rigortype 0.1.0 → 0.1.2

data/lib/rigor/inference/scope_indexer.rb

@@ -106,6 +106,14 @@ module Rigor
         discovered_def_nodes = build_discovered_def_nodes(root)
         seeded_scope = seeded_scope.with_discovered_def_nodes(discovered_def_nodes)
 
+        # v0.1.2 — per-class table of method visibilities
+        # (`:public` / `:private` / `:protected`). The
+        # `def.method-visibility-mismatch` CheckRule consults
+        # the table to flag explicit-non-self calls to a
+        # private user method.
+        discovered_method_visibilities = build_discovered_method_visibilities(root)
+        seeded_scope = seeded_scope.with_discovered_method_visibilities(discovered_method_visibilities)
+
         table = {}.compare_by_identity
         table.default = seeded_scope
 
@@ -340,7 +348,8 @@ module Rigor
         accumulator.transform_values(&:freeze).freeze
       end
 
-      def walk_methods(node, qualified_prefix, in_singleton_class, accumulator) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/AbcSize
+      def walk_methods(node, qualified_prefix, in_singleton_class, accumulator)
         return unless node.is_a?(Prism::Node)
 
         case node
@@ -356,6 +365,12 @@ module Rigor
             walk_methods(node.body, qualified_prefix, true, accumulator)
             return
           end
+        when Prism::ConstantWriteNode
+          if meta_new_block_body(node)
+            child_prefix = qualified_prefix + [node.name.to_s]
+            walk_methods(meta_new_block_body(node), child_prefix, false, accumulator)
+            return
+          end
         when Prism::DefNode
           record_def_method(node, qualified_prefix, in_singleton_class, accumulator)
           return
@@ -370,6 +385,24 @@ module Rigor
           walk_methods(child, qualified_prefix, in_singleton_class, accumulator)
         end
       end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/AbcSize
+
+      # v0.1.2 — when a `Const = Data.define(*sym) do ... end`
+      # / `Const = Struct.new(*sym) do ... end` constant write
+      # carries a block, the block body holds method overrides
+      # whose canonical class is `Const`. Returns the block body
+      # node (a `Prism::StatementsNode`) when the rvalue
+      # matches; nil otherwise. Used by `walk_methods` /
+      # `walk_def_nodes` to push `Const` onto the qualified
+      # prefix before recursing.
+      def meta_new_block_body(node)
+        return nil unless node.is_a?(Prism::ConstantWriteNode)
+
+        rvalue = node.value
+        return nil unless data_define_call?(rvalue) || struct_new_call?(rvalue)
+
+        rvalue.block&.body
+      end
 
       def record_def_method(def_node, qualified_prefix, in_singleton_class, accumulator)
         return if qualified_prefix.empty?
@@ -397,7 +430,8 @@ module Rigor
         accumulator.transform_values(&:freeze).freeze
       end
 
-      def walk_def_nodes(node, qualified_prefix, in_singleton_class, accumulator) # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      def walk_def_nodes(node, qualified_prefix, in_singleton_class, accumulator)
         return unless node.is_a?(Prism::Node)
 
         case node
@@ -413,6 +447,12 @@ module Rigor
             walk_def_nodes(node.body, qualified_prefix, true, accumulator)
             return
           end
+        when Prism::ConstantWriteNode
+          if meta_new_block_body(node)
+            child_prefix = qualified_prefix + [node.name.to_s]
+            walk_def_nodes(meta_new_block_body(node), child_prefix, false, accumulator)
+            return
+          end
         when Prism::DefNode
           record_def_node(node, qualified_prefix, in_singleton_class, accumulator)
           return
@@ -422,6 +462,7 @@ module Rigor
           walk_def_nodes(child, qualified_prefix, in_singleton_class, accumulator)
         end
       end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
 
       # v0.0.3 A — sentinel key under which `record_def_node`
       # files DefNodes that live outside any class / module
@@ -440,6 +481,134 @@ module Rigor
         accumulator[class_name][def_node.name] = def_node
       end
 
+      VISIBILITY_MODIFIERS = %i[public private protected].freeze
+
+      # v0.1.2 — per-class method-visibility table for the
+      # `def.method-visibility-mismatch` CheckRule.
+      #
+      # Tracks two visibility-changing forms:
+      #
+      # - **Modifier blocks**: a bare `private` / `protected` /
+      #   `public` call inside a class body switches the
+      #   "current default" visibility for every subsequent
+      #   `def` until another modifier flips it again.
+      # - **Named-argument form**: `private :foo, :bar` (or
+      #   the same with `protected` / `public`) marks specific
+      #   names already-recorded under the class. Symbol-only
+      #   args are recognised; `private def foo; end` (the
+      #   wrap-around form) is not yet — it would need
+      #   tracking the def-call's return-value visibility,
+      #   which is a separate slice.
+      #
+      # Top-level (no surrounding class) defs do not contribute
+      # — Ruby's top-level visibility nuances (private at
+      # top-level marks the method on `Object`) are out of
+      # scope for v0.1.2.
+      def build_discovered_method_visibilities(root)
+        accumulator = {}
+        walk_method_visibilities(root, [], false, :public, accumulator)
+        accumulator.transform_values(&:freeze).freeze
+      end
+
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/AbcSize
+      def walk_method_visibilities(node, qualified_prefix, in_singleton_class, current_visibility, accumulator)
+        return current_visibility unless node.is_a?(Prism::Node)
+
+        case node
+        when Prism::ClassNode, Prism::ModuleNode
+          name = qualified_name_for(node.constant_path)
+          if name
+            child_prefix = qualified_prefix + [name]
+            walk_method_visibilities(node.body, child_prefix, false, :public, accumulator) if node.body
+            return current_visibility
+          end
+        when Prism::SingletonClassNode
+          if node.expression.is_a?(Prism::SelfNode) && node.body
+            walk_method_visibilities(node.body, qualified_prefix, true, :public, accumulator)
+            return current_visibility
+          end
+        when Prism::ConstantWriteNode
+          if meta_new_block_body(node)
+            child_prefix = qualified_prefix + [node.name.to_s]
+            walk_method_visibilities(meta_new_block_body(node), child_prefix, false, :public, accumulator)
+            return current_visibility
+          end
+        when Prism::DefNode
+          record_def_visibility(node, qualified_prefix, in_singleton_class, current_visibility, accumulator)
+          return current_visibility
+        when Prism::CallNode
+          updated = apply_visibility_call(node, qualified_prefix, current_visibility, accumulator)
+          return updated unless updated.equal?(current_visibility)
+        end
+
+        # Statement-position StatementsNode preserves
+        # left-to-right visibility flow; everything else
+        # recurses with the entry visibility unchanged.
+        if node.is_a?(Prism::StatementsNode)
+          local_visibility = current_visibility
+          node.compact_child_nodes.each do |child|
+            local_visibility = walk_method_visibilities(child, qualified_prefix, in_singleton_class,
+                                                        local_visibility, accumulator)
+          end
+        else
+          node.compact_child_nodes.each do |child|
+            walk_method_visibilities(child, qualified_prefix, in_singleton_class, current_visibility, accumulator)
+          end
+        end
+        current_visibility
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/AbcSize
+
+      def record_def_visibility(def_node, qualified_prefix, in_singleton_class, current_visibility, accumulator)
+        return if def_node.receiver.is_a?(Prism::SelfNode) || in_singleton_class
+        return if qualified_prefix.empty?
+
+        class_name = qualified_prefix.join("::")
+        accumulator[class_name] ||= {}
+        accumulator[class_name][def_node.name] = current_visibility
+      end
+
+      # Recognises modifier calls on the implicit-self receiver
+      # inside a class body. Returns the (possibly updated)
+      # current visibility:
+      #
+      # - `private` / `public` / `protected` (no args) —
+      #   switch the running default for subsequent defs.
+      # - `private :foo, :bar` — back-patch the named methods
+      #   in the accumulator. Returns `current_visibility`
+      #   unchanged because the running default does NOT
+      #   change for this form.
+      def apply_visibility_call(call_node, qualified_prefix, current_visibility, accumulator)
+        return current_visibility unless call_node.receiver.nil?
+        return current_visibility unless VISIBILITY_MODIFIERS.include?(call_node.name)
+        return current_visibility if qualified_prefix.empty?
+
+        args = call_node.arguments&.arguments || []
+        if args.empty?
+          call_node.name
+        else
+          apply_named_visibility(args, qualified_prefix, call_node.name, accumulator)
+          current_visibility
+        end
+      end
+
+      def apply_named_visibility(args, qualified_prefix, visibility, accumulator)
+        class_name = qualified_prefix.join("::")
+        args.each do |arg|
+          name = visibility_target_name(arg)
+          next if name.nil?
+
+          accumulator[class_name] ||= {}
+          accumulator[class_name][name] = visibility
+        end
+      end
+
+      def visibility_target_name(arg)
+        return arg.unescaped.to_sym if arg.is_a?(Prism::SymbolNode) || arg.is_a?(Prism::StringNode)
+
+        nil
+      end
+
       # Registers the alias name in the `discovered_methods` table so
       # `undefined-method` diagnostics are not emitted for calls to the
       # aliased name. The kind mirrors the surrounding class context
@@ -552,7 +721,7 @@ module Rigor
         when Prism::ModuleNode, Prism::ClassNode
           return if record_class_or_module?(node, qualified_prefix, identity_table, discovered)
         when Prism::ConstantWriteNode
-          return if record_data_define_constant?(node, qualified_prefix, identity_table, discovered)
+          return if record_meta_new_constant?(node, qualified_prefix, identity_table, discovered)
         end
 
         node.compact_child_nodes.each do |child|
@@ -573,17 +742,23 @@ module Rigor
         true
       end
 
-      # Recognises `Const = Data.define(*Symbol) [do ... end]` and registers
-      # `Const` (qualified by the surrounding class/module path) as a
-      # discovered class. `Const.new(...)` then resolves to a fresh
-      # `Nominal[Const]` via `meta_new`, instead of the un-narrowed
-      # `Dynamic[top]` returned by the default `Class#new` envelope.
+      # Recognises class-creating meta calls at constant-write rvalue
+      # position and registers `Const` (qualified by the surrounding
+      # class/module path) as a discovered class. `Const.new(...)`
+      # then resolves to a fresh `Nominal[Const]` via `meta_new`,
+      # instead of the un-narrowed `Dynamic[top]` returned by the
+      # default `Class#new` envelope.
       #
-      # The Data.define block body, if present, is recursed into so any
-      # nested class/module declarations in the override block (rare but
-      # legal) still feed the discovered table.
-      def record_data_define_constant?(node, qualified_prefix, identity_table, discovered)
-        return false unless data_define_call?(node.value)
+      # Two recognised meta forms:
+      #
+      # - `Const = Data.define(*Symbol) [do ... end]`
+      # - `Const = Struct.new(*Symbol [, keyword_init: ...]) [do ... end]`
+      #
+      # The block body, if present, is recursed into so any nested
+      # class/module declarations in the override block (rare but legal)
+      # still feed the discovered table.
+      def record_meta_new_constant?(node, qualified_prefix, identity_table, discovered)
+        return false unless data_define_call?(node.value) || struct_new_call?(node.value)
 
         full = (qualified_prefix + [node.name.to_s]).join("::")
         discovered[full] = Type::Combinator.singleton_of(full)
@@ -599,18 +774,46 @@ module Rigor
       def data_define_call?(node)
         return false unless node.is_a?(Prism::CallNode)
         return false unless node.name == :define
-        return false unless data_constant_receiver?(node.receiver)
+        return false unless meta_constant_receiver?(node.receiver, :Data)
 
         args = node.arguments&.arguments || []
         args.all?(Prism::SymbolNode)
       end
 
-      def data_constant_receiver?(node)
+      # Recognises `Struct.new(*Symbol)` and
+      # `Struct.new(*Symbol, keyword_init: <expr>)` at constant-write
+      # rvalue position. A trailing `KeywordHashNode` (the
+      # `keyword_init: ...` form) is accepted but does not contribute
+      # to member discovery; every other argument MUST be a
+      # `Prism::SymbolNode`. At least one Symbol member is required —
+      # `Struct.new()` is a degenerate form callers don't typically use.
+      def struct_new_call?(node)
+        return false unless meta_call_with_name?(node, :Struct, :new)
+
+        args = node.arguments&.arguments || []
+        positional = struct_new_positionals(args)
+        return false if positional.nil? || positional.empty?
+
+        positional.all?(Prism::SymbolNode)
+      end
+
+      def meta_call_with_name?(node, receiver_name, method_name)
+        return false unless node.is_a?(Prism::CallNode)
+        return false unless node.name == method_name
+
+        meta_constant_receiver?(node.receiver, receiver_name)
+      end
+
+      def struct_new_positionals(args)
+        args.last.is_a?(Prism::KeywordHashNode) ? args[0..-2] : args
+      end
+
+      def meta_constant_receiver?(node, expected_name)
         case node
         when Prism::ConstantReadNode
-          node.name == :Data
+          node.name == expected_name
         when Prism::ConstantPathNode
-          node.parent.nil? && node.name == :Data
+          node.parent.nil? && node.name == expected_name
         end
       end
 

data/lib/rigor/inference/statement_evaluator.rb

@@ -1015,6 +1015,7 @@ module Rigor
       # same hierarchy-aware narrowing rules.
       def apply_post_return_fact(fact, call_node, current_scope, method_def)
         target_node = fact_target_node(fact, call_node, method_def)
+        return apply_self_post_return_fact(fact, target_node, current_scope) if fact.target_kind == :self
         return current_scope unless target_node.is_a?(Prism::LocalVariableReadNode)
 
         local_name = target_node.name
@@ -1025,6 +1026,34 @@ module Rigor
         current_scope.with_local(local_name, narrowed)
       end
 
+      # v0.1.1 Track 1 slice 3 — `assert self is T` post-return
+      # narrowing for the four supported receiver shapes (mirrors
+      # `Narrowing#apply_self_fact`).
+      def apply_self_post_return_fact(fact, receiver_node, current_scope)
+        case receiver_node
+        when nil, Prism::SelfNode
+          current = current_scope.self_type
+          return current_scope if current.nil?
+
+          narrowed = Narrowing.narrow_for_fact(current, fact, current_scope.environment)
+          current_scope.with_self_type(narrowed)
+        when Prism::LocalVariableReadNode
+          current = current_scope.local(receiver_node.name)
+          return current_scope if current.nil?
+
+          narrowed = Narrowing.narrow_for_fact(current, fact, current_scope.environment)
+          current_scope.with_local(receiver_node.name, narrowed)
+        when Prism::InstanceVariableReadNode
+          current = current_scope.ivar(receiver_node.name)
+          return current_scope if current.nil?
+
+          narrowed = Narrowing.narrow_for_fact(current, fact, current_scope.environment)
+          current_scope.with_ivar(receiver_node.name, narrowed)
+        else
+          current_scope
+        end
+      end
+
       # `:self` routes to the call receiver; otherwise we look
       # up the matching positional argument by parameter name.
       def fact_target_node(fact, call_node, method_def)

data/lib/rigor/plugin/base.rb

@@ -111,6 +111,49 @@ module Rigor
         nil
       end
 
+      # ADR-2 § "Flow Contribution Bundle" / v0.1.1 Track 2
+      # slice 7 — per-call return-type contribution hook. When
+      # the inference engine dispatches a `Prism::CallNode` and
+      # neither the precision tiers nor RBS resolve a result,
+      # `MethodDispatcher` consults each loaded plugin via this
+      # hook ahead of `RbsDispatch`. Plugins that override the
+      # default return a {Rigor::FlowContribution} bundle whose
+      # `return_type` slot pins the call site's result type.
+      #
+      # Default returns nil — plugins that don't refine return
+      # types skip the override. Failures are isolated: a hook
+      # that raises gets its contribution dropped silently for
+      # this call so the rest of the dispatch chain continues.
+      def flow_contribution_for(call_node:, scope:) # rubocop:disable Lint/UnusedMethodArgument
+        nil
+      end
+
+      # ADR-9 slice 3 — per-run preparation hook. The runner
+      # invokes `#prepare(services)` on every loaded plugin once
+      # per `Analysis::Runner.run`, after `#init` has run on every
+      # plugin and before any `#diagnostics_for_file` call.
+      # Plugins use this hook to compute and publish facts other
+      # plugins consume:
+      #
+      #   def prepare(services)
+      #     services.fact_store.publish(
+      #       plugin_id: manifest.id, name: :model_index, value: model_index
+      #     )
+      #   end
+      #
+      # Default no-op so plugins without facts to publish leave
+      # `#prepare` unimplemented. Failures isolate as
+      # `:plugin_loader runtime-error` diagnostics; a plugin that
+      # raises in `#prepare` has its facts considered un-published
+      # and downstream consumers see `nil` from `fact_store.read`.
+      #
+      # Slice 3 calls plugins in registration order. ADR-9 slice 5
+      # introduces topological ordering by `consumes:` so producers
+      # always run before consumers.
+      def prepare(services) # rubocop:disable Lint/UnusedMethodArgument
+        nil
+      end
+
       # ADR-7 § "Slice 5-A" — per-file diagnostic emission hook.
       # Override in plugin subclasses to return an array of
       # `Rigor::Analysis::Diagnostic` rows for the analysed file.

data/lib/rigor/plugin/fact_store.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    # Per-run cross-plugin fact store. ADR-9 § "Plugin::FactStore".
+    #
+    # A plugin publishes typed `(plugin_id, name) -> value` tuples
+    # in its `Plugin::Base#prepare(services)` hook (slice 3); other
+    # plugins read them in `#diagnostics_for_file` via
+    # `services.fact_store.read(plugin_id:, name:)`. The store is
+    # constructed fresh at the start of every `Analysis::Runner.run`
+    # and discarded at the end — caching the underlying expensive
+    # computation is the producer's job (`Plugin::Base.producer`);
+    # the FactStore just publishes a *reference* to that
+    # already-cached result.
+    #
+    # `(plugin_id, name)` is a unique key. A second `publish` with
+    # the same value is a no-op (`==` comparison); a second
+    # `publish` with a different value raises {Conflict}. Since
+    # `plugin_id` namespaces the key, a real conflict only happens
+    # when a single plugin publishes twice with differing values —
+    # the conflict signals a plugin-author bug, never a load-time
+    # interaction between unrelated plugins.
+    class FactStore
+      Fact = Data.define(:plugin_id, :name, :value)
+
+      class Conflict < StandardError
+        attr_reader :plugin_id, :name, :existing, :incoming
+
+        def initialize(plugin_id:, name:, existing:, incoming:)
+          @plugin_id = plugin_id
+          @name = name
+          @existing = existing
+          @incoming = incoming
+          super(
+            "fact store conflict: plugin #{plugin_id.inspect} published " \
+            "two different values for #{name.inspect} " \
+            "(existing: #{existing.inspect}, incoming: #{incoming.inspect})"
+          )
+        end
+      end
+
+      def initialize
+        @facts = {}
+        @mutex = Mutex.new
+      end
+
+      # Writes a `(plugin_id, name) -> value` triple. Idempotent if
+      # the same value is published twice (`==`); raises
+      # {Conflict} if the values differ.
+      #
+      # @param plugin_id [String] producing plugin's manifest id.
+      # @param name [Symbol, String] fact name (canonicalised to
+      #   Symbol for lookup).
+      # @param value [Object] frozen-shape value object the
+      #   producer chose to publish. The value is stored as-is.
+      def publish(plugin_id:, name:, value:)
+        plugin_id = plugin_id.to_s
+        name = name.to_sym
+        @mutex.synchronize do
+          existing = @facts[[plugin_id, name]]
+          if existing && existing.value != value
+            raise Conflict.new(plugin_id: plugin_id, name: name, existing: existing.value, incoming: value)
+          end
+
+          @facts[[plugin_id, name]] = Fact.new(plugin_id: plugin_id, name: name, value: value)
+        end
+        nil
+      end
+
+      # @return [Object, nil] the published value, or `nil` when no
+      #   fact is registered. Reads do NOT establish a dependency —
+      #   `manifest(consumes:)` (slice 4) is the dependency
+      #   declaration mechanism.
+      def read(plugin_id:, name:)
+        fact = @mutex.synchronize { @facts[[plugin_id.to_s, name.to_sym]] }
+        fact&.value
+      end
+
+      # @return [Boolean] whether a fact is registered.
+      def published?(plugin_id:, name:)
+        @mutex.synchronize { @facts.key?([plugin_id.to_s, name.to_sym]) }
+      end
+
+      # @yield [Fact] every published fact in publication order.
+      def each_fact(&)
+        snapshot = @mutex.synchronize { @facts.values }
+        snapshot.each(&)
+      end
+    end
+  end
+end

data/lib/rigor/plugin/io_boundary.rb

@@ -27,20 +27,37 @@ module Rigor
     #   the file's contents, and adds a digest-keyed
     #   {Cache::Descriptor::FileEntry} to the boundary's
     #   accumulated descriptor.
-    # - `#open_url(url)` — always raises {AccessDeniedError} while
-    #   `network_policy` is `:disabled` (the only setting in slice
-    #   2). The hook exists so slices 3-6 can layer richer access
-    #   policy without re-defining the API.
+    # - `#open_url(url)` — fetches the URL when the policy
+    #   permits it (`network_policy: :allowlist` plus an
+    #   `allowed_url_hosts` match) and raises
+    #   {AccessDeniedError} otherwise. v0.1.2 ships the
+    #   allowlist surface; the default project policy still
+    #   has `network_policy: :disabled` so plugins that want
+    #   network access opt in explicitly through
+    #   `.rigor.yml`'s `plugins_io.network: allowlist` plus
+    #   `plugins_io.allowed_url_hosts: [...]`. The HTTP fetch
+    #   is GET-only over HTTPS, capped at {URL_TIMEOUT_SECONDS}
+    #   wall time and {URL_MAX_BYTES} body size; non-2xx
+    #   responses raise {AccessDeniedError} so plugin code
+    #   doesn't have to rescue mid-build.
     # - `#cache_descriptor` — flushes the accumulated entries into
     #   a fresh {Cache::Descriptor} for the contribution that
-    #   built it.
+    #   built it. URL fetches contribute `ConfigEntry` rows
+    #   keyed `"url:#{url}"` with the response body's SHA-256
+    #   so contributions invalidate when the remote document
+    #   changes.
     class IoBoundary
+      URL_TIMEOUT_SECONDS = 10
+      URL_MAX_BYTES = 10 * 1024 * 1024
+
       attr_reader :policy, :plugin_id
 
-      def initialize(policy:, plugin_id:)
+      def initialize(policy:, plugin_id:, http_client: DefaultHttpClient.new)
         @policy = policy
         @plugin_id = plugin_id.to_s.dup.freeze
         @file_entries = {}
+        @config_entries = {}
+        @http_client = http_client
         @mutex = Mutex.new
       end
 
@@ -64,30 +81,39 @@ module Rigor
         contents
       end
 
-      # Slice 2 stub: every URL access is denied while
-      # `network_policy` is `:disabled`. Slices that need to relax
-      # the rule (e.g. for opt-in offline-replay caches) will lift
-      # the policy gate; the API does not change.
+      # Fetches the URL when the policy permits it. Returns the
+      # response body. Raises {AccessDeniedError} when the policy
+      # is `:disabled`, the URL scheme is not `https`, the host is
+      # not on the allowlist, the response is non-2xx, the body
+      # exceeds {URL_MAX_BYTES}, or the request times out
+      # ({URL_TIMEOUT_SECONDS}). On success, records a
+      # `ConfigEntry` keyed `"url:#{url}"` with the body's
+      # SHA-256 so the cache descriptor invalidates if the remote
+      # document changes.
       def open_url(url)
-        unless @policy.network_allowed?
+        url_string = url.to_s
+        unless @policy.allow_url?(url_string)
           raise AccessDeniedError.new(
             "plugin #{@plugin_id.inspect} cannot open URL #{url.inspect}: " \
-            "network access is disabled during analysis",
+            "URL is not permitted by the active TrustPolicy " \
+            "(network_policy=#{@policy.network_policy} allowed_url_hosts=#{@policy.allowed_url_hosts.inspect})",
             reason: :network_disabled,
-            resource: url.to_s
+            resource: url_string
           )
         end
 
-        raise NotImplementedError, "URL fetch surface is reserved; slice 2 only ships the deny path"
+        body = @http_client.get(url_string, timeout: URL_TIMEOUT_SECONDS, max_bytes: URL_MAX_BYTES)
+        record_url_entry(url_string, body)
+        body
       end
 
       # @return [Rigor::Cache::Descriptor] frozen snapshot of every
-      #   file the boundary has read so far. Calling this multiple
-      #   times yields equal descriptors; subsequent reads expand
-      #   the underlying record table.
+      #   file / URL the boundary has read so far. Calling this
+      #   multiple times yields equal descriptors; subsequent
+      #   reads expand the underlying record tables.
       def cache_descriptor
-        entries = @mutex.synchronize { @file_entries.values.dup }
-        Cache::Descriptor.new(files: entries)
+        files, configs = @mutex.synchronize { [@file_entries.values.dup, @config_entries.values.dup] }
+        Cache::Descriptor.new(files: files, configs: configs)
       end
 
       private
@@ -97,6 +123,53 @@ module Rigor
         entry = Cache::Descriptor::FileEntry.new(path: path, comparator: :digest, value: digest)
         @mutex.synchronize { @file_entries[path] = entry }
       end
+
+      def record_url_entry(url, body)
+        digest = Digest::SHA256.hexdigest(body)
+        key = "url:#{url}"
+        entry = Cache::Descriptor::ConfigEntry.new(key: key, value_hash: digest)
+        @mutex.synchronize { @config_entries[key] = entry }
+      end
+    end
+
+    # Default HTTP client wrapping `Net::HTTP`. Wraps a single
+    # `GET` over HTTPS. Specs inject a fake client that conforms
+    # to the same `#get(url, timeout:, max_bytes:)` shape so the
+    # tests don't require network access.
+    class DefaultHttpClient
+      # rubocop:disable Metrics/MethodLength
+      def get(url, timeout:, max_bytes:)
+        require "net/http"
+        require "uri"
+
+        uri = URI.parse(url)
+        body = +""
+        Net::HTTP.start(uri.host, uri.port, use_ssl: true,
+                                            open_timeout: timeout,
+                                            read_timeout: timeout) do |http|
+          http.request_get(uri.request_uri) do |response|
+            unless response.is_a?(Net::HTTPSuccess)
+              raise Plugin::AccessDeniedError.new(
+                "URL #{url.inspect} returned non-success status #{response.code}",
+                reason: :url_fetch_failed,
+                resource: url
+              )
+            end
+            response.read_body do |chunk|
+              body << chunk
+              if body.bytesize > max_bytes
+                raise Plugin::AccessDeniedError.new(
+                  "URL #{url.inspect} body exceeds #{max_bytes} bytes",
+                  reason: :url_body_too_large,
+                  resource: url
+                )
+              end
+            end
+          end
+        end
+        body
+      end
+      # rubocop:enable Metrics/MethodLength
     end
   end
 end