rigortype 0.1.11 → 0.1.13

data/plugins/rigor-actionmailer/lib/rigor/plugin/actionmailer/mailer_discoverer.rb

@@ -65,15 +65,27 @@ module Rigor
 
         # @return [MailerIndex]
         def discover
-          entries = []
+          # Two-pass: first collect every module's defs (for
+          # the include-following step), then build per-class
+          # entries that pull in actions from include'd modules.
+          # GitLab's `Notify` mailer derives every action from
+          # `Emails::*` concerns under `app/mailers/emails/`.
+          module_actions = {} # module_fqn => Hash<Symbol, ActionEntry>
+          class_visits = []   # collected (class_name, path, def_nodes, includes)
+
           ruby_files_under(@search_paths).each do |path|
             contents = read_safely(path)
             next if contents.nil?
 
             tree = Prism.parse(contents).value
-            walk_for_mailers(tree, []) do |class_name, def_nodes|
-              entries << build_class_entry(class_name, path, def_nodes)
+            walk_for_mailers(tree, []) do |class_name, def_nodes, includes|
+              class_visits << [class_name, path, def_nodes, includes]
             end
+            collect_module_actions(tree, [], module_actions)
+          end
+
+          entries = class_visits.map do |class_name, path, def_nodes, includes|
+            build_class_entry(class_name, path, def_nodes, includes, module_actions)
           end
           MailerIndex.new(entries)
         end
@@ -114,13 +126,62 @@ module Rigor
           superclass = constant_path_name(node.superclass) if node.superclass
           if superclass && @base_classes.include?(superclass)
             def_nodes = collect_action_defs(node.body)
-            yield full_name, def_nodes
+            includes = collect_includes(node.body)
+            yield full_name, def_nodes, includes
           end
 
           inner_path = lexical_path + [class_local_name]
           walk_for_mailers(node.body, inner_path, &) if node.body
         end
 
+        # Collects qualified-constant names passed to `include
+        # X` calls inside the class body. Used to look up
+        # concern-module action definitions (GitLab's
+        # `Notify` mailer derives every action from
+        # `Emails::Issues`, `Emails::MergeRequests`, etc.).
+        def collect_includes(body)
+          return [] if body.nil?
+
+          names = []
+          body.compact_child_nodes.each do |node|
+            next unless node.is_a?(Prism::CallNode) && node.receiver.nil? && node.name == :include
+
+            (node.arguments&.arguments || []).each do |arg|
+              name = constant_path_name(arg)
+              names << name.delete_prefix("::") if name
+            end
+          end
+          names
+        end
+
+        # Walks the AST collecting every module's instance-side
+        # def nodes by fully-qualified module name. The same
+        # `collect_action_defs` filter applies (private /
+        # `_`-prefixed / callback-target methods skipped).
+        def collect_module_actions(node, lexical_path, accumulator)
+          return if node.nil?
+
+          case node
+          when Prism::ModuleNode
+            local_name = constant_path_name(node.constant_path)
+            return if local_name.nil?
+
+            full_name = (lexical_path + [local_name.delete_prefix("::")]).join("::")
+            if node.body
+              def_nodes = collect_action_defs(node.body)
+              entries = def_nodes.to_h { |def_node| [def_node.name, build_action_entry(def_node)] }
+              accumulator[full_name] = entries unless entries.empty?
+              collect_module_actions(node.body, lexical_path + [local_name.delete_prefix("::")], accumulator)
+            end
+          when Prism::ClassNode
+            local_name = constant_path_name(node.constant_path)
+            inner = local_name ? lexical_path + [local_name.delete_prefix("::")] : lexical_path
+            collect_module_actions(node.body, inner, accumulator) if node.body
+          else
+            node.compact_child_nodes.each { |child| collect_module_actions(child, lexical_path, accumulator) }
+          end
+        end
+
         def visit_module(node, lexical_path, &)
           module_local_name = constant_path_name(node.constant_path)
           return if module_local_name.nil?
@@ -233,19 +294,46 @@ module Rigor
           end
         end
 
-        def build_class_entry(class_name, file_path, def_nodes)
+        def build_class_entry(class_name, file_path, def_nodes, includes = [], module_actions = {})
           actions = def_nodes.to_h do |def_node|
             entry = build_action_entry(def_node)
             [entry.method_name, entry]
           end
 
+          # Merge in actions from include'd modules. The
+          # discoverer pre-collected every module's defs as
+          # `module_actions` keyed by fully-qualified module
+          # name. We resolve each include against that map —
+          # tries the full include name first, then walks down
+          # the class's lexical chain looking for a nested
+          # match (e.g. `Emails::Issues` inside `class Notify`
+          # at top-level resolves to top-level `Emails::Issues`).
+          # Includes we cannot resolve are silently skipped;
+          # the per-mailer `unresolved_includes?` predicate
+          # below (consumed by the analyzer) downgrades
+          # `unknown-action` to silence when any include is
+          # unresolved.
+          unresolved_includes = []
+          includes.each do |include_name|
+            inc_actions = module_actions[include_name]
+            if inc_actions.nil?
+              unresolved_includes << include_name
+              next
+            end
+
+            inc_actions.each do |method_name, entry|
+              actions[method_name] ||= entry
+            end
+          end
+
           missing_views = actions.keys.reject { |action| view_exists?(class_name, action) }
 
           MailerIndex::ClassEntry.new(
             class_name: class_name,
             file_path: file_path,
             actions: actions,
-            missing_views: missing_views
+            missing_views: missing_views,
+            unresolved_includes: unresolved_includes.freeze
           )
         end
 

data/plugins/rigor-actionmailer/lib/rigor/plugin/actionmailer/mailer_index.rb

@@ -28,10 +28,20 @@ module Rigor
           end
         end
 
-        ClassEntry = Data.define(:class_name, :file_path, :actions, :missing_views) do
+        ClassEntry = Data.define(:class_name, :file_path, :actions, :missing_views, :unresolved_includes) do
           def find_action(method_name)
             actions[method_name.to_sym]
           end
+
+          # True when the mailer `include`s a module whose
+          # source we couldn't index (typically a gem-shipped
+          # concern that defines additional mailer actions).
+          # Analyzer downgrades `unknown-action` to silence in
+          # this case — the unresolved module may legitimately
+          # provide the action.
+          def unresolved_includes?
+            !unresolved_includes.empty?
+          end
         end
 
         attr_reader :entries

data/plugins/rigor-actionmailer/lib/rigor/plugin/actionmailer.rb

@@ -50,7 +50,13 @@ module Rigor
     class Actionmailer < Rigor::Plugin::Base
       manifest(
         id: "actionmailer",
-        version: "0.1.0",
+        # Bumped 2026-05-28 — extended RESERVED_CLASS_METHODS to
+        # include `respond_to?` / `public_send` / `send` /
+        # `__send__` / `method` and friends so dynamic-dispatch
+        # idioms (`Mailer.respond_to?(action)` /
+        # `Mailer.public_send(action)`) stop firing
+        # `unknown-action` against the Ruby reflection method.
+        version: "0.4.0",
         description: "Validates ActionMailer call shape and view template existence.",
         config_schema: {
           "mailer_search_paths" => :array,

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack/analyzer.rb

@@ -103,10 +103,10 @@ module Rigor
         # method. Files that don't contain a known controller
         # contribute no diagnostics.
         def diagnose_filters(path:, root:, controller_index:)
-          class_node = first_class_node(root)
+          class_node, enclosing = first_class_node_with_namespace(root)
           return [] if class_node.nil?
 
-          class_name = qualified_name_for(class_node.constant_path)
+          class_name = qualified_name_with_enclosing(class_node.constant_path, enclosing)
           return [] if class_name.nil?
           return [] unless controller_index.known?(class_name)
 
@@ -179,14 +179,67 @@ module Rigor
         end
 
         def first_class_node(node)
-          return nil unless node.is_a?(Prism::Node)
-          return node if node.is_a?(Prism::ClassNode)
+          class_node, = first_class_node_with_namespace(node)
+          class_node
+        end
 
+        # Returns `[class_node, enclosing_namespace_array]` for
+        # the first `ClassNode` reachable from `node`. The
+        # namespace chain accumulates every enclosing
+        # `ModuleNode` / `ClassNode` qualifier, so the
+        # nested-module declaration shape
+        #
+        #   module Admin
+        #     class DomainBlocksController < BaseController
+        #     end
+        #   end
+        #
+        # is recovered as the qualified name
+        # `Admin::DomainBlocksController` — the same name the
+        # `ControllerDiscoverer` registers under (see the
+        # nested-module qualification fix on
+        # `ControllerDiscoverer#walk_declarations`). Without
+        # this, the analyzer used the bare inner-class name
+        # for index lookups + `controller_path_for`, silently
+        # skipping filter validation and pointing render
+        # template paths at the wrong directory (Mastodon's
+        # `admin/domain_blocks` rendered as bare
+        # `domain_blocks`).
+        def first_class_node_with_namespace(node, namespace = [])
+          return [nil, namespace] unless node.is_a?(Prism::Node)
+          return [node, namespace] if node.is_a?(Prism::ClassNode)
+
+          inner_namespace = if node.is_a?(Prism::ModuleNode)
+                              namespace + namespace_segments_for(node)
+                            else
+                              namespace
+                            end
           node.compact_child_nodes.each do |child|
-            found = first_class_node(child)
-            return found if found
+            found, found_namespace = first_class_node_with_namespace(child, inner_namespace)
+            return [found, found_namespace] if found
           end
-          nil
+          [nil, namespace]
+        end
+
+        def namespace_segments_for(declaration_node)
+          path = qualified_name_for(declaration_node.constant_path)
+          path ? path.split("::") : []
+        end
+
+        # Resolves a class-name AST node against an enclosing
+        # namespace chain. A `ConstantPathNode` (e.g.
+        # `class Admin::Foo`) is already absolute and ignores
+        # the chain; a `ConstantReadNode` (bare `class Foo`
+        # inside `module Admin`) is qualified against it.
+        def qualified_name_with_enclosing(node, enclosing)
+          return nil unless node.is_a?(Prism::Node)
+
+          local = qualified_name_for(node)
+          return nil if local.nil?
+          return local if node.is_a?(Prism::ConstantPathNode) && !node.parent.nil?
+          return local if enclosing.empty?
+
+          "#{enclosing.join('::')}::#{local}"
         end
 
         def qualified_name_for(node)
@@ -316,19 +369,90 @@ module Rigor
         # validates explicit renders only, since the implicit
         # path would false-positive on `redirect_to` / `head`
         # / early returns.
-        def diagnose_renders(path:, root:, view_search_roots:)
-          class_node = first_class_node(root)
+        def diagnose_renders(path:, root:, view_search_roots:, controller_index: nil)
+          class_node, enclosing = first_class_node_with_namespace(root)
           return [] if class_node.nil?
 
-          class_name = qualified_name_for(class_node.constant_path)
+          class_name = qualified_name_with_enclosing(class_node.constant_path, enclosing)
           return [] if class_name.nil?
 
-          controller_path = controller_path_for(class_name)
+          # Prefer the file-path-derived controller path when the
+          # source lives under `app/controllers/` — Rails autoload
+          # is the runtime authority on `Admin::Users::RolesController`
+          # vs `Users::RolesController` (a declaration like
+          # `module Admin; class Users::RolesController` resolves
+          # to whichever `Users` constant Ruby finds first, and
+          # the file path is the disambiguator Rails picks). Fall
+          # back to the AST-derived class name for files outside
+          # `app/controllers/` (libraries, test fixtures).
+          controller_path = controller_path_from_file(path) || controller_path_for(class_name)
           return [] if controller_path.nil?
 
+          # Render checks silence when the controller (or its
+          # ancestor chain) inherits from a gem-shipped parent
+          # (Devise::ConfirmationsController,
+          # Doorkeeper::ApplicationsController, …). The gem
+          # ships its own views; the local subclass calling
+          # `render :show` resolves through the gem's view path,
+          # which our static analyser doesn't know about.
+          if controller_index&.known?(class_name) &&
+             controller_index.unresolved_include?(class_name)
+            return []
+          end
+
+          # Abstract base controllers: a `*BaseController` (`Admin::
+          # BaseController`, `Settings::Preferences::BaseController`,
+          # …) typically has no view of its own; its `render :show`
+          # bodies are resolved by Rails against the calling
+          # subclass's controller path at request time, NOT the
+          # base's. Same for parent controllers whose view
+          # directory exists but contains only subdirectories
+          # (Mastodon's `Admin::SettingsController` whose
+          # `app/views/admin/settings/` holds about/, appearance/,
+          # … but no top-level templates). Skip render checks for
+          # these — the diagnostic would be a false positive
+          # against intentional Rails abstract-base layouts.
+          return [] if abstract_base_controller?(class_name, controller_path, view_search_roots)
+
           collect_render_diagnostics(path, class_node.body, controller_path, view_search_roots)
         end
 
+        # Convert `<root>/app/controllers/admin/users/roles_controller.rb`
+        # to `admin/users/roles`. Returns nil if the path is not
+        # under an `app/controllers/` segment.
+        def controller_path_from_file(path)
+          match = path.match(%r{(?:\A|/)app/controllers/(.+)_controller\.rb\z})
+          match&.[](1)
+        end
+
+        # An abstract base controller — its `render` bodies don't
+        # validate against its own controller_path because Rails
+        # resolves at request time against the actual subclass.
+        # Two conservative heuristics:
+        #   (1) The class name ends with `BaseController`. Strong
+        #       Rails-convention signal (Settings::Preferences::
+        #       BaseController, Admin::BaseController, …).
+        #   (2) The controller's view directory exists but contains
+        #       ONLY subdirectories (no template files at its
+        #       top). Mastodon's Admin::SettingsController whose
+        #       app/views/admin/settings/ holds only about/,
+        #       appearance/, … — the parent of nested controllers.
+        # Deliberately NOT triggered by "no view directory at
+        # all" because that fires the diagnostic we DO want for
+        # genuinely-missing views (the typo / forgot-to-create
+        # case).
+        def abstract_base_controller?(class_name, controller_path, view_search_roots)
+          return true if class_name.end_with?("BaseController")
+
+          view_search_roots.any? do |root|
+            dir = File.join(root, controller_path)
+            next false unless File.directory?(dir)
+
+            entries = Dir.children(dir)
+            entries.any? && entries.all? { |e| File.directory?(File.join(dir, e)) }
+          end
+        end
+
         def collect_render_diagnostics(path, body, controller_path, view_search_roots)
           diagnostics = []
           walk_render_calls(body) do |call_node|

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack/controller_discoverer.rb

@@ -12,26 +12,39 @@ module Rigor
       # parent_class_name)` triples. Used by Phase 2 (filter
       # chains) to validate that `before_action :name`
       # references a method defined on the controller or its
-      # immediate parent.
+      # ancestor chain.
       #
-      # Limitations (per the Phase 2 design):
+      # Two declaration shapes are recognised and qualified
+      # the same way:
       #
-      # - Single-class-per-file is the assumption — the walker
-      #   records the first top-level class node it encounters
-      #   per file. Files with multiple classes (rare in
-      #   `app/controllers/` outside of nested namespaces) only
-      #   contribute their first class.
-      # - One level of inheritance only. `class FooController <
-      #   ApplicationController` records `FooController`'s
-      #   methods + parent_class_name `"ApplicationController"`,
-      #   and the index resolves the inherited methods at lookup
-      #   time. Two-level chains (`AdminController <
-      #   AdminBaseController < ApplicationController`) are not
-      #   walked transitively in Phase 2; `AdminController`'s
-      #   inherited methods are limited to what
-      #   `AdminBaseController` directly defines, not what
-      #   `AdminBaseController` inherits.
-      # - Modules / `concerning :Auth` blocks are not walked.
+      #   class Admin::AccountsController < BaseController
+      #     # → registered as "Admin::AccountsController"
+      #
+      #   module Admin
+      #     class AccountsController < BaseController
+      #       # → ALSO registered as "Admin::AccountsController"
+      #     end
+      #   end
+      #
+      # Pre-fix the nested form ignored the enclosing `module
+      # Admin` and registered the inner class as bare
+      # `"AccountsController"`, overwriting the top-level
+      # `app/controllers/accounts_controller.rb` entry. Mastodon
+      # has both shapes for the same logical name (top-level
+      # `AccountsController` + `Admin::AccountsController` +
+      # `Api::V1::AccountsController`) and the overwrite caused
+      # the wrong inheritance / method set to flow downstream,
+      # producing dozens of false `unknown-filter-method`
+      # diagnostics.
+      #
+      # Multi-level inheritance is also walked: `Admin::AccountsController
+      # < BaseController < ApplicationController` resolves
+      # methods from all three. Cycle-safe via a visited set.
+      # The parent-name lookup is **lexically scoped** — a bare
+      # `BaseController` reference inside `module Admin` first
+      # tries `Admin::BaseController`, then falls through to
+      # top-level `BaseController`, matching Ruby's constant-
+      # resolution semantics.
       class ControllerDiscoverer
         def initialize(io_boundary:, search_paths:)
           @io_boundary = io_boundary
@@ -63,49 +76,87 @@ module Rigor
           parse_result = Prism.parse(contents)
           return unless parse_result.errors.empty?
 
-          locate_classes_and_modules(parse_result.value).each do |declaration_node|
-            entry = build_entry(declaration_node)
+          walk_declarations(parse_result.value, namespace: []) do |declaration_node, enclosing|
+            entry = build_entry(declaration_node, enclosing)
             entries[entry.class_name] = entry if entry.class_name
           end
         rescue Plugin::AccessDeniedError, Errno::ENOENT
           nil
         end
 
-        # Recursive top-level descent. Returns every `ClassNode`
-        # and `ModuleNode` reachable through nested `module` /
-        # `class` blocks. Pre-fix only the **first** ClassNode
-        # was harvested, which meant controller files that
-        # define multiple classes lost coverage AND concern
-        # modules under `app/controllers/concerns/` were ignored
-        # entirely. The latter was the dominant Mastodon /
-        # Redmine FP: `before_action :require_account_signature!`
-        # references a method defined in a concern module that
-        # the harvester never visited.
-        def locate_classes_and_modules(node, into = [])
-          return into unless node.is_a?(Prism::Node)
-
-          into << node if node.is_a?(Prism::ClassNode) || node.is_a?(Prism::ModuleNode)
-          node.compact_child_nodes.each do |child|
-            locate_classes_and_modules(child, into)
+        # Walks every `ClassNode` / `ModuleNode` in the AST,
+        # yielding `[declaration_node, enclosing_namespace_array]`
+        # for each. `enclosing` is the chain of module / class
+        # qualifiers OUTSIDE the yielded declaration (e.g. for
+        # `module Admin; class AccountsController; end; end`
+        # the inner class yields with enclosing
+        # `["Admin"]`). The yielded declaration's own segment
+        # is added to the chain for its body's recursion so
+        # constants nested two levels deep qualify correctly.
+        def walk_declarations(node, namespace:, &)
+          return unless node.is_a?(Prism::Node)
+
+          if node.is_a?(Prism::ClassNode) || node.is_a?(Prism::ModuleNode)
+            yield node, namespace
+            inner_namespace = namespace + namespace_segments_for(node)
+            return if node.body.nil?
+
+            walk_declarations(node.body, namespace: inner_namespace, &)
+          else
+            node.compact_child_nodes.each do |child|
+              walk_declarations(child, namespace: namespace, &)
+            end
           end
-          into
         end
 
-        def build_entry(declaration_node)
-          name = qualified_name_for(declaration_node.constant_path)
-          parent_name = if declaration_node.is_a?(Prism::ClassNode) && declaration_node.superclass
-                          qualified_name_for(declaration_node.superclass)
-                        end
+        # The segments contributed by a declaration to the
+        # qualifier chain of its body. For `class A::B` this is
+        # `["A", "B"]`; for `module Outer` it is `["Outer"]`.
+        # Returns `[]` for an anonymous declaration the walker
+        # cannot qualify.
+        def namespace_segments_for(declaration_node)
+          path = qualified_name_for(declaration_node.constant_path)
+          path ? path.split("::") : []
+        end
+
+        def build_entry(declaration_node, enclosing)
+          name = qualified_name_with_enclosing(declaration_node.constant_path, enclosing)
+          parent_name = parent_name_for(declaration_node)
           methods = collect_def_names(declaration_node.body)
           includes = collect_include_targets(declaration_node.body)
           ControllerIndex::Entry.new(
             class_name: name,
             defined_methods: methods.freeze,
             parent_class_name: parent_name,
-            included_module_names: includes.freeze
+            included_module_names: includes.freeze,
+            enclosing_namespace: enclosing.dup.freeze
           )
         end
 
+        # Resolves the declared name against the enclosing
+        # namespace chain. A `ConstantPathNode` (e.g.
+        # `Admin::Foo` in `class Admin::Foo`) is already
+        # absolute and ignores the enclosing chain. A
+        # `ConstantReadNode` (bare `Foo` in `module Admin;
+        # class Foo`) is qualified against the chain so the
+        # name becomes `Admin::Foo`.
+        def qualified_name_with_enclosing(node, enclosing)
+          return nil unless node.is_a?(Prism::Node)
+
+          local = qualified_name_for(node)
+          return nil if local.nil?
+          return local if node.is_a?(Prism::ConstantPathNode) && !node.parent.nil?
+          return local if enclosing.empty?
+
+          "#{enclosing.join('::')}::#{local}"
+        end
+
+        def parent_name_for(declaration_node)
+          return nil unless declaration_node.is_a?(Prism::ClassNode) && declaration_node.superclass
+
+          qualified_name_for(declaration_node.superclass)
+        end
+
         def collect_def_names(node, accumulator = [])
           return accumulator unless node.is_a?(Prism::Node)