Skip to content

Commit 1b0d40f

Browse files
Merge pull request #152 from mq-rest-admin-project/feature/151-tooling-refresh
chore(tooling): refresh managed config to Vergil v2.0.76 (items 1/3/6/7)
2 parents c5a94f0 + 0e01c6b commit 1b0d40f

30 files changed

Lines changed: 290 additions & 202 deletions

.claude/settings.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"vergil-marketplace": {
2222
"source": {
2323
"source": "github",
24-
"repo": "vergil-project/vergil-plugin"
24+
"repo": "vergil-project/vergil-claude-plugin"
2525
}
2626
}
2727
},

.github/workflows/cd.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,4 @@ jobs:
3030
language: ruby
3131
container-tag: "3.4"
3232
registry-publish: true
33-
secrets:
34-
APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
35-
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
33+
secrets: inherit

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,3 +50,6 @@ doc/yard/
5050
# RuboCop remote config cache
5151
.rubocop-https?--*
5252
.worktrees/
53+
54+
# Vergil tooling scratch dir
55+
.vergil/

CLAUDE.md

Lines changed: 31 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -36,27 +36,27 @@ on-ramp.
3636
### Structure
3737

3838
```text
39-
~/dev/github/mq-rest-admin-ruby/ ← sessions ALWAYS start here
39+
<project-root>/ ← sessions ALWAYS start here
4040
.git/
41-
CLAUDE.md, lib/, spec/, … ← main worktree (usually `develop`)
42-
.worktrees/ ← container for parallel worktrees
43-
issue-105-adopt-worktree-convention/ ← worktree on feature/105-...
41+
CLAUDE.md, ← main worktree (usually `develop`)
42+
.worktrees/ ← container for parallel worktrees
43+
issue-<N>-<short-slug>/ ← worktree on feature/<N>-<short-slug>
4444
4545
```
4646

4747
### Rules
4848

4949
1. **Sessions always start at the project root.**
50-
`cd ~/dev/github/mq-rest-admin-ruby && claude` — never from inside
51-
`.worktrees/<name>/`. This keeps the memory-path slug stable and shared.
50+
Never start Claude from inside `.worktrees/<name>/`. This keeps the
51+
memory-path slug stable and shared.
5252
2. **Each parallel agent is assigned exactly one worktree.** The session
5353
prompt names the worktree (see Agent prompt contract below).
5454
- For Read / Edit / Write tools: use the worktree's absolute path.
5555
- For Bash commands that touch files: `cd` into the worktree first,
5656
or use absolute paths.
5757
3. **The main worktree is read-only.** All edits flow through a worktree
5858
on a feature branch — the logical endpoint of the standing
59-
"no direct commits to `develop`" policy.
59+
"no direct commits to develop" policy.
6060
4. **One worktree per issue.** Don't stack in-flight issues. When a
6161
branch lands, remove the worktree before starting the next.
6262
5. **Naming: `issue-<N>-<short-slug>`.** `<N>` is the GitHub issue
@@ -70,22 +70,44 @@ placeholders):
7070
```text
7171
You are working on issue #<N>: <issue title>.
7272
73-
Your worktree is: /Users/pmoore/dev/github/mq-rest-admin-ruby/.worktrees/issue-<N>-<slug>/
73+
Your worktree is: <project-root>/.worktrees/issue-<N>-<slug>/
7474
Your branch is: feature/<N>-<slug>
7575
7676
Rules for this session:
7777
- Do all git operations from inside your worktree:
78-
cd <absolute-worktree-path> && git <command>
78+
cd <absolute-worktree-path> && vrg-git <command>
7979
- For Read / Edit / Write tools, use the absolute worktree path.
8080
- For Bash commands that touch files, cd into the worktree first
8181
or use absolute paths.
8282
- Do not edit files at the project root. The main worktree is
8383
read-only — all changes flow through your worktree on your
8484
feature branch.
85+
- When you need to run validation, run it from inside your worktree
86+
(vrg-container-run mounts the current directory).
8587
```
8688

8789
All fields are required.
8890

91+
## Shell command policy
92+
93+
Use `vrg-git` instead of `git` for all git operations. Use `vrg-gh`
94+
instead of `gh` for all GitHub CLI operations. These wrappers enforce
95+
subcommand allowlists, flag deny lists, and credential selection.
96+
97+
Raw `git` and `gh` are denied by the permission model. If a command
98+
is not available through the wrappers, explain the situation to the
99+
human who can run it directly via `! <command>` in the prompt.
100+
101+
## Validation
102+
103+
```bash
104+
vrg-container-run -- vrg-validate
105+
```
106+
107+
This is the **only** validation command. Do not run individual linters,
108+
formatters, or other tools outside of `vrg-validate`. If a tool is not
109+
invoked by `vrg-validate`, it is not part of the validation pipeline.
110+
89111
## Project Overview
90112

91113
`mq-rest-admin` is a Ruby wrapper for the IBM MQ administrative REST
@@ -101,24 +123,12 @@ translation between Ruby idioms and native MQSC parameter names.
101123

102124
## Development Commands
103125

104-
### Standard Tooling
105-
106-
The Claude Code PreToolUse hook guard (`.claude/hooks/guard.sh`)
107-
blocks raw `git` and `gh` commands — use `vrg-git` / `vrg-gh`
108-
wrappers.
109-
110126
### Environment Setup
111127

112128
```bash
113129
bundle install
114130
```
115131

116-
### Validation
117-
118-
```bash
119-
vrg-docker-run -- vrg-validate # Canonical validation (runs in dev container)
120-
```
121-
122132
### CI
123133

124134
PR CI (`.github/workflows/ci.yml`) uses vergil-actions v2.0 reusable

README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,9 @@ require "mq/rest/admin"
3131
session = MQ::REST::Admin::Session.new(
3232
"https://localhost:9443/ibmmq/rest/v2",
3333
"QM1",
34-
credentials: MQ::REST::Admin::BasicAuth.new(username: "mqadmin", password: "mqadmin"),
35-
verify_tls: false
34+
credentials: MQ::REST::Admin::BasicAuth.new(username: "mqadmin", password: "mqadmin")
35+
# TLS is always verified. For a self-signed/dev queue manager, pass
36+
# tls_ca_file: "/path/to/dev-ca.pem"
3637
)
3738

3839
# Display queue manager attributes

docs/site/docs/api/session.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ session = MQ::REST::Admin::Session.new(
1414
qmgr_name,
1515
credentials:,
1616
gateway_qmgr: nil,
17-
verify_tls: true,
17+
tls_ca_file: nil,
1818
timeout_seconds: 30.0,
1919
map_attributes: true,
2020
mapping_strict: false,
@@ -33,7 +33,7 @@ session = MQ::REST::Admin::Session.new(
3333
| `qmgr_name` | `String` | (required) | Target queue manager name |
3434
| `credentials` | Auth object | (required) | `BasicAuth`, `LTPAAuth`, or `CertificateAuth` |
3535
| `gateway_qmgr` | `String` | `nil` | Gateway queue manager name for routing |
36-
| `verify_tls` | `Boolean` | `true` | Verify TLS certificates |
36+
| `tls_ca_file` | `String` | `nil` | PEM CA bundle to trust for TLS (nil = system store); certificates are always verified |
3737
| `timeout_seconds` | `Float` | `30.0` | HTTP request timeout |
3838
| `map_attributes` | `Boolean` | `true` | Enable attribute mapping |
3939
| `mapping_strict` | `Boolean` | `false` | Raise on unknown attributes |

docs/site/docs/api/transport.md

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,11 @@ Any object responding to `post_json` with the following signature can be used
4444
as a transport:
4545

4646
```ruby
47-
def post_json(url, payload, headers:, timeout_seconds:, verify_tls:)
47+
def post_json(url, payload, headers:, timeout_seconds:)
4848
# url: String - full URL
4949
# payload: Hash - JSON body to POST
5050
# headers: Hash - HTTP headers
5151
# timeout_seconds: Float or nil - request timeout
52-
# verify_tls: Boolean - whether to verify TLS certificates
5352
#
5453
# Returns: TransportResponse
5554
# Raises: TransportError on network failure
@@ -80,7 +79,7 @@ class MockTransport
8079
@calls = []
8180
end
8281

83-
def post_json(url, payload, headers:, timeout_seconds:, verify_tls:)
82+
def post_json(url, payload, headers:, timeout_seconds:)
8483
@calls << { url: url, payload: payload, headers: headers }
8584
response = @responses[@call_index]
8685
@call_index += 1

docs/site/docs/architecture.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ In Ruby, the transport is defined by a duck-type contract:
4848

4949
```ruby
5050
# Any object responding to #post_json with this signature
51-
def post_json(url, payload, headers:, timeout_seconds:, verify_tls:)
51+
def post_json(url, payload, headers:, timeout_seconds:)
5252
# Returns a TransportResponse
5353
end
5454
```
@@ -69,7 +69,7 @@ class MockTransport
6969
@calls = []
7070
end
7171

72-
def post_json(url, payload, headers:, timeout_seconds:, verify_tls:)
72+
def post_json(url, payload, headers:, timeout_seconds:)
7373
@calls << { url: url, payload: payload }
7474
response = @responses[@call_index]
7575
@call_index += 1

docs/site/docs/getting-started.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,9 @@ session = MQ::REST::Admin::Session.new(
3434
username: 'mqadmin',
3535
password: 'mqadmin'
3636
),
37-
verify_tls: false # for local development only
37+
# TLS is always verified. For a self-signed/dev queue manager, trust its
38+
# CA explicitly (nil uses the system trust store):
39+
tls_ca_file: ENV.fetch('MQ_REST_TLS_CA_FILE', nil)
3840
)
3941
```
4042

@@ -157,8 +159,7 @@ session = MQ::REST::Admin::Session.new(
157159
'https://qm1-host:9443/ibmmq/rest/v2',
158160
'QM2', # target queue manager
159161
credentials: MQ::REST::Admin::BasicAuth.new(username: 'mqadmin', password: 'mqadmin'),
160-
gateway_qmgr: 'QM1', # local gateway queue manager
161-
verify_tls: false
162+
gateway_qmgr: 'QM1' # local gateway queue manager
162163
)
163164

164165
qmgr = session.display_qmgr

examples/channel_status.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ def self.append_undefined_channels(results, definitions, live_status)
109109
username: ENV.fetch('MQ_ADMIN_USER', 'mqadmin'),
110110
password: ENV.fetch('MQ_ADMIN_PASSWORD', 'mqadmin')
111111
),
112-
verify_tls: false
112+
tls_ca_file: ENV.fetch('MQ_REST_TLS_CA_FILE', nil)
113113
)
114114

115115
MQ::REST::Admin::Examples::ChannelStatus.main(session)

0 commit comments

Comments
 (0)