eager_eye 1.2.15 → 1.3.1

data/lib/eager_eye/detectors/custom_method_query.rb

@@ -20,13 +20,14 @@ module EagerEye
         :custom_method_query
       end
 
-      def detect(ast, file_path, method_queries = {}, associations_by_model = {})
+      def detect(ast, file_path, method_queries = {}, associations_by_model = {}, all_columns = Set.new)
         return [] unless ast
 
         @issues = []
         @file_path = file_path
         @method_queries = method_queries
         @associations_by_model = associations_by_model
+        @all_columns = all_columns
 
         # Process each method def as its own scope so variable models from one
         # method don't bleed into another (e.g. `orders = Order.all` in #index
@@ -195,6 +196,11 @@ module EagerEye
           block_body = node.children[2]
           next unless block_var && block_body
 
+          # `x.in_batches.each { |batch| batch.pluck(...) }` — the block var is a
+          # batch relation and any query on it runs once per batch, which is the
+          # recommended fix for N+1, not a symptom. Skip those iterations.
+          next if batch_iteration?(node.children[0])
+
           model_name = infer_model_from_value(node.children[0])
           check_block_for_query_methods(block_body, block_var, collection_is_array?(node.children[0], definitions))
           check_block_for_model_query_methods(block_body, block_var, model_name)
@@ -243,6 +249,21 @@ module EagerEye
           ITERATION_METHODS.include?(node.children[0].children[1])
       end
 
+      BATCH_METHODS = %i[in_batches find_in_batches].freeze # rubocop:disable Lint/UselessConstantScoping
+
+      # True when the iterated collection comes from `in_batches`/`find_in_batches`
+      # — the block variable is a batch relation, so per-batch queries on it are
+      # the intended batching, not an N+1.
+      def batch_iteration?(node)
+        current = node
+        while current.is_a?(Parser::AST::Node) && current.type == :send
+          return true if BATCH_METHODS.include?(current.children[1])
+
+          current = current.children[0]
+        end
+        false
+      end
+
       def check_block_for_query_methods(node, block_var, is_array_collection = false) # rubocop:disable Style/OptionalBooleanParameter
         return unless node.is_a?(Parser::AST::Node)
 
@@ -255,12 +276,31 @@ module EagerEye
 
         method_name = node.children[1]
         return false unless QUERY_METHODS.include?(method_name)
+        return false if enumerable_form?(node)
+        return false if direct_block_var_receiver?(node, block_var, is_array_collection)
         return false if skip_array_method?(node, block_var, is_array_collection)
         return false if receiver_is_query_chain?(node.children[0])
 
         receiver_chain_starts_with?(node.children[0], block_var)
       end
 
+      # A relation query method called straight on the iteration element
+      # (`s_eod.ids`, `s_eod.pluck`) — with no association in between — is not an
+      # N+1: on a single record those names resolve to a column or a SELECT alias
+      # (e.g. `array_agg(...) AS ids`), not a relation query. The real N+1 shape
+      # is `element.association.query`, where the receiver is a send, not the bare
+      # block var. (When the element is itself a known array, the safe-method path
+      # handles it instead.)
+      def direct_block_var_receiver?(node, block_var, is_array_collection)
+        !is_array_collection && direct_block_var?(node.children[0], block_var)
+      end
+
+      # `relation.sum(&:amount)` / `relation.max(&:x)` run in Ruby over the loaded
+      # records (Enumerable), not as SQL — passing a block argument is the tell.
+      def enumerable_form?(node)
+        node.children[2..].any? { |arg| arg.is_a?(Parser::AST::Node) && arg.type == :block_pass }
+      end
+
       def skip_array_method?(node, block_var, is_array_collection)
         return true if receiver_ends_with_safe_transform_method?(node.children[0])
 
@@ -343,16 +383,27 @@ module EagerEye
         model_name && @associations_by_model&.dig(model_name)&.include?(method)
       end
 
+      # With a known receiver model, only flag a method defined as a query on
+      # THAT model. Without an inferred model the global "some model defines this
+      # query-method" fallback would fire on a same-named DB column (e.g. an
+      # EodItem's `comsn_rate` float that Wallet also exposes as a query method),
+      # so a name the schema knows as a column is never treated as a query.
       def method_defined_as_query?(method, model_name)
         return false unless @method_queries
 
         if model_name
           @method_queries[model_name]&.include?(method) || false
+        elsif known_column?(method)
+          false
         else
           @method_queries.any? { |_model, methods| methods.include?(method) }
         end
       end
 
+      def known_column?(method)
+        @all_columns&.include?(method) || false
+      end
+
       def add_issue(node)
         chain = reconstruct_chain(node.children[0])
         @issues << create_issue(

data/lib/eager_eye/detectors/loop_association.rb

@@ -40,7 +40,7 @@ module EagerEye
       end
 
       def detect(ast, file_path, association_preloads = {}, association_names = Set.new, # rubocop:disable Metrics/ParameterLists
-                 method_queries = {}, associations_by_model = {})
+                 method_queries = {}, associations_by_model = {}, all_columns = Set.new)
         return [] unless ast
 
         @issues = []
@@ -49,6 +49,7 @@ module EagerEye
         @dynamic_associations = association_names
         @method_queries = method_queries
         @associations_by_model = associations_by_model
+        @all_columns = all_columns
 
         # Variable preloads/models leak across methods if tracked globally
         # (e.g. controller#index sets `invoices = Invoice.includes(...)`, then
@@ -472,6 +473,7 @@ module EagerEye
 
       def find_association_calls(node, block_var, file_path, issues, included_associations, model_name, skip_nodes) # rubocop:disable Metrics/ParameterLists
         reported = Set.new
+        @requeried_methods = collect_requeried_methods(node, block_var)
         traverse_ast(node) do |child|
           next if skip_nodes.include?(child.object_id)
 
@@ -495,7 +497,7 @@ module EagerEye
         end
       end
 
-      def reportable_association_call?(node, block_var, reported, included, model_name)
+      def reportable_association_call?(node, block_var, reported, included, model_name) # rubocop:disable Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
         return false unless node.type == :send
 
         receiver = node.children[0]
@@ -503,7 +505,40 @@ module EagerEye
         return false unless receiver&.type == :lvar && receiver.children[0] == block_var
         return false if excluded_method?(method, included, model_name)
 
-        reported.add?("#{node.loc.line}:#{method}")
+        # A plain association read memoizes on the instance, so reading it more
+        # than once in one iteration only queries on the FIRST access — dedup the
+        # repeats. But an association used as a query-chain base
+        # (`x.assoc.find_by`, `x.assoc.where`) re-queries every time, so those
+        # occurrences are each real and are reported per line.
+        if @requeried_methods&.include?(method)
+          reported.add?("#{node.loc.line}:#{method}")
+        else
+          reported.add?(method.to_s)
+        end
+      end
+
+      # Methods M where `block_var.M` is the receiver of a SQL-issuing query
+      # method (`.find_by`, `.where`, `.exists?`, `.count`, …) somewhere in the
+      # block. Those re-query on every call (they bypass the memoized association
+      # cache), so M's accesses must not be deduped. A plain chained association
+      # read (`x.prize.badges`) is not a re-query — `prize` stays memoized.
+      # rubocop:disable Lint/UselessConstantScoping
+      REQUERYING_METHODS = %i[where find_by find_by! exists? find first last take
+                              pluck ids count sum average minimum maximum any? none? many? one?].freeze
+      # rubocop:enable Lint/UselessConstantScoping
+
+      def collect_requeried_methods(block_body, block_var) # rubocop:disable Metrics/CyclomaticComplexity
+        requeried = Set.new
+        traverse_ast(block_body) do |node|
+          next unless node.type == :send && REQUERYING_METHODS.include?(node.children[1])
+
+          inner = node.children[0]
+          next unless inner.is_a?(Parser::AST::Node) && inner.type == :send
+          next unless inner.children[0]&.type == :lvar && inner.children[0].children[0] == block_var
+
+          requeried << inner.children[1]
+        end
+        requeried
       end
 
       def excluded_method?(method, included, model_name)
@@ -514,14 +549,31 @@ module EagerEye
 
       # When we know the iteration variable's model AND have parsed that model's
       # associations, trust that map exclusively — methods not in it are columns
-      # or scalar accessors, not associations. Otherwise fall back to heuristics
-      # (hardcoded common names + globally collected association names).
+      # or scalar accessors, not associations.
+      #
+      # When the model CANNOT be inferred (workers, lib/, service objects, blocks
+      # over params / method return values), fall back to the association-name
+      # heuristic — but never flag a name that the schema says is a real DB
+      # column. A column named like an association (`comsn_rate`, `vat_rate`) is
+      # the single largest false-positive source; the schema lets us exclude it
+      # while still catching genuine association access (`prize_point`, `user`).
       def known_association?(method, model_name)
         if model_name && @associations_by_model&.key?(model_name)
           return @associations_by_model[model_name].include?(method)
         end
 
-        ASSOCIATION_NAMES.include?(method.to_s) || @dynamic_associations.include?(method)
+        # Receiver model unknown: a name the schema knows as a DB column is not
+        # an association access. Some names are BOTH a column and an association
+        # elsewhere (`vat_rate`, `currency`); without the model we can't tell, so
+        # we err toward silence (no false positive) and skip them. Names that are
+        # only ever associations (`prize_point`, `user`) are still flagged.
+        return false if known_column?(method)
+
+        @dynamic_associations.include?(method) || ASSOCIATION_NAMES.include?(method.to_s)
+      end
+
+      def known_column?(method)
+        @all_columns&.include?(method) || false
       end
 
       def reportable_method_query_call?(node, block_var, reported, model_name)
@@ -529,17 +581,21 @@ module EagerEye
         return false if EXCLUDED_METHODS.include?(node.children[1])
         return false unless method_known_to_query?(node.children[1], model_name)
 
-        reported.add?("#{node.loc.line}:#{node.children[1]}")
+        reported.add?("q:#{node.children[1]}")
       end
 
       # When the receiver model is known, only consider methods defined as a
-      # query on THAT model — not any model in the project. Without a known
-      # model, fall back to the global "any model has this method" heuristic.
+      # query on THAT model. Without a known model the global "any model has this
+      # method" heuristic can fire on a same-named DB column (e.g. a `comsn_rate`
+      # float that some other model also exposes as a query method), so a name
+      # the schema knows as a column is never treated as a query method.
       def method_known_to_query?(method, model_name)
         return false unless @method_queries
 
         if model_name
           @method_queries[model_name]&.include?(method) || false
+        elsif known_column?(method)
+          false
         else
           @method_queries.any? { |_, ms| ms.include?(method) }
         end

data/lib/eager_eye/detectors/serializer_nesting.rb

@@ -15,11 +15,14 @@ module EagerEye
         :serializer_nesting
       end
 
-      def detect(ast, file_path, association_names = Set.new, method_queries = {})
+      def detect(ast, file_path, association_names = Set.new, method_queries = {}, serializer_usage = nil, # rubocop:disable Metrics/ParameterLists
+                 all_columns = Set.new)
         return [] unless ast
 
         @dynamic_associations = association_names
         @method_queries = method_queries
+        @serializer_usage = serializer_usage
+        @all_columns = all_columns
         issues = []
         traverse_ast(ast) do |node|
           next unless node.type == :class && serializer_class?(node)
@@ -66,11 +69,33 @@ module EagerEye
         body = class_node.children[2]
         return unless body
 
-        traverse_ast(body) do |node|
-          next unless attribute_block?(node) && node.children[2]
+        serializer = extract_class_name(class_node)
+        walk_with_view(body, nil) do |attr_block, view|
+          find_association_in_block(attr_block.children[2], file_path, issues, serializer, view)
+        end
+      end
+
+      # Walk the class body, tracking the enclosing Blueprinter `view :name do ...
+      # end` so each attribute block is tagged with the view it belongs to (nil =
+      # a base/default field rendered by every view). Yields attribute blocks.
+      def walk_with_view(node, view, &block) # rubocop:disable Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
+        return unless node.is_a?(Parser::AST::Node)
 
-          find_association_in_block(node.children[2], file_path, issues)
+        if view_block?(node)
+          inner_view = node.children[0].children[2]&.children&.first
+          node.children[2..].each { |c| walk_with_view(c, inner_view, &block) }
+          return
         end
+
+        yield(node, view) if attribute_block?(node) && node.children[2]
+
+        node.children.each { |c| walk_with_view(c, view, &block) }
+      end
+
+      def view_block?(node)
+        node.type == :block && node.children[0]&.type == :send &&
+          node.children[0].children[1] == :view &&
+          node.children[0].children[2]&.type == :sym
       end
 
       def attribute_block?(node)
@@ -78,7 +103,7 @@ module EagerEye
           ATTRIBUTE_METHODS.include?(node.children[0].children[1])
       end
 
-      def find_association_in_block(block_body, file_path, issues)
+      def find_association_in_block(block_body, file_path, issues, serializer, view)
         storage_lines = collect_active_storage_lines(block_body)
 
         traverse_ast(block_body) do |node|
@@ -88,6 +113,7 @@ module EagerEye
           receiver = node.children[0]
           method_name = node.children[1]
           next unless object_reference?(receiver)
+          next if suppressed?(serializer, view, method_name)
 
           if likely_association?(method_name)
             issues << create_issue(
@@ -107,6 +133,22 @@ module EagerEye
         end
       end
 
+      # Stay silent when the access is provably safe:
+      #   * the name is a plain DB column (not a declared association anywhere), or
+      #   * the render-site index shows that everywhere this serializer/view is
+      #     rendered the association is eager-loaded or only single records are
+      #     passed (so there is no collection to multiply into an N+1).
+      def suppressed?(serializer, view, method_name)
+        return true if column_not_association?(method_name)
+        return false unless @serializer_usage&.known_serializer?(serializer)
+
+        @serializer_usage.safe_access?(serializer, view, method_name)
+      end
+
+      def column_not_association?(method_name)
+        @all_columns&.include?(method_name) && !@dynamic_associations&.include?(method_name)
+      end
+
       def object_reference?(node)
         return false unless node
 

data/lib/eager_eye/detectors/validation_n_plus_one.rb

@@ -72,6 +72,7 @@ module EagerEye
 
       def check_create_call(node)
         return unless CREATE_METHODS.include?(node.children[1])
+        return if validations_skipped?(node)
 
         receiver = node.children[0]
         return unless receiver&.type == :const
@@ -82,6 +83,7 @@ module EagerEye
 
       def check_save_call(node, new_model_vars)
         return unless SAVE_METHODS.include?(node.children[1])
+        return if validations_skipped?(node)
 
         receiver = node.children[0]
         return unless receiver&.type == :lvar
@@ -90,6 +92,29 @@ module EagerEye
         add_issue(node, model_name, node.children[1]) if model_name
       end
 
+      # `save(validate: false)` / `create(..., validate: false)` skip ALL
+      # validations, so the uniqueness SELECT never runs — not an N+1.
+      def validations_skipped?(node)
+        node.children[2..].any? { |arg| hash_with_validate_false?(arg) }
+      end
+
+      def hash_with_validate_false?(arg)
+        return false unless arg.is_a?(Parser::AST::Node) && arg.type == :hash
+
+        arg.children.any? { |pair| validate_false_pair?(pair) }
+      end
+
+      def validate_false_pair?(pair)
+        return false unless pair.type == :pair
+
+        key, value = pair.children
+        key&.type == :sym && key.children[0] == :validate && false_literal?(value)
+      end
+
+      def false_literal?(node)
+        node.is_a?(Parser::AST::Node) && node.type == :false # rubocop:disable Lint/BooleanSymbol
+      end
+
       def model_new_call?(node)
         return false unless node.is_a?(Parser::AST::Node) && node.type == :send
 

data/lib/eager_eye/issue.rb

@@ -16,6 +16,18 @@ module EagerEye
       @suggestion = suggestion
     end
 
+    def self.from_h(hash)
+      h = hash.transform_keys(&:to_sym)
+      new(
+        detector: h.fetch(:detector).to_sym,
+        file_path: h.fetch(:file_path),
+        line_number: h.fetch(:line_number),
+        message: h.fetch(:message),
+        severity: (h[:severity] || :warning).to_sym,
+        suggestion: h[:suggestion]
+      )
+    end
+
     def severity_level
       SEVERITY_ORDER[severity]
     end
@@ -26,12 +38,12 @@ module EagerEye
 
     def to_h
       {
-        detector: detector,
-        file_path: file_path,
-        line_number: line_number,
-        message: message,
-        severity: severity,
-        suggestion: suggestion
+        detector:,
+        file_path:,
+        line_number:,
+        message:,
+        severity:,
+        suggestion:
       }
     end
 

data/lib/eager_eye/schema_parser.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require "parser/current"
+
+module EagerEye
+  # Parses db/schema.rb to learn the real column names of each table. Columns are
+  # the dominant false-positive source: when a receiver's model can't be inferred,
+  # the name heuristics flag any method whose name collides with an association
+  # name — but a DB column (`comsn_rate`, `vat_rate`, `service_fee_rate`) is never
+  # an association. Knowing the column names lets the detectors disambiguate.
+  #
+  # Schema lookup walks up from the analyzed path so `eager_eye app/` still finds
+  # `<root>/db/schema.rb`. Parsing is AST-based (a `create_table "x" do |t| ... end`
+  # block whose body holds `t.<type> "col"` / `t.column "col"` / `t.references "y"`).
+  class SchemaParser
+    COLUMN_DEFINERS = %i[
+      string text integer bigint float decimal boolean date datetime time timestamp
+      binary json jsonb uuid inet cidr money hstore citext virtual primary_key column
+    ].freeze
+    REFERENCE_DEFINERS = %i[references belongs_to].freeze
+
+    attr_reader :columns_by_table, :all_columns
+
+    def initialize
+      @columns_by_table = {}
+      @all_columns = Set.new
+    end
+
+    # Returns true if a schema was found and parsed.
+    def parse_from_path(start_path)
+      schema = locate_schema(start_path)
+      return false unless schema
+
+      ast = parse(File.read(schema))
+      return false unless ast
+
+      walk(ast)
+      true
+    rescue Errno::ENOENT, Errno::EACCES
+      false
+    end
+
+    # Column names mapped onto the model a table name classifies to
+    # ("eod_items" -> "EodItem"). Used for per-model column resolution.
+    def columns_by_model
+      @columns_by_model ||= @columns_by_table.transform_keys { |table| classify(table) }
+    end
+
+    private
+
+    def locate_schema(start_path)
+      dir = File.expand_path(File.directory?(start_path) ? start_path : File.dirname(start_path))
+      12.times do
+        candidate = File.join(dir, "db", "schema.rb")
+        return candidate if File.file?(candidate)
+
+        parent = File.dirname(dir)
+        break if parent == dir
+
+        dir = parent
+      end
+      nil
+    end
+
+    def parse(source)
+      Parser::CurrentRuby.parse(source)
+    rescue Parser::SyntaxError
+      nil
+    end
+
+    def walk(node)
+      return unless node.is_a?(Parser::AST::Node)
+
+      capture_create_table(node) if create_table_block?(node)
+      node.children.each { |child| walk(child) }
+    end
+
+    def create_table_block?(node)
+      node.type == :block && node.children[0]&.type == :send &&
+        node.children[0].children[1] == :create_table
+    end
+
+    def capture_create_table(block_node)
+      table = string_arg(block_node.children[0])
+      return unless table
+
+      cols = (@columns_by_table[table] ||= Set.new)
+      collect_columns(block_node.children[2], cols)
+    end
+
+    def collect_columns(body, cols)
+      return unless body.is_a?(Parser::AST::Node)
+
+      add_column_from_send(body, cols) if body.type == :send
+      body.children.each { |child| collect_columns(child, cols) }
+    end
+
+    def add_column_from_send(node, cols)
+      method = node.children[1]
+      name = string_arg(node)
+      return unless name
+
+      if COLUMN_DEFINERS.include?(method)
+        register(cols, name)
+      elsif REFERENCE_DEFINERS.include?(method)
+        register(cols, "#{name}_id")
+      end
+    end
+
+    def register(cols, name)
+      sym = name.to_sym
+      cols << sym
+      @all_columns << sym
+    end
+
+    def string_arg(node)
+      return unless node.is_a?(Parser::AST::Node)
+
+      node.children[2..]&.find { |a| a.is_a?(Parser::AST::Node) && a.type == :str }&.children&.first
+    end
+
+    def classify(table)
+      base = table.to_s
+      singular = base.respond_to?(:singularize) ? base.singularize : base.sub(/s\z/, "")
+      singular.split("_").map(&:capitalize).join
+    end
+  end
+end