If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/airbnb/ruby shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 5mo ago
• 24+ active contributors
• Distributed ownership (top contributor 25% of recent commits)
• MIT licensed
• CI configured
• Tests present
• ⚠ Slowing — last commit 5mo ago

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live airbnb/ruby repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/airbnb/ruby.

What it runs against: a local clone of airbnb/ruby — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in airbnb/ruby | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | Last commit ≤ 172 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of airbnb/ruby. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/airbnb/ruby.git
#   cd ruby
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of airbnb/ruby and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "airbnb/ruby(\\.git)?\\b" \\
  && ok "origin remote is airbnb/ruby" \\
  || miss "origin remote is not airbnb/ruby (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 172 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~142d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/airbnb/ruby"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Airbnb's Ruby Style Guide is a RuboCop plugin and enforcement system that defines and automates Ruby code style standards across Airbnb's engineering. It provides 30+ custom RuboCop cops (rules) in rubocop-airbnb/lib/rubocop/cop/airbnb/ that enforce Airbnb-specific patterns, plus curated configurations for Rails, RSpec, Bundler, and other ecosystems in rubocop-airbnb/config/. The guide itself (in README.md and rationales.md) documents best practices for whitespace, methods, naming, Rails patterns, and exception handling. Two-part monorepo: root level holds the style guide markdown (README.md, rationales.md, CONTRIBUTING.md), while rubocop-airbnb/ is a packaged RuboCop plugin with standard Gem layout (lib/rubocop/ for code, config/ for YAML rule definitions, spec/ implied by .rspec). Custom cops live under lib/rubocop/cop/airbnb/ organized by concern (e.g., in_wrong_file.rb, simple.rb); config files are split by cop domain (rubocop-rails.yml, rubocop-rspec.yml, etc.) for selective enablement.

Ruby developers at Airbnb who need to enforce consistent code style across thousands of files; teams adopting Airbnb's standards via the public RuboCop plugin; junior engineers onboarding to Ruby codebases who use this as a learning reference for idiomatic style.

This is a mature, actively maintained project. It has comprehensive CI/CD setup (.github/workflows/rspec_rubocop.yml), structured CHANGELOG.md tracking changes, proper versioning (rubocop-airbnb/lib/rubocop/airbnb/version.rb), and is published as a public Gem. The presence of rationales.md alongside style rules and a CONTRIBUTING.md indicates long-standing, well-documented governance.

Low risk for consumers: this is a style guide plugin with no production dependencies beyond RuboCop itself, so breakage is limited to build failures, not runtime. Main risk: the custom cops in lib/rubocop/cop/airbnb/ (e.g., DefaultScope, FactoryAttrReferencesClass) are Airbnb-specific and may not generalize to other codebases; teams must understand rationales.md before adoption. Last commit date and open issue backlog are not visible from the file list, so currency cannot be fully assessed.

File structure and CHANGELOG.md presence indicate active maintenance, but specific PRs and recent commits are not visible from the provided data. The repo likely tracks issues against custom cops and style rule refinements; the CONTRIBUTING.md suggests an open contribution process.

git clone https://github.com/airbnb/ruby.git
cd ruby/rubocop-airbnb
bundle install
bundle exec rspec
bundle exec rubocop

Daily commands:

cd rubocop-airbnb
bundle exec rspec              # Run custom cop tests
bundle exec rubocop -a         # Run linter on this repo's own code
bundle exec rubocop --version  # Verify RuboCop plugin installation

• rubocop-airbnb/lib/rubocop/cop/airbnb: Directory containing 20+ custom RuboCop cops that enforce Airbnb-specific rules; the core value of this plugin
• rubocop-airbnb/config/rubocop-airbnb.yml: Main configuration file that enables/disables rules and sets severity; acts as the entry point for consuming the plugin
• README.md: Primary style guide reference with code examples for whitespace, naming, Rails patterns, and exceptions
• rationales.md: Explains the 'why' behind style decisions, helping developers understand trade-offs and context for each rule
• rubocop-airbnb/lib/rubocop/airbnb/rails_autoloading.rb: Helper module that enforces Rails autoloading conventions (likely used by file-placement cops like ClassOrModuleDeclaredInWrongFile)
• .github/workflows/rspec_rubocop.yml: GitHub Actions CI pipeline that validates all custom cops pass tests and linting on every commit
• CONTRIBUTING.md: Documents how external contributors should propose new style rules or amendments

Adding a new style rule: (1) write a test in spec/rubocop/cop/airbnb/your_cop_spec.rb (see existing *_spec.rb files as templates), (2) implement the cop in lib/rubocop/cop/airbnb/your_cop.rb inheriting from RuboCop::Cop::Base, (3) add config to rubocop-airbnb/config/default.yml or a domain-specific config file, (4) document the rationale in rationales.md with examples. For style guide text updates only: edit README.md directly and cross-reference in rationales.md.

No significant hidden traps in the file list. However: (1) The custom cops like DefaultScope and FactoryAttrReferencesClass are opinionated and Airbnb-specific—disabling individual rules in rubocop-airbnb.yml may be necessary for non-Airbnb projects; (2) Rails cops (rubocop-rails.yml) assume a Rails monolith structure; (3) The plugin must be installed via Gemfile (gem 'rubocop-airbnb', require: false) for CI to pick it up; (4) Some cops (e.g., RailsAutoloading) rely on filesystem conventions that may differ in non-standard project layouts.

• RuboCop Cop Architecture — Every custom rule in lib/rubocop/cop/airbnb/.rb is a Cop; understanding how cops traverse AST nodes (via on_ visitors) is essential to writing or modifying enforcement rules
• Abstract Syntax Tree (AST) node visitors — Custom cops use AST patterns (e.g., on_def, on_class, on_send) to detect code violations; understanding node types is critical for implementing new rules
• Rails autoloading and constant resolution — Cops like ClassOrModuleDeclaredInWrongFile and ConstAssignedInWrongFile enforce Rails' implicit require conventions; understanding constant_name -> file_path mappings (in rails_autoloading.rb) is critical for file-placement validation
• YAML configuration inheritance in RuboCop — Config files use inherits_from and per-rule EnabledByDefault/Exclude patterns; understanding how rubocop-airbnb.yml composes inherited configs (bundler.yml, rails.yml, etc.) is needed to customize enforcement
• Mass assignment and attr_accessor security patterns — Cops like MassAssignmentAccessibleModifier enforce Rails security best practices around attr_accessible; understanding Rails security model helps interpret why these rules exist
• RSpec matchers and spec organization — Cops like RspecDescribeOrContextUnderNamespace and RspecEnvironmentModification enforce RSpec best practices; understanding describe/context hierarchy and side-effect isolation is needed to write correct specs
• Phrase bundle keys and i18n conventions — The PhraseBundleKeys cop enforces Airbnb's i18n (internationalization) naming standards; understanding translation key patterns helps maintain consistency across locales

• rubocop/ruby-style-guide — Official RuboCop community style guide that this Airbnb guide was inspired by and extends with custom cops
• rubocop/rubocop — Core RuboCop gem that rubocop-airbnb plugs into; required dependency for all cops to function
• airbnb/javascript — Airbnb's parallel JavaScript style guide and linting config; referenced in README as a sibling standard for frontend/full-stack teams
• github/rubocop-github — GitHub's own RuboCop plugin for style enforcement; similar in scope and architecture, useful for comparing plugin design patterns
• shopify/ruby-style-guide — Another production Ruby style guide with custom cops; alternative reference for Rails and architecture patterns

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive test coverage for RuboCop Airbnb custom cops

Several custom cop implementations in rubocop-airbnb/lib/rubocop/cop/airbnb/ lack corresponding spec files. Specifically, simple_modifier_conditional_spec.rb, simple_unless_spec.rb, spec_constant_assignment_spec.rb, and unsafe_yaml_marshal_spec.rb are missing from rubocop-airbnb/spec/rubocop/cop/airbnb/. These cops enforce important style rules but have no automated tests, making them harder to maintain and prone to regression.

• [ ] Create rubocop-airbnb/spec/rubocop/cop/airbnb/simple_modifier_conditional_spec.rb with test cases for both compliant and non-compliant code
• [ ] Create rubocop-airbnb/spec/rubocop/cop/airbnb/simple_unless_spec.rb covering unless conditionals
• [ ] Create rubocop-airbnb/spec/rubocop/cop/airbnb/spec_constant_assignment_spec.rb for test constant assignments
• [ ] Create rubocop-airbnb/spec/rubocop/cop/airbnb/unsafe_yaml_marshal_spec.rb for YAML/Marshal safety violations
• [ ] Ensure all specs follow the existing test patterns in other spec files and verify tests pass with bundle exec rspec

Document custom Airbnb RuboCop cops in rationales.md

The rationales.md file exists but likely lacks detailed explanations for the 16+ custom Airbnb cops (e.g., DefaultScope, MassAssignmentAccessibleModifier, RiskyActiverecordInvocation, RspecEnvironmentModification). Contributors and users need to understand the reasoning behind these custom rules to effectively use and maintain them.

• [ ] Review each cop in rubocop-airbnb/lib/rubocop/cop/airbnb/ and extract the DESCRIPTION/MESSAGE from implementations
• [ ] Add a 'Custom Airbnb Cops' section to rationales.md with subsections for each cop
• [ ] For each cop, document: the rule name, what it prevents, why it matters at Airbnb, and example code violations
• [ ] Link cop documentation to their config entries in rubocop-airbnb/config/rubocop-airbnb.yml
• [ ] Update rubocop-airbnb/README.md to reference the detailed rationales in the main README

Add support for RuboCop/Bundler/Security/Performance config validation tests

The rubocop-airbnb/config/ directory contains 10+ YAML configuration files (bundler, capybara, security, performance, etc.), but there are no tests validating that these configs are syntactically correct, don't conflict with each other, or correctly extend default.yml. A test suite would catch configuration errors before they break user setups.

• [ ] Create rubocop-airbnb/spec/config_spec.rb to validate all YAML files in rubocop-airbnb/config/
• [ ] Add tests to ensure each config file is valid YAML and loads without errors
• [ ] Add tests to verify configs don't define conflicting rules or enabled/disabled states
• [ ] Add tests to ensure all referenced cops actually exist in RuboCop gems (bundler, rspec, factory_bot, capybara, etc.)
• [ ] Integrate config validation into .github/workflows/rspec_rubocop.yml CI pipeline

• Add test coverage for edge cases in rubocop-airbnb/lib/rubocop/cop/airbnb/simple_modifier_conditional.rb (search for conditional edge cases like nested ternaries or guard clauses with complex predicates)
• Expand rationales.md with examples for the 'Syntax' and 'Exceptions' sections referenced in README.md's table of contents but potentially underdocumented
• Create a rubocop-airbnb/config/rubocop-sidekiq.yml for Sidekiq-specific cops (similar to factory_bot.yml and capybara.yml) and add corresponding tests, if Airbnb uses Sidekiq at scale

This Ruby Style Guide and RuboCop plugin codebase demonstrates good security awareness through custom cops for unsafe YAML marshaling and risky ActiveRecord invocations. However, the security posture could be strengthened by: (1) adding explicit security guidelines to the style guide, (2) implementing automated dependency vulnerability scanning in CI/CD, (3) ensuring comprehensive detection of all unsafe patterns in existing security-focused cops, and (4) documenting secret management best practices. No critical vulnerabilities were identified in the visible structure, but security documentation and automation gaps represent medium-level concerns for teams adopting this guide.

• Medium · Potential YAML Deserialization Vulnerability — rubocop-airbnb/lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb. The codebase includes a cop for 'unsafe_yaml_marshal' (unsafe_yaml_marshal.rb), indicating awareness of YAML deserialization risks. However, the presence of this cop suggests the project may have encountered or is guarding against unsafe YAML operations. The cop file itself should be reviewed to ensure it properly detects all unsafe patterns. Fix: Ensure the unsafe_yaml_marshal cop comprehensively detects unsafe YAML deserialization patterns. Use safe_load instead of load for YAML parsing. Document safe YAML handling practices in the style guide.
• Medium · ActiveRecord Invocation Security Cop Analysis Required — rubocop-airbnb/lib/rubocop/cop/airbnb/risky_activerecord_invocation.rb. The codebase includes a 'risky_activerecord_invocation' cop, indicating potential SQL injection or unsafe ActiveRecord patterns. Without reviewing the actual implementation, it's unclear if all risky patterns are properly detected and prevented. Fix: Review the risky_activerecord_invocation cop to ensure it detects raw SQL queries, SQL interpolation, and unsafe where clauses. Ensure developers use parameterized queries and ActiveRecord's safe methods.
• Low · Missing Security Documentation — README.md, rationales.md. While the style guide covers general Ruby practices, there is no dedicated security section visible in the README structure. Security best practices should be explicitly documented alongside code style guidelines. Fix: Add a dedicated 'Security' section to the style guide covering: secure defaults, secrets management, dependency vulnerabilities, common attack vectors (XSS, CSRF, SQLi), and secure authentication/authorization patterns.
• Low · No Visible Dependency Vulnerability Scanning — .github/workflows/rspec_rubocop.yml. The file structure shows GitHub Actions workflow for RSpec and RuboCop, but no evidence of dependency vulnerability scanning (e.g., bundler-audit, Dependabot configuration). Fix: Implement automated dependency vulnerability scanning in CI/CD pipeline. Use 'bundler-audit' or enable Dependabot to detect and alert on vulnerable gem versions.
• Low · Potential Environment Variable Exposure Risk — .gitignore. While .gitignore exists, the specific exclusions for sensitive files like .env or credentials are not visible in the provided file structure. This could lead to accidental commits of sensitive data. Fix: Ensure .gitignore explicitly excludes: .env, .env.*.local, config/credentials.yml.enc, master.key, and other credential files. Document secret management approach in CONTRIBUTING.md.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.