(echo "$ips")
+done
+
+# Get host IP from default route
+HOST_IP=$(ip route | grep default | cut -d" " -f3)
+if [ -z "$HOST_IP" ]; then
+    echo "ERROR: Failed to detect host IP"
+    exit 1
+fi
+
+HOST_NETWORK=$(echo "$HOST_IP" | sed "s/\.[0-9]*$/.0\/24/")
+echo "Host network detected as: $HOST_NETWORK"
+
+# Set up remaining iptables rules
+iptables -A INPUT -s "$HOST_NETWORK" -j ACCEPT
+iptables -A OUTPUT -d "$HOST_NETWORK" -j ACCEPT
+
+# Set default policies to DROP first
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT DROP
+
+# First allow established connections for already approved traffic
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Allow outbound connections to allowed IPs
+iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
+
+# Allow outbound HTTPS (443) and HTTP (80) to allowed domains
+iptables -A OUTPUT -p tcp --dport 443 -m set --match-set allowed-domains dst -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 80 -m set --match-set allowed-domains dst -j ACCEPT
+
+echo "Firewall rules configured successfully"
+
+# Verify firewall configuration
+echo "Verifying firewall configuration..."
+if ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
+    echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
+    exit 1
+else
+    echo "Firewall verification passed - able to reach https://api.github.com as expected"
+fi
+
+# Test Claude API connectivity
+if ! curl --connect-timeout 5 https://api.anthropic.com >/dev/null 2>&1; then
+    echo "WARNING: Unable to reach https://api.anthropic.com - Claude Code may not work properly"
+else
+    echo "Claude API connectivity verified"
+fi
+
+echo "Firewall initialization completed successfully"

data/.devcontainer/setup-credentials.sh

@@ -0,0 +1,95 @@
+#!/bin/bash
+set -e
+
+echo "Setting up Claude Code credentials..."
+
+# Check if we have read-only mounted credentials
+if [ -d "/tmp/host-claude" ]; then
+    echo "Found mounted credentials at /tmp/host-claude"
+
+    # Create the .claude directory in the user's home
+    mkdir -p ~/.claude
+
+    # Copy credentials file specifically
+    if [ -f "/tmp/host-claude/.credentials.json" ]; then
+        cp "/tmp/host-claude/.credentials.json" ~/.claude/
+        chmod 600 ~/.claude/.credentials.json
+        echo "✓ Claude credentials copied and secured"
+    else
+        echo "⚠ No .credentials.json found in mounted directory"
+    fi
+
+    # Copy other configuration files if they exist
+    for file in /tmp/host-claude/*.json; do
+        if [ -f "$file" ] && [ "$(basename "$file")" != ".credentials.json" ]; then
+            cp "$file" ~/.claude/
+        fi
+    done
+
+    # Set proper permissions for security
+    chmod 700 ~/.claude
+    find ~/.claude -type f -not -name ".credentials.json" -exec chmod 644 {} \;
+
+    echo "✓ Claude configuration files copied"
+
+    # Verify credential files exist
+    if [ -f ~/.claude/.credentials.json ]; then
+        echo "✓ Credentials file found and accessible"
+    else
+        echo "⚠ Warning: No credentials file found in ~/.claude"
+        echo "Available files:"
+        ls -la ~/.claude/ || echo "Directory is empty"
+    fi
+else
+    echo "⚠ No Claude credentials found at /tmp/host-claude"
+    echo "You may need to authenticate Claude Code manually after container startup"
+    echo "Run: claude auth login"
+fi
+
+# Install Ruby gems
+echo "Installing Ruby gems..."
+if [ -f "Gemfile" ]; then
+    bundle install
+    echo "✓ Ruby gems installed successfully"
+else
+    echo "⚠ No Gemfile found, skipping gem installation"
+fi
+
+# Initialize firewall if script exists and we have required capabilities
+if [ -f "/usr/local/bin/init-firewall.sh" ]; then
+    echo "Initializing firewall..."
+    if sudo /usr/local/bin/init-firewall.sh; then
+        echo "✓ Firewall initialized successfully"
+    else
+        echo "⚠ Firewall initialization failed - continuing without network restrictions"
+        echo "Note: Container may need NET_ADMIN and NET_RAW capabilities for firewall"
+    fi
+else
+    echo "⚠ Firewall script not found, skipping network security setup"
+fi
+
+# Verify Claude Code installation
+echo "Verifying Claude Code installation..."
+if command -v claude >/dev/null 2>&1; then
+    echo "✓ Claude Code CLI found at: $(which claude)"
+
+    # Test basic Claude Code functionality (non-interactive)
+    if claude --version >/dev/null 2>&1; then
+        echo "✓ Claude Code is working correctly"
+    else
+        echo "⚠ Claude Code binary found but may not be properly configured"
+    fi
+else
+    echo "⚠ Claude Code CLI not found in PATH"
+    echo "You may need to install it manually with: npm install -g @anthropic-ai/claude-code"
+fi
+
+echo ""
+echo "🎉 Setup complete!"
+echo ""
+echo "Next steps:"
+echo "1. If credentials weren't found, authenticate with: claude auth login"
+echo "2. Test Claude Code with: claude --help"
+echo "3. Start coding with AI assistance: claude"
+echo ""
+

data/.github/workflows/test.yml

@@ -9,6 +9,6 @@ jobs:
       with:
         ruby-version: '3.2'
         bundler-cache: true
-    - 
+    -
       name: Run Tests
       run: bundle exec rake test

data/.gitignore

@@ -3,7 +3,6 @@
 .bundle
 .config
 .yardoc
-Gemfile.lock
 InstalledFiles
 _yardoc
 coverage
@@ -33,3 +32,9 @@ Session.vim
 tags
 
 # End of https://www.gitignore.io/api/vim
+
+# DevContainer build artifacts
+.devcontainer/.tmp
+.worktrees/
+.claude/settings.local.json
+.specstory/

data/.overcommit.yml

@@ -0,0 +1,73 @@
+# Overcommit configuration for Sequelizer
+# See https://github.com/sds/overcommit for documentation
+
+PreCommit:
+  # Run RuboCop to check for style violations and auto-fix when possible
+  RuboCop:
+    enabled: true
+    command: ['bundle', 'exec', 'rubocop']
+    flags: ['--autocorrect']
+    include:
+      - '**/*.rb'
+      - '**/*.rake'
+      - '**/Rakefile'
+      - '**/Gemfile'
+      - '**/*.gemspec'
+
+  # Run tests to ensure nothing is broken
+  RakeTarget:
+    enabled: true
+    targets: ['test']
+    description: 'Run test suite'
+
+  # Check for potential security issues (if bundler-audit is available)
+  BundleAudit:
+    enabled: false  # Disabled by default, enable if you add bundler-audit gem
+
+  # Check for trailing whitespace
+  TrailingWhitespace:
+    enabled: true
+    exclude:
+      - '**/db/structure.sql' # Database dumps may have trailing whitespace
+      - '**/*.md'             # Markdown may intentionally have trailing spaces
+
+  # Check for merge conflict markers
+  MergeConflicts:
+    enabled: true
+
+  # Check YAML syntax
+  YamlSyntax:
+    enabled: true
+
+  # Check JSON syntax
+  JsonSyntax:
+    enabled: true
+
+  # Check for hard tabs (prefer spaces)
+  HardTabs:
+    enabled: true
+    exclude:
+      - '**/Makefile*'
+      - '**/*.mk'
+
+CommitMsg:
+  # Ensure commit messages are properly formatted
+  TextWidth:
+    enabled: true
+    max_subject_width: 60
+    max_body_width: 72
+
+PostCheckout:
+  # Bundle install when Gemfile changes
+  BundleCheck:
+    enabled: true
+
+PostMerge:
+  # Bundle install after merging changes to Gemfile
+  BundleCheck:
+    enabled: true
+
+PostRewrite:
+  # Bundle install after rebasing with Gemfile changes
+  BundleCheck:
+    enabled: true