# Takumi Guard RubyGems Support Released Takumi Guard now supports **RubyGems** alongside npm and PyPI. Ruby projects using **Bundler** can now route installs through Takumi Guard to block known-malicious packages before they reach your CI or development environment. ![Takumi Guard now supports RubyGems](/docs/_md-assets/8234987324-eyecatch.png) ## Overview {#overview} Takumi Guard is a security proxy that sits between your package manager and the upstream registry. It checks every install request against GMO Flatt Security's threat database and blocks known-malicious packages. With this release, the same protection that npm and Python users have is now available for the Ruby ecosystem: - **[Package Blocking](/docs/t/guard/features/package-blocking)**: Malicious gems are blocked before any code executes - **[Download Tracking](/docs/t/guard/features/installation-logs)**: Records install history for authenticated users - **[Breach Notifications](/docs/t/guard/features/breach-notifications)**: Get notified if a package you installed is later flagged as malicious ## Getting Started {#getting-started} All of the following work anonymously — no account or registration required. ### Bundler Route all `bundle install` calls through Takumi Guard with a single configuration line: ```bash bundle config set --global mirror.https://rubygems.org https://rubygems.flatt.tech/ ``` This transparently forwards all install requests through the proxy without changing your `Gemfile`. ### GitHub Actions Add one line to your workflow: ```yaml steps: - uses: actions/checkout@v4 - uses: flatt-security/setup-takumi-guard-rubygems@v1 - run: bundle install ``` For full setup options including authentication and breach notifications, see the [RubyGems quickstart guide](/docs/t/guard/quickstart/rubygems). ## Verify Your Setup {#verify} Once you're set up, try installing the harmless test gem `hola-takumi` at the blocked version `0.1.0`: ```bash cd $(mktemp -d) && printf 'source "https://rubygems.org"\ngem "hola-takumi", "0.1.0"\n' > Gemfile && bundle install ``` If Takumi Guard is working, Bundler fails with the following error: ``` Fetching gem metadata from https://rubygems.flatt.tech/. Could not find gem 'hola-takumi (= 0.1.0)' in rubygems repository https://rubygems.org/ or installed locally. ``` :::note If you have previously installed `hola-takumi 0.1.0` locally, run `gem uninstall hola-takumi --all --force` first. Otherwise Bundler may reuse the locally installed copy and the block will not be visible. ::: For details, see ["Verify Your Setup" in the RubyGems quickstart](/docs/t/guard/quickstart/rubygems#verify-setup). ## Email Registration Unlocks More (Free) {#email-registration} Register your email to receive notifications if a gem you installed is later found to be malicious. Free of charge. :::info If you already have an org user token or email-verified token from using Takumi Guard with npm or PyPI, you don't need to register again — the same token works for RubyGems. ::: **Step 1:** Register your email ```bash curl -X POST https://rubygems.flatt.tech/api/v1/tokens \ -H "Content-Type: application/json" \ -d '{"email": "you@example.com"}' ``` **Step 2:** Get your API key from the welcome email. The key is included directly in the email body — no link to click. **Step 3:** Configure your package manager with your token (using the token from Step 2) ```bash bundle config set --global mirror.https://rubygems.org https://token:tg_anon_xxxxxx@rubygems.flatt.tech/ ``` Your installs are now tracked, and you will be notified if a downloaded package is later flagged. ## Organization-Wide Management, Too {#organization-setup} Running Takumi Guard across your team? [Admin deployment](/docs/t/guard/features/admin-deployment), [installation log search](/docs/t/guard/features/installation-logs), [centralized org user token management](/docs/t/guard/features/token-management), and [breach-notification webhooks](/docs/t/guard/features/breach-notifications) are all available for organization-wide operations. Get started with a Takumi subscription (Guard enabled): 1. Go to [https://cloud.shisho.dev/hello/takumi](https://cloud.shisho.dev/hello/takumi) and sign in 2. Register your organization and subscribe to Takumi 3. Navigate to **Guard** > **Settings** from the sidebar 4. Click "Enable" to activate Guard ![Guard settings page](/docs/_md-assets/129e801705-ui-guard-settings.png) Once Guard is enabled, follow the [Admin Deployment guide](/docs/t/guard/features/admin-deployment) to begin setup. If you only need [Bot token](/docs/t/guard/quickstart/rubygems#setup-ci-org) authentication from GitHub Actions, **no payment is required**. A payment screen appears during organization registration, but you can skip it — simply register your GitHub organization from the Guard page to receive a Bot ID.