rigortype 0.0.9 → 0.1.0

data/lib/rigor/plugin/base.rb

@@ -0,0 +1,241 @@
+# frozen_string_literal: true
+
+require "digest"
+require "json"
+
+require_relative "manifest"
+
+module Rigor
+  module Plugin
+    # Base class every Rigor plugin subclasses. The plugin gem
+    # subclasses {Base}, declares its identity through {.manifest},
+    # registers the subclass with {Rigor::Plugin.register}, and
+    # overrides {#init} to wire up any state it needs from the
+    # injected service container.
+    #
+    # Slice 1 ships only the registration / loading plumbing. The
+    # protocol hooks (dynamic-return contributions, type-specifying
+    # contributions, dynamic reflection) land in subsequent v0.1.0
+    # slices and arrive as additional methods on this class.
+    #
+    # Example plugin:
+    #
+    #   class MyRailsPlugin < Rigor::Plugin::Base
+    #     manifest(
+    #       id: "rails",
+    #       version: "0.1.0",
+    #       description: "Rails framework support for Rigor"
+    #     )
+    #
+    #     def init(services)
+    #       @reflection = services.reflection
+    #       @type = services.type
+    #     end
+    #   end
+    #
+    #   Rigor::Plugin.register(MyRailsPlugin)
+    class Base
+      class << self
+        # Declares the plugin's manifest. Called once at class
+        # definition time — the resulting {Manifest} is cached on
+        # the class so {Rigor::Plugin::Loader} reads it without
+        # constructing the plugin.
+        def manifest(**fields)
+          if fields.empty?
+            raise ArgumentError, "plugin #{self} did not declare a manifest" unless defined?(@manifest) && @manifest
+
+            return @manifest
+          end
+
+          @manifest = Manifest.new(**fields)
+        end
+
+        # ADR-7 § "Slice 6-A" — DSL declaration of a cached
+        # producer. Plugin authors write
+        #
+        #   class MyPlugin < Rigor::Plugin::Base
+        #     manifest(id: "rails", version: "0.1.0")
+        #
+        #     producer :schema_table do |params|
+        #       schema = io_boundary.read_file("db/schema.rb")
+        #       parse(schema, params)
+        #     end
+        #   end
+        #
+        # The block runs through `instance_exec` so `self` inside
+        # the body is the plugin instance — `io_boundary`,
+        # `services`, `manifest`, `config` are all in scope. The
+        # block receives the call-site `params` Hash as its sole
+        # argument; the same params Hash mixes into the cache
+        # key per `Cache::Descriptor#cache_key_for`.
+        #
+        # `serialize:` / `deserialize:` are forwarded verbatim to
+        # `Cache::Store#fetch_or_compute`. Default round-trip is
+        # `Marshal.dump` / `Marshal.load` per the v0.0.9 callable
+        # surface; producers whose return values are not Marshal-
+        # clean must supply their own pair.
+        #
+        # Producer ids are auto-prefixed `plugin.<manifest.id>.`
+        # at the cache layer (slice 6-C) so plugin-side ids cannot
+        # collide with built-in producers.
+        def producer(id, serialize: nil, deserialize: nil, &block)
+          raise ArgumentError, "Plugin::Base.producer requires a block body" if block.nil?
+
+          @producers ||= {}
+          @producers[id.to_sym] = { block: block, serialize: serialize, deserialize: deserialize }.freeze
+          id.to_sym
+        end
+
+        # Frozen snapshot of the producer table. Inherited
+        # producers from a superclass are intentionally NOT
+        # surfaced — Plugin::Base subclasses do not chain
+        # producers, and the loader instantiates one
+        # subclass per registration.
+        def producers
+          (@producers || {}).dup.freeze
+        end
+      end
+
+      attr_reader :services, :config
+
+      def initialize(services:, config: {})
+        @services = services
+        @config = config.freeze
+      end
+
+      # Override in subclasses to wire any state the plugin needs
+      # from the injected service container. Default is a no-op so
+      # plugins that only contribute through later-slice protocol
+      # hooks do not have to define an explicit body.
+      def init(services) # rubocop:disable Lint/UnusedMethodArgument
+        nil
+      end
+
+      # ADR-7 § "Slice 5-A" — per-file diagnostic emission hook.
+      # Override in plugin subclasses to return an array of
+      # `Rigor::Analysis::Diagnostic` rows for the analysed file.
+      # The runner stamps each returned diagnostic with
+      # `source_family: "plugin.<manifest.id>"` automatically per
+      # ADR-7 § "Slice 5-B"; plugin authors should construct
+      # diagnostics without setting `source_family` (any value
+      # they pass is overwritten).
+      #
+      # `path` is the analysed file path; `scope` is the entry
+      # `Rigor::Scope` after `ScopeIndexer` ran; `root` is the
+      # parsed `Prism::Node` root. Plugin authors traverse `root`
+      # themselves if they need node-scoped rules — the
+      # `Rule<TNode>` API ADR-2 § "Custom rules" mentions stays
+      # deferred to v0.1.x.
+      #
+      # Default returns `[]` so plugins that contribute through
+      # other channels (e.g. slice-4 narrowing contributions,
+      # slice-6 cache producers) do not have to override.
+      def diagnostics_for_file(path:, scope:, root:) # rubocop:disable Lint/UnusedMethodArgument
+        []
+      end
+
+      # Convenience accessor — `manifest` on the instance returns
+      # the class-level manifest declaration.
+      def manifest
+        self.class.manifest
+      end
+
+      # ADR-7 § "Slice 6-A/6-B" — per-plugin {IoBoundary}.
+      # Memoised so the boundary's accumulated `FileEntry`
+      # rows persist across producer invocations within the
+      # same plugin instance and feed cache invalidation
+      # via `cache_for`.
+      def io_boundary
+        @io_boundary ||= services.io_boundary_for(manifest.id)
+      end
+
+      # ADR-7 § "Slice 6-A" — returns a callable that performs
+      # a `Cache::Store#fetch_or_compute` round-trip for the
+      # named producer. The descriptor (per ADR-7 § "Slice
+      # 6-B") is auto-assembled from the plugin's
+      # `PluginEntry` template (id, version, config_hash) and
+      # the {IoBoundary} read history. The producer id is
+      # auto-prefixed `plugin.<manifest.id>.` per ADR-7 §
+      # "Slice 6-C" so plugin caches stay sandboxed from
+      # built-in producers.
+      #
+      # When `services.cache_store` is `nil` (e.g. CLI
+      # `--no-cache`), the callable bypasses the cache and
+      # runs the producer block every time — same semantics
+      # as the v0.0.9 cache surface for built-in producers.
+      #
+      # `descriptor:` (optional, ADR-7 § "Slice 6" follow-up)
+      # supplies extra `Cache::Descriptor` rows the plugin
+      # author wants to compose into the auto-built descriptor
+      # — typically gem-version `GemEntry`, configuration-file
+      # `FileEntry` digests, or `ConfigEntry` rows for external
+      # state the {IoBoundary} cannot capture itself. The
+      # passed descriptor composes via `Cache::Descriptor.compose`
+      # with the auto-built one (PluginEntry template + boundary
+      # reads); per-slot conflicts raise
+      # `Cache::Descriptor::Conflict` to make divergent inputs
+      # visible rather than silently shadowing.
+      def cache_for(producer_id, params: {}, descriptor: nil)
+        producer = self.class.producers[producer_id.to_sym]
+        unless producer
+          raise ArgumentError,
+                "plugin #{manifest.id.inspect} did not declare producer #{producer_id.inspect}"
+        end
+
+        compute = -> { instance_exec(params, &producer[:block]) }
+        store = services.cache_store
+        return compute unless store
+
+        prefixed_id = "plugin.#{manifest.id}.#{producer_id}"
+        composed_descriptor = compose_cache_descriptor(descriptor)
+        lambda do
+          store.fetch_or_compute(
+            producer_id: prefixed_id,
+            params: params,
+            descriptor: composed_descriptor,
+            serialize: producer[:serialize],
+            deserialize: producer[:deserialize],
+            &compute
+          )
+        end
+      end
+
+      private
+
+      # ADR-7 § "Slice 6-B" — composes the per-call cache
+      # descriptor from (1) the plugin's PluginEntry template
+      # and (2) the IoBoundary's accumulated FileEntry rows.
+      def build_plugin_cache_descriptor
+        plugin_entry = Cache::Descriptor::PluginEntry.new(
+          id: manifest.id,
+          version: manifest.version,
+          config_hash: digest_config(config)
+        )
+        boundary_descriptor = io_boundary.cache_descriptor
+        Cache::Descriptor.new(
+          plugins: [plugin_entry],
+          files: boundary_descriptor.files
+        )
+      end
+
+      # ADR-7 § "Slice 6" follow-up — composes the auto-built
+      # cache descriptor with an optional plugin-author-supplied
+      # extension. Extra `GemEntry` / `FileEntry` / `ConfigEntry`
+      # rows the plugin needs (gem-version pins, external
+      # configuration files, sibling-plugin state) flow through
+      # `Cache::Descriptor.compose`; the union behaviour matches
+      # built-in producers (`RbsConstantTable`, `RbsEnvironment`).
+      def compose_cache_descriptor(extra)
+        auto_built = build_plugin_cache_descriptor
+        return auto_built if extra.nil?
+
+        Cache::Descriptor.compose(auto_built, extra)
+      end
+
+      def digest_config(config)
+        canonical = Cache::Descriptor.canonicalize_value(config || {})
+        Digest::SHA256.hexdigest(JSON.generate(canonical))
+      end
+    end
+  end
+end

data/lib/rigor/plugin/io_boundary.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require "digest"
+
+require_relative "access_denied_error"
+
+module Rigor
+  module Plugin
+    # Analyzer-side helper plugins go through to read files and
+    # (eventually) reach the network. The boundary enforces the
+    # active {TrustPolicy} and accumulates a {Cache::Descriptor}
+    # of every read so plugin contributions stay invalidatable
+    # alongside their inputs.
+    #
+    # ADR-2 § "Plugin Trust and I/O Policy" is the binding
+    # contract. The boundary is **not** a sandbox: a plugin that
+    # uses `File.read` directly bypasses everything here, and the
+    # ADR explicitly accepts that trade-off. The discipline is:
+    # when plugin code goes through this surface, reads stay
+    # within the trust scope and feed the cache descriptor;
+    # contributions built on top of out-of-scope reads will not
+    # invalidate correctly.
+    #
+    # Slice 2 ships a minimal surface:
+    #
+    # - `#read_file(path)` — validates against the policy, returns
+    #   the file's contents, and adds a digest-keyed
+    #   {Cache::Descriptor::FileEntry} to the boundary's
+    #   accumulated descriptor.
+    # - `#open_url(url)` — always raises {AccessDeniedError} while
+    #   `network_policy` is `:disabled` (the only setting in slice
+    #   2). The hook exists so slices 3-6 can layer richer access
+    #   policy without re-defining the API.
+    # - `#cache_descriptor` — flushes the accumulated entries into
+    #   a fresh {Cache::Descriptor} for the contribution that
+    #   built it.
+    class IoBoundary
+      attr_reader :policy, :plugin_id
+
+      def initialize(policy:, plugin_id:)
+        @policy = policy
+        @plugin_id = plugin_id.to_s.dup.freeze
+        @file_entries = {}
+        @mutex = Mutex.new
+      end
+
+      # Reads the file at `path` after validating it against the
+      # policy. Raises {AccessDeniedError} when the path is outside
+      # every allowed read root. Records a `:digest` {FileEntry}
+      # so the resulting cache slice invalidates on content change.
+      def read_file(path)
+        absolute = File.expand_path(path.to_s)
+        unless @policy.allow_read?(absolute)
+          raise AccessDeniedError.new(
+            "plugin #{@plugin_id.inspect} cannot read #{absolute.inspect}: " \
+            "path is outside the trusted-read scope",
+            reason: :read_outside_scope,
+            resource: absolute
+          )
+        end
+
+        contents = File.binread(absolute)
+        record_file_entry(absolute, contents)
+        contents
+      end
+
+      # Slice 2 stub: every URL access is denied while
+      # `network_policy` is `:disabled`. Slices that need to relax
+      # the rule (e.g. for opt-in offline-replay caches) will lift
+      # the policy gate; the API does not change.
+      def open_url(url)
+        unless @policy.network_allowed?
+          raise AccessDeniedError.new(
+            "plugin #{@plugin_id.inspect} cannot open URL #{url.inspect}: " \
+            "network access is disabled during analysis",
+            reason: :network_disabled,
+            resource: url.to_s
+          )
+        end
+
+        raise NotImplementedError, "URL fetch surface is reserved; slice 2 only ships the deny path"
+      end
+
+      # @return [Rigor::Cache::Descriptor] frozen snapshot of every
+      #   file the boundary has read so far. Calling this multiple
+      #   times yields equal descriptors; subsequent reads expand
+      #   the underlying record table.
+      def cache_descriptor
+        entries = @mutex.synchronize { @file_entries.values.dup }
+        Cache::Descriptor.new(files: entries)
+      end
+
+      private
+
+      def record_file_entry(path, contents)
+        digest = Digest::SHA256.hexdigest(contents)
+        entry = Cache::Descriptor::FileEntry.new(path: path, comparator: :digest, value: digest)
+        @mutex.synchronize { @file_entries[path] = entry }
+      end
+    end
+  end
+end

data/lib/rigor/plugin/load_error.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    # Raised inside the loader (and surfaced as a diagnostic by the
+    # analyzer) when a plugin entry cannot be resolved or
+    # instantiated. Carries the failing plugin reference plus the
+    # underlying cause so the diagnostic message stays precise.
+    #
+    # ADR-2 § "Plugin Trust and I/O Policy" requires plugin failures
+    # to be isolated at the analyzer boundary; this class is the
+    # carrier for that contract on the loading side.
+    class LoadError < StandardError
+      attr_reader :plugin_ref, :cause_class
+
+      def initialize(message, plugin_ref:, cause: nil)
+        super(message)
+        @plugin_ref = plugin_ref
+        @cause_class = cause&.class
+      end
+    end
+  end
+end

data/lib/rigor/plugin/loader.rb

@@ -0,0 +1,191 @@
+# frozen_string_literal: true
+
+require_relative "registry"
+require_relative "load_error"
+
+module Rigor
+  module Plugin
+    # Resolves the project's `.rigor.yml` `plugins:` entries into
+    # instantiated plugin instances, paired with a service container.
+    # Internal slice-1 implementation; the public surface is
+    # {Loader.load} returning a {Registry}.
+    #
+    # Steps per entry (in order):
+    #
+    # 1. Normalise the entry into `{ gem:, id:, config: }`.
+    # 2. `require` the gem (failures surface as a {LoadError}).
+    # 3. Look up the registered plugin class by id (or by gem
+    #    name if the entry omitted an explicit id).
+    # 4. Validate the user's config against the manifest's
+    #    `config_schema`.
+    # 5. Instantiate the plugin and call `init(services)`.
+    #
+    # Loading is deterministic: configuration order, with plugin
+    # id alphabetical as the tie-breaker for entries that resolve
+    # to the same gem. Failures do not abort the run; the loader
+    # collects them on the {Registry} so the runner can convert
+    # each one into a `:plugin_loader` diagnostic.
+    class Loader # rubocop:disable Metrics/ClassLength
+      attr_reader :services, :requirer
+
+      # @param services [Rigor::Plugin::Services]
+      # @param requirer [#call] takes a gem name and returns truthy
+      #   on successful require. Defaulted to `Kernel.require` via
+      #   a lambda; the spec injects a fake to avoid touching the
+      #   real load path.
+      def initialize(services:, requirer: ->(name) { require name })
+        @services = services
+        @requirer = requirer
+      end
+
+      def self.load(configuration:, services:, requirer: ->(name) { require name })
+        new(services: services, requirer: requirer).load(configuration.plugins)
+      end
+
+      # @param entries [Array<String, Hash>] the raw `plugins:`
+      #   list from the configuration.
+      # @return [Registry]
+      def load(entries)
+        plugins = []
+        load_errors = []
+        seen_ids = {}
+
+        Array(entries).each_with_index do |raw, index|
+          entry = normalise_entry(raw, index)
+        rescue LoadError => e
+          load_errors << e
+        else
+          begin
+            plugin = resolve_and_instantiate(entry, seen_ids)
+            plugins << plugin if plugin
+          rescue LoadError => e
+            load_errors << e
+          end
+        end
+
+        Registry.new(plugins: plugins, load_errors: load_errors)
+      end
+
+      private
+
+      # Accepts:
+      #   "rigor-rails"
+      #   { "gem" => "rigor-rails", "id" => "rails", "config" => {...} }
+      #   { gem: "rigor-rails", id: "rails", config: {...} }
+      def normalise_entry(raw, index) # rubocop:disable Metrics/CyclomaticComplexity
+        case raw
+        when String
+          { gem: raw, id: nil, config: {} }
+        when Hash
+          string_keyed = raw.to_h { |k, v| [k.to_s, v] }
+          gem_name = string_keyed["gem"] || string_keyed["id"]
+          unless gem_name.is_a?(String) && !gem_name.empty?
+            raise LoadError.new(
+              "plugin entry ##{index} must declare a non-empty `gem:` (or `id:`), got #{raw.inspect}",
+              plugin_ref: raw
+            )
+          end
+
+          { gem: gem_name, id: string_keyed["id"], config: string_keyed["config"] || {} }
+        else
+          raise LoadError.new(
+            "plugin entry ##{index} must be a String or Hash, got #{raw.class}",
+            plugin_ref: raw
+          )
+        end
+      end
+
+      def resolve_and_instantiate(entry, seen_ids) # rubocop:disable Metrics/AbcSize
+        before = Plugin.registered.keys.to_set
+        require_gem!(entry)
+        after = Plugin.registered.keys.to_set
+        newly_registered = (after - before).to_a
+
+        plugin_class = lookup_plugin_class!(entry, newly_registered)
+        manifest = plugin_class.manifest
+
+        if seen_ids.key?(manifest.id)
+          raise LoadError.new(
+            "plugin id #{manifest.id.inspect} appeared twice in configuration " \
+            "(first via #{seen_ids[manifest.id].inspect}, again via #{entry[:gem].inspect})",
+            plugin_ref: manifest.id
+          )
+        end
+        seen_ids[manifest.id] = entry[:gem]
+
+        validate_config!(manifest, entry[:config])
+        instantiate(plugin_class, entry[:config])
+      end
+
+      def require_gem!(entry)
+        @requirer.call(entry[:gem])
+      rescue ::LoadError => e
+        raise LoadError.new(
+          "could not load plugin gem #{entry[:gem].inspect}: #{e.message}",
+          plugin_ref: entry[:gem],
+          cause: e
+        )
+      end
+
+      def lookup_plugin_class!(entry, newly_registered) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
+        if entry[:id]
+          plugin_class = Plugin.registered_for(entry[:id])
+          unless plugin_class
+            raise LoadError.new(
+              "plugin id #{entry[:id].inspect} (gem #{entry[:gem].inspect}) " \
+              "did not register itself with Rigor::Plugin.register",
+              plugin_ref: entry[:id]
+            )
+          end
+
+          return plugin_class
+        end
+
+        case newly_registered.size
+        when 0
+          raise LoadError.new(
+            "plugin gem #{entry[:gem].inspect} did not register any plugin via Rigor::Plugin.register",
+            plugin_ref: entry[:gem]
+          )
+        when 1
+          Plugin.registered_for(newly_registered.first)
+        else
+          raise LoadError.new(
+            "plugin gem #{entry[:gem].inspect} registered multiple plugins " \
+            "(#{newly_registered.sort.inspect}); disambiguate with an explicit `id:` field",
+            plugin_ref: entry[:gem]
+          )
+        end
+      end
+
+      def validate_config!(manifest, config)
+        errors = manifest.validate_config(config)
+        return if errors.empty?
+
+        raise LoadError.new(
+          "plugin #{manifest.id.inspect} config invalid: #{errors.join('; ')}",
+          plugin_ref: manifest.id
+        )
+      end
+
+      def instantiate(plugin_class, config)
+        plugin = plugin_class.new(services: @services, config: config)
+        plugin.init(@services)
+        plugin
+      rescue StandardError => e
+        manifest_id = safe_manifest_id(plugin_class)
+        raise LoadError.new(
+          "plugin #{manifest_id.inspect} raised during init: #{e.class}: #{e.message}",
+          plugin_ref: manifest_id,
+          cause: e
+        )
+      end
+
+      def safe_manifest_id(plugin_class)
+        plugin_class.manifest.id
+      rescue StandardError
+        plugin_class.to_s
+      end
+    end
+  end
+end

data/lib/rigor/plugin/manifest.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    # Value object describing one plugin's identity and metadata.
+    # Constructed once per plugin class through {Rigor::Plugin::Base.manifest};
+    # consumed by {Rigor::Plugin::Loader} when matching project
+    # configuration entries to registered plugins and by
+    # {Rigor::Cache::Descriptor::PluginEntry} when deriving cache keys.
+    #
+    # The fields are pinned by ADR-2 § "Registration, Configuration,
+    # and Caching"; the v0.1.0 plugin contract surface treats this
+    # struct as the public manifest shape.
+    class Manifest
+      # Same regex {Rigor::Cache::Store::VALID_PRODUCER_ID} uses,
+      # so plugin ids round-trip through cache producer ids and
+      # `plugin.<id>.<rule>` diagnostic identifiers without escape.
+      VALID_ID = /\A[a-z][a-z0-9._-]*\z/
+
+      # The first-implementation `config_schema` accepts these value
+      # kinds. Slice 1 only checks key presence and shallow value
+      # kind; richer schemas (nested maps, enums) land later when
+      # the v0.1.0 protocol slices need them.
+      VALID_VALUE_KINDS = %i[string boolean integer array hash any].freeze
+
+      attr_reader :id, :version, :description, :protocols, :config_schema
+
+      def initialize(id:, version:, description: nil, protocols: [], config_schema: {})
+        validate_id!(id)
+        validate_version!(version)
+        validate_protocols!(protocols)
+        validate_config_schema!(config_schema)
+
+        @id = id.dup.freeze
+        @version = version.dup.freeze
+        @description = description.nil? ? nil : description.to_s.dup.freeze
+        @protocols = protocols.map(&:to_sym).freeze
+        @config_schema = config_schema.to_h { |k, v| [k.to_s.dup.freeze, v.to_sym] }.freeze
+
+        freeze
+      end
+
+      # Validates the user-supplied plugin config block against this
+      # manifest's `config_schema`. Returns an array of human-readable
+      # error strings (empty when the config is valid). Slice 1 checks
+      # only unknown keys and shallow value kind; nested schemas come
+      # with later slices.
+      def validate_config(config)
+        return ["plugin config must be a Hash, got #{config.class}"] unless config.is_a?(Hash)
+
+        errors = []
+        config.each do |key, value|
+          key_s = key.to_s
+          unless config_schema.key?(key_s)
+            errors << "unknown config key #{key_s.inspect} for plugin #{id.inspect}"
+            next
+          end
+
+          kind = config_schema.fetch(key_s)
+          errors << "config key #{key_s.inspect} expected #{kind}, got #{value.class}" unless value_matches?(value,
+                                                                                                             kind)
+        end
+        errors
+      end
+
+      def to_h
+        {
+          "id" => id,
+          "version" => version,
+          "description" => description,
+          "protocols" => protocols.map(&:to_s),
+          "config_schema" => config_schema.to_h { |k, v| [k, v.to_s] }
+        }
+      end
+
+      def ==(other)
+        other.is_a?(Manifest) && to_h == other.to_h
+      end
+      alias eql? ==
+
+      def hash
+        to_h.hash
+      end
+
+      private
+
+      def validate_id!(id)
+        return if id.is_a?(String) && id.match?(VALID_ID)
+
+        raise ArgumentError,
+              "plugin manifest id must match #{VALID_ID.inspect}, got #{id.inspect}"
+      end
+
+      def validate_version!(version)
+        return if version.is_a?(String) && !version.empty?
+
+        raise ArgumentError, "plugin manifest version must be a non-empty String, got #{version.inspect}"
+      end
+
+      def validate_protocols!(protocols)
+        return if protocols.is_a?(Array) && protocols.all? { |p| p.is_a?(Symbol) || p.is_a?(String) }
+
+        raise ArgumentError, "plugin manifest protocols must be an Array of Symbol/String, got #{protocols.inspect}"
+      end
+
+      def validate_config_schema!(schema)
+        unless schema.is_a?(Hash)
+          raise ArgumentError,
+                "plugin manifest config_schema must be a Hash, got #{schema.inspect}"
+        end
+
+        schema.each_value do |kind|
+          next if VALID_VALUE_KINDS.include?(kind.to_sym)
+
+          raise ArgumentError,
+                "plugin manifest config_schema value kind must be one of " \
+                "#{VALID_VALUE_KINDS.inspect}, got #{kind.inspect}"
+        end
+      end
+
+      def value_matches?(value, kind)
+        case kind
+        when :string then value.is_a?(String)
+        when :boolean then [true, false].include?(value)
+        when :integer then value.is_a?(Integer)
+        when :array then value.is_a?(Array)
+        when :hash then value.is_a?(Hash)
+        when :any then true
+        else false
+        end
+      end
+    end
+  end
+end