rigortype 0.1.10 → 0.1.11

data/plugins/rigor-actioncable/lib/rigor/plugin/actioncable/channel_index.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    class Actioncable < Rigor::Plugin::Base
+      # Frozen catalogue of discovered ActionCable channel
+      # classes keyed by qualified class name. Each entry
+      # holds:
+      #
+      # - `action_methods` — the set of public instance
+      #   methods that aren't ActionCable framework hooks
+      #   (`subscribed` / `unsubscribed`). These are the
+      #   methods clients invoke via
+      #   `subscription.perform("action_name", data)`.
+      # - `stream_names` — the set of literal-string stream
+      #   names registered via `stream_from "name"` calls
+      #   inside the channel body. Dynamic registrations
+      #   (`stream_from interpolated_string`) are recorded
+      #   separately as `dynamic_streams: true` so the
+      #   analyzer can suppress unknown-stream warnings on
+      #   any channel that has at least one dynamic
+      #   registration.
+      class ChannelIndex
+        Entry = Data.define(:class_name, :file_path, :action_methods, :stream_names, :dynamic_streams) do
+          def includes_action?(name)
+            action_methods.include?(name.to_sym)
+          end
+
+          def known_actions
+            action_methods.to_a.sort
+          end
+        end
+
+        attr_reader :entries
+
+        def initialize(entries)
+          @entries = entries.freeze
+          @by_name = entries.to_h { |entry| [entry.class_name, entry] }.freeze
+          freeze
+        end
+
+        # @return [Entry, nil]
+        def find(class_name)
+          @by_name[class_name.to_s]
+        end
+
+        def known?(class_name)
+          @by_name.key?(class_name.to_s)
+        end
+
+        def empty?
+          @entries.empty?
+        end
+
+        def size
+          @entries.size
+        end
+
+        def names
+          @by_name.keys
+        end
+
+        # All literal stream names registered across every
+        # discovered channel.
+        def all_stream_names
+          @entries.flat_map { |e| e.stream_names.to_a }.to_set
+        end
+
+        # True when at least one discovered channel uses a
+        # dynamic stream registration. The analyzer treats
+        # this as "we can't be sure any literal name is
+        # missing" and downgrades unknown-stream from
+        # `:warning` to `:info` (or drops it entirely;
+        # current behaviour: skip warnings).
+        def any_dynamic_streams?
+          @entries.any?(&:dynamic_streams)
+        end
+      end
+    end
+  end
+end

data/plugins/rigor-actioncable/lib/rigor/plugin/actioncable.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require "rigor/plugin"
+
+require_relative "actioncable/channel_index"
+require_relative "actioncable/channel_discoverer"
+require_relative "actioncable/analyzer"
+
+module Rigor
+  module Plugin
+    # rigor-actioncable — validates ActionCable
+    # `<Channel>.broadcast_to(...)` and
+    # `ActionCable.server.broadcast(stream_name, ...)`
+    # call sites against the discovered channel index.
+    #
+    # Tier 3F of the [Rails plugins roadmap](../../../../docs/design/20260508-rails-plugins-roadmap.md).
+    # Statically discovers channel classes by walking
+    # `channel_search_paths` and parsing each file with
+    # Prism — no `actioncable` runtime dependency.
+    #
+    # ## Configuration
+    #
+    #     plugins:
+    #       - gem: rigor-actioncable
+    #         config:
+    #           channel_search_paths: ["app/channels"]                                # default; optional
+    #           channel_base_classes: ["ApplicationCable::Channel", "ActionCable::Channel::Base"]  # default; optional
+    #
+    # ## What it checks
+    #
+    # 1. **Channel class existence** — `<X>.broadcast_to(...)`
+    #    where `X` ends in `Channel` must resolve to a
+    #    discovered channel.
+    # 2. **Stream-name registration** —
+    #    `ActionCable.server.broadcast("stream_name", ...)`
+    #    with a literal stream name is checked against
+    #    every discovered channel's `stream_from "..."`
+    #    registrations. The check is suppressed when ANY
+    #    discovered channel uses a dynamic registration
+    #    (`stream_from interpolated_string` or
+    #    `stream_for record`) — the absence of a literal
+    #    match doesn't prove absence.
+    #
+    # ## Limitations (v0.1.0)
+    #
+    # - **Direct-superclass match only.** Indirect
+    #   inheritance (`AdminChannel < BaseChannel <
+    #   ApplicationCable::Channel`) needs `BaseChannel`
+    #   listed in `channel_base_classes`.
+    # - **Action method invocations are not validated.**
+    #   ActionCable actions are invoked from JS via
+    #   `subscription.perform("action_name", data)`; we
+    #   don't analyse JS so the action-method index is
+    #   currently informational only (future cross-plugin
+    #   handoff to a hypothetical JS-side analyzer).
+    # - **`broadcast_to` arity isn't checked.** The method
+    #   takes any record + any data hash; there's no
+    #   useful arity envelope.
+    class Actioncable < Rigor::Plugin::Base
+      manifest(
+        id: "actioncable",
+        version: "0.1.0",
+        description: "Validates ActionCable broadcast call shape against discovered channels.",
+        config_schema: {
+          "channel_search_paths" => :array,
+          "channel_base_classes" => :array
+        }
+      )
+
+      DEFAULT_CHANNEL_SEARCH_PATHS = ["app/channels"].freeze
+      DEFAULT_CHANNEL_BASE_CLASSES = [
+        "ApplicationCable::Channel",
+        "ActionCable::Channel::Base"
+      ].freeze
+
+      producer :channel_index do |_params|
+        ChannelDiscoverer.new(
+          io_boundary: io_boundary,
+          search_paths: @channel_search_paths,
+          base_classes: @channel_base_classes
+        ).discover
+      end
+
+      def init(_services)
+        @channel_search_paths = Array(
+          config.fetch("channel_search_paths", DEFAULT_CHANNEL_SEARCH_PATHS)
+        ).map(&:to_s)
+        @channel_base_classes = Array(
+          config.fetch("channel_base_classes", DEFAULT_CHANNEL_BASE_CLASSES)
+        ).map(&:to_s)
+        @channel_index = nil
+        @load_error = nil
+      end
+
+      def diagnostics_for_file(path:, scope:, root:) # rubocop:disable Lint/UnusedMethodArgument
+        index = channel_index_or_nil
+        return [load_error_diagnostic(path)] if index.nil? && @load_error
+        return [] if index.nil? || index.empty?
+
+        Analyzer.diagnose(path: path, root: root, channel_index: index).map { |diag| build_diagnostic(diag) }
+      end
+
+      private
+
+      def channel_index_or_nil
+        return @channel_index if @channel_index
+
+        # Pass an explicit descriptor covering every `.rb` file
+        # under the configured channel search paths so the cache
+        # invalidates when channels are added, removed, or edited.
+        # Without it the auto-built descriptor depends on the
+        # `IoBoundary`'s in-process read history — empty on the
+        # first call of a fresh process, so warm cache hits would
+        # serve stale `ChannelIndex` data when project files have
+        # changed between sessions.
+        descriptor = glob_descriptor(@channel_search_paths, "**/*.rb")
+        @channel_index = cache_for(:channel_index, params: {}, descriptor: descriptor).call
+      rescue StandardError => e
+        @load_error = "rigor-actioncable: failed to discover channels: #{e.class}: #{e.message}"
+        nil
+      end
+
+      def load_error_diagnostic(path)
+        Rigor::Analysis::Diagnostic.new(
+          path: path, line: 1, column: 1,
+          message: @load_error,
+          severity: :warning,
+          rule: "load-error"
+        )
+      end
+
+      def build_diagnostic(diag)
+        Rigor::Analysis::Diagnostic.new(
+          path: diag.path, line: diag.line, column: diag.column,
+          message: diag.message, severity: diag.severity, rule: diag.rule
+        )
+      end
+    end
+
+    Rigor::Plugin.register(Actioncable)
+  end
+end

data/plugins/rigor-actioncable/lib/rigor-actioncable.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative "rigor/plugin/actioncable"

data/plugins/rigor-actionmailer/lib/rigor/plugin/actionmailer/analyzer.rb

@@ -0,0 +1,178 @@
+# frozen_string_literal: true
+
+require "prism"
+
+module Rigor
+  module Plugin
+    class Actionmailer < Rigor::Plugin::Base
+      # Walks a parsed file's AST looking for
+      # `<MailerClass>.<action>(...)` calls and validates
+      # each against the {MailerIndex}. Recognises both:
+      #
+      # - `UserMailer.welcome(user)` — direct action call
+      #   (the call returns a `Mail::Message` ready for
+      #   `.deliver_now` / `.deliver_later`).
+      # - `UserMailer.with(user: u).welcome` — parametrized
+      #   action call. The `.with(...)` call is treated as a
+      #   pass-through; the action's argument shape is
+      #   validated on the trailing `.welcome` invocation
+      #   even though the receiver is a method-call chain
+      #   rather than a constant.
+      #
+      # The analyzer is purely syntactic: it does not look
+      # at runtime mailer state. Constants that don't appear
+      # in the index are silently ignored — the rule has no
+      # opinion on non-mailer call shapes.
+      module Analyzer
+        # `.with(...)` is recognised as a forwarding step:
+        # the receiver of `.with(...)` is the mailer class,
+        # so the trailing action-method call's class context
+        # is the same.
+        WITH_METHODS = %i[with].freeze
+
+        # Ruby method names that ActionMailer reserves on the
+        # class itself. We don't validate against these as
+        # actions even if a mailer happens to override them
+        # — the user almost certainly meant the framework
+        # method, not their own action.
+        RESERVED_CLASS_METHODS = %i[
+          new allocate name superclass class
+          deliver_later deliver_now deliver_later! deliver_now!
+          mail headers attachments default
+          with parameters
+        ].freeze
+
+        Diagnostic = Struct.new(:path, :line, :column, :severity, :rule, :message, keyword_init: true)
+
+        module_function
+
+        # @param path [String]
+        # @param root [Prism::Node]
+        # @param mailer_index [MailerIndex]
+        # @return [Array<Diagnostic>]
+        def diagnose(path:, root:, mailer_index:)
+          diagnostics = []
+          walk(root) do |call_node|
+            class_name = mailer_class_for_call(call_node)
+            next if class_name.nil?
+            next if RESERVED_CLASS_METHODS.include?(call_node.name)
+
+            class_entry = mailer_index.find(class_name) || mailer_index.find("::#{class_name}")
+            next if class_entry.nil?
+
+            action_entry = class_entry.find_action(call_node.name)
+            if action_entry.nil?
+              diagnostics << unknown_action_diagnostic(path, call_node, class_entry)
+              next
+            end
+
+            diagnostics << action_call_info(path, call_node, class_entry, action_entry)
+            arity_diag = arity_check(path, call_node, class_entry, action_entry)
+            diagnostics << arity_diag if arity_diag
+          end
+          diagnostics
+        end
+
+        # Walks the tree yielding every CallNode whose receiver
+        # resolves (directly or through `.with(...)`) to a
+        # constant.
+        def walk(node, &)
+          return unless node.is_a?(Prism::Node)
+
+          yield node if node.is_a?(Prism::CallNode) && action_call_candidate?(node)
+          node.compact_child_nodes.each { |child| walk(child, &) }
+        end
+
+        def action_call_candidate?(node)
+          # Skip anything that doesn't look like a mailer
+          # action call: no receiver, or a non-constant /
+          # non-`.with(...)` receiver.
+          return false if node.receiver.nil?
+
+          mailer_class_for_call(node) ? true : false
+        end
+
+        # Extracts the mailer class name when the call's
+        # receiver is either:
+        # - A constant (`UserMailer.welcome(...)`), or
+        # - A `.with(...)` call whose receiver is a constant
+        #   (`UserMailer.with(user: u).welcome`).
+        def mailer_class_for_call(node)
+          receiver = node.receiver
+          case receiver
+          when Prism::ConstantReadNode, Prism::ConstantPathNode
+            constant_receiver_name(receiver)
+          when Prism::CallNode
+            return nil unless WITH_METHODS.include?(receiver.name)
+
+            constant_receiver_name(receiver.receiver)
+          end
+        end
+
+        def action_call_info(path, call_node, class_entry, action_entry)
+          location = call_node.location
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :info,
+            rule: "mailer-call",
+            message: "`#{class_entry.class_name}.#{action_entry.method_name}` " \
+                     "matches mailer action (arity #{action_entry.arity_label})"
+          )
+        end
+
+        def arity_check(path, call_node, class_entry, action_entry)
+          actual = (call_node.arguments&.arguments || []).size
+          return nil if action_entry.accepts?(actual)
+
+          location = call_node.location
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :error,
+            rule: "wrong-arity",
+            message: "`#{class_entry.class_name}.#{action_entry.method_name}` " \
+                     "expects #{action_entry.arity_label} argument(s), got #{actual}"
+          )
+        end
+
+        def unknown_action_diagnostic(path, call_node, class_entry)
+          location = call_node.location
+          known = class_entry.actions.keys.sort.join(", ")
+          known_part = known.empty? ? "no actions defined" : "known actions: #{known}"
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :error,
+            rule: "unknown-action",
+            message: "`#{class_entry.class_name}.#{call_node.name}` is not a defined " \
+                     "mailer action (#{known_part})"
+          )
+        end
+
+        def constant_receiver_name(node)
+          case node
+          when Prism::ConstantReadNode then node.name.to_s
+          when Prism::ConstantPathNode then constant_path_name(node)
+          end
+        end
+
+        def constant_path_name(node)
+          parts = []
+          current = node
+          while current.is_a?(Prism::ConstantPathNode)
+            parts.unshift(current.name.to_s)
+            current = current.parent
+          end
+          case current
+          when nil then "::#{parts.join('::')}"
+          when Prism::ConstantReadNode then "#{current.name}::#{parts.join('::')}"
+          end
+        end
+      end
+    end
+  end
+end