rigortype 0.0.9 → 0.1.1

data/lib/rigor/analysis/runner.rb

@@ -5,6 +5,9 @@ require "prism"
 require_relative "../environment"
 require_relative "../scope"
 require_relative "../cache/store"
+require_relative "../plugin"
+require_relative "../reflection"
+require_relative "../type/combinator"
 require_relative "../inference/coverage_scanner"
 require_relative "../inference/scope_indexer"
 require_relative "../inference/method_dispatcher/file_folding"
@@ -18,7 +21,7 @@ module Rigor
       RUBY_GLOB = "**/*.rb"
       DEFAULT_CACHE_ROOT = ".rigor/cache"
 
-      attr_reader :cache_store
+      attr_reader :cache_store, :plugin_registry
 
       # @param configuration [Rigor::Configuration]
       # @param explain [Boolean] surface fail-soft fallback events
@@ -30,10 +33,13 @@ module Rigor
       #   v0.0.9 group A slice 1 introduces the surface; later
       #   slices route real producers through it.
       def initialize(configuration:, explain: false,
-                     cache_store: Cache::Store.new(root: DEFAULT_CACHE_ROOT))
+                     cache_store: Cache::Store.new(root: DEFAULT_CACHE_ROOT),
+                     plugin_requirer: nil)
         @configuration = configuration
         @explain = explain
         @cache_store = cache_store
+        @plugin_requirer = plugin_requirer
+        @plugin_registry = Plugin::Registry::EMPTY
       end
 
       # Walks every Ruby file under `paths`, parses it, builds a
@@ -48,21 +54,257 @@ module Rigor
         Inference::MethodDispatcher::FileFolding.fold_platform_specific_paths =
           @configuration.fold_platform_specific_paths
 
+        target_ruby_error = validate_target_ruby
+        return Result.new(diagnostics: [target_ruby_error]) if target_ruby_error
+
+        @plugin_registry = load_plugins
         environment = Environment.for_project(
           libraries: @configuration.libraries,
           signature_paths: @configuration.signature_paths,
-          cache_store: @cache_store
+          cache_store: @cache_store,
+          plugin_registry: @plugin_registry
         )
         expansion = expand_paths(paths)
 
-        diagnostics = expansion.fetch(:errors)
+        diagnostics = plugin_load_diagnostics
+        diagnostics += plugin_prepare_diagnostics
+        diagnostics += expansion.fetch(:errors)
         diagnostics += expansion.fetch(:files).flat_map { |path| analyze_file(path, environment) }
 
-        Result.new(diagnostics: diagnostics)
+        Result.new(diagnostics: apply_severity_profile(diagnostics))
+      end
+
+      # `target_ruby` flows through to Prism's `version:` option.
+      # Prism enforces the supported range and raises
+      # `ArgumentError` for versions it does not recognise. Run a
+      # one-time smoke parse here so a misconfigured target_ruby
+      # surfaces as a single project-level diagnostic instead of
+      # crashing the whole run on the first file.
+      def validate_target_ruby
+        Prism.parse("nil", version: @configuration.target_ruby)
+        nil
+      rescue ArgumentError => e
+        Diagnostic.new(
+          path: ".rigor.yml", line: 1, column: 1,
+          message: "target_ruby #{@configuration.target_ruby.inspect} is not accepted by Prism: #{e.message}",
+          severity: :error,
+          rule: "configuration-error",
+          source_family: :builtin
+        )
       end
 
       private
 
+      # Loads project-configured plugins through {Rigor::Plugin::Loader}
+      # and returns the resulting {Rigor::Plugin::Registry}. Loader
+      # failures are isolated: each surfaces as a `:plugin_loader`
+      # diagnostic on the run's `Result` rather than aborting the
+      # analysis. Plugins that load successfully but contribute no
+      # protocol hooks are inert in slice 1; later v0.1.0 slices
+      # wire the contribution merger through this registry.
+      def load_plugins
+        return Plugin::Registry::EMPTY if @configuration.plugins.empty?
+
+        services = Plugin::Services.new(
+          reflection: Reflection,
+          type: Type::Combinator,
+          configuration: @configuration,
+          cache_store: @cache_store,
+          trust_policy: build_trust_policy
+        )
+        if @plugin_requirer
+          Plugin::Loader.load(configuration: @configuration, services: services, requirer: @plugin_requirer)
+        else
+          Plugin::Loader.load(configuration: @configuration, services: services)
+        end
+      end
+
+      # Builds the {Rigor::Plugin::TrustPolicy} for this run. Trusted
+      # gems are the gem-name half of every entry in
+      # `Configuration#plugins`. Allowed read roots default to the
+      # project root (CWD), the project's signature_paths, and each
+      # trusted gem's `Gem::Specification#full_gem_path`, plus any
+      # extras the user listed under `plugins_io.allowed_paths`.
+      # Slice 2 keeps `network_policy` `:disabled` — the only value
+      # the configuration accepts today.
+      def build_trust_policy
+        trusted_gems = @configuration.plugins.map { |entry| trusted_gem_name(entry) }.uniq
+        roots = [Dir.pwd]
+        Array(@configuration.signature_paths).each { |sp| roots << File.expand_path(sp) }
+        trusted_gems.each do |gem_name|
+          path = trusted_gem_root(gem_name)
+          roots << path if path
+        end
+        @configuration.plugins_io_allowed_paths.each { |p| roots << File.expand_path(p) }
+
+        Plugin::TrustPolicy.new(
+          trusted_gems: trusted_gems,
+          allowed_read_roots: roots,
+          network_policy: @configuration.plugins_io_network
+        )
+      end
+
+      def trusted_gem_name(entry)
+        case entry
+        when String then entry
+        when Hash then entry["gem"] || entry["id"]
+        end
+      end
+
+      def trusted_gem_root(gem_name)
+        return nil if gem_name.nil? || gem_name.empty?
+
+        spec = Gem.loaded_specs[gem_name]
+        spec&.full_gem_path # rigor:disable undefined-method
+      rescue StandardError
+        nil
+      end
+
+      # ADR-8 § "Severity profile" — re-stamps each diagnostic's
+      # severity from the configured profile + per-rule
+      # overrides. Rules emit with their authored severity; the
+      # profile is the final filter. Diagnostics whose resolved
+      # severity is `:off` are dropped from the run result.
+      def apply_severity_profile(diagnostics)
+        diagnostics.filter_map { |diagnostic| stamp_severity(diagnostic) }
+      end
+
+      def stamp_severity(diagnostic)
+        return diagnostic if diagnostic.rule.nil?
+
+        resolved = Configuration::SeverityProfile.resolve(
+          rule: diagnostic.rule,
+          authored_severity: diagnostic.severity,
+          profile: @configuration.severity_profile,
+          overrides: @configuration.severity_overrides
+        )
+        return nil if resolved == :off
+        return diagnostic if resolved == diagnostic.severity
+
+        Diagnostic.new(
+          path: diagnostic.path,
+          line: diagnostic.line,
+          column: diagnostic.column,
+          message: diagnostic.message,
+          severity: resolved,
+          rule: diagnostic.rule,
+          source_family: diagnostic.source_family
+        )
+      end
+
+      def plugin_load_diagnostics
+        @plugin_registry.load_errors.map do |error|
+          Diagnostic.new(
+            path: ".rigor.yml",
+            line: 1,
+            column: 1,
+            message: error.message,
+            severity: :error,
+            rule: "load-error",
+            source_family: :plugin_loader
+          )
+        end
+      end
+
+      # ADR-9 slice 3 — invokes every loaded plugin's `#prepare`
+      # hook once per run, after the loader's `#init` pass and
+      # before per-file iteration. Plugins publish facts here
+      # for cross-plugin consumption via the shared
+      # `services.fact_store`. Failures isolate as
+      # `:plugin_loader runtime-error` diagnostics, mirroring the
+      # `#diagnostics_for_file` raise envelope in
+      # `plugin_runtime_error_diagnostic`.
+      #
+      # Slice 3 visits plugins in registration order. Slice 5
+      # introduces topological ordering by `manifest(consumes:)`
+      # so producers always run before consumers; until then,
+      # `Configuration#plugins` order MUST be producer-first if
+      # cross-plugin dependencies exist.
+      def plugin_prepare_diagnostics
+        return [] if @plugin_registry.empty?
+
+        @plugin_registry.plugins.flat_map { |plugin| invoke_plugin_prepare(plugin) }
+      end
+
+      def invoke_plugin_prepare(plugin)
+        plugin.prepare(plugin.services)
+        []
+      rescue StandardError => e
+        [plugin_prepare_error_diagnostic(plugin, e)]
+      end
+
+      def plugin_prepare_error_diagnostic(plugin, error)
+        plugin_id = safe_plugin_id(plugin)
+        Diagnostic.new(
+          path: ".rigor.yml",
+          line: 1,
+          column: 1,
+          message: "plugin #{plugin_id.inspect} raised during prepare: " \
+                   "#{error.class}: #{error.message}",
+          severity: :error,
+          rule: "runtime-error",
+          source_family: :plugin_loader
+        )
+      end
+
+      # ADR-7 § "Slice 5-A/5-B" — invokes every loaded plugin's
+      # per-file diagnostic emission hook
+      # (`Plugin::Base#diagnostics_for_file`) and re-stamps the
+      # returned diagnostics with
+      # `source_family: "plugin.<manifest.id>"` so plugin
+      # authors cannot accidentally publish under another
+      # plugin's identifier or under `:builtin`. Plugin
+      # exceptions are isolated per ADR-2 § "Plugin Trust and
+      # I/O Policy" — a raise from one plugin becomes a
+      # `:plugin_loader` `runtime-error` diagnostic without
+      # affecting other plugins or the rest of the run.
+      def plugin_emitted_diagnostics(path, root, scope)
+        return [] if @plugin_registry.empty?
+
+        @plugin_registry.plugins.flat_map do |plugin|
+          collect_plugin_diagnostics(plugin, path, root, scope)
+        end
+      end
+
+      def collect_plugin_diagnostics(plugin, path, root, scope)
+        raw = plugin.diagnostics_for_file(path: path, scope: scope, root: root)
+        Array(raw).map { |diagnostic| stamp_plugin_diagnostic(diagnostic, plugin.manifest.id) }
+      rescue StandardError => e
+        [plugin_runtime_error_diagnostic(path, plugin, e)]
+      end
+
+      def stamp_plugin_diagnostic(diagnostic, plugin_id)
+        Diagnostic.new(
+          path: diagnostic.path,
+          line: diagnostic.line,
+          column: diagnostic.column,
+          message: diagnostic.message,
+          severity: diagnostic.severity,
+          rule: diagnostic.rule,
+          source_family: "plugin.#{plugin_id}"
+        )
+      end
+
+      def plugin_runtime_error_diagnostic(path, plugin, error)
+        plugin_id = safe_plugin_id(plugin)
+        Diagnostic.new(
+          path: path,
+          line: 1,
+          column: 1,
+          message: "plugin #{plugin_id.inspect} raised during diagnostics_for_file: " \
+                   "#{error.class}: #{error.message}",
+          severity: :error,
+          rule: "runtime-error",
+          source_family: :plugin_loader
+        )
+      end
+
+      def safe_plugin_id(plugin)
+        plugin.manifest.id
+      rescue StandardError
+        plugin.class.to_s
+      end
+
       # Resolves the user-supplied path list into:
       # - `:files`  — the concrete `.rb` files to analyze.
       # - `:errors` — `Diagnostic` entries for each path that
@@ -76,7 +318,7 @@ module Rigor
         errors = []
         Array(paths).each do |path|
           if File.directory?(path)
-            files.concat(Dir.glob(File.join(path, RUBY_GLOB)))
+            files.concat(reject_excluded(Dir.glob(File.join(path, RUBY_GLOB))))
           elsif File.file?(path) && path.end_with?(".rb")
             files << path
           elsif File.exist?(path)
@@ -88,6 +330,25 @@ module Rigor
         { files: files, errors: errors }
       end
 
+      # `Configuration#exclude_patterns` is a list of glob patterns
+      # checked against each globbed path via `File.fnmatch?` (without
+      # `FNM_PATHNAME`, so `**` and `*` both span path separators —
+      # the patterns behave like substring globs). Built-in defaults
+      # exclude `vendor/bundle`, `.bundle`, `node_modules`, and `tmp`
+      # so the analyser never walks into vendored deps or build
+      # artefacts. User-supplied entries (`.rigor.yml` `exclude:`)
+      # layer on top. Explicit file arguments to the CLI bypass this
+      # filter — only the directory-glob expansion is filtered.
+      def reject_excluded(file_list)
+        return file_list if @configuration.exclude_patterns.empty?
+
+        file_list.reject { |path| excluded?(path) }
+      end
+
+      def excluded?(path)
+        @configuration.exclude_patterns.any? { |pattern| File.fnmatch?(pattern, path) }
+      end
+
       def path_error(path, message)
         Diagnostic.new(
           path: path,
@@ -99,7 +360,7 @@ module Rigor
       end
 
       def analyze_file(path, environment) # rubocop:disable Metrics/MethodLength
-        parse_result = Prism.parse_file(path)
+        parse_result = Prism.parse_file(path, version: @configuration.target_ruby)
         return parse_diagnostics(path, parse_result) unless parse_result.errors.empty?
 
         scope = Scope.empty(environment: environment)
@@ -111,6 +372,7 @@ module Rigor
           comments: parse_result.comments,
           disabled_rules: @configuration.disabled_rules
         )
+        diagnostics += plugin_emitted_diagnostics(path, parse_result.value, scope)
         diagnostics + explain_diagnostics(path, parse_result.value, scope)
       rescue Errno::ENOENT => e
         [

data/lib/rigor/builtins/regex_refinement.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require_relative "../type"
+
+module Rigor
+  module Builtins
+    # Maps a curated table of canonical regex sub-patterns onto the
+    # imported refinement carriers Rigor already ships
+    # (`decimal-int-string`, `hex-int-string`, `octal-int-string`,
+    # `lowercase-string`, `uppercase-string`, `numeric-string`).
+    # See `docs/type-specification/imported-built-in-types.md` for
+    # the registry the refinements come from and `docs/MILESTONES.md`
+    # § "v0.1.1 — Planned" Track 1 slice 1 for the binding scope of
+    # this recogniser.
+    #
+    # The intended consumer is `Inference::Narrowing.analyse_match_write`:
+    # given `if /(?<year>\d+)/ =~ str; year; end`, the v0.1.0
+    # baseline narrows `year` to plain `String`; v0.1.1 introspects
+    # the regex source and narrows further to
+    # `decimal-int-string` whenever the named-capture body matches
+    # one of the rows in {RULES}.
+    #
+    # Recognised body shapes (each row admits the `+` quantifier
+    # and the bounded `{n}` / `{n,m}` forms with `n >= 1`):
+    #
+    #   - `\d`                     -> decimal-int-string
+    #   - `\h`                     -> hex-int-string
+    #   - `[0-9a-fA-F]`            -> hex-int-string
+    #   - `[0-9a-f]`, `[0-9A-F]`   -> hex-int-string
+    #   - `[0-7]`                  -> octal-int-string
+    #   - `[a-z]`                  -> lowercase-string
+    #   - `[A-Z]`                  -> uppercase-string
+    #   - `[[:digit:]]`            -> numeric-string
+    #
+    # Anything outside the table returns `nil` so the calling
+    # narrowing site falls back to its previous behaviour
+    # (plain `String`). Arbitrary regex semantic equivalence is
+    # undecidable, so the table is intentionally a small audited
+    # set of canonical shapes rather than a general equivalence
+    # checker.
+    module RegexRefinement
+      # `+` (one-or-more) or `{n}` / `{n,m}` (n >= 1, m >= n).
+      # The bound check is enforced separately by
+      # {valid_bounds?} after the structural match succeeds, so
+      # forms like `\d{0,5}` or `\d{5,3}` reject even though they
+      # parse syntactically.
+      QUANTIFIER_SOURCE = '(?:\+|\{\d+(?:,\d+)?\})'
+      private_constant :QUANTIFIER_SOURCE
+
+      RULES = [
+        [/\A\\d#{QUANTIFIER_SOURCE}\z/, :decimal_int_string],
+        [/\A\\h#{QUANTIFIER_SOURCE}\z/, :hex_int_string],
+        [/\A\[0-9a-fA-F\]#{QUANTIFIER_SOURCE}\z/, :hex_int_string],
+        [/\A\[0-9a-f\]#{QUANTIFIER_SOURCE}\z/, :hex_int_string],
+        [/\A\[0-9A-F\]#{QUANTIFIER_SOURCE}\z/, :hex_int_string],
+        [/\A\[0-7\]#{QUANTIFIER_SOURCE}\z/, :octal_int_string],
+        [/\A\[a-z\]#{QUANTIFIER_SOURCE}\z/, :lowercase_string],
+        [/\A\[A-Z\]#{QUANTIFIER_SOURCE}\z/, :uppercase_string],
+        [/\A\[\[:digit:\]\]#{QUANTIFIER_SOURCE}\z/, :numeric_string]
+      ].freeze
+      private_constant :RULES
+
+      BOUND_RE = /\{(\d+)(?:,(\d+))?\}\z/
+      private_constant :BOUND_RE
+
+      module_function
+
+      # @param body [String, nil] a regex sub-pattern, typically the
+      #   inner body of a `(?<name>body)` named capture. Anchors
+      #   (`\A`, `\z`, `^`, `$`) are not stripped — the recogniser
+      #   table targets bodies that the regex engine treats as
+      #   anchored to the capture group bounds.
+      # @return [Rigor::Type, nil] the matching imported refinement
+      #   carrier, or `nil` if `body` is not a recognised shape.
+      def for_capture_body(body)
+        return nil if body.nil? || body.empty?
+
+        rule = RULES.find { |pattern, _| pattern.match?(body) }
+        return nil if rule.nil?
+        return nil unless valid_bounds?(body)
+
+        Type::Combinator.public_send(rule.last)
+      end
+
+      # Filters the bounded-quantifier forms to ones whose lower
+      # bound is at least 1 and whose upper bound (if any) is at
+      # least the lower bound. Without this, `\d{0,5}` would be
+      # accepted even though it admits the empty string, which is
+      # not a valid `decimal-int-string`.
+      def valid_bounds?(body)
+        m = BOUND_RE.match(body)
+        return true if m.nil?
+
+        low = Integer(m[1])
+        return false if low < 1
+
+        high = m[2] && Integer(m[2])
+        return true if high.nil?
+
+        low <= high
+      end
+    end
+  end
+end

data/lib/rigor/cache/rbs_class_ancestor_table.rb

@@ -53,7 +53,7 @@ module Rigor
                   .map { |ancestor| ancestor.name.to_s.delete_prefix("::") }
                   .uniq
                   .freeze
-      rescue StandardError
+      rescue ::RBS::BaseError
         nil
       end
 

data/lib/rigor/cache/rbs_class_type_param_names.rb

@@ -50,7 +50,7 @@ module Rigor
         return nil if definition.nil?
 
         definition.type_params.dup.freeze
-      rescue StandardError
+      rescue ::RBS::BaseError
         nil
       end
 

data/lib/rigor/cache/rbs_constant_table.rb

@@ -33,10 +33,10 @@ module Rigor
         loader.each_constant_decl do |name, entry|
           translated = Inference::RbsTypeTranslator.translate(entry.decl.type)
           table[name] = translated unless translated.is_a?(Type::Bot)
-        rescue StandardError
+        rescue ::RBS::BaseError
           # Skip entries whose RBS type fails to translate; the cache
           # stays robust to a broken signature rather than corrupting
-          # the whole table.
+          # the whole table. Analyzer-internal errors propagate.
         end
         table
       end

data/lib/rigor/cache/rbs_descriptor.rb

@@ -2,6 +2,8 @@
 
 require "digest"
 
+require_relative "descriptor"
+
 module Rigor
   module Cache
     # Shared descriptor builder for cache producers that depend on the

data/lib/rigor/cache/rbs_instance_definitions.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require_relative "rbs_descriptor"
+require_relative "rbs_environment_marshal_patch"
+
+module Rigor
+  module Cache
+    # Cache producer that materialises the full
+    # `Hash<String, RBS::Definition>` for instance-side class
+    # definitions in the RBS environment, in a single cache
+    # entry. Mirrors the {RbsConstantTable} layout.
+    #
+    # ADR-7 § "Slice 6-D" carry-over and dogfooding feedback:
+    # the earlier per-class cache layout (one entry per class,
+    # ~1300 files) made warm runs *slower* than `--no-cache`
+    # because each `instance_definition` call paid disk-open +
+    # `Marshal.load` overhead and the in-memory
+    # `RBS::DefinitionBuilder.build_instance` was actually fast
+    # given a cached `RBS::Environment`. The single-blob layout
+    # collapses that to one `Marshal.load` per process; warm runs
+    # now match `--no-cache` timing while preserving the
+    # cross-process invalidation story.
+    #
+    # Marshal-cleanness of `RBS::Definition` is enabled by the
+    # v0.0.9 C2 `RBS::Location` patch.
+    class RbsInstanceDefinitions
+      PRODUCER_ID = "rbs.instance_definitions"
+
+      # @param loader [Rigor::Environment::RbsLoader]
+      # @param store [Rigor::Cache::Store]
+      # @return [Hash{String => RBS::Definition}]
+      def self.fetch(loader:, store:)
+        descriptor = RbsDescriptor.build(loader)
+        store.fetch_or_compute(producer_id: PRODUCER_ID, params: {}, descriptor: descriptor) do
+          compute(loader)
+        end
+      end
+
+      def self.compute(loader)
+        table = {}
+        loader.each_known_class_name do |name|
+          definition = loader.uncached_instance_definition(name)
+          table[name] = definition if definition
+        end
+        table
+      end
+
+      private_class_method :compute
+    end
+
+    # Singleton-side equivalent of {RbsInstanceDefinitions}.
+    # Caches the full `Hash<String, RBS::Definition>` for the
+    # singleton class of every RBS-known class.
+    class RbsSingletonDefinitions
+      PRODUCER_ID = "rbs.singleton_definitions"
+
+      # @param loader [Rigor::Environment::RbsLoader]
+      # @param store [Rigor::Cache::Store]
+      # @return [Hash{String => RBS::Definition}]
+      def self.fetch(loader:, store:)
+        descriptor = RbsDescriptor.build(loader)
+        store.fetch_or_compute(producer_id: PRODUCER_ID, params: {}, descriptor: descriptor) do
+          compute(loader)
+        end
+      end
+
+      def self.compute(loader)
+        table = {}
+        loader.each_known_class_name do |name|
+          definition = loader.uncached_singleton_definition(name)
+          table[name] = definition if definition
+        end
+        table
+      end
+
+      private_class_method :compute
+    end
+  end
+end

data/lib/rigor/cache/store.rb

@@ -5,6 +5,8 @@ require "fileutils"
 require "json"
 require "securerandom"
 
+require_relative "descriptor"
+
 module Rigor
   module Cache
     # Filesystem-backed cache store. Schema, layout, file format,

data/lib/rigor/cli/type_of_command.rb

@@ -48,7 +48,7 @@ module Rigor
       private
 
       def parse_options
-        options = { format: "text", trace: false, config: Configuration::DEFAULT_PATH }
+        options = { format: "text", trace: false, config: nil }
 
         parser = OptionParser.new do |opts|
           opts.banner = USAGE
@@ -65,8 +65,9 @@ module Rigor
         file, line, column = target
         return 1 unless file_exists?(file)
 
+        configuration = Configuration.load(options.fetch(:config))
         source = File.read(file)
-        parse_result = Prism.parse(source, filepath: file)
+        parse_result = Prism.parse(source, filepath: file, version: configuration.target_ruby)
         return 1 if parse_errors?(parse_result, file)
 
         node = locate_node(source: source, root: parse_result.value, file: file, line: line, column: column)
@@ -74,7 +75,6 @@ module Rigor
         return 1 if node.nil?
 
         tracer = options[:trace] ? Inference::FallbackTracer.new : nil
-        configuration = Configuration.load(options.fetch(:config))
         base_scope = Scope.empty(environment: project_environment(file, configuration))
 
         # Build a per-node scope index so locals bound earlier in the

data/lib/rigor/cli/type_scan_command.rb

@@ -46,7 +46,7 @@ module Rigor
 
       def parse_options
         options = { format: "text", limit: 10, show_recognized: false, threshold: nil,
-                    config: Configuration::DEFAULT_PATH }
+                    config: nil }
 
         parser = OptionParser.new do |opts|
           opts.banner = USAGE
@@ -93,7 +93,7 @@ module Rigor
         scope = Scope.empty(environment: project_environment(configuration))
         scanner = Inference::CoverageScanner.new(scope: scope)
         accumulator = ScanAccumulator.new
-        paths.each { |path| scan_one(path, scanner, accumulator) }
+        paths.each { |path| scan_one(path, scanner, accumulator, configuration) }
         accumulator.to_report(paths, options)
       end
 
@@ -107,9 +107,9 @@ module Rigor
         )
       end
 
-      def scan_one(path, scanner, accumulator)
+      def scan_one(path, scanner, accumulator, configuration)
         source = File.read(path)
-        parse_result = Prism.parse(source, filepath: path)
+        parse_result = Prism.parse(source, filepath: path, version: configuration.target_ruby)
         if parse_result.errors.any?
           accumulator.record_parse_error(path, parse_result.errors)
           return