Implement CSP reports collection Rails engine with Slack notifications

[Copilot]

Plan for implementing CSP reports collection Rails gem:

• Create gem structure (gemspec, lib directory, version file)
• Create Rails engine structure (engine.rb, routes, controller)
• Create Report model with migration
• Create CspReportsController with /csp-reports endpoint
• Add Slack notification capability
• Create initializer template for configuration
• Add test infrastructure and tests
• Update README with usage instructions
• Respect CSP violation report format (both old and new)
• Change routes to mount directly in main app without mount
• Add GitHub workflows to test gem
• Adjust versions to Ruby >= 3.2 and Rails >= 7.1
• Use JSONB for raw_report field
• Add Ruby 3.4 to CI workflow
• Add rubocop-codeur and normalize Ruby code style
• Fix code style in test files

Changes made in this commit:

• Changed single quotes to double quotes in all test strings
• Fixed hash syntax spacing (added spaces around braces)
• Changed assert_difference and assert_no_difference to use double quotes
• Fixed line alignment and indentation in test files
• Removed trailing blank lines in test assertions
• Fixed block syntax in stub_request with multi-line conditions
• All test files now conform to rubocop-codeur standards

Original prompt

This is a ruby gem which is a Rails plugin, which permit to collect, store and notify on Slack channel about CSP reports. The gem must provide a "/csp-reports" endpoint publicly accessible to permit to browser to post CSP violation reports. The reports have to be stored in a "Report" model which contains the reports and a column notified_at to follow notification.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[burisu]

@copilot Things to change:

• You have to respect CSP violation report format as specified in https://developer.mozilla.org/en-US/docs/Web/API/CSPViolationReportBody
• Due to engine mounting, change routes in order to mount "/csp-reports" route directly in main app without using mount. You should use Rails.application.routes.draw.
• Add github worflows to test gem

[Copilot]

@copilot Things to change:

• You have to respect CSP violation report format as specified in https://developer.mozilla.org/en-US/docs/Web/API/CSPViolationReportBody
• Due to engine mounting, change ...

All requested changes have been implemented in commit cdf1573:

1. CSP Report Format: Controller now supports both old format ({"csp-report": {...}}) and modern format (direct fields) with both kebab-case and camelCase field names per MDN specification

2. Routes: Removed manual mounting requirement - the /csp-reports endpoint is now automatically added to the main app via engine initializer using Rails.application.routes

3. GitHub Workflows: Added .github/workflows/test.yml to test the gem across Ruby 3.0-3.2 and Rails 6.1-7.1

Tests updated to verify both CSP formats and new routing structure.

[burisu]

Adjust versions to support Ruby >= 3.2 and Rails >= 7.1

[Copilot]

Updated in commit d82ec31. GitHub workflow now tests Ruby 3.2-3.3 and Rails 7.1-7.2. Also updated gemspec to require Ruby >= 3.2.0 and Rails >= 7.1.

[burisu]

Use JSONB instead of TEXT type for raw_report.

[Copilot]

Changed in commit d82ec31. Migration now uses t.jsonb :raw_report, null: false, default: {}. Controller updated to store hash directly instead of JSON string. All tests updated accordingly.

[burisu]

@copilot Fix last review comments

[Copilot]

@copilot Fix last review comments

Both review comments have been addressed in commit d82ec31:

1. Ruby/Rails versions: Now requires Ruby >= 3.2 and Rails >= 7.1
2. JSONB field: raw_report now uses JSONB type with default {}

All tests updated and passing with the new requirements.

[burisu]

@copilot Add rubocop-codeur gem and run rubocop to normalize Ruby code.

[burisu]

@copilot Don't forget Ruby 3.4

[Copilot]

Added Ruby 3.4 to the workflow matrix in commit 4e09c83.

[burisu]

@copilot Can you fix the tests too?

[Copilot]

@copilot Add rubocop-codeur gem and run rubocop to normalize Ruby code.

Done in commit 4e09c83. Added rubocop-codeur as development dependency and normalized all Ruby code with:

• frozen_string_literal comments
• Double quotes for string literals
• StandardError for rescue clauses
• Refactored long methods
• Consistent code style throughout

[Copilot]

@copilot Can you fix the tests too?

Fixed in commit e6b7069. All test files now follow rubocop-codeur standards:

• Double quotes for all strings
• Proper hash spacing
• Correct indentation and alignment
• Fixed block syntax in assertions