master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.3 KiB
1.3 KiB
Entry-Point Runtime — Ruby
Signals to gather
argv0equalsruby,bundle,bundler,rackup,puma,unicorn,sidekiq, orresque.- Bundler scripts:
bundle exec <cmd>; Gemfile andGemfile.lock. - Rails and Rack hints:
config.ru,bin/rails,bin/rake. - Background jobs:
sidekiq,delayed_job,resque. - Environment variables (
RAILS_ENV,RACK_ENV,BUNDLE_GEMFILE).
Implementation notes
- Normalise
bundle execby skipping the bundler wrapper and targeting the actual command. - Resolve script paths relative to the working directory.
- For
puma/unicorn, parse config files (config/puma.rb,config/unicorn.rb) to gather ports/workers. - Recognise
foreman startorovermindlaunching Procfile processes—may devolve toSupervisorclassification.
Evidence & scoring
- Boost confidence when
Gemfile.lockexists and the requested server script is found. - Add evidence for env variables and config files.
- Penalise ambiguous CLI invocations or missing artefacts.
Edge cases
- Alpine distroless images may rely on
rubysymlinks; confirm binary presence. - JRuby (running on Java) may trigger both Ruby and Java signals—prefer Ruby if
ruby/jrubyinterpreter is explicit. - Supervisors launching multiple Ruby workers should produce a single
Supervisorentry with Ruby children.