For me, the closest those got me to my answer was this:
type=SYSCALL msg=audit(05/29/2013 16:24:10.000:900) : arch=x86_64 syscall=rmdir success=yes exit=0 a0=6bcbac0 a1=0 a2=902005 a3=858240 items=2 ppid=2027 pid=13399 auid=unset uid=ryanmt gid=ryanmt euid=ryanmt suid=ryanmt fsuid=ryanmt egid=ryanmt sgid=ryanmt fsgid=ryanmt tty=pts0 ses=4294967295 comm=ruby exe=/home/ryanmt/.rvm/rubies/ruby-1.9.2-p320/bin/ruby key=(null)
Clearly, this wasn't enough to determine the source of the deletion code. Conveniently, I was able to write in some pause code to my source files, then run
sudo chmod a=r DIRECTORY/SUBDIRECTORYto block the deletion of the generated files. Success! Now I am generating permission denied exceptions Errno::EACCES!
At the end of it, using
rake --tracewas enough to chase it down for me. Good luck coding!