rigortype 0.0.9 → 0.1.0

data/lib/rigor/plugin/registry.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    # Read-side query API over the plugins loaded for a single
+    # `Analysis::Runner.run`. Constructed by
+    # {Rigor::Plugin::Loader.load} and exposed downstream so the
+    # contribution merger (slice 3) and diagnostic provenance
+    # (slice 5) can iterate over loaded plugin instances in
+    # deterministic order.
+    #
+    # The registry is read-only after construction; ordering is
+    # the order in which {Rigor::Plugin::Loader} resolved
+    # configuration entries, which is project-config order with
+    # plugin-id alphabetical as the tie-breaker.
+    class Registry
+      attr_reader :plugins, :load_errors
+
+      # @param plugins [Array<Rigor::Plugin::Base>] instantiated
+      #   plugin instances in deterministic order.
+      # @param load_errors [Array<Rigor::Plugin::LoadError>] failures
+      #   surfaced during loading. Each error is also turned into a
+      #   diagnostic by the runner.
+      def initialize(plugins: [], load_errors: [])
+        @plugins = plugins.dup.freeze
+        @load_errors = load_errors.dup.freeze
+        freeze
+      end
+
+      def find(id)
+        id_s = id.to_s
+        plugins.find { |plugin| plugin.manifest.id == id_s }
+      end
+
+      def ids
+        plugins.map { |plugin| plugin.manifest.id }
+      end
+
+      def empty?
+        plugins.empty?
+      end
+
+      def any_load_errors?
+        !load_errors.empty?
+      end
+
+      EMPTY = new.freeze
+    end
+  end
+end

data/lib/rigor/plugin/services.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    # Dependency-injection container handed to every plugin's
+    # {Rigor::Plugin::Base#init} method. Plugins read from the
+    # container; they MUST NOT mutate it. The container is
+    # constructed once per `Analysis::Runner.run` and destroyed
+    # at the end of the run.
+    #
+    # ADR-2 § "Registration, Configuration, and Caching" reserves
+    # this surface for "constructor injection for analyzer
+    # services such as reflection providers, type factories,
+    # loggers, and configuration readers". Slice 1 wires four
+    # of those:
+    #
+    # - `reflection`: the {Rigor::Reflection} read-side facade.
+    # - `type`: the {Rigor::Type::Combinator} factory module.
+    # - `configuration`: the project's {Rigor::Configuration}.
+    # - `cache_store`: the {Rigor::Cache::Store} the run is using
+    #   (or `nil` when caching is disabled). Slice 6 wires
+    #   plugin-side cache producers through this entry.
+    #
+    # Loggers are not yet a public surface in the core analyzer;
+    # they will be added when the diagnostics formatter grows a
+    # progress channel.
+    #
+    # Slice 2 (Plugin trust / I/O policy) extends the container
+    # with `trust_policy` and a per-plugin `io_boundary_for(plugin_id)`
+    # factory. Plugins should reach for the boundary rather than
+    # raw `File.read` so reads stay within the trusted scope and
+    # feed cache invalidation; ADR-2 § "Plugin Trust and I/O
+    # Policy" documents the trust model the boundary enforces.
+    class Services
+      attr_reader :reflection, :type, :configuration, :cache_store, :trust_policy
+
+      def initialize(reflection:, type:, configuration:, cache_store: nil, trust_policy: nil)
+        @reflection = reflection
+        @type = type
+        @configuration = configuration
+        @cache_store = cache_store
+        @trust_policy = trust_policy || default_trust_policy
+        freeze
+      end
+
+      # Returns a fresh {IoBoundary} bound to `plugin_id` and the
+      # current `trust_policy`. The boundary accumulates per-plugin
+      # cache descriptor entries; the loader / contribution merger
+      # constructs one boundary per plugin per run.
+      def io_boundary_for(plugin_id)
+        IoBoundary.new(policy: @trust_policy, plugin_id: plugin_id)
+      end
+
+      private
+
+      def default_trust_policy
+        TrustPolicy.new(
+          trusted_gems: [],
+          allowed_read_roots: [Dir.pwd],
+          network_policy: :disabled
+        )
+      end
+    end
+  end
+end

data/lib/rigor/plugin/trust_policy.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    # Declarative trust / I/O policy for the active plugin set.
+    # Pinned by [ADR-2 § "Plugin Trust and I/O Policy"](../../../docs/adr/2-extension-api.md):
+    # plugins are *trusted Ruby gems selected by the user, their
+    # Gemfile, or project configuration*; this class is the
+    # programmatic surface that documents that trust and lets the
+    # analyzer enforce read scope + network disablement at the
+    # documented edges.
+    #
+    # The policy is **not a sandbox.** A plugin that uses raw
+    # `File.read` or `Net::HTTP` bypasses the policy — ADR-2
+    # explicitly chooses documentation over forced isolation. The
+    # contract is: when plugins go through {Rigor::Plugin::IoBoundary}
+    # (the analyzer-side helper service slice 2 introduces), the
+    # boundary checks against this policy and feeds compliant reads
+    # into the cache descriptor for invalidation. Slices 3-6 wire
+    # plugin contributions through the boundary so the policy is
+    # the actual mechanism, not just paperwork.
+    #
+    # ## Fields
+    #
+    # - `trusted_gems`: gem names the user has authorised. Derived
+    #   from the `plugins:` section of `.rigor.yml` plus any gems
+    #   they reach transitively. Used today for documentation and
+    #   future trust diagnostics.
+    # - `allowed_read_roots`: absolute paths plugin code may read
+    #   from through the {IoBoundary}. The default set covers the
+    #   project root, the project's `signature_paths`, the active
+    #   `Gemfile.lock`, and each trusted gem's
+    #   `Gem::Specification#full_gem_path`. The user extends this
+    #   with `.rigor.yml`'s `plugins_io.allowed_paths:`.
+    # - `network_policy`: `:disabled` in slice 2; the only value
+    #   accepted today. Plugin {IoBoundary#open_url} always raises
+    #   while the policy is `:disabled`.
+    class TrustPolicy
+      VALID_NETWORK_POLICIES = %i[disabled].freeze
+
+      attr_reader :trusted_gems, :allowed_read_roots, :network_policy
+
+      def initialize(trusted_gems: [], allowed_read_roots: [], network_policy: :disabled)
+        validate_network_policy!(network_policy)
+
+        @trusted_gems = trusted_gems.map { |g| g.to_s.dup.freeze }.uniq.sort.freeze
+        @allowed_read_roots = allowed_read_roots
+                              .map { |path| File.expand_path(path).freeze }
+                              .uniq
+                              .sort
+                              .freeze
+        @network_policy = network_policy
+        freeze
+      end
+
+      # @param path [String]
+      # @return [Boolean] true when the absolute path falls inside
+      #   any allowed read root. Symlinks are resolved through
+      #   `File.expand_path` only (no `realpath`); plugins with
+      #   adversarial intent are out of scope per ADR-2.
+      def allow_read?(path)
+        absolute = File.expand_path(path.to_s)
+        @allowed_read_roots.any? { |root| inside?(absolute, root) }
+      end
+
+      def network_allowed?
+        @network_policy != :disabled
+      end
+
+      def gem_trusted?(name)
+        @trusted_gems.include?(name.to_s)
+      end
+
+      def to_h
+        {
+          "trusted_gems" => trusted_gems,
+          "allowed_read_roots" => allowed_read_roots,
+          "network_policy" => network_policy.to_s
+        }
+      end
+
+      private
+
+      def validate_network_policy!(policy)
+        return if VALID_NETWORK_POLICIES.include?(policy)
+
+        raise ArgumentError,
+              "TrustPolicy network_policy must be one of #{VALID_NETWORK_POLICIES.inspect}, got #{policy.inspect}"
+      end
+
+      def inside?(absolute, root)
+        return true if absolute == root
+
+        prefix = "#{root}#{File::SEPARATOR}"
+        absolute.start_with?(prefix)
+      end
+    end
+  end
+end

data/lib/rigor/plugin.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require_relative "plugin/manifest"
+require_relative "plugin/access_denied_error"
+require_relative "plugin/trust_policy"
+require_relative "plugin/io_boundary"
+require_relative "plugin/services"
+require_relative "plugin/base"
+require_relative "plugin/registry"
+require_relative "plugin/load_error"
+
+module Rigor
+  module Plugin
+    @registered = {}
+    @mutex = Mutex.new
+
+    class << self
+      def register(plugin_class)
+        unless plugin_class.is_a?(Class) && plugin_class < Base
+          raise ArgumentError,
+                "Rigor::Plugin.register expects a subclass of Rigor::Plugin::Base, got #{plugin_class.inspect}"
+        end
+
+        manifest = plugin_class.manifest # rigor:disable undefined-method
+        @mutex.synchronize do
+          existing = @registered[manifest.id]
+          if existing && existing != plugin_class
+            raise LoadError.new(
+              "plugin id #{manifest.id.inspect} already registered to #{existing}, " \
+              "cannot re-register to #{plugin_class}",
+              plugin_ref: manifest.id
+            )
+          end
+
+          @registered[manifest.id] = plugin_class
+        end
+        plugin_class
+      end
+
+      def registered_for(id)
+        @mutex.synchronize { @registered[id.to_s] }
+      end
+
+      def registered
+        @mutex.synchronize { @registered.dup.freeze }
+      end
+
+      def unregister!(id = nil)
+        @mutex.synchronize do
+          if id.nil?
+            @registered.clear
+          else
+            @registered.delete(id.to_s)
+          end
+        end
+      end
+    end
+  end
+end
+
+require_relative "plugin/loader"

data/lib/rigor/rbs_extended.rb

@@ -64,6 +64,23 @@ module Rigor
       def falsey_only? = edge == :falsey_only
       def negative? = negative == true
       def refinement? = !refinement_type.nil?
+
+      # ADR-7 § "Slice 4-A" canonical translation. Lifts the
+      # parser-side carrier into a `Rigor::FlowContribution::Fact`
+      # that the merger and plugin contribution stream consume
+      # uniformly. `class_name` lifts to `Nominal[<class>]`;
+      # `refinement_type` is already a `Rigor::Type` and passes
+      # through. The `edge` field doesn't survive the conversion —
+      # the slot it lands in (truthy_facts / falsey_facts / ...)
+      # encodes that.
+      def to_fact
+        FlowContribution::Fact.new(
+          target_kind: target_kind,
+          target_name: target_name,
+          type: refinement_type || Rigor::Type::Combinator.nominal_of(class_name),
+          negative: negative == true
+        )
+      end
     end
 
     # Returned for `assert` / `assert-if-true` /
@@ -87,6 +104,21 @@ module Rigor
       def if_falsey_return? = condition == :if_falsey_return
       def negative? = negative == true
       def refinement? = !refinement_type.nil?
+
+      # ADR-7 § "Slice 4-A" canonical translation. Same shape as
+      # `PredicateEffect#to_fact`; the `condition` field
+      # (`:always` / `:if_truthy_return` / `:if_falsey_return`)
+      # routes which slot the resulting fact lands in at the
+      # `read_flow_contribution` boundary, but does not surface
+      # on the Fact itself.
+      def to_fact
+        FlowContribution::Fact.new(
+          target_kind: target_kind,
+          target_name: target_name,
+          type: refinement_type || Rigor::Type::Combinator.nominal_of(class_name),
+          negative: negative == true
+        )
+      end
     end
 
     module_function
@@ -425,12 +457,16 @@ module Rigor
     ).freeze
 
     # Rolls up every recognised RBS::Extended directive on
-    # `method_def` into a single {Rigor::FlowContribution}:
+    # `method_def` into a single {Rigor::FlowContribution} with
+    # the canonical {Rigor::FlowContribution::Fact} payload (see
+    # ADR-7 § "Slice 4-A"):
     #
-    # - `predicate-if-true`  → `truthy_facts` (`PredicateEffect`s)
-    # - `predicate-if-false` → `falsey_facts` (`PredicateEffect`s)
-    # - `assert*`            → `post_return_facts` (`AssertEffect`s)
-    # - `return:` override   → `return_type` (`Rigor::Type`)
+    # - `predicate-if-true`        → `truthy_facts`
+    # - `predicate-if-false`       → `falsey_facts`
+    # - `assert`                   → `post_return_facts`
+    # - `assert-if-true`           → `truthy_facts`
+    # - `assert-if-false`          → `falsey_facts`
+    # - `return:` override         → `return_type` (`Rigor::Type`)
     #
     # Param overrides are intentionally NOT included — they refine
     # the call's signature contract rather than its flow facts and
@@ -452,12 +488,24 @@ module Rigor
       build_flow_contribution(predicate_effects, assert_effects, return_override)
     end
 
-    def build_flow_contribution(predicate_effects, assert_effects, return_override)
+    def build_flow_contribution(predicate_effects, assert_effects, return_override) # rubocop:disable Metrics/CyclomaticComplexity
+      truthy = predicate_effects.select(&:truthy_only?).map(&:to_fact)
+      falsey = predicate_effects.select(&:falsey_only?).map(&:to_fact)
+      post_return = []
+
+      assert_effects.each do |effect|
+        case effect.condition
+        when :if_truthy_return then truthy << effect.to_fact
+        when :if_falsey_return then falsey << effect.to_fact
+        else post_return << effect.to_fact
+        end
+      end
+
       FlowContribution.new(
         return_type: return_override,
-        truthy_facts: nilable_slot(predicate_effects.select(&:truthy_only?)),
-        falsey_facts: nilable_slot(predicate_effects.select(&:falsey_only?)),
-        post_return_facts: nilable_slot(assert_effects),
+        truthy_facts: nilable_slot(truthy),
+        falsey_facts: nilable_slot(falsey),
+        post_return_facts: nilable_slot(post_return),
         provenance: RBS_EXTENDED_PROVENANCE
       )
     end

data/lib/rigor/reflection.rb

@@ -147,7 +147,7 @@ module Rigor
       return nil if loader.nil?
 
       loader.instance_definition(class_name.to_s)
-    rescue StandardError
+    rescue ::RBS::BaseError
       nil
     end
 
@@ -157,7 +157,7 @@ module Rigor
       return nil if loader.nil?
 
       loader.singleton_definition(class_name.to_s)
-    rescue StandardError
+    rescue ::RBS::BaseError
       nil
     end
 

data/lib/rigor/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rigor
-  VERSION = "0.0.9"
+  VERSION = "0.1.0"
 end

data/lib/rigor.rb

@@ -2,6 +2,7 @@
 
 require_relative "rigor/version"
 require_relative "rigor/configuration"
+require_relative "rigor/configuration/severity_profile"
 require_relative "rigor/trinary"
 require_relative "rigor/type"
 require_relative "rigor/ast"
@@ -27,7 +28,13 @@ require_relative "rigor/cache/rbs_known_class_names"
 require_relative "rigor/cache/rbs_class_ancestor_table"
 require_relative "rigor/cache/rbs_class_type_param_names"
 require_relative "rigor/cache/rbs_environment"
+require_relative "rigor/cache/rbs_instance_definitions"
 require_relative "rigor/flow_contribution"
+require_relative "rigor/flow_contribution/fact"
+require_relative "rigor/flow_contribution/conflict"
+require_relative "rigor/flow_contribution/merge_result"
+require_relative "rigor/flow_contribution/merger"
+require_relative "rigor/plugin"
 require_relative "rigor/source"
 require_relative "rigor/inference/scope_indexer"
 require_relative "rigor/inference/coverage_scanner"

data/sig/rigor/environment.rbs

@@ -32,19 +32,25 @@ module Rigor
     class RbsLoader
       attr_reader libraries: Array[String]
       attr_reader signature_paths: Array[String | _ToPath]
+      attr_reader cache_store: untyped?
 
       def self.default: () -> RbsLoader
       def self.reset_default!: () -> void
+      def self.build_env_for: (libraries: Array[String], signature_paths: Array[String | _ToPath]) -> untyped
 
-      def initialize: (?libraries: Array[String], ?signature_paths: Array[String | _ToPath]) -> void
+      def initialize: (?libraries: Array[String], ?signature_paths: Array[String | _ToPath], ?cache_store: untyped?) -> void
       def class_known?: (String | Symbol name) -> bool
       def instance_definition: (String | Symbol class_name) -> untyped?
       def instance_method: (class_name: String | Symbol, method_name: String | Symbol) -> untyped?
+      def uncached_instance_definition: (String | Symbol class_name) -> untyped?
       def singleton_definition: (String | Symbol class_name) -> untyped?
       def singleton_method: (class_name: String | Symbol, method_name: String | Symbol) -> untyped?
+      def uncached_singleton_definition: (String | Symbol class_name) -> untyped?
       def class_type_param_names: (String | Symbol class_name) -> Array[Symbol]
       def class_ordering: (String | Symbol lhs, String | Symbol rhs) -> ordering
       def constant_type: (String name) -> Type::t?
+      def constant_names: () -> Array[String]
+      def each_known_class_name: () { (String name) -> void } -> untyped
     end
 
     class RbsHierarchy

data/sig/rigor/inference.rbs

@@ -86,6 +86,7 @@ module Rigor
       def self?.narrow_class: (Type::t type, String class_name, ?exact: bool, ?environment: Environment) -> Type::t
       def self?.narrow_not_class: (Type::t type, String class_name, ?exact: bool, ?environment: Environment) -> Type::t
       def self?.narrow_not_refinement: (Type::t current_type, Type::t refinement_type) -> Type::t
+      def self?.narrow_for_fact: (Type::t current, untyped fact, untyped environment) -> Type::t
       def self?.predicate_scopes: (untyped node, Scope scope) -> [Scope, Scope]
       def self?.case_when_scopes: (untyped subject, Array[untyped] conditions, Scope scope) -> [Scope, Scope]
       def self?.analyse: (untyped node, Scope scope) -> untyped

data/sig/rigor/rbs_extended.rbs

@@ -43,6 +43,8 @@ module Rigor
     def self?.read_return_type_override: (untyped method_def) -> Type::t?
     def self?.parse_return_type_override: (String string) -> Type::t?
 
+    def self?.read_flow_contribution: (untyped method_def) -> untyped?
+
     class ParamOverride
       attr_reader param_name: Symbol
       attr_reader type: Type::t

data/sig/rigor/scope.rbs

@@ -48,6 +48,7 @@ module Rigor
     def evaluate: (untyped node, ?tracer: Inference::FallbackTracer?) -> [Type::t, Scope]
     def join: (Scope other) -> Scope
     def ==: (untyped other) -> bool
+    alias eql? ==
     def hash: () -> Integer
   end
 end

data/sig/rigor/type.rbs

@@ -244,9 +244,16 @@ module Rigor
       def self?.decimal_int_string: () -> Refined
       def self?.octal_int_string: () -> Refined
       def self?.hex_int_string: () -> Refined
+      def self?.literal_string: () -> Refined
+      def self?.non_lowercase_string: () -> Refined
+      def self?.non_uppercase_string: () -> Refined
+      def self?.non_numeric_string: () -> Refined
+      def self?.literal_string_carrier?: (Type::t refined) -> bool
+      def self?.literal_string_compatible?: (Type::t type) -> bool
       def self?.intersection: (*Type::t members) -> Type::t
       def self?.non_empty_lowercase_string: () -> Type::t
       def self?.non_empty_uppercase_string: () -> Type::t
+      def self?.non_empty_literal_string: () -> Type::t
       def self?.integer_range: ((Integer | Symbol) min, (Integer | Symbol) max) -> IntegerRange
       def self?.positive_int: () -> IntegerRange
       def self?.non_negative_int: () -> IntegerRange

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rigortype
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.1.0
 platform: ruby
 authors:
 - Rigor contributors
@@ -198,6 +198,7 @@ files:
 - lib/rigor/cache/rbs_descriptor.rb
 - lib/rigor/cache/rbs_environment.rb
 - lib/rigor/cache/rbs_environment_marshal_patch.rb
+- lib/rigor/cache/rbs_instance_definitions.rb
 - lib/rigor/cache/rbs_known_class_names.rb
 - lib/rigor/cache/store.rb
 - lib/rigor/cli.rb
@@ -207,11 +208,17 @@ files:
 - lib/rigor/cli/type_scan_renderer.rb
 - lib/rigor/cli/type_scan_report.rb
 - lib/rigor/configuration.rb
+- lib/rigor/configuration/severity_profile.rb
 - lib/rigor/environment.rb
 - lib/rigor/environment/class_registry.rb
 - lib/rigor/environment/rbs_hierarchy.rb
 - lib/rigor/environment/rbs_loader.rb
 - lib/rigor/flow_contribution.rb
+- lib/rigor/flow_contribution/conflict.rb
+- lib/rigor/flow_contribution/element.rb
+- lib/rigor/flow_contribution/fact.rb
+- lib/rigor/flow_contribution/merge_result.rb
+- lib/rigor/flow_contribution/merger.rb
 - lib/rigor/inference/acceptance.rb
 - lib/rigor/inference/block_parameter_binder.rb
 - lib/rigor/inference/builtins/array_catalog.rb
@@ -255,6 +262,16 @@ files:
 - lib/rigor/inference/rbs_type_translator.rb
 - lib/rigor/inference/scope_indexer.rb
 - lib/rigor/inference/statement_evaluator.rb
+- lib/rigor/plugin.rb
+- lib/rigor/plugin/access_denied_error.rb
+- lib/rigor/plugin/base.rb
+- lib/rigor/plugin/io_boundary.rb
+- lib/rigor/plugin/load_error.rb
+- lib/rigor/plugin/loader.rb
+- lib/rigor/plugin/manifest.rb
+- lib/rigor/plugin/registry.rb
+- lib/rigor/plugin/services.rb
+- lib/rigor/plugin/trust_policy.rb
 - lib/rigor/rbs_extended.rb
 - lib/rigor/reflection.rb
 - lib/rigor/scope.rb