rigortype 0.1.1 → 0.1.2

data/lib/rigor/plugin/io_boundary.rb

@@ -27,20 +27,37 @@ module Rigor
     #   the file's contents, and adds a digest-keyed
     #   {Cache::Descriptor::FileEntry} to the boundary's
     #   accumulated descriptor.
-    # - `#open_url(url)` — always raises {AccessDeniedError} while
-    #   `network_policy` is `:disabled` (the only setting in slice
-    #   2). The hook exists so slices 3-6 can layer richer access
-    #   policy without re-defining the API.
+    # - `#open_url(url)` — fetches the URL when the policy
+    #   permits it (`network_policy: :allowlist` plus an
+    #   `allowed_url_hosts` match) and raises
+    #   {AccessDeniedError} otherwise. v0.1.2 ships the
+    #   allowlist surface; the default project policy still
+    #   has `network_policy: :disabled` so plugins that want
+    #   network access opt in explicitly through
+    #   `.rigor.yml`'s `plugins_io.network: allowlist` plus
+    #   `plugins_io.allowed_url_hosts: [...]`. The HTTP fetch
+    #   is GET-only over HTTPS, capped at {URL_TIMEOUT_SECONDS}
+    #   wall time and {URL_MAX_BYTES} body size; non-2xx
+    #   responses raise {AccessDeniedError} so plugin code
+    #   doesn't have to rescue mid-build.
     # - `#cache_descriptor` — flushes the accumulated entries into
     #   a fresh {Cache::Descriptor} for the contribution that
-    #   built it.
+    #   built it. URL fetches contribute `ConfigEntry` rows
+    #   keyed `"url:#{url}"` with the response body's SHA-256
+    #   so contributions invalidate when the remote document
+    #   changes.
     class IoBoundary
+      URL_TIMEOUT_SECONDS = 10
+      URL_MAX_BYTES = 10 * 1024 * 1024
+
       attr_reader :policy, :plugin_id
 
-      def initialize(policy:, plugin_id:)
+      def initialize(policy:, plugin_id:, http_client: DefaultHttpClient.new)
         @policy = policy
         @plugin_id = plugin_id.to_s.dup.freeze
         @file_entries = {}
+        @config_entries = {}
+        @http_client = http_client
         @mutex = Mutex.new
       end
 
@@ -64,30 +81,39 @@ module Rigor
         contents
       end
 
-      # Slice 2 stub: every URL access is denied while
-      # `network_policy` is `:disabled`. Slices that need to relax
-      # the rule (e.g. for opt-in offline-replay caches) will lift
-      # the policy gate; the API does not change.
+      # Fetches the URL when the policy permits it. Returns the
+      # response body. Raises {AccessDeniedError} when the policy
+      # is `:disabled`, the URL scheme is not `https`, the host is
+      # not on the allowlist, the response is non-2xx, the body
+      # exceeds {URL_MAX_BYTES}, or the request times out
+      # ({URL_TIMEOUT_SECONDS}). On success, records a
+      # `ConfigEntry` keyed `"url:#{url}"` with the body's
+      # SHA-256 so the cache descriptor invalidates if the remote
+      # document changes.
       def open_url(url)
-        unless @policy.network_allowed?
+        url_string = url.to_s
+        unless @policy.allow_url?(url_string)
           raise AccessDeniedError.new(
             "plugin #{@plugin_id.inspect} cannot open URL #{url.inspect}: " \
-            "network access is disabled during analysis",
+            "URL is not permitted by the active TrustPolicy " \
+            "(network_policy=#{@policy.network_policy} allowed_url_hosts=#{@policy.allowed_url_hosts.inspect})",
             reason: :network_disabled,
-            resource: url.to_s
+            resource: url_string
           )
         end
 
-        raise NotImplementedError, "URL fetch surface is reserved; slice 2 only ships the deny path"
+        body = @http_client.get(url_string, timeout: URL_TIMEOUT_SECONDS, max_bytes: URL_MAX_BYTES)
+        record_url_entry(url_string, body)
+        body
       end
 
       # @return [Rigor::Cache::Descriptor] frozen snapshot of every
-      #   file the boundary has read so far. Calling this multiple
-      #   times yields equal descriptors; subsequent reads expand
-      #   the underlying record table.
+      #   file / URL the boundary has read so far. Calling this
+      #   multiple times yields equal descriptors; subsequent
+      #   reads expand the underlying record tables.
       def cache_descriptor
-        entries = @mutex.synchronize { @file_entries.values.dup }
-        Cache::Descriptor.new(files: entries)
+        files, configs = @mutex.synchronize { [@file_entries.values.dup, @config_entries.values.dup] }
+        Cache::Descriptor.new(files: files, configs: configs)
       end
 
       private
@@ -97,6 +123,53 @@ module Rigor
         entry = Cache::Descriptor::FileEntry.new(path: path, comparator: :digest, value: digest)
         @mutex.synchronize { @file_entries[path] = entry }
       end
+
+      def record_url_entry(url, body)
+        digest = Digest::SHA256.hexdigest(body)
+        key = "url:#{url}"
+        entry = Cache::Descriptor::ConfigEntry.new(key: key, value_hash: digest)
+        @mutex.synchronize { @config_entries[key] = entry }
+      end
+    end
+
+    # Default HTTP client wrapping `Net::HTTP`. Wraps a single
+    # `GET` over HTTPS. Specs inject a fake client that conforms
+    # to the same `#get(url, timeout:, max_bytes:)` shape so the
+    # tests don't require network access.
+    class DefaultHttpClient
+      # rubocop:disable Metrics/MethodLength
+      def get(url, timeout:, max_bytes:)
+        require "net/http"
+        require "uri"
+
+        uri = URI.parse(url)
+        body = +""
+        Net::HTTP.start(uri.host, uri.port, use_ssl: true,
+                                            open_timeout: timeout,
+                                            read_timeout: timeout) do |http|
+          http.request_get(uri.request_uri) do |response|
+            unless response.is_a?(Net::HTTPSuccess)
+              raise Plugin::AccessDeniedError.new(
+                "URL #{url.inspect} returned non-success status #{response.code}",
+                reason: :url_fetch_failed,
+                resource: url
+              )
+            end
+            response.read_body do |chunk|
+              body << chunk
+              if body.bytesize > max_bytes
+                raise Plugin::AccessDeniedError.new(
+                  "URL #{url.inspect} body exceeds #{max_bytes} bytes",
+                  reason: :url_body_too_large,
+                  resource: url
+                )
+              end
+            end
+          end
+        end
+        body
+      end
+      # rubocop:enable Metrics/MethodLength
     end
   end
 end

data/lib/rigor/plugin/trust_policy.rb

@@ -32,15 +32,18 @@ module Rigor
     #   `Gemfile.lock`, and each trusted gem's
     #   `Gem::Specification#full_gem_path`. The user extends this
     #   with `.rigor.yml`'s `plugins_io.allowed_paths:`.
-    # - `network_policy`: `:disabled` in slice 2; the only value
-    #   accepted today. Plugin {IoBoundary#open_url} always raises
-    #   while the policy is `:disabled`.
+    # - `network_policy`: one of {VALID_NETWORK_POLICIES}.
+    #   `:disabled` (default) makes {IoBoundary#open_url} always
+    #   raise. `:allowlist` (v0.1.2) consults `allowed_url_hosts`
+    #   on every fetch — the hostname must be on the list and
+    #   the URL scheme MUST be `https`. The list of allowed hosts
+    #   is exact-match (no wildcards in v0.1.2).
     class TrustPolicy
-      VALID_NETWORK_POLICIES = %i[disabled].freeze
+      VALID_NETWORK_POLICIES = %i[disabled allowlist].freeze
 
-      attr_reader :trusted_gems, :allowed_read_roots, :network_policy
+      attr_reader :trusted_gems, :allowed_read_roots, :network_policy, :allowed_url_hosts
 
-      def initialize(trusted_gems: [], allowed_read_roots: [], network_policy: :disabled)
+      def initialize(trusted_gems: [], allowed_read_roots: [], network_policy: :disabled, allowed_url_hosts: [])
         validate_network_policy!(network_policy)
 
         @trusted_gems = trusted_gems.map { |g| g.to_s.dup.freeze }.uniq.sort.freeze
@@ -50,6 +53,7 @@ module Rigor
                               .sort
                               .freeze
         @network_policy = network_policy
+        @allowed_url_hosts = allowed_url_hosts.map { |h| h.to_s.downcase.dup.freeze }.uniq.sort.freeze
         freeze
       end
 
@@ -67,6 +71,24 @@ module Rigor
         @network_policy != :disabled
       end
 
+      # @param url [String, URI]
+      # @return [Boolean] true when the URL scheme is `https` and
+      #   the parsed hostname is in `allowed_url_hosts`. Always
+      #   `false` while `network_policy` is `:disabled`.
+      def allow_url?(url)
+        return false if @network_policy == :disabled
+        return false if @allowed_url_hosts.empty?
+
+        require "uri"
+        uri = url.is_a?(URI::Generic) ? url : URI.parse(url.to_s)
+        return false unless uri.is_a?(URI::HTTPS)
+        return false if uri.host.nil?
+
+        @allowed_url_hosts.include?(uri.host.downcase)
+      rescue URI::InvalidURIError
+        false
+      end
+
       def gem_trusted?(name)
         @trusted_gems.include?(name.to_s)
       end
@@ -75,7 +97,8 @@ module Rigor
         {
           "trusted_gems" => trusted_gems,
           "allowed_read_roots" => allowed_read_roots,
-          "network_policy" => network_policy.to_s
+          "network_policy" => network_policy.to_s,
+          "allowed_url_hosts" => allowed_url_hosts
         }
       end
 

data/lib/rigor/scope.rb

@@ -20,7 +20,7 @@ module Rigor
                 :ivars, :cvars, :globals,
                 :class_ivars, :class_cvars, :program_globals,
                 :discovered_classes, :in_source_constants, :discovered_methods,
-                :discovered_def_nodes
+                :discovered_def_nodes, :discovered_method_visibilities
 
     EMPTY_DECLARED_TYPES = {}.compare_by_identity.freeze
     EMPTY_VAR_BINDINGS = {}.freeze
@@ -47,7 +47,8 @@ module Rigor
       discovered_classes: EMPTY_VAR_BINDINGS,
       in_source_constants: EMPTY_VAR_BINDINGS,
       discovered_methods: EMPTY_CLASS_BINDINGS,
-      discovered_def_nodes: EMPTY_CLASS_BINDINGS
+      discovered_def_nodes: EMPTY_CLASS_BINDINGS,
+      discovered_method_visibilities: EMPTY_CLASS_BINDINGS
     )
       @environment = environment
       @locals = locals
@@ -64,6 +65,7 @@ module Rigor
       @in_source_constants = in_source_constants
       @discovered_methods = discovered_methods
       @discovered_def_nodes = discovered_def_nodes
+      @discovered_method_visibilities = discovered_method_visibilities
       freeze
     end
 
@@ -268,6 +270,26 @@ module Rigor
       rebuild(discovered_def_nodes: table)
     end
 
+    # v0.1.2 — per-class table mapping `method_name (Symbol) →
+    # :public | :private | :protected`. Populated by
+    # `ScopeIndexer` for every `def` it sees inside a class
+    # body, with the visibility taken from the surrounding
+    # `private` / `protected` / `public` modifier state plus
+    # any post-hoc `private :name, ...` named-argument calls.
+    # Consumed by the `def.method-visibility-mismatch` rule
+    # so explicit-non-self calls to a private method surface
+    # a diagnostic.
+    def discovered_method_visibility(class_name, method_name)
+      table = @discovered_method_visibilities[class_name.to_s]
+      return nil unless table
+
+      table[method_name.to_sym]
+    end
+
+    def with_discovered_method_visibilities(table)
+      rebuild(discovered_method_visibilities: table)
+    end
+
     def facts_for(target: nil, bucket: nil)
       fact_store.facts_for(target: target, bucket: bucket)
     end
@@ -334,7 +356,8 @@ module Rigor
       declared_types: @declared_types, ivars: @ivars, cvars: @cvars, globals: @globals,
       class_ivars: @class_ivars, class_cvars: @class_cvars, program_globals: @program_globals,
       discovered_classes: @discovered_classes, in_source_constants: @in_source_constants,
-      discovered_methods: @discovered_methods, discovered_def_nodes: @discovered_def_nodes
+      discovered_methods: @discovered_methods, discovered_def_nodes: @discovered_def_nodes,
+      discovered_method_visibilities: @discovered_method_visibilities
     )
       self.class.new(
         environment: environment, locals: locals,
@@ -346,7 +369,8 @@ module Rigor
         discovered_classes: discovered_classes,
         in_source_constants: in_source_constants,
         discovered_methods: discovered_methods,
-        discovered_def_nodes: discovered_def_nodes
+        discovered_def_nodes: discovered_def_nodes,
+        discovered_method_visibilities: discovered_method_visibilities
       )
     end
 
@@ -371,7 +395,8 @@ module Rigor
         discovered_classes: discovered_classes,
         in_source_constants: in_source_constants,
         discovered_methods: discovered_methods,
-        discovered_def_nodes: discovered_def_nodes
+        discovered_def_nodes: discovered_def_nodes,
+        discovered_method_visibilities: discovered_method_visibilities
       )
     end
   end

data/lib/rigor/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rigor
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/sig/rigor/scope.rbs

@@ -15,6 +15,7 @@ module Rigor
     attr_reader in_source_constants: Hash[String, Type::t]
     attr_reader discovered_methods: Hash[String, Hash[Symbol, Symbol]]
     attr_reader discovered_def_nodes: Hash[String, Hash[Symbol, untyped]]
+    attr_reader discovered_method_visibilities: Hash[String, Hash[Symbol, Symbol]]
 
     def self.empty: (?environment: Environment) -> Scope
 
@@ -39,6 +40,8 @@ module Rigor
     def with_discovered_def_nodes: (Hash[String, Hash[Symbol, untyped]] table) -> Scope
     def user_def_for: (String | Symbol class_name, String | Symbol method_name) -> untyped?
     def top_level_def_for: (String | Symbol method_name) -> untyped?
+    def with_discovered_method_visibilities: (Hash[String, Hash[Symbol, Symbol]] table) -> Scope
+    def discovered_method_visibility: (String | Symbol class_name, String | Symbol method_name) -> Symbol?
     def with_fact: (Analysis::FactStore::Fact fact) -> Scope
     def with_self_type: (Type::t? type) -> Scope
     def with_declared_types: (Hash[untyped, Type::t] table) -> Scope

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rigortype
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Rigor contributors
@@ -184,9 +184,13 @@ files:
 - exe/rigor
 - lib/rigor.rb
 - lib/rigor/analysis/check_rules.rb
+- lib/rigor/analysis/check_rules/always_truthy_condition_collector.rb
+- lib/rigor/analysis/check_rules/dead_assignment_collector.rb
+- lib/rigor/analysis/check_rules/ivar_write_collector.rb
 - lib/rigor/analysis/diagnostic.rb
 - lib/rigor/analysis/fact_store.rb
 - lib/rigor/analysis/result.rb
+- lib/rigor/analysis/rule_catalog.rb
 - lib/rigor/analysis/runner.rb
 - lib/rigor/ast.rb
 - lib/rigor/ast/type_node.rb
@@ -203,6 +207,8 @@ files:
 - lib/rigor/cache/rbs_known_class_names.rb
 - lib/rigor/cache/store.rb
 - lib/rigor/cli.rb
+- lib/rigor/cli/diff_command.rb
+- lib/rigor/cli/explain_command.rb
 - lib/rigor/cli/type_of_command.rb
 - lib/rigor/cli/type_of_renderer.rb
 - lib/rigor/cli/type_scan_command.rb