rails-ai-context 4.3.0 → 4.3.2

data/lib/rails_ai_context/tools/query.rb

@@ -44,9 +44,20 @@ module RailsAiContext
       MULTI_STATEMENT  = /;\s*\S/
       ALLOWED_PREFIX   = /\A\s*(SELECT|WITH|SHOW|EXPLAIN|DESCRIBE|DESC)\b/i
 
+      # SQL injection tautology patterns: OR 1=1, OR true, OR ''='', UNION SELECT, etc.
+      TAUTOLOGY_PATTERNS = [
+        /\bOR\s+1\s*=\s*1\b/i,
+        /\bOR\s+true\b/i,
+        /\bOR\s+'[^']*'\s*=\s*'[^']*'/i,
+        /\bOR\s+"[^"]*"\s*=\s*"[^"]*"/i,
+        /\bOR\s+\d+\s*=\s*\d+/i,
+        /\bUNION\s+(ALL\s+)?SELECT\b/i
+      ].freeze
+
       HARD_ROW_CAP = 1000
 
       def self.call(sql: nil, limit: nil, format: "table", server_context: nil, **_extra)
+        set_call_params(sql: sql&.truncate(60))
         # ── Environment guard ───────────────────────────────────────
         unless config.allow_query_in_production || !Rails.env.production?
           return text_response(
@@ -79,11 +90,13 @@ module RailsAiContext
         end
 
         text_response(output)
-      rescue ActiveRecord::ConnectionNotEstablished
-        text_response("Database connection unavailable. Ensure database is running and config/database.yml is correct.")
+      rescue ActiveRecord::ConnectionNotEstablished, ActiveRecord::NoDatabaseError => e
+        text_response("Database unavailable: #{clean_error_message(e.message)}\n\n**Troubleshooting:**\n- Check `config/database.yml` for correct host/port/credentials\n- Try `RAILS_ENV=test` if the development DB is remote\n- Run `bin/rails db:create` if the database doesn't exist yet")
       rescue ActiveRecord::StatementInvalid => e
         if e.message.match?(/timeout|statement_timeout|MAX_EXECUTION_TIME/i)
           text_response("Query exceeded #{config.query_timeout} second timeout. Simplify the query or add indexes.")
+        elsif e.message.match?(/could not find|does not exist|Unknown database/i)
+          text_response("Database not found: #{clean_error_message(e.message)}\n\n**Troubleshooting:**\n- Run `bin/rails db:create` to create the database\n- Check `config/database.yml` for the correct database name\n- Try `RAILS_ENV=test` if the development DB is remote")
         else
           text_response("SQL error: #{clean_error_message(e.message)}")
         end
@@ -113,6 +126,10 @@ module RailsAiContext
         return [ false, "Blocked: sensitive SHOW command" ] if cleaned.match?(BLOCKED_SHOWS)
         return [ false, "Blocked: SELECT INTO creates a table" ] if cleaned.match?(SELECT_INTO)
 
+        # Check for SQL injection tautology patterns (OR 1=1, UNION SELECT, etc.)
+        tautology = TAUTOLOGY_PATTERNS.find { |p| cleaned.match?(p) }
+        return [ false, "Blocked: SQL injection pattern detected (#{cleaned[tautology]})" ] if tautology
+
         # Check blocked keywords before the allowed-prefix fallback so that
         # INSERT/UPDATE/DELETE/DROP etc. get a specific "Blocked" error
         # rather than the generic "Only SELECT... allowed" message.
@@ -220,6 +237,15 @@ module RailsAiContext
       # ── Column redaction (Layer 4) ──────────────────────────────────
       private_class_method def self.redact_results(result)
         redacted_cols = config.query_redacted_columns.map(&:downcase).to_set
+
+        # Auto-redact columns declared with `encrypts` in models
+        models_data = (SHARED_CACHE[:context] || cached_context)&.dig(:models)
+        if models_data.is_a?(Hash)
+          models_data.each_value do |data|
+            next unless data.is_a?(Hash)
+            (data[:encrypts] || []).each { |col| redacted_cols << col.to_s.downcase }
+          end
+        end
         columns = result.columns
         rows = result.rows
 

data/lib/rails_ai_context/tools/read_logs.rb

@@ -269,7 +269,10 @@ module RailsAiContext
       private_class_method def self.available_log_files
         log_dir = File.join(Rails.root.to_s, "log")
         return [] unless Dir.exist?(log_dir)
-        Dir.glob(File.join(log_dir, "*.log")).map { |f| File.basename(f) }.sort
+        Dir.glob(File.join(log_dir, "*.log"))
+          .map { |f| File.basename(f) }
+          .select { |f| f.match?(/\A[\w.\-]+\.log\z/) } # Only clean filenames (alphanumeric, dots, hyphens, underscores)
+          .sort
       end
     end
   end

data/lib/rails_ai_context/tools/review_changes.rb

@@ -27,7 +27,7 @@ module RailsAiContext
 
       annotations(read_only_hint: true, destructive_hint: false, idempotent_hint: false, open_world_hint: true)
 
-      MAX_DIFF_LINES_PER_FILE = 60
+      MAX_DIFF_LINES_PER_FILE = 30
 
       def self.call(ref: "HEAD", files: nil, server_context: nil)
         root = Rails.root.to_s
@@ -35,7 +35,7 @@ module RailsAiContext
         # Verify git is available
         _, status = Open3.capture2("git", "rev-parse", "--git-dir", chdir: root)
         unless status.success?
-          return text_response("Not a git repository. `rails_review_changes` requires git.")
+          return text_response("Not a git repository. `rails_review_changes` requires a git repository.\n\n**To initialize:** `git init && git add -A && git commit -m 'Initial commit'`")
         end
 
         changed = get_changed_files(ref, root)
@@ -76,15 +76,24 @@ module RailsAiContext
           lines << ""
         end
 
-        # File-by-file context
-        lines << "## File-by-File Context"
+        # File-by-file context — cap at 20 files to prevent overflow
+        max_files = 20
+        show_files = classified.first(max_files)
+        lines << "## File-by-File Context (#{show_files.size} of #{classified.size})"
         lines << ""
 
-        classified.each do |entry|
+        show_files.each do |entry|
           file_lines = gather_file_context(entry[:file], entry[:type], root, ref)
           lines.concat(file_lines)
         end
 
+        if classified.size > max_files
+          remaining = classified[max_files..].map { |e| e[:file] }
+          lines << "## Remaining #{remaining.size} files (not shown)"
+          remaining.each { |f| lines << "- #{f}" }
+          lines << ""
+        end
+
         # Next steps
         rb_files = classified.select { |c| c[:file].end_with?(".rb") }.map { |c| c[:file] }
         if rb_files.any?
@@ -177,7 +186,7 @@ module RailsAiContext
               result = GetModelDetails.call(model: model_name, detail: "standard")
               text = result.content.first[:text]
               lines << "" << "**Model context:** #{model_name}" unless text.include?("not found")
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
 
           when :controller
             ctrl_name = File.basename(file, ".rb").camelize
@@ -186,7 +195,7 @@ module RailsAiContext
               result = GetRoutes.call(controller: snake, detail: "summary")
               text = result.content.first[:text]
               lines << "" << "**Routes:**" << text unless text.include?("not found") || text.include?("No routes")
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
 
           when :migration
             # Parse migration for table/column info
@@ -202,7 +211,7 @@ module RailsAiContext
                       result = GetSchema.call(table: t, detail: "summary")
                       text = result.content.first[:text]
                       lines << "  #{t}: #{text.lines.first&.strip}" unless text.include?("not found")
-                    rescue; end
+                    rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
                   end
                 end
               end
@@ -212,7 +221,7 @@ module RailsAiContext
             begin
               result = GetRoutes.call(detail: "summary")
               lines << "" << "**Current routes:** #{result.content.first[:text].lines.first&.strip}"
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
           end
 
           lines << ""
@@ -271,14 +280,15 @@ module RailsAiContext
           end
 
           # Check for controller changes without test changes
-          changed_ctrls = controller_files.map { |c| File.basename(c[:file], ".rb") }
-          changed_tests = test_files.map { |t| File.basename(t[:file], ".rb") }
-          changed_ctrls.each do |ctrl|
-            test_name = ctrl.sub("_controller", "_controller_test")
-            spec_name = ctrl.sub("_controller", "_controller_spec")
-            request_name = ctrl.sub("_controller", "_spec")
-            unless changed_tests.any? { |t| t == test_name || t == spec_name || t == request_name || t.include?(ctrl.delete_suffix("_controller")) }
-              warnings << "**No test changes**: `#{ctrl}.rb` was modified but no corresponding test file was changed"
+          controller_files.each do |entry|
+            basename = File.basename(entry[:file], ".rb")
+            next unless basename.end_with?("_controller")
+            test_name = basename.sub("_controller", "_controller_test")
+            spec_name = basename.sub("_controller", "_controller_spec")
+            request_name = basename.sub("_controller", "_spec")
+            ctrl_stem = basename.delete_suffix("_controller")
+            unless test_files.any? { |t| File.basename(t[:file], ".rb").then { |tb| tb == test_name || tb == spec_name || tb == request_name || tb.include?(ctrl_stem) } }
+              warnings << "**No test changes**: `#{entry[:file]}` was modified but no corresponding test file was changed"
             end
           end
 

data/lib/rails_ai_context/tools/runtime_info.rb

@@ -0,0 +1,289 @@
+# frozen_string_literal: true
+
+module RailsAiContext
+  module Tools
+    class RuntimeInfo < BaseTool
+      tool_name "rails_runtime_info"
+      description "Live runtime state: database connection pool, table sizes, pending migrations, cache stats, job queues. " \
+        "Use when: debugging performance, checking database health, verifying deployment state, or understanding infrastructure. " \
+        "Key params: detail (summary/standard/full), section (database/cache/jobs/connections)."
+
+      input_schema(
+        properties: {
+          detail: {
+            type: "string",
+            enum: %w[summary standard full],
+            description: "Detail level. summary: one-line per section. standard: tables with sizes (default). full: index usage + cache details."
+          },
+          section: {
+            type: "string",
+            enum: %w[database cache jobs connections],
+            description: "Filter to one section. Omit for all sections."
+          }
+        }
+      )
+
+      annotations(read_only_hint: true, destructive_hint: false, idempotent_hint: false, open_world_hint: false)
+
+      def self.call(detail: "standard", section: nil, server_context: nil)
+        lines = [ "# Runtime Info", "" ]
+
+        sections = section ? [ section ] : %w[connections database cache jobs]
+
+        sections.each do |s|
+          result = case s
+          when "connections" then gather_connection_pool
+          when "database"    then gather_database(detail)
+          when "cache"       then gather_cache
+          when "jobs"        then gather_jobs(detail)
+          end
+          lines.concat(result) if result&.any?
+        end
+
+        if lines.size <= 2
+          lines << "_No runtime data available. Ensure the app has a database connection._"
+        end
+
+        text_response(lines.join("\n"))
+      rescue => e
+        text_response("Runtime info error: #{e.message}")
+      end
+
+      class << self
+        private
+
+        # ── Connection pool ──────────────────────────────────────────────
+
+        def gather_connection_pool
+          stat = ActiveRecord::Base.connection_pool.stat
+          lines = [ "## Connection Pool", "" ]
+          lines << "| Metric | Value |"
+          lines << "|--------|-------|"
+          lines << "| Pool size | #{stat[:size]} |"
+          lines << "| Connections | #{stat[:connections]} |"
+          lines << "| Busy | #{stat[:busy]} |"
+          lines << "| Idle | #{stat[:idle]} |"
+          lines << "| Dead | #{stat[:dead]} |"
+          lines << "| Waiting | #{stat[:waiting]} |"
+          lines << "| Checkout timeout | #{stat[:checkout_timeout]}s |"
+
+          utilization = stat[:size] > 0 ? ((stat[:busy].to_f / stat[:size]) * 100).round : 0
+          lines << "" << "Pool utilization: #{utilization}%"
+          lines << "**Warning:** Pool is full (#{stat[:busy]}/#{stat[:size]} busy, #{stat[:waiting]} waiting)" if stat[:waiting] > 0
+          lines << ""
+          lines
+        rescue => e
+          [ "## Connection Pool", "", "_Not available: #{e.message}_", "" ]
+        end
+
+        # ── Database section ─────────────────────────────────────────────
+
+        def gather_database(detail) # rubocop:disable Metrics
+          conn = ActiveRecord::Base.connection
+          adapter = conn.adapter_name.downcase
+          lines = [ "## Database", "" ]
+          lines << "**Adapter:** #{conn.adapter_name}"
+
+          # Table sizes
+          sizes = gather_table_sizes(conn, adapter)
+          if sizes&.any?
+            lines << "" << "### Table Sizes"
+            lines << "| Table | Size |"
+            lines << "|-------|------|"
+            sizes.first(detail == "summary" ? 5 : 30).each do |row|
+              lines << "| #{row[:name]} | #{format_bytes(row[:bytes])} |"
+            end
+            total = sizes.sum { |r| r[:bytes] }
+            lines << "| **Total** | **#{format_bytes(total)}** |"
+            lines << "_#{sizes.size - 30} more tables..._" if detail != "summary" && sizes.size > 30
+          end
+
+          # Pending migrations
+          pending = gather_pending_migrations
+          if pending
+            if pending.empty?
+              lines << "" << "**Migrations:** all up to date"
+            else
+              lines << "" << "**Pending migrations:** #{pending.size}"
+              pending.each { |m| lines << "- #{m}" }
+            end
+          end
+
+          # Index usage (full detail only)
+          if detail == "full"
+            index_usage = gather_index_usage(conn, adapter)
+            if index_usage&.any?
+              lines << "" << "### Index Usage"
+              unused = index_usage.select { |i| i[:scans] == 0 }
+              if unused.any?
+                lines << "**Unused indexes (0 scans):**"
+                unused.first(10).each { |i| lines << "- `#{i[:index]}` on `#{i[:table]}`" }
+              end
+              hot = index_usage.sort_by { |i| -(i[:scans] || 0) }.first(5)
+              lines << "" << "**Most used indexes:**"
+              hot.each { |i| lines << "- `#{i[:index]}` on `#{i[:table]}` — #{i[:scans]} scans" }
+            end
+          end
+
+          lines << ""
+          lines
+        rescue => e
+          [ "## Database", "", "_Not available: #{e.message}_", "" ]
+        end
+
+        def gather_table_sizes(conn, adapter)
+          case adapter
+          when /postgresql/
+            sql = "SELECT relname AS name, pg_total_relation_size(relid) AS bytes FROM pg_stat_user_tables ORDER BY bytes DESC"
+            conn.select_all(sql).map { |r| { name: r["name"], bytes: r["bytes"].to_i } }
+          when /mysql/
+            sql = "SELECT table_name AS name, (data_length + index_length) AS bytes FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = DATABASE() ORDER BY bytes DESC"
+            conn.select_all(sql).map { |r| { name: r["name"], bytes: r["bytes"].to_i } }
+          when /sqlite/
+            # Try dbstat virtual table first, fall back to whole-DB size
+            begin
+              result = conn.select_all("SELECT name, SUM(pgsize) AS bytes FROM dbstat GROUP BY name ORDER BY bytes DESC")
+              return result.map { |r| { name: r["name"], bytes: r["bytes"].to_i } } if result.any?
+            rescue
+              nil
+            end
+            # Fallback: whole database size
+            page_count = conn.select_value("PRAGMA page_count").to_i
+            page_size = conn.select_value("PRAGMA page_size").to_i
+            total = page_count * page_size
+            tables = conn.select_values("SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' ORDER BY name")
+            tables.map { |t| { name: t, bytes: total / [ tables.size, 1 ].max } }
+          else
+            nil
+          end
+        rescue
+          nil
+        end
+
+        def gather_pending_migrations
+          migrate_dir = File.join(Rails.root, "db/migrate")
+          return nil unless Dir.exist?(migrate_dir)
+
+          context = ActiveRecord::MigrationContext.new(migrate_dir)
+          pending = if context.respond_to?(:pending_migrations)
+            context.pending_migrations
+          else
+            ActiveRecord::Migrator.new(:up, context.migrations).pending_migrations
+          end
+          pending.map { |m| "#{m.version} — #{m.name}" }
+        rescue
+          nil
+        end
+
+        def gather_index_usage(conn, adapter)
+          case adapter
+          when /postgresql/
+            sql = "SELECT relname AS table, indexrelname AS index, idx_scan AS scans FROM pg_stat_user_indexes ORDER BY idx_scan ASC"
+            conn.select_all(sql).map { |r| { table: r["table"], index: r["index"], scans: r["scans"].to_i } }
+          else
+            nil
+          end
+        rescue
+          nil
+        end
+
+        # ── Cache section ────────────────────────────────────────────────
+
+        def gather_cache
+          cache = Rails.cache
+          lines = [ "## Cache", "" ]
+          lines << "**Store:** #{cache.class.name.demodulize}"
+
+          if cache.respond_to?(:stats)
+            stats = cache.stats
+            lines << "**Stats:** #{stats.inspect}"
+          elsif cache.respond_to?(:redis)
+            begin
+              info = cache.redis.info("stats")
+              hits = info["keyspace_hits"].to_i
+              misses = info["keyspace_misses"].to_i
+              total = hits + misses
+              hit_rate = total > 0 ? ((hits.to_f / total) * 100).round(1) : 0
+              lines << "**Hit rate:** #{hit_rate}% (#{hits} hits, #{misses} misses)"
+              lines << "**Memory:** #{cache.redis.info("memory")["used_memory_human"]}"
+            rescue => e
+              lines << "_Redis stats not available: #{e.message}_"
+            end
+          else
+            lines << "_Stats not available for #{cache.class.name}. Supported: Redis, MemoryStore._"
+          end
+
+          lines << ""
+          lines
+        rescue => e
+          [ "## Cache", "", "_Not available: #{e.message}_", "" ]
+        end
+
+        # ── Jobs section ─────────────────────────────────────────────────
+
+        def gather_jobs(detail)
+          lines = [ "## Background Jobs", "" ]
+
+          # Active Job adapter
+          adapter_name = begin
+            name = ActiveJob::Base.queue_adapter_name
+            name.empty? ? "not configured" : name
+          rescue
+            "not available"
+          end
+          lines << "**Adapter:** #{adapter_name}"
+
+          # Sidekiq stats (if available)
+          if defined?(Sidekiq)
+            begin
+              require "sidekiq/api"
+              stats = Sidekiq::Stats.new
+              lines << "**Enqueued:** #{stats.enqueued}"
+              lines << "**Processed:** #{stats.processed}"
+              lines << "**Failed:** #{stats.failed}"
+              lines << "**Scheduled:** #{stats.scheduled_size}"
+              lines << "**Retries:** #{stats.retry_size}"
+              lines << "**Dead:** #{stats.dead_size}"
+
+              if detail == "full"
+                queues = Sidekiq::Queue.all
+                if queues.any?
+                  lines << "" << "### Queues"
+                  lines << "| Queue | Size | Latency |"
+                  lines << "|-------|------|---------|"
+                  queues.each do |q|
+                    lines << "| #{q.name} | #{q.size} | #{q.latency.round(1)}s |"
+                  end
+                end
+              end
+            rescue => e
+              lines << "_Sidekiq stats error: #{e.message}_"
+            end
+          else
+            lines << "_Sidekiq not loaded. Queue stats unavailable._"
+          end
+
+          lines << ""
+          lines
+        rescue => e
+          [ "## Background Jobs", "", "_Not available: #{e.message}_", "" ]
+        end
+
+        # ── Helpers ──────────────────────────────────────────────────────
+
+        def format_bytes(bytes)
+          return "0 B" if bytes.nil? || bytes == 0
+          if bytes >= 1_073_741_824
+            "#{(bytes / 1_073_741_824.0).round(1)} GB"
+          elsif bytes >= 1_048_576
+            "#{(bytes / 1_048_576.0).round(1)} MB"
+          elsif bytes >= 1024
+            "#{(bytes / 1024.0).round(1)} KB"
+          else
+            "#{bytes} B"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails_ai_context/tools/search_code.rb

@@ -87,10 +87,10 @@ module RailsAiContext
         search_pattern = case match_type
         when "definition"
           cleaned = pattern.sub(/\A\s*def\s+/, "")
-          "^\\s*def\\s+(self\\.)?#{cleaned}"
+          "^\\s*def\\s+(self\\.)?#{Regexp.escape(cleaned)}"
         when "class"
           cleaned = pattern.sub(/\A\s*(class|module)\s+/, "")
-          "^\\s*(class|module)\\s+\\w*#{cleaned}"
+          "^\\s*(class|module)\\s+\\w*#{Regexp.escape(cleaned)}"
         when "call"
           pattern
         else
@@ -202,6 +202,22 @@ module RailsAiContext
           cmd << "--glob=!#{p}"
         end
 
+        # Exclude generated AI context files (not source code)
+        # Claude
+        cmd << "--glob=!CLAUDE.md"
+        cmd << "--glob=!.claude/"
+        # Cursor
+        cmd << "--glob=!.cursor/"
+        cmd << "--glob=!.cursorrules"
+        # GitHub Copilot
+        cmd << "--glob=!.github/copilot-instructions.md"
+        cmd << "--glob=!.github/instructions/"
+        # OpenCode
+        cmd << "--glob=!AGENTS.md"
+        cmd << "--glob=!**/AGENTS.md"
+        # JSON export
+        cmd << "--glob=!.ai-context.json"
+
         # Exclude test/spec directories if requested
         if exclude_tests
           cmd << "--glob=!test/"
@@ -238,11 +254,13 @@ module RailsAiContext
         excluded = RailsAiContext.configuration.excluded_paths
         sensitive = RailsAiContext.configuration.sensitive_patterns
         test_dirs = %w[test/ spec/ features/]
+        ai_context_files = %w[CLAUDE.md AGENTS.md .claude/ .cursor/ .cursorrules .github/copilot-instructions.md .github/instructions/ .ai-context.json]
 
         Dir.glob(File.join(search_path, glob)).each do |file|
           relative = file.sub("#{root}/", "")
           next if excluded.any? { |ex| relative.start_with?(ex) }
           next if sensitive_file?(relative, sensitive)
+          next if ai_context_files.any? { |p| relative.start_with?(p) || relative == p }
           next if exclude_tests && test_dirs.any? { |td| relative.start_with?(td) }
 
           File.readlines(file).each_with_index do |line, idx|
@@ -260,9 +278,10 @@ module RailsAiContext
 
       private_class_method def self.sensitive_file?(relative_path, patterns)
         basename = File.basename(relative_path)
+        flags = File::FNM_DOTMATCH | File::FNM_CASEFOLD
         patterns.any? do |pattern|
-          File.fnmatch(pattern, relative_path, File::FNM_DOTMATCH) ||
-            File.fnmatch(pattern, basename, File::FNM_DOTMATCH)
+          File.fnmatch(pattern, relative_path, flags) ||
+            File.fnmatch(pattern, basename, flags)
         end
       end
 

data/lib/rails_ai_context/tools/security_scan.rb

@@ -123,7 +123,13 @@ module RailsAiContext
 
         if warnings.empty?
           scope = files&.any? ? " in #{files.join(', ')}" : ""
-          return text_response("No security warnings found#{scope}. (#{checks_run} checks run)")
+          # Summarize what categories were checked for transparency
+          check_names = tracker.checks.checks_run.map do |c|
+            c.to_s.sub(/\ABrakeman::Checks::Check/, "").gsub(/([a-z])([A-Z])/, '\1 \2')
+          end
+          categories = check_names.first(6).join(", ")
+          categories += ", ..." if check_names.size > 6
+          return text_response("No security warnings found#{scope}. (#{checks_run} checks run: #{categories})")
         end
 
         case detail