rails-ai-context 0.15.7 → 0.15.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39df765c4841adb33e68870093b8f58d02ff28dfe5e245ee81655902a9b0fb78
-  data.tar.gz: 58385dad4ad55a627d854a2611ed16f951ac0409d54d80e96966efa8b0e1613b
+  metadata.gz: c0d532a0b5cd13d8f15fd988426013b6c493df52bbea861601bc6e98fc50284d
+  data.tar.gz: d6937138538b5863998da10507a967a3538354bd80885e2d8be29dce9552331f
 SHA512:
-  metadata.gz: 49755cc6de2afc6a536b470abea60b5a873a9f73419754f4ad304dd8988b34ebfa65b7d69e9878e2c7bdd3418183e9a71da16007f374161e87f44259c209f5f7
-  data.tar.gz: 83441b234d6f429d4a066ec79dece90fd5685d5ee4a3e5df882241b21b2b79cddde40d9c0c4fa3ac79322bf26764cf694a4beaf8dc9c419c82d9bc96e37009e3
+  metadata.gz: 49df028217e81fd1dc56513dad0ba11cc4b755d231a06bacd822b848e88f30ad37108ba6c8c8a076f36af35ee3babbb159d2dba47162fc34ae109670fecb0107
+  data.tar.gz: 977cca79b0eba516d23c4cf8dbc678bc0874420405959fc927150f10cd52c14f554c48e801db3f74849e1919dfe15caea6d8078539436aec88dab1b2838bef8d

data/CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.15.8] - 2026-03-23
+
+### Added
+
+- **Semantic validation (`level:"rails"`)** — `rails_validate` now supports `level:"rails"` for deep semantic checks beyond syntax: partial existence, route helper validity, column references vs schema, strong params vs schema columns, callback method existence, route-action consistency, `has_many` dependent options, missing FK indexes, and Stimulus controller file existence.
+
 ## [0.15.7] - 2026-03-22
 
 ### Improved

data/lib/rails_ai_context/tools/validate.rb

@@ -2,12 +2,17 @@
 
 require "open3"
 require "erb"
+require "set"
 
 module RailsAiContext
   module Tools
     class Validate < BaseTool
       tool_name "rails_validate"
-      description "Validate syntax of multiple files at once (Ruby, ERB, JavaScript). Replaces separate ruby -c, erb check, and node -c calls. Returns pass/fail for each file with error details."
+      description "Validate syntax of multiple files at once (Ruby, ERB, JavaScript). " \
+        "Replaces separate ruby -c, erb check, and node -c calls. " \
+        "Use level:\"rails\" for semantic checks: partial existence, route helpers, " \
+        "column references, strong params vs schema, callback method existence, " \
+        "route-action consistency, has_many dependent, FK indexes, Stimulus controllers."
 
       def self.max_files
         RailsAiContext.configuration.max_validate_files
@@ -19,6 +24,11 @@ module RailsAiContext
             type: "array",
             items: { type: "string" },
             description: "File paths relative to Rails root (e.g. ['app/models/cook.rb', 'app/views/cooks/index.html.erb'])"
+          },
+          level: {
+            type: "string",
+            enum: %w[syntax rails],
+            description: "Validation level. syntax: check syntax only (default, fast). rails: syntax + semantic checks (partial existence, route helpers, column references)."
           }
         },
         required: %w[files]
@@ -26,14 +36,11 @@ module RailsAiContext
 
       annotations(read_only_hint: true, destructive_hint: false, idempotent_hint: true, open_world_hint: false)
 
-      def self.call(files:, server_context: nil)
-        if files.empty?
-          return text_response("No files provided.")
-        end
+      # ── Main entry point ─────────────────────────────────────────────
 
-        if files.size > max_files
-          return text_response("Too many files (#{files.size}). Maximum is #{max_files} per call.")
-        end
+      def self.call(files:, level: "syntax", server_context: nil)
+        return text_response("No files provided.") if files.empty?
+        return text_response("Too many files (#{files.size}). Maximum is #{max_files} per call.") if files.size > max_files
 
         results = []
         passed = 0
@@ -42,7 +49,6 @@ module RailsAiContext
         files.each do |file|
           full_path = Rails.root.join(file)
 
-          # Path traversal protection
           unless File.exist?(full_path)
             results << "\u2717 #{file} \u2014 file not found"
             total += 1
@@ -64,12 +70,12 @@ module RailsAiContext
 
           total += 1
 
-          if file.end_with?(".rb")
-            ok, msg = validate_ruby(full_path)
+          ok, msg, warnings = if file.end_with?(".rb")
+            validate_ruby(full_path)
           elsif file.end_with?(".html.erb") || file.end_with?(".erb")
-            ok, msg = validate_erb(full_path)
+            validate_erb(full_path)
           elsif file.end_with?(".js")
-            ok, msg = validate_javascript(full_path)
+            validate_javascript(full_path)
           else
             results << "- #{file} \u2014 skipped (unsupported file type)"
             total -= 1
@@ -82,161 +88,708 @@ module RailsAiContext
           else
             results << "\u2717 #{file} \u2014 #{msg}"
           end
+
+          (warnings || []).each { |w| results << "  \u26A0 #{w}" }
+
+          if level == "rails" && ok
+            rails_warnings = check_rails_semantics(file, full_path)
+            rails_warnings.each { |w| results << "  \u26A0 #{w}" }
+          end
         end
 
         output = results.join("\n")
         output += "\n\n#{passed}/#{total} files passed"
-
         text_response(output)
       end
 
-      # Validate Ruby syntax via `ruby -c` (no shell — uses Open3 array form)
+      # ── Prism detection ──────────────────────────────────────────────
+
+      private_class_method def self.prism_available?
+        return @prism_available unless @prism_available.nil?
+
+        @prism_available = begin
+          require "prism"
+          true
+        rescue LoadError
+          false
+        end
+      end
+
+      # ── Ruby validation ──────────────────────────────────────────────
+
       private_class_method def self.validate_ruby(full_path)
+        prism_available? ? validate_ruby_prism(full_path) : validate_ruby_subprocess(full_path)
+      end
+
+      private_class_method def self.validate_ruby_prism(full_path)
+        result = Prism.parse_file(full_path.to_s)
+        basename = File.basename(full_path.to_s)
+        warnings = result.warnings.map do |w|
+          "#{basename}:#{w.location.start_line}:#{w.location.start_column}: warning: #{w.message}"
+        end
+
+        if result.success?
+          [ true, nil, warnings ]
+        else
+          errors = result.errors.first(5).map do |e|
+            "#{basename}:#{e.location.start_line}:#{e.location.start_column}: #{e.message}"
+          end
+          [ false, errors.join("\n"), warnings ]
+        end
+      rescue => _e
+        validate_ruby_subprocess(full_path)
+      end
+
+      private_class_method def self.validate_ruby_subprocess(full_path)
         result, status = Open3.capture2e("ruby", "-c", full_path.to_s)
         if status.success?
-          [ true, nil ]
+          [ true, nil, [] ]
         else
-          # Show up to 5 non-empty error lines for full context (ruby -c gives multi-line errors)
           error_lines = result.lines
             .reject { |l| l.strip.empty? || l.include?("Syntax OK") }
             .first(5)
             .map { |l| l.strip.sub(full_path.to_s, File.basename(full_path.to_s)) }
-          error = error_lines.any? ? error_lines.join("\n") : "syntax error"
-          [ false, error ]
+          [ false, error_lines.any? ? error_lines.join("\n") : "syntax error", [] ]
         end
       end
 
-      # Validate ERB by compiling to Ruby source then syntax-checking the result.
-      # Catches missing <% end %>, unclosed blocks, and mismatched do/end.
-      #
-      # Two key pre-processing steps avoid false positives:
-      # 1. Convert `<%= ... %>` to `<% ... %>` — prevents the `_buf << ( helper do ).to_s`
-      #    ambiguity that standard ERB compilation creates for block-form helpers
-      #    like `<%= link_to ... do %>`, `<%= form_with ... do |f| %>`, etc.
-      # 2. Wrap compiled source in a method def — makes `yield` syntactically valid.
+      # ── ERB validation ───────────────────────────────────────────────
+
       private_class_method def self.validate_erb(full_path)
-        return [ false, "file too large" ] if File.size(full_path) > RailsAiContext.configuration.max_file_size
+        return [ false, "file too large", [] ] if File.size(full_path) > RailsAiContext.configuration.max_file_size
 
         content = File.binread(full_path).force_encoding("UTF-8")
-
-        # Pre-process: convert output tags to non-output for syntax-only checking.
-        # This is safe because we only check structure (do/end, if/end matching),
-        # not whether output is correct.
         processed = content.gsub("<%=", "<%")
 
-        # Compile ERB to Ruby, wrapped in a method so `yield` is valid syntax.
-        # Force UTF-8 on .src output — ERB may return ASCII-8BIT which breaks
-        # concatenation with UTF-8 strings when non-ASCII bytes (emoji, etc.) are present.
         erb_src = +ERB.new(processed).src
         erb_src.force_encoding("UTF-8")
         compiled = "# encoding: utf-8\ndef __erb_syntax_check\n#{erb_src}\nend"
 
-        check_result, check_status = Open3.capture2e("ruby", "-c", "-", stdin_data: compiled)
-        if check_status.success?
-          [ true, nil ]
+        if prism_available?
+          result = Prism.parse(compiled)
+          if result.success?
+            [ true, nil, [] ]
+          else
+            error = result.errors.first(5).map do |e|
+              "line #{[ e.location.start_line - 2, 1 ].max}: #{e.message}"
+            end.join("\n")
+            [ false, error, [] ]
+          end
         else
-          # Adjust line numbers: subtract 1 for the wrapper def line
-          error = check_result.lines
-            .reject { |l| l.strip.empty? || l.include?("Syntax OK") }
-            .first(5)
-            .map { |l| l.strip.sub(/-:(\d+):/) { "ruby: -:#{$1.to_i - 1}:" } }
-          msg = error.any? ? error.join("\n") : "ERB syntax error"
-          [ false, msg ]
+          check_result, check_status = Open3.capture2e("ruby", "-c", "-", stdin_data: compiled)
+          if check_status.success?
+            [ true, nil, [] ]
+          else
+            error = check_result.lines
+              .reject { |l| l.strip.empty? || l.include?("Syntax OK") }
+              .first(5)
+              .map { |l| l.strip.sub(/-:(\d+):/) { "ruby: -:#{$1.to_i - 2}:" } }
+            [ false, error.any? ? error.join("\n") : "ERB syntax error", [] ]
+          end
         end
       rescue => e
-        [ false, "ERB check error: #{e.message}" ]
+        [ false, "ERB check error: #{e.message}", [] ]
       end
 
-      # Validate JavaScript syntax via `node -c` (no shell — uses Open3 array form)
+      # ── JavaScript validation ────────────────────────────────────────
+
       private_class_method def self.validate_javascript(full_path)
         @node_available = system("which", "node", out: File::NULL, err: File::NULL) if @node_available.nil?
 
         if @node_available
           result, status = Open3.capture2e("node", "-c", full_path.to_s)
           if status.success?
-            [ true, nil ]
+            [ true, nil, [] ]
           else
-            # Show up to 3 non-empty error lines for context
-            error_lines = result.lines
-              .reject { |l| l.strip.empty? }
-              .first(3)
+            error_lines = result.lines.reject { |l| l.strip.empty? }.first(3)
               .map { |l| l.strip.sub(full_path.to_s, File.basename(full_path.to_s)) }
-            error = error_lines.any? ? error_lines.join("\n") : "syntax error"
-            [ false, error ]
+            [ false, error_lines.any? ? error_lines.join("\n") : "syntax error", [] ]
           end
         else
           validate_javascript_fallback(full_path)
         end
       end
 
-      # Basic JavaScript validation when node is not available.
-      # Checks for unmatched braces, brackets, and parentheses.
       private_class_method def self.validate_javascript_fallback(full_path)
-        return [ false, "file too large for basic validation" ] if File.size(full_path) > RailsAiContext.configuration.max_file_size
+        return [ false, "file too large for basic validation", [] ] if File.size(full_path) > RailsAiContext.configuration.max_file_size
         content = File.read(full_path)
         stack = []
         openers = { "{" => "}", "[" => "]", "(" => ")" }
         closers = { "}" => "{", "]" => "[", ")" => "(" }
-        in_string = nil
-        in_line_comment = false
-        in_block_comment = false
-        prev_char = nil
+        in_string = nil; in_line_comment = false; in_block_comment = false; prev_char = nil
 
         content.each_char.with_index do |char, i|
-          if in_line_comment
-            in_line_comment = false if char == "\n"
-            prev_char = char
-            next
-          end
+          if in_line_comment then (in_line_comment = false if char == "\n"); prev_char = char; next end
+          if in_block_comment then (in_block_comment = false if prev_char == "*" && char == "/"); prev_char = char; next end
+          if in_string then (in_string = nil if char == in_string && prev_char != "\\"); prev_char = char; next end
 
-          if in_block_comment
-            if prev_char == "*" && char == "/"
-              in_block_comment = false
+          case char
+          when '"', "'", "`" then in_string = char
+          when "/" then (in_line_comment = true; stack.pop if stack.last == "/") if prev_char == "/"
+          when "*" then in_block_comment = true if prev_char == "/"
+          else
+            if openers.key?(char) then stack << char
+            elsif closers.key?(char)
+              return [ false, "line #{content[0..i].count("\n") + 1}: unmatched '#{char}'", [] ] if stack.empty? || stack.last != closers[char]
+              stack.pop
             end
-            prev_char = char
-            next
           end
+          prev_char = char
+        end
+
+        stack.empty? ? [ true, nil, [] ] : [ false, "unmatched '#{stack.last}' (node not available, basic check only)", [] ]
+      end
+
+      # ════════════════════════════════════════════════════════════════════
+      # ── Rails-aware semantic checks (level: "rails") ─────────────────
+      # ════════════════════════════════════════════════════════════════════
+
+      # Prism AST Visitor — walks the AST once, extracts data for all checks
+      class RailsSemanticVisitor < Prism::Visitor
+        attr_reader :render_calls, :route_helper_calls, :validates_calls,
+                    :permit_calls, :callback_registrations, :has_many_calls
 
-          if in_string
-            if char == in_string && prev_char != "\\"
-              in_string = nil
+        CALLBACK_NAMES = %i[
+          before_validation after_validation before_save after_save
+          before_create after_create before_update after_update
+          before_destroy after_destroy after_commit after_rollback
+        ].to_set.freeze
+
+        def initialize
+          super
+          @render_calls = []
+          @route_helper_calls = []
+          @validates_calls = []
+          @permit_calls = []
+          @callback_registrations = []
+          @has_many_calls = []
+        end
+
+        def visit_call_node(node)
+          case node.name
+          when :render     then extract_render(node)
+          when :validates  then extract_validates(node)
+          when :permit     then extract_permit(node)
+          when :has_many   then extract_has_many(node)
+          else
+            if node.name.to_s.end_with?("_path", "_url") && node.receiver.nil?
+              @route_helper_calls << { name: node.name.to_s, line: node.location.start_line }
+            elsif CALLBACK_NAMES.include?(node.name) && node.receiver.nil?
+              extract_callback(node)
             end
-            prev_char = char
-            next
           end
+          super
+        end
 
-          case char
-          when '"', "'", "`"
-            in_string = char
-          when "/"
-            if prev_char == "/"
-              in_line_comment = true
-              stack.pop if stack.last == "/" # remove the first / we may have pushed
+        private
+
+        def extract_render(node)
+          args = node.arguments&.arguments || []
+          args.each do |arg|
+            case arg
+            when Prism::StringNode
+              @render_calls << { name: arg.unescaped, line: node.location.start_line }
+            when Prism::KeywordHashNode
+              arg.elements.each do |elem|
+                next unless elem.is_a?(Prism::AssocNode)
+                key = elem.key
+                val = elem.value
+                if key.is_a?(Prism::SymbolNode) && key.value == "partial" && val.is_a?(Prism::StringNode)
+                  @render_calls << { name: val.unescaped, line: node.location.start_line }
+                end
+              end
             end
-          when "*"
-            if prev_char == "/"
-              in_block_comment = true
+          end
+        end
+
+        def extract_validates(node)
+          args = node.arguments&.arguments || []
+          columns = []
+          args.each do |arg|
+            break unless arg.is_a?(Prism::SymbolNode)
+            columns << arg.value
+          end
+          @validates_calls << { columns: columns, line: node.location.start_line } if columns.any?
+        end
+
+        def extract_permit(node)
+          args = node.arguments&.arguments || []
+          params = []
+          args.each do |arg|
+            case arg
+            when Prism::SymbolNode then params << arg.value
             end
-          else
-            if openers.key?(char)
-              stack << char
-            elsif closers.key?(char)
-              if stack.empty? || stack.last != closers[char]
-                line_num = content[0..i].count("\n") + 1
-                return [ false, "line #{line_num}: unmatched '#{char}'" ]
+          end
+          @permit_calls << { params: params, line: node.location.start_line } if params.any?
+        end
+
+        def extract_has_many(node)
+          args = node.arguments&.arguments || []
+          name = nil
+          has_dependent = false
+          args.each do |arg|
+            case arg
+            when Prism::SymbolNode
+              name ||= arg.value
+            when Prism::KeywordHashNode
+              arg.elements.each do |elem|
+                next unless elem.is_a?(Prism::AssocNode) && elem.key.is_a?(Prism::SymbolNode)
+                has_dependent = true if elem.key.value == "dependent"
               end
-              stack.pop
             end
           end
+          @has_many_calls << { name: name, has_dependent: has_dependent, line: node.location.start_line } if name
+        end
 
-          prev_char = char
+        def extract_callback(node)
+          args = node.arguments&.arguments || []
+          methods = args.select { |a| a.is_a?(Prism::SymbolNode) }.map(&:value)
+          @callback_registrations << { type: node.name.to_s, methods: methods, line: node.location.start_line } if methods.any?
+        end
+      end if defined?(Prism)
+
+      # ── Semantic check dispatcher ────────────────────────────────────
+
+      private_class_method def self.check_rails_semantics(file, full_path)
+        warnings = []
+
+        context = begin; cached_context; rescue; return warnings; end
+        return warnings unless context
+
+        content = File.read(full_path, encoding: "UTF-8", invalid: :replace, undef: :replace) rescue nil
+        return warnings unless content
+
+        # Parse with Prism AST visitor (single pass for all checks)
+        visitor = parse_and_visit(file, content)
+
+        if file.end_with?(".html.erb", ".erb")
+          if visitor
+            warnings.concat(check_partial_existence_ast(file, visitor))
+            warnings.concat(check_route_helpers_ast(visitor, context))
+          else
+            warnings.concat(check_partial_existence_regex(file, content))
+            warnings.concat(check_route_helpers_regex(content, context))
+          end
+          warnings.concat(check_stimulus_controllers(content, context))
+        elsif file.end_with?(".rb")
+          if visitor
+            warnings.concat(check_route_helpers_ast(visitor, context))
+            warnings.concat(check_column_references_ast(file, visitor, context))
+            warnings.concat(check_strong_params_ast(file, visitor, context))
+            warnings.concat(check_callback_existence_ast(file, visitor, context))
+          else
+            warnings.concat(check_route_helpers_regex(content, context))
+            warnings.concat(check_column_references_regex(file, content, context))
+          end
+          # Cache-only checks (no AST needed)
+          warnings.concat(check_has_many_dependent(file, context))
+          warnings.concat(check_missing_fk_index(file, context))
+          warnings.concat(check_route_action_consistency(file, context))
+        end
+
+        warnings
+      end
+
+      private_class_method def self.parse_and_visit(file, content)
+        return nil unless prism_available?
+
+        source = if file.end_with?(".html.erb", ".erb")
+          processed = content.gsub("<%=", "<%")
+          erb_src = +ERB.new(processed).src
+          erb_src.force_encoding("UTF-8")
+          "# encoding: utf-8\n#{erb_src}"
+        else
+          content
+        end
+
+        result = Prism.parse(source)
+        visitor = RailsSemanticVisitor.new
+        result.value.accept(visitor)
+        visitor
+      rescue
+        nil
+      end
+
+      # ── CHECK 1: Partial existence (AST) ─────────────────────────────
+
+      private_class_method def self.check_partial_existence_ast(file, visitor)
+        warnings = []
+        visitor.render_calls.each do |rc|
+          ref = rc[:name]
+          next if ref.include?("@") || ref.include?("#") || ref.include?("{")
+          possible = resolve_partial_paths(file, ref)
+          unless possible.any? { |p| File.exist?(File.join(Rails.root, "app", "views", p)) }
+            warnings << "render \"#{ref}\" \u2014 partial not found"
+          end
+        end
+        warnings
+      end
+
+      # Regex fallback for non-Prism environments
+      private_class_method def self.check_partial_existence_regex(file, content)
+        warnings = []
+        content.scan(/render\s+(?:partial:\s*)?["']([^"']+)["']/).flatten.uniq.each do |ref|
+          next if ref.include?("@") || ref.include?("#") || ref.include?("{")
+          possible = resolve_partial_paths(file, ref)
+          unless possible.any? { |p| File.exist?(File.join(Rails.root, "app", "views", p)) }
+            warnings << "render \"#{ref}\" \u2014 partial not found"
+          end
         end
+        warnings
+      end
 
-        if stack.empty?
-          [ true, nil ]
+      private_class_method def self.resolve_partial_paths(file, ref)
+        paths = []
+        if ref.include?("/")
+          dir, base = File.dirname(ref), File.basename(ref)
+          %w[.html.erb .erb .turbo_stream.erb .json.jbuilder].each { |ext| paths << "#{dir}/_#{base}#{ext}" }
         else
-          [ false, "unmatched '#{stack.last}' (node not available, basic check only)" ]
+          view_dir = file.sub(%r{^app/views/}, "").then { |f| File.dirname(f) }
+          %w[.html.erb .erb .turbo_stream.erb .json.jbuilder].each { |ext| paths << "#{view_dir}/_#{ref}#{ext}" }
+          %w[.html.erb .erb].each { |ext| paths << "shared/_#{ref}#{ext}"; paths << "application/_#{ref}#{ext}" }
+        end
+        paths
+      end
+
+      # ── CHECK 2: Route helpers (AST) ─────────────────────────────────
+
+      ASSET_HELPER_PREFIXES = %w[image asset font stylesheet javascript audio video file compute_asset auto_discovery_link favicon].freeze
+      DEVISE_HELPER_NAMES = %w[session registration password confirmation unlock omniauth_callback user_session user_registration user_password user_confirmation user_unlock].freeze
+
+      private_class_method def self.check_route_helpers_ast(visitor, context)
+        warnings = []
+        routes = context[:routes]
+        return warnings unless routes && routes[:by_controller]
+        valid_names = build_route_name_set(routes)
+        return warnings if valid_names.empty?
+
+        seen = Set.new
+        visitor.route_helper_calls.each do |call|
+          helper = call[:name]
+          next if seen.include?(helper)
+          seen << helper
+
+          name = helper.sub(/_(path|url)\z/, "")
+          next if ASSET_HELPER_PREFIXES.any? { |p| name.start_with?(p) }
+          next if DEVISE_HELPER_NAMES.include?(name)
+          next if %w[edit new polymorphic].include?(name)
+
+          warnings << "#{helper} \u2014 route helper not found" unless valid_names.include?(name)
+        end
+        warnings
+      end
+
+      # Regex fallback
+      private_class_method def self.check_route_helpers_regex(content, context)
+        warnings = []
+        routes = context[:routes]
+        return warnings unless routes && routes[:by_controller]
+        valid_names = build_route_name_set(routes)
+        return warnings if valid_names.empty?
+
+        seen = Set.new
+        content.scan(/\b(\w+)_(path|url)\b/).each do |match|
+          name, suffix = match
+          helper = "#{name}_#{suffix}"
+          next if seen.include?(helper)
+          seen << helper
+          next if ASSET_HELPER_PREFIXES.any? { |p| name.start_with?(p) }
+          next if DEVISE_HELPER_NAMES.include?(name)
+          next if %w[edit new polymorphic].include?(name)
+          warnings << "#{helper} \u2014 route helper not found" unless valid_names.include?(name)
+        end
+        warnings
+      end
+
+      private_class_method def self.build_route_name_set(routes)
+        names = Set.new
+        routes[:by_controller].each_value do |actions|
+          actions.each do |a|
+            next unless a[:name]
+            names << a[:name]
+            names << "edit_#{a[:name]}"
+            names << "new_#{a[:name]}"
+          end
+        end
+        names
+      end
+
+      # ── CHECK 3: Column references (AST) ─────────────────────────────
+
+      private_class_method def self.check_column_references_ast(file, visitor, context)
+        warnings = []
+        return warnings unless file.start_with?("app/models/") && !file.include?("/concerns/")
+
+        valid = model_valid_columns(file, context)
+        return warnings unless valid
+
+        visitor.validates_calls.each do |vc|
+          vc[:columns].each do |col|
+            unless valid[:columns].include?(col)
+              warnings << "validates :#{col} \u2014 column \"#{col}\" not found in #{valid[:table]} table"
+            end
+          end
+        end
+        warnings
+      end
+
+      # Regex fallback
+      private_class_method def self.check_column_references_regex(file, content, context)
+        warnings = []
+        return warnings unless file.start_with?("app/models/") && !file.include?("/concerns/")
+
+        valid = model_valid_columns(file, context)
+        return warnings unless valid
+
+        content.each_line do |line|
+          next unless line.match?(/\A\s*validates\s+:/)
+          after = line.sub(/\A\s*validates\s+/, "")
+          after.scan(/:(\w+)/).each do |m|
+            col = m[0]
+            break if after.include?("#{col}:")
+            next if col == col.capitalize
+            warnings << "validates :#{col} \u2014 column \"#{col}\" not found in #{valid[:table]} table" unless valid[:columns].include?(col)
+          end
+        end
+        warnings
+      end
+
+      # Shared helper: build valid column set for a model file
+      private_class_method def self.model_valid_columns(file, context)
+        models = context[:models]
+        schema = context[:schema]
+        return nil unless models && schema
+
+        model_name = file.sub("app/models/", "").sub(/\.rb$/, "").camelize
+        model_data = models[model_name]
+        return nil unless model_data
+
+        table_name = model_data[:table_name]
+        table_data = schema[:tables] && schema[:tables][table_name]
+        return nil unless table_data
+
+        columns = Set.new
+        table_data[:columns]&.each { |c| columns << c[:name] }
+        model_data[:associations]&.each do |a|
+          columns << a[:name] if a[:name]
+          columns << a[:foreign_key] if a[:foreign_key]
+        end
+
+        { columns: columns, table: table_name, model: model_name, model_data: model_data }
+      end
+
+      # ── CHECK 4: Strong params vs schema (AST) ───────────────────────
+
+      private_class_method def self.check_strong_params_ast(file, visitor, context)
+        warnings = []
+        return warnings unless file.start_with?("app/controllers/")
+        return warnings if visitor.permit_calls.empty?
+
+        schema = context[:schema]
+        models = context[:models]
+        return warnings unless schema && models
+
+        # Infer model from controller: posts_controller.rb → Post → posts table
+        controller_base = File.basename(file, ".rb").sub(/_controller$/, "")
+        model_name = controller_base.classify
+        model_data = models[model_name]
+        return warnings unless model_data
+
+        table_name = model_data[:table_name]
+        table_data = schema[:tables] && schema[:tables][table_name]
+        return warnings unless table_data
+
+        valid = Set.new
+        table_data[:columns]&.each { |c| valid << c[:name] }
+        model_data[:associations]&.each { |a| valid << a[:name]; valid << a[:foreign_key] if a[:foreign_key] }
+        valid.merge(%w[id _destroy created_at updated_at])
+
+        # If model has JSONB/JSON columns, params may be stored as hash keys inside them — skip check
+        has_json_columns = table_data[:columns]&.any? { |c| %w[jsonb json].include?(c[:type]) }
+        return warnings if has_json_columns
+
+        visitor.permit_calls.each do |pc|
+          pc[:params].each do |param|
+            next if param.end_with?("_attributes") # nested attributes
+            next if valid.include?(param)
+            warnings << "permits :#{param} \u2014 not a column in #{table_name} table"
+          end
+        end
+        warnings
+      end
+
+      # ── CHECK 5: Callback method existence (AST) ─────────────────────
+
+      private_class_method def self.check_callback_existence_ast(file, visitor, context)
+        warnings = []
+        return warnings unless file.start_with?("app/models/") && !file.include?("/concerns/")
+        return warnings if visitor.callback_registrations.empty?
+
+        models = context[:models]
+        return warnings unless models
+
+        model_name = file.sub("app/models/", "").sub(/\.rb$/, "").camelize
+        model_data = models[model_name]
+        return warnings unless model_data
+
+        # Build set of known methods (instance + from source content)
+        known = Set.new(model_data[:instance_methods] || [])
+        # Also check the file source for private methods
+        source = File.read(Rails.root.join(file), encoding: "UTF-8") rescue nil
+        source&.scan(/\bdef\s+(\w+[?!]?)/)&.each { |m| known << m[0] }
+
+        # Skip check if model has concerns (method may be in concern)
+        has_concerns = (model_data[:concerns] || []).any?
+
+        visitor.callback_registrations.each do |reg|
+          reg[:methods].each do |method_name|
+            next if known.include?(method_name)
+            next if has_concerns # uncertain — method may come from concern
+            warnings << "#{reg[:type]} :#{method_name} \u2014 method not found in #{model_name}"
+          end
+        end
+        warnings
+      end
+
+      # ── CHECK 6: Route-action consistency (cache only) ───────────────
+
+      private_class_method def self.check_route_action_consistency(file, context)
+        warnings = []
+        return warnings unless file.start_with?("app/controllers/")
+
+        routes = context[:routes]
+        controllers = context[:controllers]
+        return warnings unless routes && controllers
+
+        # Map file to controller name: app/controllers/cooks_controller.rb → cooks
+        relative = file.sub("app/controllers/", "").sub(/_controller\.rb$/, "")
+        ctrl_key = relative.gsub("/", "::")
+        ctrl_class = ctrl_key.camelize + "Controller"
+
+        # Get controller actions
+        ctrl_data = controllers[:controllers] && controllers[:controllers][ctrl_class]
+        return warnings unless ctrl_data
+        actions = Set.new(ctrl_data[:actions] || [])
+
+        # Get routes pointing to this controller
+        route_controller = relative.gsub("::", "/")
+        route_actions = routes[:by_controller] && routes[:by_controller][route_controller]
+        return warnings unless route_actions
+
+        route_actions.each do |route|
+          action = route[:action]
+          next unless action
+          unless actions.include?(action)
+            warnings << "route #{route[:verb]} #{route[:path]} \u2192 #{action} \u2014 action not found in #{ctrl_class}"
+          end
+        end
+        warnings
+      end
+
+      # ── CHECK 7: has_many without :dependent (cache only) ────────────
+
+      private_class_method def self.check_has_many_dependent(file, context)
+        warnings = []
+        return warnings unless file.start_with?("app/models/") && !file.include?("/concerns/")
+
+        models = context[:models]
+        return warnings unless models
+
+        model_name = file.sub("app/models/", "").sub(/\.rb$/, "").camelize
+        model_data = models[model_name]
+        return warnings unless model_data
+
+        (model_data[:associations] || []).each do |assoc|
+          next unless assoc[:type] == "has_many"
+          next if assoc[:through] # through associations don't need dependent
+          next if assoc[:dependent] # already has dependent
+          warnings << "has_many :#{assoc[:name]} \u2014 missing :dependent option (orphaned records risk)"
+        end
+        warnings
+      end
+
+      # ── CHECK 8: Missing FK index (cache only) ──────────────────────
+
+      private_class_method def self.check_missing_fk_index(file, context)
+        warnings = []
+        return warnings unless file.start_with?("app/models/") && !file.include?("/concerns/")
+
+        schema = context[:schema]
+        models = context[:models]
+        return warnings unless schema && models
+
+        model_name = file.sub("app/models/", "").sub(/\.rb$/, "").camelize
+        model_data = models[model_name]
+        return warnings unless model_data
+
+        table_name = model_data[:table_name]
+        table_data = schema[:tables] && schema[:tables][table_name]
+        return warnings unless table_data
+
+        # Only flag columns that are ACTUAL foreign keys (declared via add_foreign_key or belongs_to)
+        declared_fk_columns = (table_data[:foreign_keys] || []).map { |fk| fk[:column] }
+        assoc_fk_columns = (model_data[:associations] || [])
+          .select { |a| a[:type] == "belongs_to" }
+          .map { |a| a[:foreign_key] }
+          .compact
+        fk_columns = (declared_fk_columns + assoc_fk_columns).uniq
+
+        # Build set of indexed columns (first column in any index)
+        indexed = Set.new
+        (table_data[:indexes] || []).each do |idx|
+          indexed << idx[:columns]&.first if idx[:columns]&.any?
+        end
+
+        fk_columns.each do |col|
+          unless indexed.include?(col)
+            warnings << "#{col} in #{table_name} \u2014 foreign key without index (slow queries)"
+          end
+        end
+        warnings
+      end
+
+      # ── CHECK 9: Stimulus controller existence ───────────────────────
+
+      private_class_method def self.check_stimulus_controllers(content, context)
+        warnings = []
+        stimulus = context[:stimulus]
+        return warnings unless stimulus
+
+        # Build known controller names (normalize: both dash and underscore forms)
+        known = Set.new
+        if stimulus.is_a?(Hash) && stimulus[:controllers]
+          stimulus[:controllers].each do |ctrl|
+            name = ctrl.is_a?(Hash) ? (ctrl[:name] || ctrl["name"]) : ctrl.to_s
+            if name
+              known << name
+              known << name.tr("_", "-")  # underscore → dash
+              known << name.tr("-", "_")  # dash → underscore
+            end
+          end
+        elsif stimulus.is_a?(Array)
+          stimulus.each do |s|
+            name = s.is_a?(Hash) ? (s[:name] || s["name"]) : s.to_s
+            if name
+              known << name
+              known << name.tr("_", "-")
+              known << name.tr("-", "_")
+            end
+          end
+        end
+        return warnings if known.empty?
+
+        # Extract data-controller references from HTML
+        content.scan(/data-controller=["']([^"']+)["']/).each do |match|
+          controllers = match[0].split(/\s+/)
+          controllers.each do |name|
+            next if name.include?("<%") || name.include?("#") # dynamic
+            next if name.include?("--") # namespaced npm package
+            unless known.include?(name)
+              warnings << "data-controller=\"#{name}\" \u2014 Stimulus controller not found"
+            end
+          end
         end
+        warnings
       end
     end
   end

data/lib/rails_ai_context/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsAiContext
-  VERSION = "0.15.7"
+  VERSION = "0.15.8"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-ai-context
 version: !ruby/object:Gem::Version
-  version: 0.15.7
+  version: 0.15.8
 platform: ruby
 authors:
 - crisnahine