rigortype 0.0.8 → 0.1.0

data/lib/rigor/cli.rb

@@ -72,13 +72,19 @@ module Rigor
 
       cache_root = ".rigor/cache"
       handle_clear_cache(cache_root) if options.fetch(:clear_cache)
+      cache_store = options.fetch(:no_cache) ? nil : Cache::Store.new(root: cache_root)
 
       configuration = Configuration.load(options.fetch(:config))
       paths = @argv.empty? ? configuration.paths : @argv
-      result = Analysis::Runner.new(configuration: configuration, explain: options.fetch(:explain)).run(paths)
+      runner = Analysis::Runner.new(
+        configuration: configuration,
+        explain: options.fetch(:explain),
+        cache_store: cache_store
+      )
+      result = runner.run(paths)
 
       write_result(result, options.fetch(:format))
-      write_cache_stats(cache_root) if options.fetch(:cache_stats)
+      write_cache_stats(cache_root, runner.cache_store) if options.fetch(:cache_stats)
       result.success? ? 0 : 1
     end
 
@@ -88,7 +94,8 @@ module Rigor
         format: "text",
         explain: false,
         cache_stats: false,
-        clear_cache: false
+        clear_cache: false,
+        no_cache: false
       }
       parser = OptionParser.new do |opts|
         opts.banner = "Usage: rigor check [options] [paths]"
@@ -97,6 +104,7 @@ module Rigor
         opts.on("--explain", "Surface fail-soft fallback events as :info diagnostics") { options[:explain] = true }
         opts.on("--cache-stats", "Print on-disk cache inventory at end of run") { options[:cache_stats] = true }
         opts.on("--clear-cache", "Remove the .rigor/cache directory before running") { options[:clear_cache] = true }
+        opts.on("--no-cache", "Disable the persistent cache for this run") { options[:no_cache] = true }
       end
       parser.parse!(@argv)
       options
@@ -111,13 +119,18 @@ module Rigor
       end
     end
 
-    def write_cache_stats(cache_root)
+    def write_cache_stats(cache_root, runtime_store)
       inv = Cache::Store.disk_inventory(root: cache_root)
 
       @out.puts("")
       @out.puts("Cache (root: #{inv.fetch(:root)})")
       schema = inv.fetch(:schema_version)
       @out.puts("  schema_version: #{schema.nil? ? 'absent' : schema}")
+      write_disk_inventory(inv)
+      write_runtime_stats(runtime_store) if runtime_store
+    end
+
+    def write_disk_inventory(inv)
       if inv.fetch(:total_entries).zero?
         @out.puts("  (empty)")
         return
@@ -130,6 +143,25 @@ module Rigor
       end
     end
 
+    def write_runtime_stats(store)
+      stats = store.stats
+      hits = stats.fetch(:hits)
+      misses = stats.fetch(:misses)
+      writes = stats.fetch(:writes)
+      @out.puts("  this run: #{hits} #{plural(hits, 'hit')}, " \
+                "#{misses} #{plural(misses, 'miss', 'misses')}, " \
+                "#{writes} #{plural(writes, 'write')}")
+      stats.fetch(:by_producer).each do |id, counts|
+        @out.puts("    #{id}: #{counts.fetch(:hits)} #{plural(counts.fetch(:hits), 'hit')}, " \
+                  "#{counts.fetch(:misses)} #{plural(counts.fetch(:misses), 'miss', 'misses')}, " \
+                  "#{counts.fetch(:writes)} #{plural(counts.fetch(:writes), 'write')}")
+      end
+    end
+
+    def plural(count, singular, plural = "#{singular}s")
+      count == 1 ? singular : plural
+    end
+
     def format_bytes(bytes)
       return "#{bytes} B" if bytes < 1024
       return format("%.1f KiB", bytes / 1024.0) if bytes < 1024 * 1024
@@ -179,9 +211,15 @@ module Rigor
         #                (no plugins are loaded today).
         # - disable:     list of `rigor check` rule identifiers to
         #                silence project-wide. The shipped rules are
-        #                undefined-method, wrong-arity,
-        #                argument-type-mismatch, possible-nil-receiver,
-        #                dump-type, assert-type. In-source
+        #                call.undefined-method, call.wrong-arity,
+        #                call.argument-type-mismatch,
+        #                call.possible-nil-receiver, dump.type,
+        #                assert.type-mismatch, flow.always-raises.
+        #                A bare family token (`call`, `flow`,
+        #                `assert`, `dump`, `def`) wildcards every
+        #                rule under that prefix. Legacy unprefixed
+        #                names (`undefined-method`, …) still
+        #                resolve. In-source
         #                `# rigor:disable <rule>` comments at the end
         #                of an offending line silence per-line; use
         #                `# rigor:disable all` to suppress every rule.

data/lib/rigor/configuration/severity_profile.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+module Rigor
+  class Configuration
+    # ADR-8 § "Severity profile" — three named profiles tune the
+    # severity of every built-in `Analysis::CheckRules` rule for
+    # the run. Profiles are applied as a **final filter** on
+    # `Diagnostic#severity`: rules emit with their authored
+    # severity, then `Analysis::Runner` re-stamps the severity
+    # from the active profile before adding the diagnostic to
+    # the result.
+    #
+    # Three profiles:
+    #
+    # - `lenient`: Only proven (`:no`) diagnostics are errors;
+    #   uncertain (`:maybe`) drop to `:warning`. Useful for
+    #   incremental adoption on legacy code.
+    # - `balanced` (**default**): Current Rigor stance — most
+    #   rules `:error`; `dump.type` `:info`; uncertain rules
+    #   `:warning`.
+    # - `strict`: Every rule is `:error`. CI-friendly.
+    #
+    # The profile resolution order:
+    #
+    # 1. Profile-specific entry for the canonical rule id.
+    # 2. The diagnostic's own authored severity (the rule's
+    #    default).
+    # 3. `:error` (catch-all so an unrecognised rule still emits
+    #    visibly — the public-API drift spec catches the
+    #    bookkeeping gap separately).
+    module SeverityProfile
+      VALID_PROFILES = %i[lenient balanced strict].freeze
+      VALID_SEVERITIES = %i[error warning info off].freeze
+
+      DEFAULT_PROFILE = :balanced
+
+      # Per-profile severity tables. Missing keys fall back to
+      # the diagnostic's authored severity (typically `:error`).
+      PROFILES = {
+        lenient: {
+          "call.undefined-method" => :error,
+          "call.wrong-arity" => :error,
+          "call.argument-type-mismatch" => :warning,
+          "call.possible-nil-receiver" => :warning,
+          "flow.always-raises" => :warning,
+          "assert.type-mismatch" => :error,
+          "dump.type" => :info,
+          "def.return-type-mismatch" => :warning
+        }.freeze,
+        balanced: {
+          "call.undefined-method" => :error,
+          "call.wrong-arity" => :error,
+          "call.argument-type-mismatch" => :error,
+          "call.possible-nil-receiver" => :error,
+          "flow.always-raises" => :error,
+          "assert.type-mismatch" => :error,
+          "dump.type" => :info,
+          "def.return-type-mismatch" => :warning
+        }.freeze,
+        strict: {
+          "call.undefined-method" => :error,
+          "call.wrong-arity" => :error,
+          "call.argument-type-mismatch" => :error,
+          "call.possible-nil-receiver" => :error,
+          "flow.always-raises" => :error,
+          "assert.type-mismatch" => :error,
+          "dump.type" => :error,
+          "def.return-type-mismatch" => :error
+        }.freeze
+      }.freeze
+
+      module_function
+
+      # Resolves the configured severity for a diagnostic given
+      # the active profile and any per-rule overrides.
+      #
+      # @param rule [String, nil] canonical rule id (`call.undefined-method`).
+      # @param authored_severity [Symbol] severity the rule emitted
+      #   the diagnostic with (`:error`, `:warning`, `:info`).
+      # @param profile [Symbol] one of {VALID_PROFILES}; falls back
+      #   to {DEFAULT_PROFILE} for unknown values.
+      # @param overrides [Hash{String => Symbol}] per-rule severity
+      #   overrides from `.rigor.yml`'s `severity_overrides:` map.
+      #   Keys are canonical rule ids; values are
+      #   {VALID_SEVERITIES} symbols. Family-wildcard keys
+      #   (`call`) match every rule under that prefix.
+      # @return [Symbol] the resolved severity. Returns `:off` to
+      #   mean "drop the diagnostic entirely".
+      def resolve(rule:, authored_severity:, profile: DEFAULT_PROFILE, overrides: {})
+        return authored_severity if rule.nil?
+
+        override = overrides[rule] || family_override(rule, overrides)
+        return override.to_sym if override
+
+        profile_table = PROFILES[profile] || PROFILES.fetch(DEFAULT_PROFILE)
+        profile_table.fetch(rule, authored_severity)
+      end
+
+      def family_override(rule, overrides)
+        family = rule.split(".").first
+        return nil if family.nil?
+
+        overrides[family]
+      end
+
+      private_class_method :family_override
+    end
+  end
+end

data/lib/rigor/configuration.rb

@@ -2,8 +2,10 @@
 
 require "yaml"
 
+require_relative "configuration/severity_profile"
+
 module Rigor
-  class Configuration
+  class Configuration # rubocop:disable Metrics/ClassLength
     DEFAULT_PATH = ".rigor.yml"
     DEFAULTS = {
       "target_ruby" => "4.0",
@@ -15,11 +17,19 @@ module Rigor
       "fold_platform_specific_paths" => false,
       "cache" => {
         "path" => ".rigor/cache"
-      }
+      },
+      "plugins_io" => {
+        "network" => "disabled",
+        "allowed_paths" => []
+      },
+      "severity_profile" => "balanced",
+      "severity_overrides" => {}
     }.freeze
 
     attr_reader :target_ruby, :paths, :plugins, :cache_path, :disabled_rules,
-                :libraries, :signature_paths, :fold_platform_specific_paths
+                :libraries, :signature_paths, :fold_platform_specific_paths,
+                :plugins_io_network, :plugins_io_allowed_paths,
+                :severity_profile, :severity_overrides
 
     def self.load(path = DEFAULT_PATH)
       data = if File.exist?(path)
@@ -31,12 +41,15 @@ module Rigor
       new(DEFAULTS.merge(data))
     end
 
-    def initialize(data = DEFAULTS) # rubocop:disable Metrics/AbcSize
+    def initialize(data = DEFAULTS) # rubocop:disable Metrics/AbcSize,Metrics/CyclomaticComplexity
       cache = DEFAULTS.fetch("cache").merge(data.fetch("cache", {}))
+      plugins_io = DEFAULTS.fetch("plugins_io").merge(data.fetch("plugins_io", {}))
 
       @target_ruby = data.fetch("target_ruby", DEFAULTS.fetch("target_ruby")).to_s
       @paths = Array(data.fetch("paths", DEFAULTS.fetch("paths"))).map(&:to_s)
-      @plugins = Array(data.fetch("plugins", DEFAULTS.fetch("plugins"))).map(&:to_s)
+      @plugins = Array(data.fetch("plugins", DEFAULTS.fetch("plugins"))).map do |entry|
+        coerce_plugin_entry(entry)
+      end.freeze
       @disabled_rules = Array(data.fetch("disable", DEFAULTS.fetch("disable"))).map(&:to_s).freeze
       @libraries = Array(data.fetch("libraries", DEFAULTS.fetch("libraries"))).map(&:to_s).freeze
       sig_paths = data.fetch("signature_paths", DEFAULTS.fetch("signature_paths"))
@@ -45,6 +58,14 @@ module Rigor
         "fold_platform_specific_paths", DEFAULTS.fetch("fold_platform_specific_paths")
       ) == true
       @cache_path = cache.fetch("path").to_s
+      @plugins_io_network = coerce_network_policy(plugins_io.fetch("network"))
+      @plugins_io_allowed_paths = Array(plugins_io.fetch("allowed_paths")).map(&:to_s).freeze
+      @severity_profile = coerce_severity_profile(
+        data.fetch("severity_profile", DEFAULTS.fetch("severity_profile"))
+      )
+      @severity_overrides = coerce_severity_overrides(
+        data.fetch("severity_overrides", DEFAULTS.fetch("severity_overrides"))
+      )
     end
 
     def to_h
@@ -58,8 +79,91 @@ module Rigor
         "fold_platform_specific_paths" => fold_platform_specific_paths,
         "cache" => {
           "path" => cache_path
-        }
+        },
+        "plugins_io" => {
+          "network" => plugins_io_network.to_s,
+          "allowed_paths" => plugins_io_allowed_paths
+        },
+        "severity_profile" => severity_profile.to_s,
+        "severity_overrides" => severity_overrides.to_h { |k, v| [k, v.to_s] }
       }
     end
+
+    private
+
+    # Accepts either `"rigor-foo"` (gem-name shorthand) or
+    # `{ "gem" => "rigor-foo", "id" => "foo", "config" => {...} }`
+    # (full form). Returns the canonical hash form so the loader
+    # works against a single shape.
+    def coerce_plugin_entry(entry)
+      case entry
+      when String
+        entry.dup.freeze
+      when Hash
+        entry.to_h { |k, v| [k.to_s, v] }.freeze
+      else
+        raise ArgumentError,
+              "plugin configuration entry must be a String or Hash, got #{entry.inspect}"
+      end
+    end
+
+    # Slice 2 only accepts `:disabled` for the network policy. The
+    # YAML scalar may arrive as a String (`"disabled"`) or already
+    # as the Symbol; coerce to the canonical Symbol shape so the
+    # downstream `TrustPolicy` constructor stays strict.
+    #
+    # The accepted set is duplicated from
+    # {Rigor::Plugin::TrustPolicy::VALID_NETWORK_POLICIES} so
+    # `Configuration` does not require the plugin namespace at
+    # load time (Configuration is loaded before Plugin in
+    # `lib/rigor.rb`); the two stay in lockstep via spec.
+    VALID_NETWORK_POLICIES = %i[disabled].freeze
+    private_constant :VALID_NETWORK_POLICIES
+
+    def coerce_network_policy(value)
+      sym = value.to_sym
+      unless VALID_NETWORK_POLICIES.include?(sym)
+        raise ArgumentError,
+              "plugins_io.network must be one of #{VALID_NETWORK_POLICIES.inspect}, got #{value.inspect}"
+      end
+
+      sym
+    end
+
+    # ADR-8 § "Severity profile" — accepts the canonical Symbol
+    # form or its String spelling; rejects unknown profile names
+    # so typos fail loudly.
+    def coerce_severity_profile(value)
+      sym = value.to_sym
+      unless SeverityProfile::VALID_PROFILES.include?(sym)
+        raise ArgumentError,
+              "severity_profile must be one of " \
+              "#{SeverityProfile::VALID_PROFILES.inspect}, got #{value.inspect}"
+      end
+
+      sym
+    end
+
+    # ADR-8 § "Severity profile" — `severity_overrides:` is a
+    # `{ rule => severity }` map. Keys are canonical rule ids
+    # (`call.undefined-method`) or family wildcards (`call`).
+    # Values are {SeverityProfile::VALID_SEVERITIES} symbols
+    # (`:error` / `:warning` / `:info` / `:off`). Unknown
+    # severities raise; unknown rule ids are silently kept (the
+    # override is inert until the rule lands).
+    def coerce_severity_overrides(value)
+      raise ArgumentError, "severity_overrides must be a Hash, got #{value.inspect}" unless value.is_a?(Hash)
+
+      value.to_h do |k, v|
+        sym = v.to_sym
+        unless SeverityProfile::VALID_SEVERITIES.include?(sym)
+          raise ArgumentError,
+                "severity_overrides[#{k.inspect}] must be one of " \
+                "#{SeverityProfile::VALID_SEVERITIES.inspect}, got #{v.inspect}"
+        end
+
+        [k.to_s, sym]
+      end.freeze
+    end
   end
 end

data/lib/rigor/environment/rbs_hierarchy.rb

@@ -45,15 +45,28 @@ module Rigor
         key = normalize_name(class_name)
         return @ancestor_names_cache[key] if @ancestor_names_cache.key?(key)
 
-        definition = loader.instance_definition(key)
         @ancestor_names_cache[key] =
-          if definition
-            definition.ancestors.ancestors.map { |ancestor| normalize_name(ancestor.name.to_s) }.uniq.freeze
+          if loader.cache_store
+            ancestor_table.fetch(key, [].freeze)
           else
-            [].freeze
+            compute_ancestor_names(key)
           end
+      end
+
+      def compute_ancestor_names(key)
+        definition = loader.instance_definition(key)
+        return [].freeze if definition.nil?
+
+        definition.ancestors.ancestors.map { |ancestor| normalize_name(ancestor.name.to_s) }.uniq.freeze
       rescue StandardError
-        @ancestor_names_cache[key] = [].freeze
+        [].freeze
+      end
+
+      def ancestor_table
+        @ancestor_table ||= begin
+          require_relative "../cache/rbs_class_ancestor_table"
+          Cache::RbsClassAncestorTable.fetch(loader: loader, store: loader.cache_store)
+        end
       end
 
       def normalize_name(name)