rigortype 0.1.11 → 0.1.13

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack/controller_index.rb

@@ -28,7 +28,16 @@ module Rigor
         # names passed to `include X` calls inside the
         # class / module body (Strings). `parent_class_name` is
         # the immediate superclass (nil for plain modules).
-        Entry = Data.define(:class_name, :defined_methods, :parent_class_name, :included_module_names)
+        # `enclosing_namespace` is the qualifier chain of the
+        # declaration's *lexical* enclosing scope (e.g.
+        # `["Admin"]` for an `Admin::Foo` declared via
+        # `module Admin; class Foo; end; end`). Used by the
+        # index's parent / module lookup to try lexically-scoped
+        # constant resolution before falling through to the
+        # top-level form — Ruby's constant lookup walks the
+        # enclosing scope chain before `Object`.
+        Entry = Data.define(:class_name, :defined_methods, :parent_class_name, :included_module_names,
+                            :enclosing_namespace)
 
         attr_reader :entries
 
@@ -43,38 +52,105 @@ module Rigor
         end
 
         # Resolves the **effective** method set for a controller,
-        # including methods inherited from its parent class
-        # (one level) and methods contributed by every module the
-        # controller / its parent transitively `include`s
-        # (unbounded depth, cycle-safe via a visited set).
+        # including methods contributed by every module the
+        # controller / any ancestor transitively `include`s AND
+        # methods inherited from the ancestor chain (unbounded
+        # depth, cycle-safe via a visited set).
+        #
+        # Parent / module lookups are **lexically scoped** — a
+        # bare `BaseController` reference inside `module Admin`
+        # first tries `Admin::BaseController`, then falls
+        # through to the top-level `BaseController`. Matches
+        # Ruby's constant-resolution semantics. Without this an
+        # `Admin::Foo < BaseController` declaration would
+        # incorrectly walk the top-level `BaseController` even
+        # when an `Admin::BaseController` exists.
         def effective_methods_for(class_name)
-          seen = {}
+          seen_classes = {}
+          seen_modules = {}
           methods = []
-          collect_methods(class_name, seen, methods)
-          if (parent = @entries[class_name]&.parent_class_name)
-            collect_methods(parent, seen, methods)
+          current = class_name
+          while current && !seen_classes[current]
+            seen_classes[current] = true
+            entry = @entries[current]
+            break if entry.nil?
+
+            methods.concat(entry.defined_methods)
+            entry.included_module_names.each do |included|
+              resolved_include = resolve_constant_lexically(included, entry.enclosing_namespace)
+              collect_methods(resolved_include, seen_modules, methods)
+            end
+            next_parent = entry.parent_class_name
+            # Same self-reference guard as `unresolved_include?`:
+            # `class ActivityPub::ApplicationController <
+            # ::ApplicationController` lexically resolves
+            # `ApplicationController` to itself; fall back to
+            # the unprefixed top-level name in that case.
+            current = if next_parent
+                        resolved = resolve_constant_lexically(next_parent, entry.enclosing_namespace)
+                        resolved == current ? next_parent.sub(/\A::/, "") : resolved
+                      end
           end
           methods.uniq.freeze
         end
 
         # @return [Boolean] true when the class has at least one
-        #   include we couldn't resolve in the index (typically
-        #   a gem-shipped concern such as Devise's
-        #   `Devise::Controllers::Helpers`). Phase 2 uses this
-        #   to downgrade `unknown-filter-method` to silence —
-        #   the unresolved module may legitimately contribute
-        #   the filter, and there's no way for the static
-        #   analyzer to verify.
+        #   include OR parent class we couldn't resolve in the
+        #   index (typically a gem-shipped concern such as Devise's
+        #   `Devise::Controllers::Helpers`, or a gem-shipped
+        #   parent controller such as `Devise::ConfirmationsController`
+        #   or `Doorkeeper::AuthorizedApplicationsController`).
+        #   Phase 2 uses this to downgrade `unknown-filter-method`
+        #   to silence — the unresolved module / parent may
+        #   legitimately contribute the filter (either directly,
+        #   or via its own ancestor chain which the static
+        #   analyzer cannot follow), and there's no way to verify.
         def unresolved_include?(class_name)
           entry = @entries[class_name]
           return false if entry.nil?
 
-          chain = [class_name]
-          chain << entry.parent_class_name if entry.parent_class_name
-          chain.any? do |c|
-            walk_includes(c, {}) { |m| return true unless @entries.key?(m) }
-            false
+          # Walk the full ancestor chain. `Admin::Foo <
+          # BaseController < ApplicationController` should report
+          # an unresolved include if ANY of the three references
+          # a gem-shipped concern OR a gem-shipped parent class
+          # we cannot index. The first iteration's `current_entry`
+          # is always resolved (caller verified `known?`); a nil
+          # `current_entry` on a subsequent iteration means the
+          # AST-side `< Parent` reached a gem-shipped class
+          # whose ancestor methods are invisible to us.
+          seen_classes = {}
+          current = class_name
+          first = true
+          while current && !seen_classes[current]
+            seen_classes[current] = true
+            current_entry = @entries[current]
+            if current_entry.nil?
+              return true unless first
+
+              break
+            end
+            first = false
+
+            current_entry.included_module_names.each do |included|
+              resolved = resolve_constant_lexically(included, current_entry.enclosing_namespace)
+              return true if resolved.nil? || !@entries.key?(resolved)
+            end
+            next_parent = current_entry.parent_class_name
+            # Avoid lexically resolving to ourselves. `class
+            # ActivityPub::ApplicationController < ::ApplicationController`
+            # would otherwise resolve `ApplicationController` (in
+            # the lexical scope `["ActivityPub"]`) to
+            # `ActivityPub::ApplicationController` and short-
+            # circuit the walk before reaching the top-level
+            # parent. When the lexical match is the current
+            # class itself, fall back to the unprefixed
+            # top-level name.
+            current = if next_parent
+                        resolved = resolve_constant_lexically(next_parent, current_entry.enclosing_namespace)
+                        resolved == current ? next_parent.sub(/\A::/, "") : resolved
+                      end
           end
+          false
         end
 
         def empty?
@@ -92,30 +168,57 @@ module Rigor
         private
 
         def collect_methods(name, seen, into)
+          return if name.nil?
+
           entry = @entries[name]
           return if entry.nil? || seen[name]
 
           seen[name] = true
           into.concat(entry.defined_methods)
           entry.included_module_names.each do |included|
-            collect_methods(included, seen, into)
+            resolved = resolve_constant_lexically(included, entry.enclosing_namespace)
+            collect_methods(resolved, seen, into)
           end
         end
 
-        # Yields each transitively-included module name (whether
-        # we have an entry for it or not). Returns nil; callers
-        # use it for visit-and-classify, not to collect.
-        def walk_includes(name, seen, &)
-          return if seen[name]
-
-          seen[name] = true
-          entry = @entries[name]
-          return unless entry
-
-          entry.included_module_names.each do |included|
-            yield included
-            walk_includes(included, seen, &)
+        # Ruby's constant-lookup walk: a bare constant name
+        # inside `module Admin` first tries `Admin::Const`,
+        # then walks outward, and finally falls through to
+        # top-level `Const`. We approximate that by trying
+        # the candidate `enclosing + name` chains from
+        # deepest to shallowest, and returning the first
+        # candidate that has an entry in the index. When
+        # nothing resolves, return the original name
+        # unchanged — the caller treats unresolved entries as
+        # "gem-shipped concerns we cannot see" (the
+        # `unresolved_include?` predicate).
+        #
+        # `name` may already be qualified (`Foo::Bar`); we
+        # only try lexical prefixing when the unqualified
+        # first segment doesn't match a top-level entry.
+        def resolve_constant_lexically(name, enclosing)
+          return nil if name.nil?
+
+          # A leading `::` denotes the top-level constant
+          # explicitly (`< ::ApplicationController`). Strip it
+          # for index lookup — the discoverer registers entries
+          # under their unprefixed name. Without this strip a
+          # `class ActivityPub::ApplicationController <
+          # ::ApplicationController` parent never resolved.
+          name = name.sub(/\A::/, "")
+
+          # Constant already absolute or no enclosing scope.
+          return name if enclosing.nil? || enclosing.empty?
+
+          # Try the deepest enclosing scope first, walking
+          # outward. `enclosing = ["A", "B"]` produces
+          # candidates `["A::B::name", "A::name", "name"]`.
+          enclosing.length.downto(0).each do |depth|
+            prefix = enclosing[0, depth]
+            candidate = prefix.empty? ? name : "#{prefix.join('::')}::#{name}"
+            return candidate if @entries.key?(candidate)
           end
+          name
         end
       end
     end

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack.rb

@@ -68,7 +68,18 @@ module Rigor
     class Actionpack < Rigor::Plugin::Base
       manifest(
         id: "actionpack",
-        version: "0.1.0",
+        # Bumped 2026-05-27 — analyzer-side nested-module
+        # qualification slice. `diagnose_filters` and
+        # `diagnose_renders` now thread the enclosing
+        # namespace through the AST walk so a
+        # `module Admin; class DomainBlocksController; end`
+        # file resolves as `Admin::DomainBlocksController`
+        # — matching the qualification the
+        # `ControllerDiscoverer` already records. Fixes render
+        # paths (`admin/domain_blocks/new` not bare
+        # `domain_blocks/new`) and filter-chain validation
+        # silently skipping nested controllers.
+        version: "0.7.0",
         description: "Validates Action Pack route-helper calls and filter chains inside controllers.",
         config_schema: {
           "controller_search_paths" => :array,
@@ -147,8 +158,11 @@ module Rigor
       # render shapes are recognised purely from the call site
       # + class name, no per-controller pre-discovery needed.
       def render_diagnostics(path, root)
-        Analyzer.diagnose_renders(path: path, root: root, view_search_roots: @view_search_paths)
-                .map { |diag| build_diagnostic(diag) }
+        Analyzer.diagnose_renders(
+          path: path, root: root,
+          view_search_roots: @view_search_paths,
+          controller_index: controller_index_or_nil
+        ).map { |diag| build_diagnostic(diag) }
       end
 
       # Phase 1 — strong-parameter validation. Reads the

data/plugins/rigor-activerecord/lib/rigor/plugin/activerecord/analyzer.rb

@@ -90,6 +90,16 @@ module Rigor
           keyword_pairs = keyword_argument_pairs(node)
           return push_recognised(node, entry) if keyword_pairs.empty?
 
+          # Models with no schema-side columns are virtual — backed
+          # by a database VIEW (Mastodon's `Instance` model wraps a
+          # SQL view that isn't in `db/schema.rb`), seeded from an
+          # external source, or otherwise opaque to our schema
+          # parser. Without a column set we cannot meaningfully
+          # check query keys; surface the call as recognised and
+          # skip column validation entirely rather than firing a
+          # false `unknown-column` against every key.
+          return push_recognised(node, entry, keyword_pairs.map { |p| p[:key] }) if entry.column_names.empty?
+
           unknown = keyword_pairs.reject { |pair| valid_query_key?(entry, pair[:key]) }
           if unknown.empty?
             keyword_pairs.each { |pair| validate_enum_value(node, entry, pair) }

data/plugins/rigor-activerecord/lib/rigor/plugin/activerecord/schema_parser.rb

@@ -157,7 +157,8 @@ module Rigor
           SchemaTable::Column.new(
             name: name,
             type: type,
-            ruby_type: SchemaTable.ruby_type_for(type)
+            ruby_type: SchemaTable.ruby_type_for(type),
+            array: keyword_true?(call_node, :array)
           )
         end
 
@@ -180,6 +181,14 @@ module Rigor
         end
 
         def references_polymorphic?(call_node)
+          keyword_true?(call_node, :polymorphic)
+        end
+
+        # Returns true iff `call_node` has a `name: true` keyword
+        # argument. Used to detect schema modifiers like
+        # `t.bigint "status_ids", array: true` (Postgres array
+        # column) and `t.references "x", polymorphic: true`.
+        def keyword_true?(call_node, name)
           return false if call_node.arguments.nil?
 
           call_node.arguments.arguments.each do |arg|
@@ -187,7 +196,7 @@ module Rigor
 
             arg.elements.each do |pair|
               next unless pair.is_a?(Prism::AssocNode)
-              next unless symbol_key(pair.key) == :polymorphic
+              next unless symbol_key(pair.key) == name
 
               return pair.value.is_a?(Prism::TrueNode)
             end
@@ -207,7 +216,8 @@ module Rigor
           SchemaTable::Column.new(
             name: name,
             type: type_sym,
-            ruby_type: SchemaTable.ruby_type_for(type_sym)
+            ruby_type: SchemaTable.ruby_type_for(type_sym),
+            array: keyword_true?(call_node, :array)
           )
         end
 

data/plugins/rigor-activerecord/lib/rigor/plugin/activerecord/schema_table.rb

@@ -16,8 +16,12 @@ module Rigor
       # ltree, hstore, custom) fall back to `Object` so the
       # plugin stays silent rather than guessing.
       class SchemaTable
-        Column = Struct.new(:name, :type, :ruby_type, keyword_init: true) do
-          def to_h = { name: name, type: type, ruby_type: ruby_type }
+        Column = Struct.new(:name, :type, :ruby_type, :array, keyword_init: true) do
+          def to_h = { name: name, type: type, ruby_type: ruby_type, array: array }
+
+          def array?
+            array == true
+          end
         end
 
         # Map ActiveRecord column types → Ruby class names.

data/plugins/rigor-activerecord/lib/rigor/plugin/activerecord.rb

@@ -59,7 +59,14 @@ module Rigor
     class Activerecord < Rigor::Plugin::Base
       manifest(
         id: "activerecord",
-        version: "0.1.0",
+        # Bumped 2026-05-28 — implicit-self class-side AR call
+        # resolution: `select(:uri).group(:uri)` inside a scope
+        # lambda body / class-method body now contributes
+        # `Relation[Model]` via `scope.self_type` instead of
+        # falling through to `Kernel#select` (the IO multiplexer,
+        # `Array[String]` return). Plus `:select` added to the
+        # relation-entry-point list.
+        version: "0.5.0",
         description: "Types ActiveRecord finders against the project's db/schema.rb and AR models.",
         config_schema: {
           "schema_file" => :string,
@@ -167,10 +174,33 @@ module Rigor
           return load_error_diagnostics(path)
         end
         return [] if index.empty?
+        return [] if migration_path?(path)
 
         Analyzer.new(path: path, model_index: index).analyze(root).diagnostics
       end
 
+      # Rails migration files (`db/migrate/<timestamp>_*.rb`)
+      # and post-migration files (`db/post_migrate/`) reference
+      # the EVOLVING schema at the time the migration was
+      # written — `User.where(admin: ...)` is valid when the
+      # migration ran on a schema that still had the `admin`
+      # column, even though the current `db/schema.rb` no
+      # longer carries it. Validating these files against the
+      # CURRENT schema is a category error; the column
+      # diagnostics MUST stay silent.
+      MIGRATION_PATH_PATTERNS = [
+        %r{(\A|/)db/migrate/},
+        %r{(\A|/)db/post_migrate/}
+      ].freeze
+      private_constant :MIGRATION_PATH_PATTERNS
+
+      def migration_path?(path)
+        return false if path.nil?
+
+        path_s = path.to_s
+        MIGRATION_PATH_PATTERNS.any? { |pattern| path_s.match?(pattern) }
+      end
+
       # v0.1.2 — return-type contribution. `Model.find(id)`
       # narrows the call site's return type to `Nominal[Model]`,
       # so chained calls (`User.find(1).name`) resolve through
@@ -183,14 +213,18 @@ module Rigor
       # more precise than the RBS envelope.
       def flow_contribution_for(call_node:, scope:)
         return nil unless call_node.is_a?(Prism::CallNode)
-        return nil if call_node.receiver.nil?
 
         index = model_index
         return nil if index.nil? || index.empty?
 
-        return_type = class_call_return_type(call_node, index) ||
-                      relation_call_return_type(call_node, scope, index) ||
-                      instance_call_return_type(call_node, scope, index)
+        return_type =
+          if call_node.receiver
+            class_call_return_type(call_node, index) ||
+              relation_call_return_type(call_node, scope, index) ||
+              instance_call_return_type(call_node, scope, index)
+          else
+            implicit_self_class_call_return_type(call_node, scope, index)
+          end
         return nil if return_type.nil?
 
         Rigor::FlowContribution.new(
@@ -217,6 +251,37 @@ module Rigor
           class_scope_return_type(call_node, entry)
       end
 
+      # Implicit-self class-side call: `select(:uri)` /
+      # `where(active: true)` inside a `def self.<method>` body,
+      # a class body, or a scope lambda body (`scope :x, -> { ... }`).
+      # The surrounding `self_type` is `Singleton[Model]` in all
+      # three cases, so the same finder / scope / relation entry-
+      # point resolution that handles `Model.where(...)` applies.
+      #
+      # Without this, `select(:uri)` inside a class body falls
+      # through to RBS dispatch on `Singleton[Account]`, which
+      # finds `Kernel#select` (the IO multiplexer) at
+      # `core/kernel.rbs` — its `Array[String]` return masks the
+      # AR class-side `select`'s relation return type, so the
+      # canonical scope-body idiom
+      #
+      #   scope :duplicate_uris, -> { select(:uri).group(:uri) }
+      #
+      # types `select(:uri)` as `Array[String]` and the chained
+      # `.group` as `undefined-method`.
+      def implicit_self_class_call_return_type(call_node, scope, index)
+        return nil if scope.nil?
+
+        self_type = scope.self_type
+        return nil unless self_type.is_a?(Rigor::Type::Singleton)
+
+        entry = index.find(self_type.class_name) || index.find("::#{self_type.class_name}")
+        return nil if entry.nil?
+
+        finder_return_type(call_node, entry) ||
+          class_scope_return_type(call_node, entry)
+      end
+
       # Class-side finders + the class-side relation entry points.
       # `find` / `find_by!` return the model; `find_by` adds the
       # `nil` arm; `where` / `all` / `order` / `limit` / `none`
@@ -238,7 +303,15 @@ module Rigor
             Rigor::Type::Combinator.nominal_of(entry.class_name),
             Rigor::Type::Combinator.constant_of(nil)
           )
-        when :where, :all, :order, :limit, :none
+        when :where, :all, :order, :limit, :none, :select
+          # `:select` was added to close Mastodon's
+          # `scope :duplicate_uris, -> { select(:uri).group(:uri).having(...) }`
+          # shape: the implicit-self `select(:uri)` inside the
+          # scope lambda body had been resolving to `Kernel#select`
+          # (IO multiplexer, return `Array[String]`), masking the
+          # AR class-side relation entry point. The rest of the
+          # query DSL chains through the bundled `ActiveRecord::Relation`
+          # RBS once a relation is open.
           relation_of(entry.class_name)
         end
       end
@@ -383,7 +456,10 @@ module Rigor
         return nil if column.nil?
         return bool_type if predicate
 
-        ruby_type_to_type(column.ruby_type)
+        inner = ruby_type_to_type(column.ruby_type)
+        return nil if inner.nil?
+
+        column.array? ? Rigor::Type::Combinator.nominal_of("Array", type_args: [inner]) : inner
       end
 
       # Maps a `SchemaTable::Column#ruby_type` string to a Rigor

data/plugins/rigor-activesupport-core-ext/lib/rigor/plugin/activesupport_core_ext.rb

@@ -23,7 +23,10 @@ module Rigor
     class ActivesupportCoreExt < Rigor::Plugin::Base
       manifest(
         id: "activesupport-core-ext",
-        version: "0.1.0",
+        # Bumped 2026-05-28 — added Date#midnight /
+        # at_midnight / beginning_of_day / end_of_day (Rails
+        # aliases that return Time, not Date).
+        version: "0.2.0",
         description: "RBS bundle for the most-frequently-flagged ActiveSupport core_ext extensions.",
         signature_paths: ["sig"]
       )

data/plugins/rigor-activesupport-core-ext/sig/active_support/core_ext.rbs

@@ -302,6 +302,18 @@ class Date
   def ago: (Numeric seconds) -> Time
   def since: (Numeric seconds) -> Time
   def acts_like_date?: () -> true
+
+  # `core_ext/date/calculations` — `Date#midnight` /
+  # `Date#at_midnight` are aliases for `beginning_of_day`.
+  # Rails' `beginning_of_day` on Date returns a Time at
+  # midnight of that day (not a Date). Mastodon's
+  # `Date.current.at_midnight` shape relies on this.
+  def beginning_of_day: () -> Time
+  def midnight: () -> Time
+  def at_midnight: () -> Time
+  def at_beginning_of_day: () -> Time
+  def end_of_day: () -> Time
+  def at_end_of_day: () -> Time
 end
 
 # ---------------------------------------------------------------
@@ -401,8 +413,11 @@ class Hash[unchecked out K, unchecked out V]
                  | (Hash[K, V]) { (K, V, V) -> V } -> self
 
   # `core_ext/hash/except` — `Hash#except` is in core RBS as of
-  # Ruby 3.0+; `except!` is ActiveSupport-only.
+  # Ruby 3.0+; `except!` is ActiveSupport-only. ActiveSupport
+  # also aliases `Hash#without` to `Hash#except`, used by
+  # `Mastodon`-shaped `options.without('type').merge(...)` chains.
   def except!: (*K) -> self
+  def without: (*K) -> Hash[K, V]
 
   # `core_ext/hash/conversions`
   def to_query: (?String namespace) -> String

data/plugins/rigor-rails-i18n/lib/rigor/plugin/rails_i18n/analyzer.rb

@@ -36,6 +36,12 @@ module Rigor
         # `::I18n.t`).
         I18N_RECEIVER_NAMES = %w[I18n ::I18n].freeze
 
+        # Matches controller file paths so lazy keys (`.key`)
+        # can be expanded to `<controller_scope>.<action>.<key>`.
+        # Captures the path segment between `controllers/` and
+        # `_controller.rb` (e.g. `users`, `admin/users`).
+        CONTROLLER_PATH_RE = %r{(?:^|/)controllers/(.+)_controller\.rb$}
+
         # Reserved option keys — these are recognised by I18n
         # itself and not treated as interpolation variables.
         RESERVED_OPTION_KEYS = %i[
@@ -43,19 +49,54 @@ module Rigor
           fallback_in_progress separator deep_interpolation
         ].to_set.freeze
 
+        # Key prefixes Rails / `rails-i18n` ship in every
+        # locale by default. Projects whose own locale files
+        # don't redeclare them still get them at runtime (via
+        # the `rails-i18n` gem's bundled locale catalogues).
+        # `t('date.order')` is the canonical Mastodon case —
+        # used by `Settings::Date::Order` and date-of-birth
+        # selects, never authored project-side. Skip
+        # `unknown-key` for these; downstream interpolation
+        # checks have nothing to validate without a leaf entry
+        # so they decline silently too.
+        RAILS_SHIPPED_KEY_PREFIXES = %w[
+          date.
+          time.
+          datetime.
+          support.array.
+          errors.format
+          errors.messages.
+          number.
+          helpers.select.
+          helpers.submit.
+          helpers.label.
+          i18n.transliterate.
+          activerecord.errors.messages.
+          activerecord.errors.models.
+        ].freeze
+
         Diagnostic = Struct.new(:path, :line, :column, :severity, :rule, :message, keyword_init: true)
 
         module_function
 
+        def rails_shipped_key?(literal_key)
+          key_str = literal_key.to_s
+          RAILS_SHIPPED_KEY_PREFIXES.any? { |prefix| key_str.start_with?(prefix) }
+        end
+
         # @param path [String]
         # @param root [Prism::Node]
         # @param locale_index [LocaleIndex]
         # @param configured_locales [Array<String>]
         # @return [Array<Diagnostic>]
         def diagnose(path:, root:, locale_index:, configured_locales:)
+          controller_scope = controller_scope_from_path(path)
           diagnostics = []
-          walk(root) do |call_node|
-            literal_key = literal_key_for(call_node)
+          walk(root) do |call_node, action|
+            raw_key = literal_key_for(call_node)
+            next if raw_key.nil?
+
+            literal_key = expand_key(raw_key, controller_scope: controller_scope, action: action)
             next if literal_key.nil?
 
             options = options_hash(call_node)
@@ -70,6 +111,14 @@ module Rigor
               # from).
               next if locale_index.pluralization_namespace?(literal_key)
 
+              # Rails / rails-i18n ship `date.order`, `time.am`,
+              # `support.array.words_connector`, etc. in every
+              # locale at runtime even when the project's own
+              # locale files don't repeat them. Accept silently
+              # — no leaf entry → no downstream interpolation
+              # check to run.
+              next if rails_shipped_key?(literal_key)
+
               diagnostics << unknown_key_diagnostic(path, call_node, literal_key, locale_index)
               next
             end
@@ -85,11 +134,38 @@ module Rigor
           diagnostics
         end
 
-        def walk(node, &)
+        # Walks the AST yielding `[call_node, action]` pairs where
+        # `action` is the name of the innermost enclosing `def`
+        # method (or `nil` when the call is at the top level).
+        def walk(node, action: nil, &)
           return unless node.is_a?(Prism::Node)
 
-          yield node if node.is_a?(Prism::CallNode) && translate_call_candidate?(node)
-          node.compact_child_nodes.each { |child| walk(child, &) }
+          current_action = node.is_a?(Prism::DefNode) ? node.name.to_s : action
+          yield node, current_action if node.is_a?(Prism::CallNode) && translate_call_candidate?(node)
+          node.compact_child_nodes.each { |child| walk(child, action: current_action, &) }
+        end
+
+        # Derives the Rails controller scope from the file path,
+        # e.g. `app/controllers/admin/users_controller.rb` → `admin.users`.
+        # Returns nil for non-controller paths.
+        def controller_scope_from_path(path)
+          m = CONTROLLER_PATH_RE.match(path.to_s)
+          return nil unless m
+
+          m[1].tr("/", ".")
+        end
+
+        # Expands a lazy key (starting with `.`) to its full
+        # dotted path using the controller scope and action name.
+        # Returns the raw key unchanged for absolute keys.
+        # Returns nil for lazy keys outside a controller context
+        # or without an enclosing action — these are silently
+        # skipped to avoid false positives.
+        def expand_key(raw_key, controller_scope:, action:)
+          return raw_key unless raw_key.start_with?(".")
+          return nil unless controller_scope && action
+
+          "#{controller_scope}.#{action}#{raw_key}"
         end
 
         def translate_call_candidate?(node)

data/plugins/rigor-rails-i18n/lib/rigor/plugin/rails_i18n.rb

@@ -44,8 +44,13 @@ module Rigor
     #
     # - Only literal-string keys are validated. `t(key)` with
     #   a variable receiver is silently passed through.
-    # - Lazy lookup (`t('.title')` resolved against the
-    #   rendered controller / view path) is out of scope.
+    # - Lazy lookup (`t('.key')`) is supported for controller
+    #   files (`app/controllers/**/*_controller.rb`): the key
+    #   is expanded to `<controller_scope>.<action>.<key>`
+    #   using the file path and the innermost enclosing `def`.
+    #   Lazy keys in non-controller `.rb` files (models, helpers,
+    #   mailers, …) are silently skipped — the controller/action
+    #   scope cannot be statically determined there.
     # - Pluralization (`t('errors.messages.too_short',
     #   count: n)`) is recognised at the call site but the
     #   `count` key is not used to validate the locale's
@@ -56,7 +61,10 @@ module Rigor
     class RailsI18n < Rigor::Plugin::Base
       manifest(
         id: "rails-i18n",
-        version: "0.1.0",
+        # Bumped 2026-05-28 — skip `unknown-key` on Rails / rails-
+        # i18n shipped defaults (`date.order`, `time.am`,
+        # `support.array.*`, `errors.format`, …).
+        version: "0.2.0",
         description: "Validates I18n `t(key)` calls against `config/locales/*.yml`.",
         config_schema: {
           "locale_search_paths" => :array,