rails-ai-context 4.5.1 → 4.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f75359acda5dcf480e297948934c7be7500fb3af5ff9daacd952a77105186e8
-  data.tar.gz: 17bfbc76237408f30a51d2b67bf4a5a8ed72b437bf03824bc41a937bd600477b
+  metadata.gz: d53c26bdd73eac84be7e9a49ea08c2a50dd0230f969cb29ae240cf2d08b9e4c3
+  data.tar.gz: a65a518fab277ff246401cffb32701fb36048f65034b068e20f4b3fe76ddc4eb
 SHA512:
-  metadata.gz: 4cbe45e0efb3f6fc078cebd82dc0e1f6ac7246c6ea9ad53928c5588d1ddd1b937911e805f2d88f268c226d0277423860efbf860911cec5c8f1fb39c9d21d474f
-  data.tar.gz: bef426277ceda95f46d3bad899e188c6716b5d838af0b02b5d40349d3944b5a951cbe47889762b23b58b962e96fb7cd229ff2e775dedb1f35a2feb0342a8203a
+  metadata.gz: 0504e0e68f018d325189ccdfd153b7097d1204c906241a9a0dfea41586272b0c2ae296f81704c4e6c4ac9bb414aaab83c5de35e226b7aabff52b984d1bec451e
+  data.tar.gz: f2c8a762bd3520edd09e719337043be0a9b7158d0099076118226012cea980ca1877c48459d78810c8e9a1c9d91bf526aad4a2c334521e19c5ac7b715bc44b1e

data/CHANGELOG.md

@@ -5,6 +5,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.5.2] — 2026-04-04
+
+### Added
+- **Strong params permit list extraction** — Controller introspector now parses `params.require(:x).permit(...)` calls, returning structured hashes with `requires`, `permits`, `nested`, `arrays`, and `unrestricted` fields. Handles multi-line chains, hash rocket syntax, and `params.permit!` detection
+- **N+1 risk levels** — PerformanceCheck now classifies N+1 risks as `[HIGH]` (no preloading), `[MEDIUM]` (partial preloading), or `[low]` (already preloaded). Detects loop patterns in controller actions, recognizes `.includes`/`.eager_load`/`.preload`, and reports per-action context
+- **DependencyGraph polymorphic/through/cycles/STI** — `show_cycles` param detects circular dependencies via DFS. `show_sti` param groups STI hierarchies. Polymorphic associations resolve concrete types. Through associations render as two-hop edges. Mermaid: dashed arrows for polymorphic, double arrows for through, dotted for STI
+- **Query EXPLAIN support** — New `explain` boolean param wraps SELECT in adapter-specific EXPLAIN (PostgreSQL JSON ANALYZE, MySQL EXPLAIN, SQLite EXPLAIN QUERY PLAN). Parses scan types, indexes, and warnings. Skips row limits for metadata output
+- **GetConfig Rails API integration** — Assets detection now uses FrontendFrameworkIntrospector data instead of regex-parsing package.json. Action Cable uses Rails config API with YAML fallback. New Active Storage service and Action Mailer delivery method detection
+- **Standardized pagination** — `BaseTool.paginate(items, offset:, limit:, default_limit:)` returns `{ items:, hint:, total:, offset:, limit: }`. Adopted across 7 tools: GetControllers, GetModelDetails, GetRoutes, SearchCode, GetGems, GetHelperMethods, GetComponentCatalog. New `offset`/`limit` params added to GetGems, GetHelperMethods, GetComponentCatalog, SearchCode
+- `RailsAiContext::SafeFile` module — safe file reading with configurable size limits, encoding handling, and error suppression
+- `RailsAiContext::MarkdownEscape` module — escapes markdown special characters in dynamic content interpolated into headings and prose
+- **Provider API key redaction** — ReadLogs now redacts Stripe, SendGrid, Slack, GitHub, GitLab, and npm token patterns
+
+### Fixed
+- **Middleware crash protection** — MCP HTTP middleware now rescues exceptions and returns a proper JSON-RPC 2.0 error (`-32603 Internal error`) instead of crashing the Rails request pipeline
+- **File read size limits** — Replaced 150+ unguarded `File.read` calls across all introspectors and tools with `SafeFile.read` to prevent OOM on oversized files
+- **Cache race condition** — `BaseTool.cached_context` now returns a `deep_dup` of the shared cache, preventing concurrent MCP requests from mutating shared data structures
+- **Silent failure warnings** — Introspector failures now propagate as `_warnings` to serializer output; AI clients see a `## Warnings` section listing which sections were unavailable and why
+- **Markdown escaping** — Dynamic content in generated markdown is now escaped to prevent formatting corruption from special characters
+- **GetConcern nil crash** — Added nil guard for `SafeFile.read` return value
+- **GenerateTest type coercion** — Fixed `max + 1` crash when `maximum:` validation stored as string
+- **Standalone Bundler conflict** — Resolved gem activation conflict in standalone mode
+- **CLI error messages** — Clean error messages for all CLI error paths
+- **Rake/init parity** — `rake ai:context` and `init` command now match generator output
+
+### Changed
+- Test count: 1658 examples (76 new tests for Phase 2 features)
+
 ## [4.4.0] — 2026-04-03
 
 ### Added

data/CLAUDE.md

@@ -15,6 +15,8 @@ structure to AI assistants via the Model Context Protocol (MCP).
 - `lib/rails_ai_context/resources.rb` — MCP resources (static data AI clients read directly)
 - `lib/rails_ai_context/server.rb` — MCP server configuration (stdio + HTTP transports)
 - `lib/rails_ai_context/middleware.rb` — Rack middleware for auto-mounting MCP HTTP endpoint
+- `lib/rails_ai_context/safe_file.rb` — Safe file reading with size limits and error handling
+- `lib/rails_ai_context/markdown_escape.rb` — Escapes markdown special characters in dynamic content
 - `lib/rails_ai_context/fingerprinter.rb` — SHA256 file fingerprinting for cache invalidation
 - `lib/rails_ai_context/doctor.rb` — Diagnostic checks and AI readiness scoring
 - `lib/rails_ai_context/live_reload.rb` — MCP live reload: watches files, invalidates caches, notifies AI clients
@@ -66,7 +68,7 @@ structure to AI assistants via the Model Context Protocol (MCP).
 ## Testing
 
 ```bash
-bundle exec rspec           # Run specs (1529 examples)
+bundle exec rspec           # Run specs (1658 examples)
 bundle exec rubocop         # Lint
 ```
 

data/lib/rails_ai_context/introspector.rb

@@ -32,6 +32,17 @@ module RailsAiContext
         Rails.logger.warn "[rails-ai-context] #{name} introspection failed: #{e.message}"
       end
 
+      # Collect warnings for introspectors that failed, so serializers can
+      # render them and AI clients know which sections are missing.
+      warnings = []
+      config.introspectors.each do |name|
+        data = context[name]
+        if data.is_a?(Hash) && data[:error]
+          warnings << { introspector: name.to_s, error: data[:error] }
+        end
+      end
+      context[:_warnings] = warnings if warnings.any?
+
       context
     end
 

data/lib/rails_ai_context/introspectors/accessibility_introspector.rb

@@ -52,11 +52,8 @@ module RailsAiContext
           next unless Dir.exist?(dir)
 
           Dir.glob(File.join(dir, "**/*.{erb,haml,slim,html}")).each do |path|
-            content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+            content = RailsAiContext::SafeFile.read(path) or next
             views << { file: path.sub("#{root}/", ""), content: content }
-          rescue => e
-            $stderr.puts "[rails-ai-context] collect_view_content failed: #{e.message}" if ENV["DEBUG"]
-            next
           end
         end
 

data/lib/rails_ai_context/introspectors/action_mailbox_introspector.rb

@@ -33,7 +33,7 @@ module RailsAiContext
           relative = path.sub("#{dir}/", "")
           next if relative == "application_mailbox.rb"
 
-          content = File.read(path)
+          content = RailsAiContext::SafeFile.read(path) or next
           name = File.basename(path, ".rb").camelize
 
           routing = content.scan(/routing\s+(.+?)\s+=>\s+:(\w+)/).map do |match|

data/lib/rails_ai_context/introspectors/action_text_introspector.rb

@@ -32,7 +32,7 @@ module RailsAiContext
         js_dirs.each do |dir|
           next unless Dir.exist?(dir)
           Dir.glob(File.join(dir, "**", "*.{js,ts}")).each do |path|
-            content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+            content = RailsAiContext::SafeFile.read(path) or next
             customs << "custom_toolbar" if content.match?(/Trix\.config\.toolbar/)
             customs << "custom_attachment" if content.match?(/trix-attachment|Trix\.Attachment/)
             customs << "custom_editor" if content.match?(/trix-initialize|trix-change/)
@@ -50,7 +50,7 @@ module RailsAiContext
 
         fields = []
         Dir.glob(File.join(models_dir, "**/*.rb")).each do |path|
-          content = File.read(path)
+          content = RailsAiContext::SafeFile.read(path) or next
           model_name = File.basename(path, ".rb").camelize
 
           content.scan(/has_rich_text\s+:(\w+)/).each do |match|

data/lib/rails_ai_context/introspectors/active_storage_introspector.rb

@@ -36,7 +36,7 @@ module RailsAiContext
 
         attachments = []
         Dir.glob(File.join(models_dir, "**/*.rb")).each do |path|
-          content = File.read(path)
+          content = RailsAiContext::SafeFile.read(path) or next
           model_name = File.basename(path, ".rb").camelize
 
           content.scan(/has_one_attached\s+:(\w+)/).each do |match|
@@ -72,7 +72,7 @@ module RailsAiContext
         return validations unless Dir.exist?(models_dir)
 
         Dir.glob(File.join(models_dir, "**", "*.rb")).each do |path|
-          content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+          content = RailsAiContext::SafeFile.read(path) or next
           model = File.basename(path, ".rb").camelize
           content.each_line do |line|
             if (match = line.match(/validates?\s+:(\w+),.*content_type:/))
@@ -95,7 +95,7 @@ module RailsAiContext
         return variants unless Dir.exist?(models_dir)
 
         Dir.glob(File.join(models_dir, "**", "*.rb")).each do |path|
-          content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+          content = RailsAiContext::SafeFile.read(path) or next
           model = File.basename(path, ".rb").camelize
           content.scan(/\.variant\s*\(\s*:(\w+)/).each do |name|
             variants << { model: model, name: name[0] }
@@ -115,10 +115,7 @@ module RailsAiContext
           next false unless Dir.exist?(dir)
           Dir.glob(File.join(dir, "**/*")).any? do |f|
             next false if File.directory?(f)
-            File.read(f).match?(/direct.upload|DirectUpload|direct_upload/)
-          rescue => e
-            $stderr.puts "[rails-ai-context] detect_direct_upload failed: #{e.message}" if ENV["DEBUG"]
-            false
+            (RailsAiContext::SafeFile.read(f) || "").match?(/direct.upload|DirectUpload|direct_upload/)
           end
         end
       end

data/lib/rails_ai_context/introspectors/api_introspector.rb

@@ -96,7 +96,8 @@ module RailsAiContext
         cors_path = File.join(root, "config/initializers/cors.rb")
         return nil unless File.exist?(cors_path)
 
-        content = File.read(cors_path)
+        content = RailsAiContext::SafeFile.read(cors_path)
+        return nil unless content
         origins = content.scan(/origins\s+(.+)$/).flatten.flat_map do |line|
           line.scan(/["']([^"']+)["']/).flatten
         end
@@ -111,7 +112,8 @@ module RailsAiContext
         package_path = File.join(root, "package.json")
         return [] unless File.exist?(package_path)
 
-        content = File.read(package_path, encoding: "bom|utf-8")
+        content = RailsAiContext::SafeFile.read(package_path)
+        return [] unless content
         codegen_tools = %w[openapi-typescript @graphql-codegen/cli orval]
 
         codegen_tools.select { |tool| content.include?(%("#{tool}")) }
@@ -137,7 +139,8 @@ module RailsAiContext
       def detect_pagination
         gemfile_lock = File.join(app.root, "Gemfile.lock")
         return nil unless File.exist?(gemfile_lock)
-        content = File.read(gemfile_lock)
+        content = RailsAiContext::SafeFile.read(gemfile_lock)
+        return nil unless content
 
         strategies = []
         strategies << "pagy" if content.include?("pagy")
@@ -159,11 +162,8 @@ module RailsAiContext
         controllers_dir = File.join(root, "app/controllers")
         if Dir.exist?(controllers_dir)
           Dir.glob(File.join(controllers_dir, "**/*.rb")).each do |path|
-            content = File.read(path)
+            content = RailsAiContext::SafeFile.read(path) or next
             return { rails_rate_limiting: true } if content.match?(/rate_limit\b/)
-          rescue => e
-            $stderr.puts "[rails-ai-context] detect_rate_limiting failed: #{e.message}" if ENV["DEBUG"]
-            next
           end
         end
 

data/lib/rails_ai_context/introspectors/asset_pipeline_introspector.rb

@@ -40,7 +40,8 @@ module RailsAiContext
         path = File.join(root, "config/importmap.rb")
         return [] unless File.exist?(path)
 
-        content = File.read(path)
+        content = RailsAiContext::SafeFile.read(path)
+        return [] unless content
         content.scan(/pin\s+["']([^"']+)["']/).flatten.sort
       rescue => e
         $stderr.puts "[rails-ai-context] extract_importmap_pins failed: #{e.message}" if ENV["DEBUG"]
@@ -79,7 +80,7 @@ module RailsAiContext
 
       def read_gemfile_lock
         path = File.join(root, "Gemfile.lock")
-        File.exist?(path) ? File.read(path) : nil
+        File.exist?(path) ? RailsAiContext::SafeFile.read(path) : nil
       rescue => e
         $stderr.puts "[rails-ai-context] read_gemfile_lock failed: #{e.message}" if ENV["DEBUG"]
         nil
@@ -88,7 +89,7 @@ module RailsAiContext
       def package_json_has?(package)
         path = File.join(root, "package.json")
         return false unless File.exist?(path)
-        File.read(path).include?("\"#{package}\"")
+        (RailsAiContext::SafeFile.read(path) || "").include?("\"#{package}\"")
       rescue => e
         $stderr.puts "[rails-ai-context] package_json_has? failed: #{e.message}" if ENV["DEBUG"]
         false

data/lib/rails_ai_context/introspectors/auth_introspector.rb

@@ -97,7 +97,7 @@ module RailsAiContext
 
         result = {}
         Dir.glob(File.join(models_dir, "**/*.rb")).each do |path|
-          content = File.read(path) rescue next
+          content = RailsAiContext::SafeFile.read(path) or next
           next unless content.match?(/\bdevise\b/)
 
           model_name = File.basename(path, ".rb").camelize
@@ -134,8 +134,8 @@ module RailsAiContext
 
         devise_init = File.join(root, "config/initializers/devise.rb")
         if File.exist?(devise_init)
-          content = File.read(devise_init)
-          return { detected: true, jwt_configured: content.match?(/config\.jwt\b/) }
+          content = RailsAiContext::SafeFile.read(devise_init)
+          return { detected: true, jwt_configured: content&.match?(/config\.jwt\b/) || false }
         end
 
         { detected: true }
@@ -150,7 +150,8 @@ module RailsAiContext
         doorkeeper_init = File.join(root, "config/initializers/doorkeeper.rb")
         return { detected: true } unless File.exist?(doorkeeper_init)
 
-        content = File.read(doorkeeper_init)
+        content = RailsAiContext::SafeFile.read(doorkeeper_init)
+        return { detected: true } unless content
 
         grant_flows = content.scan(/grant_flows\s+%w\[([^\]]+)\]/).flatten.first
         grant_flows = grant_flows&.split&.map(&:strip)
@@ -171,7 +172,7 @@ module RailsAiContext
         return [] unless Dir.exist?(controllers_dir)
 
         Dir.glob(File.join(controllers_dir, "**/*.rb")).filter_map do |path|
-          content = File.read(path) rescue next
+          content = RailsAiContext::SafeFile.read(path) or next
           if content.match?(/authenticate_with_http_token|authenticate_or_request_with_http_token/)
             path.sub("#{root}/", "")
           end
@@ -185,7 +186,7 @@ module RailsAiContext
         providers = []
         initializers = Dir.glob(File.join(app.root, "config", "initializers", "*.rb"))
         initializers.each do |path|
-          content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+          content = RailsAiContext::SafeFile.read(path) or next
           content.scan(/config\.omniauth\s+:(\w+)/).each { |m| providers << m[0] }
           content.scan(/provider\s+:(\w+)/).each { |m| providers << m[0] unless %w[developer].include?(m[0]) }
         end
@@ -193,7 +194,7 @@ module RailsAiContext
         models_dir = File.join(app.root, "app", "models")
         if Dir.exist?(models_dir)
           Dir.glob(File.join(models_dir, "**", "*.rb")).each do |path|
-            content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+            content = RailsAiContext::SafeFile.read(path) or next
             content.scan(/omniauth_providers:\s*\[([^\]]+)\]/).each do |m|
               m[0].scan(/:(\w+)/).each { |p| providers << p[0] }
             end
@@ -208,7 +209,9 @@ module RailsAiContext
       def extract_devise_settings
         path = File.join(app.root, "config", "initializers", "devise.rb")
         return {} unless File.exist?(path)
-        content = File.read(path)
+        content = RailsAiContext::SafeFile.read(path)
+        return {} unless content
+
         settings = {}
         settings[:timeout_in] = $1 if content.match(/config\.timeout_in\s*=\s*(\S+)/)
         settings[:lock_strategy] = $1 if content.match(/config\.lock_strategy\s*=\s*:(\w+)/)
@@ -227,7 +230,7 @@ module RailsAiContext
 
         results = []
         Dir.glob(File.join(models_dir, "**/*.rb")).each do |path|
-          content = File.read(path)
+          content = RailsAiContext::SafeFile.read(path) or next
           matches = content.scan(pattern)
           next if matches.empty?
 
@@ -243,7 +246,10 @@ module RailsAiContext
       def gem_present?(name)
         lock_path = File.join(root, "Gemfile.lock")
         return false unless File.exist?(lock_path)
-        File.read(lock_path).include?("    #{name} (")
+        content = RailsAiContext::SafeFile.read(lock_path)
+        return false unless content
+
+        content.include?("    #{name} (")
       rescue => e
         $stderr.puts "[rails-ai-context] gem_present? failed: #{e.message}" if ENV["DEBUG"]
         false

data/lib/rails_ai_context/introspectors/component_introspector.rb

@@ -44,7 +44,8 @@ module RailsAiContext
       end
 
       def parse_component(path)
-        content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+        content = RailsAiContext::SafeFile.read(path)
+        return nil unless content
         relative = path.sub("#{root}/", "")
         class_name = extract_class_name(content)
         return nil unless class_name
@@ -115,7 +116,7 @@ module RailsAiContext
         return bases unless Dir.exist?(components_dir)
 
         Dir.glob(File.join(components_dir, "**/*.rb")).each do |path|
-          content = File.read(path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+          content = RailsAiContext::SafeFile.read(path) or next
           if content.match?(/< (Phlex::HTML|Phlex::SVG)\b/)
             match = content.match(/class\s+(\S+)\s*</)
             bases << match[1] if match

data/lib/rails_ai_context/introspectors/config_introspector.rb

@@ -125,20 +125,18 @@ module RailsAiContext
         return [] unless Dir.exist?(models_dir)
 
         Dir.glob(File.join(models_dir, "**/*.rb")).filter_map do |path|
-          content = File.read(path)
+          content = RailsAiContext::SafeFile.read(path) or next
           if content.match?(/< ActiveSupport::CurrentAttributes|< Rails::CurrentAttributes/)
             File.basename(path, ".rb").camelize
           end
-        rescue => e
-          $stderr.puts "[rails-ai-context] detect_current_attributes failed: #{e.message}" if ENV["DEBUG"]
-          nil
         end
       end
 
       def detect_error_monitoring
         gemfile_lock = File.join(app.root, "Gemfile.lock")
         return nil unless File.exist?(gemfile_lock)
-        content = File.read(gemfile_lock)
+        content = RailsAiContext::SafeFile.read(gemfile_lock)
+        return nil unless content
 
         tools = []
         tools << "sentry" if content.include?("sentry-ruby") || content.include?("sentry-rails")
@@ -157,10 +155,12 @@ module RailsAiContext
         config = {}
         sidekiq_path = File.join(app.root, "config", "sidekiq.yml")
         if File.exist?(sidekiq_path)
-          content = File.read(sidekiq_path)
-          config[:processor] = "sidekiq"
-          config[:concurrency] = $1.to_i if content.match(/concurrency:\s*(\d+)/)
-          config[:queues] = content.scan(/-\s+(\w+)/).flatten.uniq
+          content = RailsAiContext::SafeFile.read(sidekiq_path)
+          if content
+            config[:processor] = "sidekiq"
+            config[:concurrency] = $1.to_i if content.match(/concurrency:\s*(\d+)/)
+            config[:queues] = content.scan(/-\s+(\w+)/).flatten.uniq
+          end
         end
         config.empty? ? nil : config
       rescue => e

data/lib/rails_ai_context/introspectors/controller_introspector.rb

@@ -84,7 +84,8 @@ module RailsAiContext
 
       # Extract details purely from source file (for controllers not loaded as classes)
       def extract_details_from_source(path)
-        source = File.read(path)
+        source = RailsAiContext::SafeFile.read(path)
+        return { error: "unreadable" } unless source
         parent = source.match(/class\s+\S+\s*<\s*(\S+)/)&.send(:[], 1) || "Unknown"
         rate_limit_raw = extract_rate_limit(source)
         details = {
@@ -328,7 +329,113 @@ module RailsAiContext
       def extract_strong_params(source)
         return [] if source.nil?
 
-        source.scan(/def\s+(\w+_params)\b/).flatten.uniq
+        method_names = source.scan(/def\s+(\w+_params)\b/).flatten.uniq
+        method_names.map { |name| extract_permit_details(source, name) }
+      end
+
+      def extract_permit_details(source, method_name)
+        result = { name: method_name }
+        body = extract_method_body(source, method_name)
+        return result unless body
+
+        # Detect params.permit! (unrestricted)
+        if body.match?(/params\s*\.permit!/)
+          result[:unrestricted] = true
+          return result
+        end
+
+        # Extract require(:model)
+        if (req = body.match(/params\s*\.require\(\s*:(\w+)\s*\)/))
+          result[:requires] = req[1]
+        end
+
+        # Extract permit(...) — join multi-line into single string
+        permit_match = body.match(/\.permit\((.*)\)/m)
+        return result unless permit_match
+
+        permit_body = permit_match[1].gsub(/\s*\n\s*/, " ").strip
+        result.merge(parse_permit_args(permit_body))
+      end
+
+      def extract_method_body(source, method_name)
+        lines = source.lines
+        start_idx = lines.index { |l| l.match?(/\bdef\s+#{Regexp.escape(method_name)}\b/) }
+        return nil unless start_idx
+
+        indent = lines[start_idx].match(/^(\s*)/)[1].length
+        body_lines = [ lines[start_idx] ]
+
+        (start_idx + 1...lines.size).each do |i|
+          body_lines << lines[i]
+          break if lines[i].match?(/^\s{#{indent}}end\b/)
+        end
+
+        body_lines.join
+      end
+
+      def parse_permit_args(permit_body)
+        permits = []
+        nested = {}
+        arrays = []
+
+        # Tokenize: split on commas but respect nested brackets
+        tokens = split_permit_tokens(permit_body)
+
+        tokens.each do |token|
+          token = token.strip
+          if (m = token.match(/\A:(\w+)\s*=>\s*\[([^\]]*)\]\z/))
+            # Hash rocket nested: :address => [:street, :city]
+            key = m[1]
+            vals = m[2].scan(/:(\w+)/).flatten
+            if vals.any?
+              nested[key] = vals
+            else
+              arrays << key
+            end
+          elsif (m = token.match(/\A(\w+):\s*\[([^\]]*)\]\z/))
+            # Ruby keyword nested: address: [:street, :city]
+            key = m[1]
+            vals = m[2].scan(/:(\w+)/).flatten
+            if vals.any?
+              nested[key] = vals
+            else
+              arrays << key
+            end
+          elsif (m = token.match(/\A:(\w+)\z/))
+            permits << m[1]
+          end
+        end
+
+        result = {}
+        result[:permits] = permits if permits.any?
+        result[:nested] = nested if nested.any?
+        result[:arrays] = arrays if arrays.any?
+        result
+      end
+
+      def split_permit_tokens(str)
+        tokens = []
+        current = +""
+        depth = 0
+
+        str.each_char do |ch|
+          case ch
+          when "[" then depth += 1; current << ch
+          when "]" then depth -= 1; current << ch
+          when ","
+            if depth == 0
+              tokens << current
+              current = +""
+            else
+              current << ch
+            end
+          else
+            current << ch
+          end
+        end
+
+        tokens << current unless current.strip.empty?
+        tokens
       end
 
       def extract_respond_to(source)
@@ -407,10 +514,7 @@ module RailsAiContext
       def read_source(ctrl)
         path = source_path(ctrl)
         return nil unless path && File.exist?(path)
-        File.read(path)
-      rescue => e
-        $stderr.puts "[rails-ai-context] read_source failed: #{e.message}" if ENV["DEBUG"]
-        nil
+        RailsAiContext::SafeFile.read(path)
       end
 
       def source_path(ctrl)

data/lib/rails_ai_context/introspectors/convention_detector.rb

@@ -73,19 +73,15 @@ module RailsAiContext
         model_dir = File.join(root, "app/models")
         if Dir.exist?(model_dir)
           model_files = Dir.glob(File.join(model_dir, "**/*.rb"))
-          content = model_files.first(500).map { |f| File.read(f) rescue "" }.join("\n")
+          content = model_files.first(500).map { |f| RailsAiContext::SafeFile.read(f) || "" }.join("\n")
 
           # STI: explicit inheritance_column, or a model that inherits from another app model
           # with a `type` column (verified via schema.rb or model source)
           app_model_names = model_files.filter_map { |f| File.basename(f, ".rb").camelize }
-          schema_content = begin
-            schema_path = File.join(root, "db/schema.rb")
-            File.exist?(schema_path) ? File.read(schema_path) : ""
-          rescue
-            ""
-          end
+          schema_path = File.join(root, "db/schema.rb")
+          schema_content = File.exist?(schema_path) ? (RailsAiContext::SafeFile.read(schema_path) || "") : ""
           has_sti_subclass = model_files.any? do |f|
-            src = File.read(f) rescue ""
+            src = RailsAiContext::SafeFile.read(f) || ""
             parent_match = src.match(/class\s+\w+\s*<\s*(\w+)/)
             next false unless parent_match && app_model_names.include?(parent_match[1]) && parent_match[1] != "ApplicationRecord"
             # Verify parent's table has a `type` column
@@ -184,7 +180,7 @@ module RailsAiContext
       def gem_present?(name)
         lock_path = File.join(root, "Gemfile.lock")
         return false unless File.exist?(lock_path)
-        File.read(lock_path).include?("    #{name} (")
+        (RailsAiContext::SafeFile.read(lock_path) || "").include?("    #{name} (")
       end
     end
   end