rails-ai-context 4.3.1 → 4.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ba5dfa48fbbc7efaa498640785dd290523f434ed1f7244849f31046f8359e62
-  data.tar.gz: 2dca436c86b470b51b38e745a47c64ee3908b7e342677c842940b9515dcf57f2
+  metadata.gz: 5081505ca1d99874de52ff33fb72ff75877b67ec79984fb9bb9004dbcbf4ea27
+  data.tar.gz: cc6781e87f54708aab290044a33aee7aff3ddb7579fd4fe4f592eb5d3721b310
 SHA512:
-  metadata.gz: 64c07284bc9d61136ff8dee427396fd0237fc628e9ca8cd08524022a7d9031521360b49526a93205cb6c3990284e9096aedead5d88d2fc0d75ad2f58475d30c6
-  data.tar.gz: d82fbfea6afbe2e7c44f22afa1b8f4201fbb6cf9fda17362675f46000e911bece69a3384133b19bc30d5ffe3c553e4cbb935cbd6031df92f21c6dfc3eb32aa78
+  metadata.gz: '09c0346700785aa79211b6fddf7e52dfedf9989500abd53538fc451ca3b96b0f0450865a2cbad86d6c26ac2aaefd4e19a8dcc66587960674a0adefcc324d34a9'
+  data.tar.gz: dfd9f8d968e87b736d026e9cf3fe98ef08f61527ad4be1a9c96f8abe8a9d8b47b15d0133970df3e9fd0d4f915de87c0d893686f236f9b903a1ef53ef2c406e67

data/CHANGELOG.md

@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.3.2] — 2026-04-02
+
+### Fixed
+- **review_changes undefined variable** — `changed_tests` (NameError at runtime) replaced with correct `test_files` variable in `detect_warnings`
+- **N+1 introspector O(n*m*k) view scan** — `detect_n_plus_one` now pre-loads all view file contents once via `preload_view_contents` instead of re-globbing per model+association pair
+- **atomic write collision** — temp filenames now include `SecureRandom.hex(4)` suffix to prevent concurrent process collisions on the same file
+- **bare rescue; end across 7 serializers + 2 tools** — all 16 occurrences replaced with `rescue => e` + stderr logging so errors are visible instead of silently swallowed
+
+### Changed
+- Test count: 1176 → 1529 (+353 new tests)
+- 26 new spec files covering previously untested tools, serializer helpers, introspectors, and infrastructure (server, engine, resources, watcher)
+
 ## [4.3.1] — 2026-04-02
 
 ### Fixed

data/CLAUDE.md

@@ -60,7 +60,7 @@ structure to AI assistants via the Model Context Protocol (MCP).
 ## Testing
 
 ```bash
-bundle exec rspec           # Run specs (1170 examples)
+bundle exec rspec           # Run specs (1529 examples)
 bundle exec rubocop         # Lint
 ```
 

data/lib/rails_ai_context/introspectors/performance_introspector.rb

@@ -103,26 +103,25 @@ module RailsAiContext
         controllers_dir = File.join(root, "app/controllers")
         return risks unless Dir.exist?(controllers_dir)
 
+        # Pre-scan all view files once to avoid O(n*m*k) glob inside nested loop
+        view_contents = preload_view_contents
+
         Dir.glob(File.join(controllers_dir, "**/*.rb")).each do |path|
           content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
           relative = path.sub("#{root}/", "")
 
-          # Pattern: Model.all or Model.where(...) followed by iteration
-          # without .includes
           model_data.each do |model|
             model[:has_many].each do |assoc|
-              # Check if controller fetches this model's collection without includes
               model_ref = Regexp.escape(model[:name])
               pattern = /#{model_ref}\.(all|where|order|limit|find_each)\b/
               next unless content.match?(pattern)
 
-              # Check if .includes is used for this association
               includes_pattern = /\.includes\(.*:#{Regexp.escape(assoc[:name])}/
               next if content.match?(includes_pattern)
 
-              # Check views for accessing association
-              view_pattern_found = check_views_for_association_access(model_ref, assoc[:name])
-              next unless view_pattern_found
+              # Check pre-loaded views for association access
+              assoc_pattern = /\.#{Regexp.escape(assoc[:name])}\b/
+              next unless view_contents.any? { |vc| vc.match?(assoc_pattern) }
 
               risks << {
                 model: model[:name],
@@ -132,23 +131,21 @@ module RailsAiContext
               }
             end
           end
-        rescue
+        rescue StandardError
           next
         end
 
         risks.uniq { |r| [ r[:model], r[:association], r[:controller] ] }
       end
 
-      def check_views_for_association_access(model_name, association_name)
+      def preload_view_contents
         views_dir = File.join(root, "app/views")
-        return false unless Dir.exist?(views_dir)
+        return [] unless Dir.exist?(views_dir)
 
-        # Check if any view iterates over the association
-        Dir.glob(File.join(views_dir, "**/*.{erb,haml,slim}")).any? do |path|
-          content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
-          content.match?(/\.#{Regexp.escape(association_name)}\b/)
-        rescue
-          false
+        Dir.glob(File.join(views_dir, "**/*.{erb,haml,slim}")).filter_map do |path|
+          File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+        rescue StandardError
+          nil
         end
       end
 

data/lib/rails_ai_context/serializers/claude_rules_serializer.rb

@@ -84,7 +84,7 @@ module RailsAiContext
               lines << "" << "**Global before_actions:** #{before_actions.join(', ')}"
             end
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         lines << ""
         lines << "ALWAYS use MCP tools for context — do NOT read reference files directly."
@@ -259,7 +259,7 @@ module RailsAiContext
               partials.each { |p| lines << "- #{p}" }
             end
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # Helpers — so agents use existing helpers instead of creating new ones
         begin
@@ -272,7 +272,7 @@ module RailsAiContext
               lines << helper_methods.map { |m| "- #{m}" }.join("\n")
             end
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # Stimulus controllers — so agents reuse existing controllers
         stim = context[:stimulus]

data/lib/rails_ai_context/serializers/claude_serializer.rb

@@ -176,7 +176,7 @@ module RailsAiContext
               .map { |f| File.basename(f, ".rb").camelize }
               .reject { |s| s == "ApplicationService" }
             lines << "" << "**Services:** #{service_files.join(', ')}" if service_files.any?
-          rescue; end
+          rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
         end
 
         if dir_struct["app/jobs"]
@@ -186,7 +186,7 @@ module RailsAiContext
               .map { |f| File.basename(f, ".rb").camelize }
               .reject { |j| j == "ApplicationJob" }
             lines << "**Jobs:** #{job_files.join(', ')}" if job_files.any?
-          rescue; end
+          rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
         end
 
         lines << ""
@@ -263,7 +263,7 @@ module RailsAiContext
               lines << "- Global before_actions: #{before_actions.join(', ')}"
             end
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         lines << ""
         lines

data/lib/rails_ai_context/serializers/context_file_serializer.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "fileutils"
+require "securerandom"
 
 module RailsAiContext
   module Serializers
@@ -127,7 +128,7 @@ module RailsAiContext
       def atomic_write(filepath, content)
         dir = File.dirname(filepath)
         FileUtils.mkdir_p(dir)
-        tmp = File.join(dir, ".#{File.basename(filepath)}.tmp")
+        tmp = File.join(dir, ".#{File.basename(filepath)}.#{SecureRandom.hex(4)}.tmp")
         File.write(tmp, content)
         File.rename(tmp, filepath)
       end

data/lib/rails_ai_context/serializers/copilot_instructions_serializer.rb

@@ -95,7 +95,7 @@ module RailsAiContext
               .reject { |s| s == "ApplicationService" }
             lines << "- Services: #{service_files.join(', ')}" if service_files.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # List jobs
         begin
@@ -107,7 +107,7 @@ module RailsAiContext
               .reject { |j| j == "ApplicationJob" }
             lines << "- Jobs: #{job_files.join(', ')}" if job_files.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # ApplicationController before_actions
         begin
@@ -118,7 +118,7 @@ module RailsAiContext
             before_actions = source.scan(/before_action\s+:([\w!?]+)/).flatten
             lines << "" << "**Global before_actions:** #{before_actions.join(', ')}" if before_actions.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         lines << ""
         lines << "Use MCP tools for detailed data. Start with `detail:\"summary\"`."

data/lib/rails_ai_context/serializers/cursor_rules_serializer.rb

@@ -103,7 +103,7 @@ module RailsAiContext
               .reject { |s| s == "ApplicationService" }
             lines << "- Services: #{service_files.join(', ')}" if service_files.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # List jobs
         begin
@@ -115,7 +115,7 @@ module RailsAiContext
               .reject { |j| j == "ApplicationJob" }
             lines << "- Jobs: #{job_files.join(', ')}" if job_files.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # ApplicationController before_actions
         begin
@@ -126,7 +126,7 @@ module RailsAiContext
             before_actions = source.scan(/before_action\s+:([\w!?]+)/).flatten
             lines << "" << "Global before_actions: #{before_actions.join(', ')}" if before_actions.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         lines << ""
         lines << "MCP tools available — see rails-mcp-tools.mdc for full reference."
@@ -235,7 +235,7 @@ module RailsAiContext
               partials.each { |p| lines << "- #{p}" }
             end
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # Stimulus controllers
         stim = context[:stimulus]

data/lib/rails_ai_context/serializers/opencode_rules_serializer.rb

@@ -115,7 +115,7 @@ module RailsAiContext
             before_actions = source.scan(/before_action\s+:([\w!?]+)/).flatten
             lines << "**Global before_actions:** #{before_actions.join(', ')}" << "" if before_actions.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         app_controllers.keys.sort.first(25).each do |name|
           info = app_controllers[name]
@@ -137,7 +137,7 @@ module RailsAiContext
               .reject { |s| s == "ApplicationService" }
             lines << "" << "**Services:** #{service_files.join(', ')}" if service_files.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         # List jobs
         begin
@@ -149,7 +149,7 @@ module RailsAiContext
               .reject { |j| j == "ApplicationJob" }
             lines << "**Jobs:** #{job_files.join(', ')}" if job_files.any?
           end
-        rescue; end
+        rescue => e; $stderr.puts "[rails-ai-context] Serializer section skipped: #{e.message}"; end
 
         lines << ""
         lines << "Use `rails_get_controllers(controller:\"Name\", action:\"index\")` for one action's source code."

data/lib/rails_ai_context/tools/analyze_feature.rb

@@ -21,9 +21,14 @@ module RailsAiContext
 
       annotations(read_only_hint: true, destructive_hint: false, idempotent_hint: true, open_world_hint: false)
 
+      # Map well-known feature keywords to gem-based patterns
+      AUTH_KEYWORDS = %w[auth authentication login signup signin session devise omniauth].freeze
+      AUTH_GEM_NAMES = %w[devise omniauth rodauth sorcery clearance authlogic warden jwt].freeze
+
       def self.call(feature:, server_context: nil) # rubocop:disable Metrics
         feature = feature.to_s.strip
         return text_response("Please provide a feature keyword (e.g. 'cook', 'payment', 'authentication').") if feature.empty?
+        set_call_params(feature: feature)
 
         ctx = cached_context
         pattern = feature.downcase
@@ -48,6 +53,19 @@ module RailsAiContext
         discover_accessibility(ctx, pattern, lines)
         discover_components(ctx, pattern, lines)
 
+        # For auth-related keywords, also discover auth gems
+        if AUTH_KEYWORDS.include?(pattern)
+          gems = ctx[:gems]
+          if gems.is_a?(Hash) && !gems[:error]
+            notable = gems[:notable_gems] || []
+            auth_gems = notable.select { |g| AUTH_GEM_NAMES.include?(g[:name]) }
+            if auth_gems.any?
+              lines << "" << "## Auth Gems" << ""
+              auth_gems.each { |g| lines << "- **#{g[:name]}** #{g[:version]}#{g[:config] ? " (config: #{g[:config]})" : ""}" }
+            end
+          end
+        end
+
         # If nothing was discovered, return a clean "no match" with real suggestions
         has_content = lines.any? { |l| l.start_with?("## ") || l.start_with?("### ") }
         unless has_content
@@ -65,11 +83,16 @@ module RailsAiContext
         # --- AF: Models ---
         def discover_models(ctx, pattern, lines)
           models = ctx[:models] || {}
+
+          # For auth-related keywords, also match the User model and auth-related concerns
+          extra_auth_match = AUTH_KEYWORDS.include?(pattern)
+
           matched = models.select do |name, data|
             next false if data[:error]
             name.downcase.include?(pattern) ||
               data[:table_name]&.downcase&.include?(pattern) ||
-              name.underscore.include?(pattern)
+              name.underscore.include?(pattern) ||
+              (extra_auth_match && (name == "User" || data[:concerns]&.any? { |c| c.to_s.downcase.match?(/authenticat|devise/) }))
           end
 
           if matched.any?

data/lib/rails_ai_context/tools/base_tool.rb

@@ -65,12 +65,20 @@ module RailsAiContext
         def session_record(tool_name, params, summary = nil)
           SESSION_CONTEXT[:mutex].synchronize do
             key = session_key(tool_name, params)
-            SESSION_CONTEXT[:queries][key] = {
-              tool: tool_name.to_s,
-              params: params,
-              timestamp: Time.now.iso8601,
-              summary: summary
-            }
+            existing = SESSION_CONTEXT[:queries][key]
+            if existing
+              existing[:call_count] = (existing[:call_count] || 1) + 1
+              existing[:last_timestamp] = Time.now.iso8601
+              existing[:summary] = summary if summary
+            else
+              SESSION_CONTEXT[:queries][key] = {
+                tool: tool_name.to_s,
+                params: params,
+                call_count: 1,
+                timestamp: Time.now.iso8601,
+                summary: summary
+              }
+            end
           end
         end
 
@@ -155,13 +163,20 @@ module RailsAiContext
           end
         end
 
+        # Store call params for the current tool invocation (thread-safe)
+        def set_call_params(**params)
+          Thread.current[:rails_ai_context_call_params] = params.reject { |_, v| v.nil? || (v.respond_to?(:empty?) && v.empty?) }
+        end
+
         # Helper: wrap text in an MCP::Tool::Response with safety-net truncation.
         # Auto-records the call in session context so session_context(action:"status") works.
         def text_response(text)
           # Auto-track: record this tool call in session context (skip SessionContext itself to avoid recursion)
           if respond_to?(:tool_name) && tool_name != "rails_session_context"
             summary = text.lines.first&.strip&.truncate(80)
-            session_record(tool_name, {}, summary)
+            params = Thread.current[:rails_ai_context_call_params] || {}
+            session_record(tool_name, params, summary)
+            Thread.current[:rails_ai_context_call_params] = nil
           end
 
           max = RailsAiContext.configuration.max_tool_response_chars

data/lib/rails_ai_context/tools/dependency_graph.rb

@@ -41,6 +41,8 @@ module RailsAiContext
         model = model.to_s.strip if model
         depth = [ [ depth.to_i, 1 ].max, 3 ].min
 
+        set_call_params(model: model, depth: depth, format: format)
+
         # Build adjacency list from model associations
         graph = build_graph(models_data)
 
@@ -48,7 +50,8 @@ module RailsAiContext
           # Filter to subgraph centered on the model
           model_key = find_model_key(model, graph.keys)
           unless model_key
-            return not_found_response("model", model, graph.keys, recovery_tool: "rails_dependency_graph")
+            return not_found_response("Model", model, graph.keys.sort,
+              recovery_tool: "Call rails_dependency_graph() without model to see all models")
           end
           subgraph = extract_subgraph(graph, model_key, depth)
         else

data/lib/rails_ai_context/tools/diagnose.rb

@@ -265,7 +265,7 @@ module RailsAiContext
                   lines << text
                   lines << ""
                 end
-              rescue; end
+              rescue => e; $stderr.puts "[rails-ai-context] Diagnosis step skipped: #{e.message}"; end
             end
           end
 
@@ -284,7 +284,7 @@ module RailsAiContext
                   lines << text
                   lines << ""
                 end
-              rescue; end
+              rescue => e; $stderr.puts "[rails-ai-context] Diagnosis step skipped: #{e.message}"; end
             end
           end
 
@@ -298,7 +298,7 @@ module RailsAiContext
                 lines << text
                 lines << ""
               end
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Diagnosis step skipped: #{e.message}"; end
           end
 
           lines
@@ -329,7 +329,7 @@ module RailsAiContext
                          "This variable may not be set in all code paths — check if it's assigned before use, " \
                          "or use `#{receiver}&.#{method}` for safe navigation."
                 end
-              rescue; end
+              rescue => e; $stderr.puts "[rails-ai-context] Diagnosis step skipped: #{e.message}"; end
             end
           end
 
@@ -346,7 +346,7 @@ module RailsAiContext
                          "The record with the given ID doesn't exist or doesn't belong to the current user. " \
                          "Check if the record was deleted or if the user is authorized to access it."
                 end
-              rescue; end
+              rescue => e; $stderr.puts "[rails-ai-context] Diagnosis step skipped: #{e.message}"; end
             end
           end
 

data/lib/rails_ai_context/tools/generate_test.rb

@@ -272,7 +272,7 @@ module RailsAiContext
           if factory
             lines << "    @#{setup_var} = create(:#{factory})"
           elsif fixtures
-            fixture_key = fixture_names.keys.find { |k| k.to_s.downcase == name.underscore.pluralize } ? ":one" : ":one"
+            fixture_key = resolve_fixture_key(name, fixture_names)
             lines << "    @#{setup_var} = #{name.underscore.pluralize}(#{fixture_key})"
           else
             lines << "    @#{setup_var} = #{name}.new"
@@ -471,10 +471,12 @@ module RailsAiContext
 
           has_devise = tests_data[:test_helper_setup]&.any? { |h| h.include?("Devise") }
           if has_devise
+            fixture_names = tests_data[:fixture_names] || {}
+            user_fixture_key = resolve_fixture_key("User", fixture_names)
             lines << "  include Devise::Test::IntegrationHelpers"
             lines << ""
             lines << "  setup do"
-            lines << "    @user = users(:one)"
+            lines << "    @user = users(#{user_fixture_key})"
             lines << "    sign_in @user"
             lines << "  end"
           end
@@ -490,12 +492,15 @@ module RailsAiContext
 
             lines << ""
             lines << "  test \"#{r[:verb]} #{r[:path]} works\" do"
+            fixture_names = tests_data[:fixture_names] || {}
             param_names.each do |param|
               if param == "id"
-                lines << "    #{param} = #{snake.pluralize}(:one).id"
+                fk = resolve_fixture_key(snake.singularize.camelize, fixture_names)
+                lines << "    #{param} = #{snake.pluralize}(#{fk}).id"
               elsif param.end_with?("_id")
                 resource = param.delete_suffix("_id")
-                lines << "    #{param} = #{resource.pluralize}(:one).id"
+                fk = resolve_fixture_key(resource.camelize, fixture_names)
+                lines << "    #{param} = #{resource.pluralize}(#{fk}).id"
               end
             end
             lines << "    #{verb} \"#{quoted_path}\""
@@ -555,6 +560,29 @@ module RailsAiContext
 
         # ── Helpers ──────────────────────────────────────────────────────
 
+        # Resolve the best fixture key for a model by reading actual fixture file contents.
+        # Falls back to :one if no fixture file is found.
+        def resolve_fixture_key(model_name, fixture_names)
+          plural = model_name.underscore.pluralize
+          # fixture_names is { "users" => [:chef_one, :chef_two], "cooks" => [:pending_cook, ...] }
+          keys = fixture_names[plural] || fixture_names[plural.to_sym]
+          if keys.is_a?(Array) && keys.any?
+            ":#{keys.first}"
+          else
+            # Try reading the fixture file directly
+            fixture_file = File.join(Rails.root, "test", "fixtures", "#{plural}.yml")
+            if File.exist?(fixture_file)
+              content = File.read(fixture_file, encoding: "UTF-8", invalid: :replace, undef: :replace) rescue nil
+              if content
+                # YAML fixture files have top-level keys as fixture names
+                first_key = content.scan(/^([a-z_]\w*):/i).first&.first
+                return ":#{first_key}" if first_key
+              end
+            end
+            ":one"
+          end
+        end
+
         def find_factory_name(model_name, tests_data)
           factory_names = tests_data[:factory_names] || {}
           underscore = model_name.underscore

data/lib/rails_ai_context/tools/get_context.rb

@@ -37,6 +37,7 @@ module RailsAiContext
       annotations(read_only_hint: true, destructive_hint: false, idempotent_hint: true, open_world_hint: false)
 
       def self.call(controller: nil, action: nil, model: nil, feature: nil, include: nil, server_context: nil)
+        set_call_params(controller: controller, action: action, model: model, feature: feature)
         result = if controller && action
           controller_action_context(controller, action)
         elsif controller

data/lib/rails_ai_context/tools/get_model_details.rb

@@ -33,6 +33,7 @@ module RailsAiContext
       annotations(read_only_hint: true, destructive_hint: false, idempotent_hint: true, open_world_hint: false)
 
       def self.call(model: nil, detail: "standard", limit: nil, offset: 0, server_context: nil)
+        set_call_params(model: model, detail: detail)
         models = cached_context[:models]
         return text_response("Model introspection not available. Add :models to introspectors.") unless models
         return text_response("Model introspection failed: #{models[:error]}") if models[:error]

data/lib/rails_ai_context/tools/get_partial_interface.rb

@@ -332,18 +332,24 @@ module RailsAiContext
       private_class_method def self.find_render_sites(views_dir, partial, root)
         sites = []
         # Build search names: the partial can be referenced multiple ways
+        # Normalize: strip underscore prefix from basename and extensions
         parts = partial.split("/")
         basename = parts.last.delete_prefix("_").sub(/\..*\z/, "")
         dir_prefix = parts[0...-1].join("/")
 
+        # Build the canonical render name (how Rails references partials in render calls)
+        # "shared/_status_badge.html.erb" → "shared/status_badge"
+        # "_status_badge" → "status_badge"
+        canonical = (dir_prefix.empty? ? basename : "#{dir_prefix}/#{basename}")
+
         # Possible render references:
         # render "shared/status_badge"
         # render partial: "shared/status_badge"
         # render "status_badge" (from same directory)
         search_patterns = [
-          partial.delete_prefix("_").sub(/\..*\z/, ""),          # shared/status_badge
-          basename                                                 # status_badge
-        ]
+          canonical,                                                # shared/status_badge
+          basename                                                  # status_badge
+        ].uniq
 
         view_files = Dir.glob(File.join(views_dir, "**", "*.{erb,haml,slim}")).sort
 
@@ -357,7 +363,8 @@ module RailsAiContext
           content.each_line.with_index(1) do |line, line_num|
             search_patterns.each do |search_name|
               # Match render "partial_name" or render partial: "partial_name"
-              next unless line.match?(/render\s.*["']#{Regexp.escape(search_name)}["']/)
+              # Allow content before search_name (e.g. "shared/status_badge" matches "status_badge")
+              next unless line.match?(/render\s.*["'][^"']*#{Regexp.escape(search_name)}["']/)
 
               # For short basename matches, verify directory context
               if search_name == basename && dir_prefix.length > 0

data/lib/rails_ai_context/tools/get_schema.rb

@@ -43,6 +43,7 @@ module RailsAiContext
       )
 
       def self.call(table: nil, detail: "standard", limit: nil, offset: 0, format: "markdown", server_context: nil)
+        set_call_params(table: table, detail: detail)
         schema = cached_context[:schema]
         return text_response("Schema introspection not available. Add :schema to introspectors.") unless schema
         return text_response("Schema introspection not available: #{schema[:error]}") if schema[:error]

data/lib/rails_ai_context/tools/migration_advisor.rb

@@ -108,7 +108,8 @@ module RailsAiContext
         private
 
         def migration_class_name(action, table, column = nil)
-          parts = [ action.camelize, column&.camelize, "To", table.camelize ].compact
+          preposition = action == "remove" ? "From" : "To"
+          parts = [ action.camelize, column&.camelize, preposition, table.camelize ].compact
           parts.join
         end
 
@@ -286,6 +287,9 @@ module RailsAiContext
 
           opts = options ? ", #{options}" : ""
 
+          # Detect original column type from schema for a reversible down method
+          original_type = find_column_type(table, column, cached_context[:schema]) || "string"
+
           lines << "**Warning:** Changing column type may cause data loss if types are incompatible."
           lines << ""
           lines << "```ruby"
@@ -295,8 +299,7 @@ module RailsAiContext
           lines << "  end"
           lines << ""
           lines << "  def down"
-          lines << "    # Specify the original type here"
-          lines << "    change_column :#{table}, :#{column}, :original_type"
+          lines << "    change_column :#{table}, :#{column}, :#{original_type}"
           lines << "  end"
           lines << "end"
           lines << "```"

data/lib/rails_ai_context/tools/onboard.rb

@@ -183,22 +183,60 @@ module RailsAiContext
 
         def section_auth(ctx)
           auth = ctx[:auth]
-          return [] unless auth.is_a?(Hash) && !auth[:error]
-
-          authentication = auth[:authentication] || {}
-          authorization = auth[:authorization] || {}
-          return [] if authentication.empty? && authorization.empty?
-
           lines = [ "## Authentication & Authorization", "" ]
-          if authentication[:method]
-            lines << "Authentication is handled by #{authentication[:method]}."
+          has_content = false
+
+          if auth.is_a?(Hash) && !auth[:error]
+            authentication = auth[:authentication] || {}
+            authorization = auth[:authorization] || {}
+            if authentication[:method]
+              lines << "Authentication is handled by #{authentication[:method]}."
+              has_content = true
+            end
+            if authentication[:model]
+              lines << "The #{authentication[:model]} model handles user accounts."
+              has_content = true
+            end
+            if authorization[:method]
+              lines << "Authorization uses #{authorization[:method]}."
+              has_content = true
+            end
           end
-          if authentication[:model]
-            lines << "The #{authentication[:model]} model handles user accounts."
+
+          # Fallback: detect auth from gems if introspector didn't provide data
+          unless has_content
+            gems = ctx[:gems]
+            if gems.is_a?(Hash) && !gems[:error]
+              notable = gems[:notable_gems] || []
+              auth_gem_names = %w[devise omniauth rodauth sorcery clearance authlogic]
+              auth_gems = notable.select { |g| g.is_a?(Hash) && auth_gem_names.include?(g[:name].to_s) }
+              if auth_gems.any?
+                lines << "Authentication via #{auth_gems.map { |g| "#{g[:name]}#{g[:version] ? " (#{g[:version]})" : ""}" }.join(', ')}."
+                has_content = true
+              end
+              authz_gem_names = %w[pundit cancancan action_policy rolify]
+              authz_gems = notable.select { |g| g.is_a?(Hash) && authz_gem_names.include?(g[:name].to_s) }
+              if authz_gems.any?
+                lines << "Authorization via #{authz_gems.map { |g| g[:name] }.join(', ')}."
+                has_content = true
+              end
+            end
           end
-          if authorization[:method]
-            lines << "Authorization uses #{authorization[:method]}."
+
+          # Fallback: detect from conventions (global before_actions like authenticate_user!)
+          unless has_content
+            conv = ctx[:conventions]
+            if conv.is_a?(Hash) && !conv[:error]
+              before_acts = Array(conv[:before_actions]).select { |a| a.to_s.match?(/authenticat|authorize/) }
+              auth_checks = Array(conv[:authorization_checks]) + before_acts
+              if auth_checks.any?
+                lines << "Auth checks detected: #{auth_checks.first(5).join(', ')}."
+                has_content = true
+              end
+            end
           end
+
+          return [] unless has_content
           lines << ""
           lines
         end
@@ -356,16 +394,42 @@ module RailsAiContext
           turbo = ctx[:turbo]
           jobs = ctx[:jobs]
           channels = (jobs.is_a?(Hash) ? jobs[:channels] : nil) || []
-          return [] unless (turbo.is_a?(Hash) && !turbo[:error]) || channels.any?
+          has_content = false
 
           lines = [ "## Real-Time Features", "" ]
           if channels.any?
             names = channels.map { |c| c[:name] || c[:class_name] }.compact
             lines << "Action Cable channels: #{names.join(', ')}."
+            has_content = true
+          end
+
+          if turbo.is_a?(Hash) && !turbo[:error]
+            broadcasts = turbo[:broadcasts] || turbo[:explicit_broadcasts] || []
+            if broadcasts.any?
+              lines << "Turbo Stream broadcasts: #{broadcasts.size} broadcast points."
+              has_content = true
+            end
+            streams = turbo[:stream_subscriptions] || turbo[:subscriptions] || []
+            if streams.any?
+              lines << "Turbo Stream subscriptions: #{streams.size}."
+              has_content = true
+            end
           end
-          if turbo.is_a?(Hash) && !turbo[:error] && turbo[:broadcasts]&.any?
-            lines << "Turbo Stream broadcasts: #{turbo[:broadcasts].size} broadcast points."
+
+          # Fallback: check for turbo_stream usage in views
+          unless has_content
+            views = ctx[:view_templates] || ctx[:views]
+            if views.is_a?(Hash) && !views[:error]
+              templates = Array(views[:templates])
+              turbo_views = templates.select { |v| v.is_a?(Hash) && (v[:path].to_s.include?("turbo_stream") || Array(v[:turbo_streams]).any?) }
+              if turbo_views.any?
+                lines << "Turbo Stream templates: #{turbo_views.size}."
+                has_content = true
+              end
+            end
           end
+
+          return [] unless has_content
           lines << ""
           lines
         end
@@ -407,13 +471,33 @@ module RailsAiContext
 
         def section_devops(ctx)
           devops = ctx[:devops]
-          return [] unless devops.is_a?(Hash) && !devops[:error]
-
           lines = [ "## Deployment & DevOps", "" ]
-          lines << "Dockerfile: #{devops[:dockerfile] ? 'present' : 'not found'}."
-          lines << "Procfile: #{devops[:procfile] ? 'present' : 'not found'}." if devops.key?(:procfile)
-          deploy = devops[:deployment_method]
-          lines << "Deployment: #{deploy}." if deploy
+          has_content = false
+
+          if devops.is_a?(Hash) && !devops[:error]
+            lines << "Dockerfile: #{devops[:dockerfile] ? 'present' : 'not found'}."
+            lines << "Procfile: #{devops[:procfile] ? 'present' : 'not found'}." if devops.key?(:procfile)
+            deploy = devops[:deployment_method]
+            lines << "Deployment: #{deploy}." if deploy
+            has_content = true
+          end
+
+          # Fallback: check for Dockerfile/Procfile directly
+          unless has_content
+            root = Rails.root.to_s
+            has_dockerfile = File.exist?(File.join(root, "Dockerfile")) || File.exist?(File.join(root, "Dockerfile.dev"))
+            has_procfile = File.exist?(File.join(root, "Procfile")) || File.exist?(File.join(root, "Procfile.dev"))
+            has_ci = Dir.exist?(File.join(root, ".github", "workflows")) || File.exist?(File.join(root, ".gitlab-ci.yml"))
+
+            if has_dockerfile || has_procfile || has_ci
+              lines << "Dockerfile: #{has_dockerfile ? 'present' : 'not found'}."
+              lines << "Procfile: #{has_procfile ? 'present' : 'not found'}."
+              lines << "CI: #{has_ci ? 'detected' : 'not found'}."
+              has_content = true
+            end
+          end
+
+          return [] unless has_content
           lines << ""
           lines
         end

data/lib/rails_ai_context/tools/performance_check.rb

@@ -46,23 +46,40 @@ module RailsAiContext
           if models_data.is_a?(Hash) && !models_data[:error]
             model_names = models_data.keys.map(&:to_s)
             unless model_names.any? { |m| m.downcase == model.downcase }
-              return not_found_response("model", model, model_names, recovery_tool: "rails_performance_check")
+              return not_found_response("Model", model, model_names,
+                recovery_tool: "Call rails_performance_check() without model filter to see all issues")
             end
           end
         end
 
         lines = [ "# Performance Analysis", "" ]
 
-        summary = data[:summary] || {}
-        lines << "**Total issues found:** #{summary[:total_issues] || 0}"
+        # Collect all items then filter, so the count reflects actual displayed results
+        all_sections = {}
+        all_sections[:n_plus_one] = data[:n_plus_one_risks] || []
+        all_sections[:counter_cache] = data[:missing_counter_cache] || []
+        all_sections[:indexes] = data[:missing_fk_indexes] || []
+        all_sections[:model_all] = data[:model_all_in_controllers] || []
+        all_sections[:eager_load] = data[:eager_load_candidates] || []
+
+        # Apply model filter to count
+        filtered_count = if model && !model.empty?
+          all_sections.values.sum { |items| filter_items(items, model).size }
+        elsif category != "all"
+          (all_sections[category.to_sym] || []).size
+        else
+          all_sections.values.sum(&:size)
+        end
+
+        lines << "**Total issues found:** #{filtered_count}"
         lines << ""
 
         if detail == "summary"
-          lines << "- N+1 risks: #{summary[:n_plus_one_risks] || 0}"
-          lines << "- Missing counter_cache: #{summary[:missing_counter_cache] || 0}"
-          lines << "- Missing FK indexes: #{summary[:missing_fk_indexes] || 0}"
-          lines << "- Model.all in controllers: #{summary[:model_all_in_controllers] || 0}"
-          lines << "- Eager load candidates: #{summary[:eager_load_candidates] || 0}"
+          lines << "- N+1 risks: #{filter_items(all_sections[:n_plus_one], model).size}"
+          lines << "- Missing counter_cache: #{filter_items(all_sections[:counter_cache], model).size}"
+          lines << "- Missing FK indexes: #{filter_items(all_sections[:indexes], model).size}"
+          lines << "- Model.all in controllers: #{filter_items(all_sections[:model_all], model).size}"
+          lines << "- Eager load candidates: #{filter_items(all_sections[:eager_load], model).size}"
         else
           if category == "all" || category == "n_plus_one"
             lines.concat(render_section("N+1 Query Risks", data[:n_plus_one_risks], model, detail))
@@ -81,8 +98,8 @@ module RailsAiContext
           end
         end
 
-        if summary[:total_issues] == 0
-          lines << "No performance issues detected. Your app looks good!"
+        if filtered_count == 0
+          lines << "No performance issues detected#{model && !model.empty? ? " for #{model}" : ""}. Your app looks good!"
         end
 
         text_response(lines.join("\n"))
@@ -91,28 +108,28 @@ module RailsAiContext
       class << self
         private
 
-        def render_section(title, items, model_filter, detail)
+        def filter_items(items, model_filter)
+          return (items || []) unless model_filter && !model_filter.empty?
           return [] unless items&.any?
 
-          filtered = if model_filter
-            filter_lower = model_filter.downcase
-            # Underscore BEFORE downcase to handle CamelCase → snake_case correctly
-            # "BrandProfile" → "brand_profile" → "brand_profiles"
-            table_form = begin
-              model_filter.underscore.pluralize.downcase
-            rescue
-              filter_lower
-            end
-            items.select { |i|
-              (i[:model]&.downcase == filter_lower) ||
-              (i[:table]&.downcase == table_form) ||
-              (i[:table]&.downcase == filter_lower) ||
-              (i[:table]&.downcase == model_filter.underscore.downcase)
-            }
-          else
-            items
+          filter_lower = model_filter.downcase
+          table_form = begin
+            model_filter.underscore.pluralize.downcase
+          rescue
+            filter_lower
           end
+          items.select { |i|
+            (i[:model]&.downcase == filter_lower) ||
+            (i[:table]&.downcase == table_form) ||
+            (i[:table]&.downcase == filter_lower) ||
+            (i[:table]&.downcase == model_filter.underscore.downcase)
+          }
+        end
+
+        def render_section(title, items, model_filter, detail)
+          return [] unless items&.any?
 
+          filtered = filter_items(items, model_filter)
           return [] if filtered.empty?
 
           lines = [ "## #{title} (#{filtered.size})", "" ]

data/lib/rails_ai_context/tools/query.rb

@@ -44,9 +44,20 @@ module RailsAiContext
       MULTI_STATEMENT  = /;\s*\S/
       ALLOWED_PREFIX   = /\A\s*(SELECT|WITH|SHOW|EXPLAIN|DESCRIBE|DESC)\b/i
 
+      # SQL injection tautology patterns: OR 1=1, OR true, OR ''='', UNION SELECT, etc.
+      TAUTOLOGY_PATTERNS = [
+        /\bOR\s+1\s*=\s*1\b/i,
+        /\bOR\s+true\b/i,
+        /\bOR\s+'[^']*'\s*=\s*'[^']*'/i,
+        /\bOR\s+"[^"]*"\s*=\s*"[^"]*"/i,
+        /\bOR\s+\d+\s*=\s*\d+/i,
+        /\bUNION\s+(ALL\s+)?SELECT\b/i
+      ].freeze
+
       HARD_ROW_CAP = 1000
 
       def self.call(sql: nil, limit: nil, format: "table", server_context: nil, **_extra)
+        set_call_params(sql: sql&.truncate(60))
         # ── Environment guard ───────────────────────────────────────
         unless config.allow_query_in_production || !Rails.env.production?
           return text_response(
@@ -115,6 +126,10 @@ module RailsAiContext
         return [ false, "Blocked: sensitive SHOW command" ] if cleaned.match?(BLOCKED_SHOWS)
         return [ false, "Blocked: SELECT INTO creates a table" ] if cleaned.match?(SELECT_INTO)
 
+        # Check for SQL injection tautology patterns (OR 1=1, UNION SELECT, etc.)
+        tautology = TAUTOLOGY_PATTERNS.find { |p| cleaned.match?(p) }
+        return [ false, "Blocked: SQL injection pattern detected (#{cleaned[tautology]})" ] if tautology
+
         # Check blocked keywords before the allowed-prefix fallback so that
         # INSERT/UPDATE/DELETE/DROP etc. get a specific "Blocked" error
         # rather than the generic "Only SELECT... allowed" message.
@@ -222,6 +237,15 @@ module RailsAiContext
       # ── Column redaction (Layer 4) ──────────────────────────────────
       private_class_method def self.redact_results(result)
         redacted_cols = config.query_redacted_columns.map(&:downcase).to_set
+
+        # Auto-redact columns declared with `encrypts` in models
+        models_data = (SHARED_CACHE[:context] || cached_context)&.dig(:models)
+        if models_data.is_a?(Hash)
+          models_data.each_value do |data|
+            next unless data.is_a?(Hash)
+            (data[:encrypts] || []).each { |col| redacted_cols << col.to_s.downcase }
+          end
+        end
         columns = result.columns
         rows = result.rows
 

data/lib/rails_ai_context/tools/review_changes.rb

@@ -186,7 +186,7 @@ module RailsAiContext
               result = GetModelDetails.call(model: model_name, detail: "standard")
               text = result.content.first[:text]
               lines << "" << "**Model context:** #{model_name}" unless text.include?("not found")
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
 
           when :controller
             ctrl_name = File.basename(file, ".rb").camelize
@@ -195,7 +195,7 @@ module RailsAiContext
               result = GetRoutes.call(controller: snake, detail: "summary")
               text = result.content.first[:text]
               lines << "" << "**Routes:**" << text unless text.include?("not found") || text.include?("No routes")
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
 
           when :migration
             # Parse migration for table/column info
@@ -211,7 +211,7 @@ module RailsAiContext
                       result = GetSchema.call(table: t, detail: "summary")
                       text = result.content.first[:text]
                       lines << "  #{t}: #{text.lines.first&.strip}" unless text.include?("not found")
-                    rescue; end
+                    rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
                   end
                 end
               end
@@ -221,7 +221,7 @@ module RailsAiContext
             begin
               result = GetRoutes.call(detail: "summary")
               lines << "" << "**Current routes:** #{result.content.first[:text].lines.first&.strip}"
-            rescue; end
+            rescue => e; $stderr.puts "[rails-ai-context] Context lookup skipped: #{e.message}"; end
           end
 
           lines << ""
@@ -280,14 +280,15 @@ module RailsAiContext
           end
 
           # Check for controller changes without test changes
-          changed_ctrls = controller_files.map { |c| File.basename(c[:file], ".rb") }
-          changed_tests = test_files.map { |t| File.basename(t[:file], ".rb") }
-          changed_ctrls.each do |ctrl|
-            test_name = ctrl.sub("_controller", "_controller_test")
-            spec_name = ctrl.sub("_controller", "_controller_spec")
-            request_name = ctrl.sub("_controller", "_spec")
-            unless changed_tests.any? { |t| t == test_name || t == spec_name || t == request_name || t.include?(ctrl.delete_suffix("_controller")) }
-              warnings << "**No test changes**: `#{ctrl}.rb` was modified but no corresponding test file was changed"
+          controller_files.each do |entry|
+            basename = File.basename(entry[:file], ".rb")
+            next unless basename.end_with?("_controller")
+            test_name = basename.sub("_controller", "_controller_test")
+            spec_name = basename.sub("_controller", "_controller_spec")
+            request_name = basename.sub("_controller", "_spec")
+            ctrl_stem = basename.delete_suffix("_controller")
+            unless test_files.any? { |t| File.basename(t[:file], ".rb").then { |tb| tb == test_name || tb == spec_name || tb == request_name || tb.include?(ctrl_stem) } }
+              warnings << "**No test changes**: `#{entry[:file]}` was modified but no corresponding test file was changed"
             end
           end
 

data/lib/rails_ai_context/tools/session_context.rb

@@ -72,10 +72,12 @@ module RailsAiContext
           lines << "|------|--------|------|"
 
           queries.sort_by { |q| q[:timestamp] }.each do |q|
-            ago = time_ago(q[:timestamp])
+            ago = time_ago(q[:last_timestamp] || q[:timestamp])
             params_str = q[:params].is_a?(Hash) ? q[:params].map { |k, v| "#{k}:#{v}" }.join(", ") : q[:params].to_s
             params_display = params_str.empty? ? "-" : params_str.truncate(40)
-            lines << "| `#{q[:tool]}` | #{params_display} | #{ago} |"
+            count = q[:call_count] || 1
+            count_display = count > 1 ? " (#{count}x)" : ""
+            lines << "| `#{q[:tool]}`#{count_display} | #{params_display} | #{ago} |"
           end
 
           lines << ""
@@ -90,22 +92,25 @@ module RailsAiContext
             return text_response("No queries recorded yet.")
           end
 
+          total_calls = queries.sum { |q| q[:call_count] || 1 }
+          unique_tools = queries.map { |q| q[:tool] }.uniq.size
           lines = [ "# Session Summary", "" ]
-          lines << "You have queried #{queries.size} tool(s) in this session:"
+          lines << "You have made #{total_calls} tool call(s) across #{unique_tools} unique tool(s) in this session:"
           lines << ""
 
-          # Group by tool name
+          # Group by tool name, summing actual call counts
           by_tool = queries.group_by { |q| q[:tool] }
-          by_tool.each do |tool, calls|
-            params_list = calls.map { |c|
+          by_tool.each do |tool, entries|
+            total_calls = entries.sum { |e| e[:call_count] || 1 }
+            params_list = entries.map { |c|
               p = c[:params]
               p.is_a?(Hash) ? p.map { |k, v| "#{k}:#{v}" }.join(", ") : p.to_s
             }.reject(&:empty?)
 
             if params_list.any?
-              lines << "- **#{tool}** (#{calls.size}x): #{params_list.uniq.join('; ')}"
+              lines << "- **#{tool}** (#{total_calls}x): #{params_list.uniq.join('; ')}"
             else
-              lines << "- **#{tool}** (#{calls.size}x)"
+              lines << "- **#{tool}** (#{total_calls}x)"
             end
           end
 

data/lib/rails_ai_context/tools/validate.rb

@@ -48,6 +48,11 @@ module RailsAiContext
         total = 0
 
         files.each do |file|
+          if file.nil? || file.strip.empty?
+            results << "- (empty) \u2014 skipped (empty filename)"
+            next
+          end
+
           full_path = Rails.root.join(file)
 
           unless File.exist?(full_path)

data/lib/rails_ai_context/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsAiContext
-  VERSION = "4.3.1"
+  VERSION = "4.3.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-ai-context
 version: !ruby/object:Gem::Version
-  version: 4.3.1
+  version: 4.3.2
 platform: ruby
 authors:
 - crisnahine