feat: add Perl language rules, skills, and update documentation

[necipsunmaz]

Description

• Add `rules/perl/` with 5 rule files (coding-style, testing, patterns, hooks, security)
• Add `skills/perl-patterns/`, `skills/perl-security/`, `skills/perl-testing/` for modern
  Perl 5.36+ workflows
• Update README.md, README.zh-CN.md, and rules/README.md with Perl support (badges, trees, install
  instructions, counts)

Type

• Rules
• Skills
• Documentation

Testing

• `ls rules/perl/` — 5 files confirmed
• `ls skills/perl-*/` — 3 skill directories confirmed
• `node tests/run-all.js` — no regressions
• Each rule file has YAML frontmatter, extends common rule, ends with Reference section
• Each skill is referenced by its corresponding rule file

Type of Change

• [ X] feat: New feature

Checklist

• [ X] Tests pass locally (node tests/run-all.js)
• [ X] Validation scripts pass
• [ X] Follows conventional commits format
• [ X] Updated relevant documentation

---

Summary by cubic

Adds full Perl support with new language rules and three skills for modern Perl 5.36+. Updates docs (EN + zh-CN) with badges, installer examples, directory trees, and rule counts; also includes review-driven fixes in security guidance and examples.

• New Features

  • Added rules/perl/ with five files: coding-style, patterns, testing, security, hooks.
  • Added skills: perl-patterns, perl-security, perl-testing covering Test2::V0, perlcritic, perltidy, taint mode, and DBI placeholders.

• Bug Fixes

  • Fixed path traversal check in perl-security skill (realpath prefix anchoring).
  • Replaced return undef with bare return to satisfy perlcritic.
  • Renamed example variables from $a/$b to $x/$y to avoid sort global shadowing.
  • Removed incorrect v1.4.0 changelog entry mentioning Perl.

^{Written for commit c8f06e8. Summary will update on new commits.}

Summary by CodeRabbit

• New Features

  • Added Perl as a supported language with badge, updated language count, and installer/setup examples mentioning Perl.

• Documentation

  • Added comprehensive Perl developer resources: coding style, hooks, patterns, security, testing, and skill guides.
  • Updated README (EN/CN) and cross-tool parity tables to reflect Perl support.

• Chores

  • Reorganized rule docs into common + per-language sections and updated copy/setup instructions.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds first-class Perl support: new rules/perl/* docs (coding-style, hooks, patterns, security, testing), three Perl SKILL guides, and updates README(s) and rules/README to list Perl and adjust install/copy instructions, increasing supported languages from 6 to 7.

Changes

Cohort / File(s)	Summary
Top-level docs README.md, README.zh-CN.md	Add Perl badge; update language count to 7; propagate Perl into install/copy examples and cross-tool parity sections.
Rules README rules/README.md	Include perl as a language branch; update install/copy and override descriptions to reference perl.
Perl Rules rules/perl/coding-style.md, rules/perl/hooks.md, rules/perl/patterns.md, rules/perl/security.md, rules/perl/testing.md	New Perl-specific rule docs: coding standards (v5.36, Moo, perltidy, perlcritic), file globs/hooks, patterns/examples, security guidance, and testing practices.
Perl Skills skills/perl-patterns/SKILL.md, skills/perl-security/SKILL.md, skills/perl-testing/SKILL.md	Add comprehensive Perl SKILL guides covering modern idioms, security checklist, and testing workflows (large documentation files).

Sequence Diagram(s)

(Section skipped — changes are documentation and repo structure additions without multi-component control-flow needing visualization.)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: add Swift rules and SwiftUI patterns skill #244: Adds a language-specific rules/<lang>/* layout and docs, closely matching this PR's per-language rules additions.
• refactor(rules): restructure into common + language-specific directories #146: Earlier rules refactor that introduced the common + language-specific rules structure extended here to include Perl.

Suggested reviewers

• affaan-m

Poem

🐰 I hopped through docs to welcome Perl new,
v5.36 whispers, tidy lines in view,
Patterns, tests, and security stitched tight,
A rabbit's nod to all rules done right,
Cheers for seven languages — hop delight!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main change: adding Perl language support through new rules, skills directories, and documentation updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

4 issues found across 11 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="skills/perl-security/SKILL.md">

<violation number="1" location="skills/perl-security/SKILL.md:200">
P1: Path traversal check is vulnerable to prefix confusion. If `$base_real` is `/var/data`, the path `/var/data_evil/secret` passes the regex because it also starts with `/var/data`. Append a directory-separator anchor so only genuine children of `$base_dir` are allowed.</violation>
</file>

<file name="README.md">

<violation number="1" location="README.md:113">
P2: This retroactively adds `perl/` to the **v1.4.0** changelog entry, but Perl support is being introduced in this PR — not in v1.4.0. Rewriting a past release description misrepresents what that version actually shipped. Instead, document Perl support under a new v1.8.0 bullet (or whichever version this PR targets).</violation>
</file>

<file name="skills/perl-patterns/SKILL.md">

<violation number="1" location="skills/perl-patterns/SKILL.md:160">
P2: `$a` and `$b` are special Perl package variables used by `sort`. Using them as signature parameters shadows these globals and is a known anti-pattern — particularly problematic in a best-practices guide. Rename to `$numerator, $denominator` or `$x, $y`.</violation>

<violation number="2" location="skills/perl-patterns/SKILL.md:167">
P2: The example uses `return undef;` but the perlcritic config later in this same file sets `ProhibitExplicitReturnUndef` at severity 4. A best-practices guide should be consistent with its own linting recommendations — use bare `return;` instead.</violation>
</file>

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
• Ask questions if you need clarification on any suggestion

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

🧹 Nitpick comments (5)

rules/perl/testing.md (1)

11-11: Grammar: Use hyphen in compound adjective.

The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.

📝 Suggested fix

-> This file extends [common/testing.md](../common/testing.md) with Perl specific content.
+> This file extends [common/testing.md](../common/testing.md) with Perl-specific content.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rules/perl/testing.md` at line 11, Replace the phrase "Perl specific content"
with the hyphenated compound adjective "Perl-specific content" in the
rules/perl/testing.md line that reads "This file extends
[common/testing.md](../common/testing.md) with Perl specific content." so the
sentence correctly uses a hyphenated compound adjective.

rules/perl/patterns.md (1)

11-11: Grammar: Use hyphen in compound adjective.

The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.

📝 Suggested fix

-> This file extends [common/patterns.md](../common/patterns.md) with Perl specific content.
+> This file extends [common/patterns.md](../common/patterns.md) with Perl-specific content.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rules/perl/patterns.md` at line 11, Replace the compound adjective "Perl
specific content" in the sentence "This file extends [common/patterns.md] with
Perl specific content." with the hyphenated form "Perl-specific content" so the
phrase reads "This file extends [common/patterns.md] with Perl-specific
content." to follow compound-adjective grammar rules.

rules/perl/security.md (1)

11-11: Grammar: Use hyphen in compound adjective.

The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.

📝 Suggested fix

-> This file extends [common/security.md](../common/security.md) with Perl specific content.
+> This file extends [common/security.md](../common/security.md) with Perl-specific content.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rules/perl/security.md` at line 11, Update the sentence "This file extends
[common/security.md](../common/security.md) with Perl specific content." to use
the compound adjective form by replacing "Perl specific content" with
"Perl-specific content" so the phrase reads "...with Perl-specific content.";
locate this exact sentence in rules/perl/security.md and make the hyphenation
change.

rules/perl/hooks.md (1)

11-11: Grammar: Use hyphen in compound adjective.

The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.

📝 Suggested fix

-> This file extends [common/hooks.md](../common/hooks.md) with Perl specific content.
+> This file extends [common/hooks.md](../common/hooks.md) with Perl-specific content.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rules/perl/hooks.md` at line 11, Change the compound adjective "Perl specific
content" to use a hyphen: replace "Perl specific content" with "Perl-specific
content" in the sentence "This file extends [common/hooks.md] with Perl specific
content." to correct the grammar.

rules/perl/coding-style.md (1)

11-11: Grammar: Use hyphen in compound adjective.

The phrase "Perl specific content" should be "Perl-specific content" when the compound adjective precedes the noun.

📝 Suggested fix

-> This file extends [common/coding-style.md](../common/coding-style.md) with Perl specific content.
+> This file extends [common/coding-style.md](../common/coding-style.md) with Perl-specific content.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rules/perl/coding-style.md` at line 11, The phrase "Perl specific content" in
the document should use a hyphen for the compound adjective; update the sentence
in rules/perl/coding-style.md to read "Perl-specific content" instead of "Perl
specific content" so the compound adjective correctly modifies the noun.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@rules/perl/coding-style.md`:
- Line 11: The phrase "Perl specific content" in the document should use a
hyphen for the compound adjective; update the sentence in
rules/perl/coding-style.md to read "Perl-specific content" instead of "Perl
specific content" so the compound adjective correctly modifies the noun.

In `@rules/perl/hooks.md`:
- Line 11: Change the compound adjective "Perl specific content" to use a
hyphen: replace "Perl specific content" with "Perl-specific content" in the
sentence "This file extends [common/hooks.md] with Perl specific content." to
correct the grammar.

In `@rules/perl/patterns.md`:
- Line 11: Replace the compound adjective "Perl specific content" in the
sentence "This file extends [common/patterns.md] with Perl specific content."
with the hyphenated form "Perl-specific content" so the phrase reads "This file
extends [common/patterns.md] with Perl-specific content." to follow
compound-adjective grammar rules.

In `@rules/perl/security.md`:
- Line 11: Update the sentence "This file extends
[common/security.md](../common/security.md) with Perl specific content." to use
the compound adjective form by replacing "Perl specific content" with
"Perl-specific content" so the phrase reads "...with Perl-specific content.";
locate this exact sentence in rules/perl/security.md and make the hyphenation
change.

In `@rules/perl/testing.md`:
- Line 11: Replace the phrase "Perl specific content" with the hyphenated
compound adjective "Perl-specific content" in the rules/perl/testing.md line
that reads "This file extends [common/testing.md](../common/testing.md) with
Perl specific content." so the sentence correctly uses a hyphenated compound
adjective.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 391ebf7a-c2c3-4e70-b1b3-5a7840b5b5f5

📥 Commits

Reviewing files that changed from the base of the PR and between 0f416b0 and 5e50d8d.

📒 Files selected for processing (11)

• README.md
• README.zh-CN.md
• rules/README.md
• rules/perl/coding-style.md
• rules/perl/hooks.md
• rules/perl/patterns.md
• rules/perl/security.md
• rules/perl/testing.md
• skills/perl-patterns/SKILL.md
• skills/perl-security/SKILL.md
• skills/perl-testing/SKILL.md

[cubic-dev-ai]

1 issue found across 3 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="skills/perl-security/SKILL.md">

<violation number="1" location="skills/perl-security/SKILL.md:200">
P2: The added trailing `/` in the regex fixes the prefix-match bypass but now incorrectly blocks access to the base directory itself (e.g., when `$user_path` resolves to exactly `$base_dir`). Use an alternation to accept both the exact match and child paths.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

skills/perl-patterns/SKILL.md (1)

1-18: Documentation structure follows conventions.

The YAML frontmatter is well-formed and the "When to Activate" section clearly describes usage scenarios. The file name follows the lowercase-with-hyphens convention.

However, the coding guidelines specify that skills should include "When to Use, How It Works, and Examples" sections. This file has "When to Activate" (acceptable variant) and extensive examples, but lacks an explicit "How It Works" section. Consider adding a brief section explaining the overall philosophy or approach before diving into specific patterns.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/perl-patterns/SKILL.md` around lines 1 - 18, Add a brief "How It
Works" section to the skill (perl-patterns) describing the overall philosophy
and approach to Modern Perl 5.36+ development—place it after the existing "When
to Activate" heading and before the pattern details/examples; keep it short (2–4
sentences) summarizing key principles (e.g., strict typing/decls, use of
CPAN/Core modules, error handling, testing and modular design) and how the
subsequent examples illustrate those principles so readers know what to expect.

skills/perl-security/SKILL.md (1)

1-19: Documentation structure follows conventions.

Similar to the patterns skill, this file has well-formed YAML frontmatter and a clear "When to Activate" section. The file name follows lowercase-with-hyphens convention. However, per coding guidelines, consider adding an explicit "How It Works" section to complement the activation scenarios and examples.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/perl-security/SKILL.md` around lines 1 - 19, Add an explicit "How It
Works" section to skills/perl-security/SKILL.md that explains the core security
concepts and patterns (e.g., taint mode, input validation, safe process
execution, DBI parameterized queries, XSS/SQLi/CSRF mitigations), provides brief
examples or links to canonical examples, and maps those concepts to the existing
"When to Activate" scenarios; update the document header content to include this
new section so reviewers can quickly see both activation conditions and the
concrete mechanics of applying perl-security.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Line 835: Update the "Language-specific skills" line to accurately reflect
existing rule directories: verify presence of rules/typescript and rules/swift
and include them, remove or clarify "Java" if there is no rules/java/ directory,
and ensure the list mentions the actual supported languages (e.g., Go, Python,
Perl, TypeScript, Swift, and any others with rule folders); edit the sentence
near the "Language-specific skills" heading so it no longer claims languages
that aren't present and instead enumerates the confirmed directories (refer to
the "Language-specific skills" line in README.md when making the change).
- Line 20: Update the README headline that currently reads "**7 languages
supported**" to "**5 languages supported**" to match the repository's language
directories; locate and replace the string "**7 languages supported**" in the
README (the headline containing stars/forks/contributors/languages) with "**5
languages supported**".

---

Nitpick comments:
In `@skills/perl-patterns/SKILL.md`:
- Around line 1-18: Add a brief "How It Works" section to the skill
(perl-patterns) describing the overall philosophy and approach to Modern Perl
5.36+ development—place it after the existing "When to Activate" heading and
before the pattern details/examples; keep it short (2–4 sentences) summarizing
key principles (e.g., strict typing/decls, use of CPAN/Core modules, error
handling, testing and modular design) and how the subsequent examples illustrate
those principles so readers know what to expect.

In `@skills/perl-security/SKILL.md`:
- Around line 1-19: Add an explicit "How It Works" section to
skills/perl-security/SKILL.md that explains the core security concepts and
patterns (e.g., taint mode, input validation, safe process execution, DBI
parameterized queries, XSS/SQLi/CSRF mitigations), provides brief examples or
links to canonical examples, and maps those concepts to the existing "When to
Activate" scenarios; update the document header content to include this new
section so reviewers can quickly see both activation conditions and the concrete
mechanics of applying perl-security.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1e6d39d6-5bfe-4cba-abb8-00be0de805c5

📥 Commits

Reviewing files that changed from the base of the PR and between 5e50d8d and c8f06e8.

📒 Files selected for processing (3)

• README.md
• skills/perl-patterns/SKILL.md
• skills/perl-security/SKILL.md