snaky_hash 2.0.3 → 2.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7a4ebce56adbdd1bb1cd6ac0fe46f3b891e0c0cf689ec611e6ca00e03c503fc1
-  data.tar.gz: ae1ffc55d9c653904a2c65bdfeb1b1724c6bce5eab251a225b036baaa5c165c5
+  metadata.gz: 470baea057cb725329d366a78e0f63b827ef9a8b696ada7c898c3eca3567dcb7
+  data.tar.gz: 808d135faa416bff9f01c12dc8f73301d46789ac111e1205b2a5c6f3a10f3c1f
 SHA512:
-  metadata.gz: 21e5beae61652b1307f346b676618562e1a713ff3db552e6dfc379683088e6e9de721eaca35dd32788564c77113d015af0d592def73697a2b25b5d8258a337b7
-  data.tar.gz: 26327dc66ec45f4ab558e1cd383615107a72587b700df71837302ddef530d7b83acd5b70fb9601ad2c14f3d9c26290c956e99e941f1ce0568fed075317dacd81
+  metadata.gz: 657833d9641e7aff20780306515f3d936ac204726599ad5e03391936f93238bda469ed222b105fb0552936ef9a0ca711505275a7af507dee34d3609a92c58960
+  data.tar.gz: 1dde13aa200f9c726eb7b30bbf22cb80686faaab76df52c4034eabfd3422343de5ae7891bea3136465e9cc9c8e573a676a9e9ed801f665fe1066cffb8d8e7cf7

data/CHANGELOG.md

@@ -1,29 +1,88 @@
 # Changelog
+
+[![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog]
+
 All notable changes to this project will be documented in this file.
 
-The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
+The format is based on [Keep a Changelog][📗keep-changelog],
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
+and [yes][📌major-versions-not-sacred], platform and engine support are part of the [public API][📌semver-breaking].
+Please file a bug if you notice a violation of semantic versioning.
+
+[📌semver]: https://semver.org/spec/v2.0.0.html
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
 
 ## [Unreleased]
+
 ### Added
+
 ### Changed
+
 ### Deprecated
+
 ### Removed
+
 ### Fixed
+
+- Removed stale legacy CI workflows and duplicate extracted-stdlib gem
+  declarations from generated Appraisal gemfiles.
+
 ### Security
 
+## [2.0.5] - 2026-06-07
+
+- TAG: [v2.0.5][2.0.5t]
+- COVERAGE: 100.00% -- 133/133 lines in 7 files
+- BRANCH COVERAGE: 100.00% -- 38/38 branches in 7 files
+- 92.86% documented
+
+### Changed
+
+- Refreshed project scaffolding with the current `kettle-jem` template, including
+  updated CI workflows, modular gemfiles, and development tooling floors.
+
+## [2.0.4] - 2026-05-16
+
+- TAG: [v2.0.4][2.0.4t]
+- COVERAGE: 100.00% -- 133/133 lines in 7 files
+- BRANCH COVERAGE: 100.00% -- 38/38 branches in 7 files
+- 100.00% documented
+
+### Added
+
+- Incident Response Plan in IRP.md
+- SnakyHash::VERSION (Traditional Constant Location)
+- kettle-dev & kettle-test dev harnesses
+
+### Changed
+
+- Contributor Conenant updated to version 2.1
+
+### Fixed
+
+- Specs
+
 ## [2.0.3] - 2025-05-23
+
 - TAG: [v2.0.3][2.0.3t]
 -  COVERAGE: 100.00% -- 132/132 lines in 7 files
 -  BRANCH COVERAGE: 100.00% -- 38/38 branches in 7 files
 - 100.00% documented
+
 ### Added
+
 - `#dump` instance method injected by `extend SnakyHash::Serializer` (@pboling)
 - `dump_hash_extensions` - new feature, analogous to `load_hash_extensions` (@pboling)
 - `dump_value_extensions` - alternate name for `dump_extensions` (@pboling)
 - `load_value_extensions` - alternate name for `load_extensions` (@pboling)
 - Clarifying documentation (@pboling)
+
 ### Fixed
+
 - [gh4](https://github.com/oauth-xx/snaky_hash/pull/4) - Serializer extensions dump and load empty values properly (@pboling)
   - Fixed `dump_extensions`, `load_extensions`, `load_hash_extensions`
   - Intended usage is primarily JSON, and oauth2 gem
@@ -31,11 +90,14 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
   - Previous logic was inherited from design decisions made by `serialized_hashie` gem; doesn't apply here
 
 ## [2.0.2] - 2025-05-21
+
 - TAG: [v2.0.2][2.0.2t]
 - COVERAGE: 100.00% -- 119/119 lines in 7 files
 - BRANCH COVERAGE: 100.00% -- 35/35 branches in 7 files
 - 100.00% documented
+
 ### Added
+
 - Gem is signed by 20-year cert (@pboling)
   - Expires 2045-04-29
 - Gemspec metadata updates (@pboling)
@@ -48,42 +110,64 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - 100% documented! (@pboling)
 
 ## [2.0.1] - 2022-09-23
+
 - TAG: [v2.0.1][2.0.1t]
+
 ### Added
+
 - Certificate for signing gem releases (@pboling)
 - Gemspec metadata (@pboling)
     - funding_uri
     - mailing_list_uri
 - Checksums for released gems (@pboling)
+
 ### Changed
+
 - Gem releases are now cryptographically signed (@pboling)
 
 ## [2.0.0] - 2022-08-29
+
 - TAG: [v2.0.0][2.0.0t]
+
 ### Changed
+
 - **BREAKING**: `SnakeHash::Snake` is now a mixin, now with support for symbol or string keys
 ```ruby
 class MySnakedHash < Hashie::Mash
   include SnakyHash::Snake.new(key_type: :string) # or :symbol
 end
 ```
+
 ### Added
+
 - `SnakyHash::StringKeyed`: a Hashie::Mash class with snake-cased String keys
 - `SnakyHash::SymbolKeyed`: a Hashie::Mash class with snake-cased Symbol keys
 
 ## [1.0.1] - 2022-08-26
+
 - TAG: [v1.0.1][1.0.1t]
+
 ### Added
+
 - Missing LICENSE.txt file to release
+
 ### Removed
+
 - Accidentally added bundler dependency (vestige of transpec process) is now removed
 
 ## [1.0.0] - 2022-08-26
+
 - TAG: [v1.0.0][1.0.0t]
+
 ### Added
+
 - Initial release
 
-[Unreleased]: https://gitlab.com/oauth-xx/snaky_hash/-/compare/v2.0.3...main
+[Unreleased]: https://github.com/ruby-oauth/snaky_hash/compare/v2.0.5...HEAD
+[2.0.5]: https://github.com/ruby-oauth/snaky_hash/compare/v2.0.4...v2.0.5
+[2.0.5t]: https://github.com/ruby-oauth/snaky_hash/releases/tag/v2.0.5
+[2.0.4]: https://github.com/ruby-oauth/snaky_hash/compare/v2.0.3...v2.0.4
+[2.0.4t]: https://github.com/ruby-oauth/snaky_hash/releases/tag/v2.0.4
 [2.0.3]: https://gitlab.com/oauth-xx/snaky_hash/-/compare/v2.0.2...v2.0.3
 [2.0.3t]: https://gitlab.com/oauth-xx/snaky_hash/-/releases/tag/v2.0.3
 [2.0.2]: https://gitlab.com/oauth-xx/snaky_hash/-/compare/v2.0.1...v2.0.2

data/CITATION.cff

@@ -0,0 +1,20 @@
+cff-version: 1.2.0
+title: "snaky_hash"
+message: >-
+  If you use this work and you want to cite it,
+  then you can use the metadata from this file.
+type: software
+authors:
+  - given-names: "Peter H."
+    family-names: "Boling"
+    email: "floss@galtzo.com"
+    affiliation: "galtzo.com"
+    orcid: 'https://orcid.org/0009-0008-8519-441X'
+identifiers:
+  - type: url
+    value: 'https://github.com/ruby-oauth/snaky_hash'
+    description: "snaky_hash"
+repository-code: 'https://github.com/ruby-oauth/snaky_hash'
+abstract: >-
+  snaky_hash
+license: See license file

data/CODE_OF_CONDUCT.md

@@ -1,4 +1,3 @@
-
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
@@ -7,8 +6,8 @@ We as members, contributors, and leaders pledge to make participation in our
 community a harassment-free experience for everyone, regardless of age, body
 size, visible or invisible disability, ethnicity, sex characteristics, gender
 identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, religion, or sexual identity
-and orientation.
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
 
 We pledge to act and interact in ways that contribute to an open, welcoming,
 diverse, inclusive, and healthy community.
@@ -23,17 +22,17 @@ community include:
 * Giving and gracefully accepting constructive feedback
 * Accepting responsibility and apologizing to those affected by our mistakes,
   and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the
-  overall community
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
 
 Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
 * Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or email
-  address, without their explicit permission
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
   professional setting
 
@@ -53,7 +52,7 @@ decisions when appropriate.
 
 This Code of Conduct applies within all community spaces, and also applies when
 an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
+Examples of representing our community include using an official email address,
 posting via an official social media account, or acting as an appointed
 representative at an online or offline event.
 
@@ -61,7 +60,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-[INSERT CONTACT METHOD].
+[![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact].
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the
@@ -83,15 +82,15 @@ behavior was inappropriate. A public apology may be requested.
 
 ### 2. Warning
 
-**Community Impact**: A violation through a single incident or series
-of actions.
+**Community Impact**: A violation through a single incident or series of
+actions.
 
 **Consequence**: A warning with consequences for continued behavior. No
 interaction with the people involved, including unsolicited interaction with
 those enforcing the Code of Conduct, for a specified period of time. This
 includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or
-permanent ban.
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
 
 ### 3. Temporary Ban
 
@@ -107,27 +106,29 @@ Violating these terms may lead to a permanent ban.
 ### 4. Permanent Ban
 
 **Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior,  harassment of an
+standards, including sustained inappropriate behavior, harassment of an
 individual, or aggression toward or disparagement of classes of individuals.
 
-**Consequence**: A permanent ban from any sort of public interaction within
-the community.
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
 
 ## Attribution
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.0, available at
-[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
 
 Community Impact Guidelines were inspired by
 [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
 
 For answers to common questions about this code of conduct, see the FAQ at
-[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
-at [https://www.contributor-covenant.org/translations][translations].
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
 
 [homepage]: https://www.contributor-covenant.org
-[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
 [Mozilla CoC]: https://github.com/mozilla/diversity
 [FAQ]: https://www.contributor-covenant.org/faq
 [translations]: https://www.contributor-covenant.org/translations
+[🚂maint-contact]: http://www.railsbling.com/contact
+[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red

data/CONTRIBUTING.md

@@ -1,77 +1,195 @@
-## Contributing
+# Contributing
 
-Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/snaky_hash][🚎src-main]
-. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
+Bug reports and pull requests are welcome on [CodeBerg][📜src-cb], [GitLab][📜src-gl], or [GitHub][📜src-gh].
+This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
 the [code of conduct][🤝conduct].
 
-To submit a patch, please fork the project and create a patch with tests.
-Once you're happy with it send a pull request.
+To submit a patch, please fork the project, create a patch with tests, and send a pull request.
 
-We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+Remember to [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] if you make changes.
 
-## You can help!
+## Developer Certificate of Origin
 
-Take a look at the `reek` list which is the file called `REEK` and find something to improve.
+In order to protect users of this project, we require all contributors to comply with the
+[Developer Certificate of Origin](https://developercertificate.org/).
+This ensures that all contributions are properly licensed and attributed.
 
-Simply follow these instructions:
+## Help out!
 
-1. Fork the repository
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Make some fixes.
-4. Commit your changes (`git commit -am 'Added some feature'`)
-5. Push to the branch (`git push origin my-new-feature`)
-6. Make sure to add tests for it. This is important, so it doesn't break in a future release.
-7. Create new Pull Request.
+Take a look at the open issues and pull requests, or use the gem and find something to improve.
 
-## Appraisals
+Follow these instructions:
 
-From time to time the appraisal gemfiles in `gemfiles/` will need to be updated.
-They are created and updated with the commands:
+1. Join the Discord: [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]
+2. Fork the repository
+3. Create your feature branch (`git checkout -b my-new-feature`)
+4. Make some fixes.
+5. Commit your changes (`git commit -am 'Added some feature'`)
+6. Push to the branch (`git push origin my-new-feature`)
+7. Make sure to add tests for it. This is important, so it doesn't break in a future release.
+8. Create new Pull Request.
+9. Announce it in the channel for this org in the [Discord][✉️discord-invite]!
+
+## Executables vs Rake tasks
 
-NOTE: We run on a [fork][🚎appraisal-fork] of Appraisal.
+Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
+after running `bin/setup`. These include:
 
-Please upvote the PR for `eval_gemfile` [support][🚎appraisal-eval-gemfile-pr]
+- gem_checksums
+- kettle-changelog
+- kettle-commit-msg
+- kettle-dev-setup
+- kettle-dvcs
+- kettle-pre-release
+- kettle-readme-backers
+- kettle-release
+
+There are many Rake tasks available as well. You can see them by running:
 
 ```shell
-BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
-BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
-bundle exec rake rubocop_gradual:autocorrect
+bin/rake -T
 ```
 
-When adding an appraisal to CI check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use.
+## Code quality checks
 
-## The Reek List
+Run the Reek task when you want a smell check that fails on current findings:
 
-Take a look at the `reek` list which is the file called `REEK` and find something to improve.
+```shell
+bin/rake reek
+```
+
+Refresh the checked-in `REEK` backlog through the rake task, not by redirecting
+the raw `reek` executable output. The rake task uses the project bundle and
+avoids stale generated binstubs shadowing the Reek gem executable:
 
-To refresh the `reek` list:
+```shell
+bin/rake reek:update
+```
+
+## Environment Variables for Local Development
+
+Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string "true" to enable.
+
+General/runtime
+- DEBUG: Enable extra internal logging for this library (default: false)
+- REQUIRE_BENCH: Enable `require_bench` to profile requires (default: false)
+- CI: When set to true, adjusts default rake tasks toward CI behavior
+
+Coverage (kettle-soup-cover / SimpleCov)
+- K_SOUP_COV_DO: Enable coverage collection (default: true in `mise.toml`)
+- K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
+- K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
+- K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
+- K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
+- K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
+- K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
+- MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
+  Tip: When running a single spec file locally, you may want `K_SOUP_COV_MIN_HARD=false` to avoid failing thresholds for a partial run.
+
+GitHub API and CI helpers
+- GITHUB_TOKEN or GH_TOKEN: Token used by `ci:act` and release workflow checks to query GitHub Actions status at higher rate limits
+
+Releasing and signing
+- SKIP_GEM_SIGNING: If set, skip gem signing during build/release
+- GEM_CERT_USER: Username for selecting your public cert in `certs/<USER>.pem` (defaults to $USER)
+- SOURCE_DATE_EPOCH: Reproducible build timestamp.
+  - `kettle-release` will set this automatically for the session.
+  - Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
+
+Git hooks and commit message helpers (exe/kettle-commit-msg)
+- GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., `jira`) or `false` to disable
+- GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
+- GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
+- GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
+
+Git diff driver setup
+- Local setup writes repository `.gitattributes` entries and local Git `diff.smorg-*` command config so this checkout uses StructuredMerge semantic diffs.
+- Global setup registers `diff.smorg-*` commands once in the user Git config; use it when you work across several StructuredMerge-enabled repositories.
+- Include-file setup writes `.git/smorg/config` and includes it from local Git config, keeping command registrations out of the repository files.
+- Git hosting forges generally ignore external diff drivers, so pull request views may still show raw textual diffs even when local `git diff` uses semantic drivers.
+
+```console
+K_JEM_TEMPLATING=true bundle exec kettle-jem install
+```
+
+Troubleshooting Git diffs
+- Use `git diff --no-ext-diff` to compare against Git's built-in diff output.
+- Use `git diff --no-textconv` when a textconv projection obscures the raw file bytes you need to inspect.
+- If Git reports a missing `smorg-*` executable, rerun `bundle install` and the setup command above, then check `git config --local --get-regexp '^diff\.smorg-'`.
+- To remove managed local entries, run `K_JEM_TEMPLATING=true bundle exec kettle-jem install --undo`; remove global command registrations with `git config --global --unset-all diff.smorg-ruby.command`.
+
+For a quick starting point, this repository’s `mise.toml` defines the shared defaults, and `.env.local` can override them locally. Copy `.env.local.example` to `.env.local`, use `KEY=value` lines, and either activate `mise` in your shell or run commands through `mise exec -C /path/to/project -- ...`.
+
+## Appraisals
+
+From time to time the [appraisal2][🚎appraisal2] gemfiles in `gemfiles/` will need to be updated.
+Generated appraisal and CI workflow floors are controlled by `ruby.test_minimum`
+in `.structuredmerge/kettle-jem.yml`; this project was templated with `ruby.test_minimum: 2.4`.
+That value describes the lowest Ruby version expected to run the test/development
+toolchain, and it may be higher than the gemspec runtime floor.
+
+They are created and updated with the commands:
 
-```bash
-bundle exec reek > REEK
+```console
+bin/rake appraisal:update
 ```
 
+If you need to reset all gemfiles/*.gemfile.lock files:
+
+```console
+bin/rake appraisal:reset
+```
+
+When adding an appraisal to CI, check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use.
+
 ## Run Tests
 
-To run all tests
+Run tests via `kettle-test` (provided by `kettle-test`). It runs RSpec, writes the full log to
+`tmp/kettle-test/rspec-TIMESTAMP.log`, and prints a compact highlight block with timing, seed,
+pass/fail count, failing example list, and SimpleCov coverage percentages.
 
-```bash
-bundle exec rake test
+```console
+bundle exec kettle-test
 ```
 
+For targeted runs, disable the hard coverage threshold to avoid false failures:
+
+```console
+K_SOUP_COV_MIN_HARD=false bundle exec kettle-test spec/path/to/spec.rb
+```
+
+### Spec organization (required)
+
+- One spec file per class/module. For each class or module under `lib/`, keep all of its unit tests in a single spec file under `spec/` that mirrors the path and file name exactly: `lib/snaky_hash/my_class.rb` -> `spec/snaky_hash/my_class_spec.rb`.
+- Exception: Integration specs that intentionally span multiple classes. Place these under `spec/integration/` (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
+
 ## Lint It
 
 Run all the default tasks, which includes running the gradually autocorrecting linter, `rubocop-gradual`.
 
-```bash
+```console
 bundle exec rake
 ```
 
 Or just run the linter.
 
-```bash
+```console
 bundle exec rake rubocop_gradual:autocorrect
 ```
 
+For more detailed information about using RuboCop in this project, please see the [RUBOCOP.md](RUBOCOP.md) guide. This project uses `rubocop_gradual` instead of vanilla RuboCop, which requires specific commands for checking violations.
+
+### Important: Do not add inline RuboCop disables
+
+Never add `# rubocop:disable ...` / `# rubocop:enable ...` comments to code or specs (except when following the few existing `rubocop:disable` patterns for a rule already being disabled elsewhere in the code). Instead:
+
+- Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via `.rubocop.yml`).
+- When a violation is temporary, and you plan to fix it later, record it in `.rubocop_gradual.lock` using the gradual workflow:
+  - `bundle exec rake rubocop_gradual:autocorrect` (preferred)
+  - `bundle exec rake rubocop_gradual:force_update` (only when you cannot fix the violations immediately)
+
+As a general rule, fix style issues rather than ignoring them. For example, our specs should follow RSpec conventions like using `described_class` for the class under test.
+
 ## Contributors
 
 Your picture could be here!
@@ -80,60 +198,75 @@ Your picture could be here!
 
 Made with [contributors-img][🖐contrib-rocks].
 
-Also see GitLab Contributors: [https://gitlab.com/oauth-xx/snaky_hash/-/graphs/main][🚎contributors-gl]
+Also see GitLab Contributors: [https://gitlab.com/ruby-oauth/snaky_hash/-/graphs/main][🚎contributors-gl]
 
 ## For Maintainers
 
 ### One-time, Per-maintainer, Setup
 
-**IMPORTANT**: If you want to sign the build you create,
-your public key for signing gems will need to be picked up by the line in the
+**IMPORTANT**: To sign a build,
+a public key for signing gems will need to be picked up by the line in the
 `gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there).
-All releases to RubyGems.org will be signed.
+All releases are signed releases.
 See: [RubyGems Security Guide][🔒️rubygems-security-guide]
 
-NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some value in your environment.
+NOTE: To build without signing the gem set `SKIP_GEM_SIGNING` to any value in the environment.
 
 ### To release a new version:
 
-1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+#### Automated process
+
+1. Update version.rb to contain the correct version-to-be-released.
+2. Run `bundle exec kettle-changelog`.
+3. Run `bundle exec kettle-release`.
+4. Stay awake and monitor the release process for any errors, and answer any prompts.
+
+#### Manual process
+
+1. Run `bin/setup && bin/rake` as a "test, coverage, & linting" sanity check
 2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
-4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
-5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
-    - NOTE: Remember to [check the build][🧪build]!
-6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
-7. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
-8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code
-9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
+4. Run `bin/rake yard` to regenerate the docs site using the canonical docs task
+5. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
+6. Run `git push` to trigger the final CI pipeline before release, and merge PRs
+    - NOTE: Remember to [check the build][🧪build].
+7. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
+8. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
+9. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure latest trunk code
+10. Optional for older Bundler (< 2.7.0): Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use the same timestamp and generate the same checksums
+    - If your Bundler is >= 2.7.0, you can skip this; builds are reproducible by default.
     - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
     - If the echo above has no output, then it didn't work.
-    - Note that you'll need the `zsh/datetime` module, if running `zsh`.
+    - Note: `zsh/datetime` module is needed, if running `zsh`.
     - In older versions of `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
-10. Run `bundle exec rake build`
-11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
+11. Run `bundle exec rake build`
+12. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
     to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
     [gem][💎stone_checksums].
-    - Checksums will be committed automatically by the script, but not pushed
-12. Run `bundle exec rake release` which will create a git tag for the version,
-    push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
-
-[🚎src-main]: https://gitlab.com/oauth-xx/snaky_hash
-[🧪build]: https://github.com/oauth-xx/snaky_hash/actions
-[🤝conduct]: https://gitlab.com/oauth-xx/snaky_hash/-/blob/main/CODE_OF_CONDUCT.md
+    - The script automatically commits but does not push the checksums
+13. Sanity check the SHA256, comparing with the output from the `bin/gem_checksums` command:
+    - `sha256sum pkg/<gem name>-<version>.gem`
+14. Run `bundle exec rake release` which will create a git tag for the version,
+    push git commits and tags, and push the `.gem` file to the gem host configured in the gemspec.
+
+[📜src-gl]: https://gitlab.com/ruby-oauth/snaky_hash
+[📜src-cb]: https://codeberg.org/ruby-oauth/snaky_hash
+[📜src-gh]: https://github.com/ruby-oauth/snaky_hash
+[🧪build]: https://github.com/ruby-oauth/snaky_hash/actions
+[🤝conduct]: https://github.com/ruby-oauth/snaky_hash/blob/main/CODE_OF_CONDUCT.md
 [🖐contrib-rocks]: https://contrib.rocks
-[🖐contributors]: https://github.com/oauth-xx/snaky_hash/graphs/contributors
-[🚎contributors-gl]: https://gitlab.com/oauth-xx/snaky_hash/-/graphs/main
-[🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/snaky_hash
-[💎rubygems]: https://rubygems.org
+[🖐contributors]: https://github.com/ruby-oauth/snaky_hash/graphs/contributors
+[🚎contributors-gl]: https://gitlab.com/ruby-oauth/snaky_hash/-/graphs/main
+[🖐contributors-img]: https://contrib.rocks/image?repo=ruby-oauth/snaky_hash
+[💎gem-coop]: https://gem.coop
 [🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
 [🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022
 [🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325
-[💎stone_checksums]: https://github.com/pboling/stone_checksums
+[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
 [📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
 [📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
 [📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
 [📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
-[🚎appraisal-eval-gemfile-pr]: https://github.com/thoughtbot/appraisal/pull/248
-[🚎appraisal-fork]: https://github.com/pboling/appraisal/tree/galtzo
+[🚎appraisal2]: https://github.com/appraisal-rb/appraisal2
 [🏃‍♂️runner-tool-cache]: https://github.com/ruby/ruby-builder/releases/tag/toolcache
+[✉️discord-invite]: https://discord.gg/3qme4XHNKN