feat: add Perl language rules, skills, and update documentation#366
Merged
affaan-m merged 4 commits intoaffaan-m:mainfrom Mar 11, 2026
Merged
feat: add Perl language rules, skills, and update documentation#366affaan-m merged 4 commits intoaffaan-m:mainfrom
affaan-m merged 4 commits intoaffaan-m:mainfrom
Conversation
Add rules/perl/ with 5 rule files (coding-style, testing, patterns, hooks, security) following the same structure as existing languages. Update README.md, README.zh-CN.md, and rules/README.md to document Perl support including badges, directory trees, install instructions, and rule counts.
Contributor
📝 WalkthroughWalkthroughAdds first-class Perl support: new Changes
Sequence Diagram(s)(Section skipped — changes are documentation and repo-structure additions without multi-component control flow requiring visualization.) Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
4 issues found across 11 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="skills/perl-security/SKILL.md">
<violation number="1" location="skills/perl-security/SKILL.md:200">
P1: Path traversal check is vulnerable to prefix confusion. If `$base_real` is `/var/data`, the path `/var/data_evil/secret` passes the regex because it also starts with `/var/data`. Append a directory-separator anchor so only genuine children of `$base_dir` are allowed.</violation>
</file>
<file name="README.md">
<violation number="1" location="README.md:113">
P2: This retroactively adds `perl/` to the **v1.4.0** changelog entry, but Perl support is being introduced in this PR — not in v1.4.0. Rewriting a past release description misrepresents what that version actually shipped. Instead, document Perl support under a new v1.8.0 bullet (or whichever version this PR targets).</violation>
</file>
<file name="skills/perl-patterns/SKILL.md">
<violation number="1" location="skills/perl-patterns/SKILL.md:160">
P2: `$a` and `$b` are special Perl package variables used by `sort`. Using them as signature parameters shadows these globals and is a known anti-pattern — particularly problematic in a best-practices guide. Rename to `$numerator, $denominator` or `$x, $y`.</violation>
<violation number="2" location="skills/perl-patterns/SKILL.md:167">
P2: The example uses `return undef;` but the perlcritic config later in this same file sets `ProhibitExplicitReturnUndef` at severity 4. A best-practices guide should be consistent with its own linting recommendations — use bare `return;` instead.</violation>
</file>
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Add one-off context when rerunning by tagging
@cubic-dev-aiwith guidance or docs links (includingllms.txt) - Ask questions if you need clarification on any suggestion
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (5)
rules/perl/testing.md (1)
11-11: Grammar: Use hyphen in compound adjective.The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.
📝 Suggested fix
-> This file extends [common/testing.md](../common/testing.md) with Perl specific content. +> This file extends [common/testing.md](../common/testing.md) with Perl-specific content.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/perl/testing.md` at line 11, Replace the phrase "Perl specific content" with the hyphenated compound adjective "Perl-specific content" in the rules/perl/testing.md line that reads "This file extends [common/testing.md](../common/testing.md) with Perl specific content." so the sentence correctly uses a hyphenated compound adjective.rules/perl/patterns.md (1)
11-11: Grammar: Use hyphen in compound adjective.The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.
📝 Suggested fix
-> This file extends [common/patterns.md](../common/patterns.md) with Perl specific content. +> This file extends [common/patterns.md](../common/patterns.md) with Perl-specific content.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/perl/patterns.md` at line 11, Replace the compound adjective "Perl specific content" in the sentence "This file extends [common/patterns.md] with Perl specific content." with the hyphenated form "Perl-specific content" so the phrase reads "This file extends [common/patterns.md] with Perl-specific content." to follow compound-adjective grammar rules.rules/perl/security.md (1)
11-11: Grammar: Use hyphen in compound adjective.The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.
📝 Suggested fix
-> This file extends [common/security.md](../common/security.md) with Perl specific content. +> This file extends [common/security.md](../common/security.md) with Perl-specific content.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/perl/security.md` at line 11, Update the sentence "This file extends [common/security.md](../common/security.md) with Perl specific content." to use the compound adjective form by replacing "Perl specific content" with "Perl-specific content" so the phrase reads "...with Perl-specific content."; locate this exact sentence in rules/perl/security.md and make the hyphenation change.rules/perl/hooks.md (1)
11-11: Grammar: Use hyphen in compound adjective.The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.
📝 Suggested fix
-> This file extends [common/hooks.md](../common/hooks.md) with Perl specific content. +> This file extends [common/hooks.md](../common/hooks.md) with Perl-specific content.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/perl/hooks.md` at line 11, Change the compound adjective "Perl specific content" to use a hyphen: replace "Perl specific content" with "Perl-specific content" in the sentence "This file extends [common/hooks.md] with Perl specific content." to correct the grammar.rules/perl/coding-style.md (1)
11-11: Grammar: Use hyphen in compound adjective.The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.
📝 Suggested fix
-> This file extends [common/coding-style.md](../common/coding-style.md) with Perl specific content. +> This file extends [common/coding-style.md](../common/coding-style.md) with Perl-specific content.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/perl/coding-style.md` at line 11, The phrase "Perl specific content" in the document should use a hyphen for the compound adjective; update the sentence in rules/perl/coding-style.md to read "Perl-specific content" instead of "Perl specific content" so the compound adjective correctly modifies the noun.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@rules/perl/coding-style.md`:
- Line 11: The phrase "Perl specific content" in the document should use a
hyphen for the compound adjective; update the sentence in
rules/perl/coding-style.md to read "Perl-specific content" instead of "Perl
specific content" so the compound adjective correctly modifies the noun.
In `@rules/perl/hooks.md`:
- Line 11: Change the compound adjective "Perl specific content" to use a
hyphen: replace "Perl specific content" with "Perl-specific content" in the
sentence "This file extends [common/hooks.md] with Perl specific content." to
correct the grammar.
In `@rules/perl/patterns.md`:
- Line 11: Replace the compound adjective "Perl specific content" in the
sentence "This file extends [common/patterns.md] with Perl specific content."
with the hyphenated form "Perl-specific content" so the phrase reads "This file
extends [common/patterns.md] with Perl-specific content." to follow
compound-adjective grammar rules.
In `@rules/perl/security.md`:
- Line 11: Update the sentence "This file extends
[common/security.md](../common/security.md) with Perl specific content." to use
the compound adjective form by replacing "Perl specific content" with
"Perl-specific content" so the phrase reads "...with Perl-specific content.";
locate this exact sentence in rules/perl/security.md and make the hyphenation
change.
In `@rules/perl/testing.md`:
- Line 11: Replace the phrase "Perl specific content" with the hyphenated
compound adjective "Perl-specific content" in the rules/perl/testing.md line
that reads "This file extends [common/testing.md](../common/testing.md) with
Perl specific content." so the sentence correctly uses a hyphenated compound
adjective.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 391ebf7a-c2c3-4e70-b1b3-5a7840b5b5f5
📒 Files selected for processing (11)
README.mdREADME.zh-CN.mdrules/README.mdrules/perl/coding-style.mdrules/perl/hooks.mdrules/perl/patterns.mdrules/perl/security.mdrules/perl/testing.mdskills/perl-patterns/SKILL.mdskills/perl-security/SKILL.mdskills/perl-testing/SKILL.md
- Fix path traversal regex prefix confusion in perl-security skill - Revert v1.4.0 changelog entry (Perl not part of that release) - Rename $a/$b to $x/$y to avoid shadowing sort globals - Replace return undef with bare return per perlcritic rules
There was a problem hiding this comment.
1 issue found across 3 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="skills/perl-security/SKILL.md">
<violation number="1" location="skills/perl-security/SKILL.md:200">
P2: The added trailing `/` in the regex fixes the prefix-match bypass but now incorrectly blocks access to the base directory itself (e.g., when `$user_path` resolves to exactly `$base_dir`). Use an alternation to accept both the exact match and child paths.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
skills/perl-patterns/SKILL.md (1)
1-18: Documentation structure follows conventions.The YAML frontmatter is well-formed and the "When to Activate" section clearly describes usage scenarios. The file name follows the lowercase-with-hyphens convention.
However, the coding guidelines specify that skills should include "When to Use, How It Works, and Examples" sections. This file has "When to Activate" (acceptable variant) and extensive examples, but lacks an explicit "How It Works" section. Consider adding a brief section explaining the overall philosophy or approach before diving into specific patterns.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@skills/perl-patterns/SKILL.md` around lines 1 - 18, Add a brief "How It Works" section to the skill (perl-patterns) describing the overall philosophy and approach to Modern Perl 5.36+ development—place it after the existing "When to Activate" heading and before the pattern details/examples; keep it short (2–4 sentences) summarizing key principles (e.g., strict typing/decls, use of CPAN/Core modules, error handling, testing and modular design) and how the subsequent examples illustrate those principles so readers know what to expect.skills/perl-security/SKILL.md (1)
1-19: Documentation structure follows conventions.Similar to the patterns skill, this file has well-formed YAML frontmatter and a clear "When to Activate" section. The file name follows lowercase-with-hyphens convention. However, per coding guidelines, consider adding an explicit "How It Works" section to complement the activation scenarios and examples.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@skills/perl-security/SKILL.md` around lines 1 - 19, Add an explicit "How It Works" section to skills/perl-security/SKILL.md that explains the core security concepts and patterns (e.g., taint mode, input validation, safe process execution, DBI parameterized queries, XSS/SQLi/CSRF mitigations), provides brief examples or links to canonical examples, and maps those concepts to the existing "When to Activate" scenarios; update the document header content to include this new section so reviewers can quickly see both activation conditions and the concrete mechanics of applying perl-security.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@README.md`:
- Line 835: Update the "Language-specific skills" line to accurately reflect
existing rule directories: verify presence of rules/typescript and rules/swift
and include them, remove or clarify "Java" if there is no rules/java/ directory,
and ensure the list mentions the actual supported languages (e.g., Go, Python,
Perl, TypeScript, Swift, and any others with rule folders); edit the sentence
near the "Language-specific skills" heading so it no longer claims languages
that aren't present and instead enumerates the confirmed directories (refer to
the "Language-specific skills" line in README.md when making the change).
- Line 20: Update the README headline that currently reads "**7 languages
supported**" to "**5 languages supported**" to match the repository's language
directories; locate and replace the string "**7 languages supported**" in the
README (the headline containing stars/forks/contributors/languages) with "**5
languages supported**".
---
Nitpick comments:
In `@skills/perl-patterns/SKILL.md`:
- Around line 1-18: Add a brief "How It Works" section to the skill
(perl-patterns) describing the overall philosophy and approach to Modern Perl
5.36+ development—place it after the existing "When to Activate" heading and
before the pattern details/examples; keep it short (2–4 sentences) summarizing
key principles (e.g., strict typing/decls, use of CPAN/Core modules, error
handling, testing and modular design) and how the subsequent examples illustrate
those principles so readers know what to expect.
In `@skills/perl-security/SKILL.md`:
- Around line 1-19: Add an explicit "How It Works" section to
skills/perl-security/SKILL.md that explains the core security concepts and
patterns (e.g., taint mode, input validation, safe process execution, DBI
parameterized queries, XSS/SQLi/CSRF mitigations), provides brief examples or
links to canonical examples, and maps those concepts to the existing "When to
Activate" scenarios; update the document header content to include this new
section so reviewers can quickly see both activation conditions and the concrete
mechanics of applying perl-security.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 1e6d39d6-5bfe-4cba-abb8-00be0de805c5
📒 Files selected for processing (3)
README.mdskills/perl-patterns/SKILL.mdskills/perl-security/SKILL.md
There was a problem hiding this comment.
1 issue found across 9 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="README.md">
<violation number="1" location="README.md:836">
P2: Moving Java to the "needs contributions" list contradicts the Java badge still displayed in the badges section above. Either remove the Java badge or keep Java in the "already included" list (it has a `skills/java-coding-standards/` skill, though no `rules/java/` directory).</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| ### Ideas for Contributions | ||
|
|
||
| - Language-specific skills (Rust, C#, Swift, Kotlin) — Go, Python, Java already included | ||
| - Language-specific skills (Rust, C#, Kotlin, Java) — Go, Python, Perl, Swift, and TypeScript already included |
There was a problem hiding this comment.
P2: Moving Java to the "needs contributions" list contradicts the Java badge still displayed in the badges section above. Either remove the Java badge or keep Java in the "already included" list (it has a skills/java-coding-standards/ skill, though no rules/java/ directory).
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At README.md, line 836:
<comment>Moving Java to the "needs contributions" list contradicts the Java badge still displayed in the badges section above. Either remove the Java badge or keep Java in the "already included" list (it has a `skills/java-coding-standards/` skill, though no `rules/java/` directory).</comment>
<file context>
@@ -832,7 +833,7 @@ Please contribute! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
### Ideas for Contributions
-- Language-specific skills (Rust, C#, Swift, Kotlin) — Go, Python, Java, Perl already included
+- Language-specific skills (Rust, C#, Kotlin, Java) — Go, Python, Perl, Swift, and TypeScript already included
- Framework-specific configs (Rails, Laravel, FastAPI, NestJS) — Django, Spring Boot already included
- DevOps agents (Kubernetes, Terraform, AWS, Docker)
</file context>
Suggested change
| - Language-specific skills (Rust, C#, Kotlin, Java) — Go, Python, Perl, Swift, and TypeScript already included | |
| - Language-specific skills (Rust, C#, Kotlin) — Go, Python, Java, Perl, Swift, and TypeScript already included |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@rules/perl/patterns.md`:
- Line 23: The example in the Repository Pattern shows a package
MyApp::Repo::User with sub find_by_id ($self, $id) using subroutine signatures
but lacks the required pragma; add "use v5.36;" near the top of that example
(e.g., immediately after the package declaration and before use Moo) so the
signature syntax is valid and the snippet matches the project's coding-style.md.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: d3b6acc6-3c23-4851-befa-4e97166ed6da
📒 Files selected for processing (9)
README.mdREADME.zh-CN.mdrules/perl/coding-style.mdrules/perl/hooks.mdrules/perl/patterns.mdrules/perl/security.mdrules/perl/testing.mdskills/perl-patterns/SKILL.mdskills/perl-security/SKILL.md
✅ Files skipped from review due to trivial changes (1)
- rules/perl/coding-style.md
🚧 Files skipped from review as they are similar to previous changes (5)
- rules/perl/hooks.md
- skills/perl-security/SKILL.md
- skills/perl-patterns/SKILL.md
- rules/perl/testing.md
- rules/perl/security.md
|
|
||
| has dbh => (is => 'ro', required => 1); | ||
|
|
||
| sub find_by_id ($self, $id) { |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Verify Perl version/feature declarations in rule files
# Check for version or feature declarations in Perl rule files
rg -n "use v5\\.36|use feature.*signatures" rules/perl/
# Also check the coding-style rule for version guidance
rg -n -A 3 "signature|v5\\.36|modern.*perl" rules/perl/coding-style.mdRepository: affaan-m/everything-claude-code
Length of output: 408
🏁 Script executed:
head -30 rules/perl/patterns.mdRepository: affaan-m/everything-claude-code
Length of output: 626
Add use v5.36; to the code example in the Repository Pattern section.
The code example uses subroutine signatures (sub find_by_id ($self, $id)), which requires Perl 5.36+. Per the project's coding-style.md, all Perl files must include use v5.36; at the top. The example should be updated to include this pragma for completeness and to match the project's style guidelines.
Updated code example
package MyApp::Repo::User;
use v5.36;
use Moo;
has dbh => (is => 'ro', required => 1);
sub find_by_id ($self, $id) {
my $sth = $self->dbh->prepare('SELECT * FROM users WHERE id = ?');
$sth->execute($id);
return $sth->fetchrow_hashref;
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@rules/perl/patterns.md` at line 23, The example in the Repository Pattern
shows a package MyApp::Repo::User with sub find_by_id ($self, $id) using
subroutine signatures but lacks the required pragma; add "use v5.36;" near the
top of that example (e.g., immediately after the package declaration and before
use Moo) so the signature syntax is valid and the snippet matches the project's
coding-style.md.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Perl 5.36+ workflows
instructions, counts)
Type
Testing
Type of Change
feat:New featureChecklist
node tests/run-all.js)Summary by cubic
Adds full Perl support with new language rules and three skills for modern Perl 5.36+. Tightens EN + zh-CN docs with Perl badges, per-language install/copy examples (common + perl), updated directory trees, Cursor examples, and rule counts.
New Features
rules/perl/with five files:coding-style,patterns,testing,security,hooks.perl-patterns,perl-security,perl-testingcovering Test2::V0,perlcritic,perltidy, taint mode, and DBI placeholders.Bug Fixes
perl-securityskill (realpath prefix anchoring).return undefwith barereturnto satisfyperlcritic.$a/$bto$x/$yto avoidsortglobal shadowing.Written for commit c3f9160. Summary will update on new commits.
Summary by CodeRabbit
New Features
Documentation
Chores