rigortype 0.1.19 → 0.2.0

data/lib/rigor/analysis/dependency_source_inference/index.rb

@@ -6,14 +6,11 @@ module Rigor
   module Analysis
     module DependencySourceInference
       # Per-run collection of gem-source-inference state. Holds
-      # the resolved gems the walker MAY visit (slice 2b) plus
-      # the unresolvable entries the runner SHOULD surface as
+      # the resolved gems the walker visits plus the unresolvable
+      # entries the runner surfaces as
       # `dynamic.dependency-source.gem-not-found` diagnostics.
-      #
-      # Slice 2a lands the data structure only; the dispatcher
-      # tier consults {#contribution_for} but the lookup always
-      # answers `nil` until slice 2b populates the method table
-      # by walking the resolved gems' `roots:`.
+      # The method table is fully populated by {Walker} at build
+      # time; {#contribution_for} returns live entries.
       class Index
         attr_reader :resolved_gems, :unresolvable, :method_catalog, :budget_exceeded,
                     :class_to_gem, :budget_overrun_strategy, :gem_modes

data/lib/rigor/analysis/dependency_source_inference/walker.rb

@@ -3,6 +3,7 @@
 require "prism"
 
 require_relative "return_type_heuristic"
+require_relative "../../source/constant_path"
 
 module Rigor
   module Analysis
@@ -166,7 +167,7 @@ module Rigor
         # children under the same prefix so any inner class
         # definitions are still recorded under their own name.
         def descend_class_or_module(node, qualified_prefix, in_singleton_class, accumulator, budget)
-          name = qualified_name_for(node.constant_path)
+          name = Source::ConstantPath.qualified_name_or_nil(node.constant_path)
           if name && node.body
             walk_node(node.body, qualified_prefix + [name], in_singleton_class, accumulator, budget)
           else
@@ -197,23 +198,6 @@ module Rigor
           return_type = ReturnTypeHeuristic.extract(node)
           accumulator[key] = CatalogEntry.new(kind: kind, return_type: return_type)
         end
-
-        # Resolves a `Prism::ConstantPathNode` /
-        # `Prism::ConstantReadNode` chain to its dot-separated
-        # name (e.g. `"Foo::Bar"`). Returns nil for the rare
-        # dynamic-prefix shape (`module ::Foo`-rooted variants
-        # whose left side is a runtime expression) so the
-        # walker treats those as opaque rather than guessing.
-        def qualified_name_for(node)
-          case node
-          when Prism::ConstantReadNode then node.name.to_s
-          when Prism::ConstantPathNode
-            parent = node.parent.nil? ? nil : qualified_name_for(node.parent)
-            return nil if !node.parent.nil? && parent.nil?
-
-            parent.nil? ? node.name.to_s : "#{parent}::#{node.name}"
-          end
-        end
       end
     end
   end

data/lib/rigor/analysis/dependency_source_inference.rb

@@ -20,18 +20,9 @@ module Rigor
     # - {Builder.build} folds a `Configuration::Dependencies`
     #   into a frozen {Index} carrying the partitioned outcomes.
     # - {Index} holds the per-run state the dispatcher tier
-    #   consults via `#contribution_for`. Slice 2a ships the
-    #   stub returning `nil`; slice 2b populates the method
-    #   table by walking each resolved gem's `roots:`.
-    #
-    # Per the ADR's "Implementation slicing" section, slice 2 is
-    # split internally:
-    #
-    # - Slice 2a (this commit): gem resolution, index plumbing,
-    #   `Analysis::Runner` wiring, `dynamic.dependency-source.gem-not-found`
-    #   diagnostic for unresolvable entries.
-    # - Slice 2b (next commit): walker, dispatcher tier
-    #   integration, `Type::Dynamic`-wrapped returns.
+    #   consults via `#contribution_for`; the method table is
+    #   fully populated by {Walker} walking each resolved gem's
+    #   `roots:`.
     module DependencySourceInference
     end
   end

data/lib/rigor/analysis/fact_store.rb

@@ -4,10 +4,11 @@ module Rigor
   module Analysis
     # Immutable storage for flow-sensitive facts attached to a Scope snapshot.
     #
-    # The first implementation keeps the bucket model deliberately small:
-    # callers can record local-binding and relational facts, invalidate all
-    # facts that mention a target, and conservatively join two stores by
-    # retaining only facts that both incoming edges share.
+    # Six buckets (see BUCKETS): local_binding, captured_local,
+    # object_content, global_storage, dynamic_origin, relational.
+    # Callers can record facts, invalidate all facts that mention a target,
+    # and conservatively join two stores by retaining only facts that both
+    # incoming edges share.
     class FactStore
       BUCKETS = %i[
         local_binding

data/lib/rigor/analysis/rule_catalog.rb

@@ -29,19 +29,48 @@ module Rigor
     # - `severity_by_profile` — Hash of `:lenient` / `:balanced`
     #   / `:strict` to the configured severity per profile, taken
     #   from `Configuration::SeverityProfile::PROFILES`.
+    # - `evidence_tier` — `:high` / `:medium` / `:low` (or `nil`
+    #   for informational helpers), Rigor's own confidence that a
+    #   firing is a true positive, derived from the rule's firing
+    #   gates. `:high` rules fire only on a concrete, statically-
+    #   known type with no metaprogramming escape (Rigor's false-
+    #   positive discipline has already filtered the uncertain
+    #   cases); `:medium` rules rest on flow / inference proofs
+    #   that inherit a documented FP envelope (loop / mutation /
+    #   RBS-strictness modelling gaps); `:low` rules are
+    #   resolution- or coverage-gap signals where a firing often
+    #   reflects missing context rather than a definite bug. The
+    #   tier routes a consumer's attention (and lets a downstream
+    #   classifier promote a `:high` firing without cross-tool
+    #   corroboration); it never feeds severity — that stays the
+    #   `severity_profile:` decision.
     # - `since` — first version the rule shipped in.
     module RuleCatalog # rubocop:disable Metrics/ModuleLength
+      # Stable documentation home for a built-in rule. `documentation_url`
+      # appends a per-rule fragment that resolves to the rule's anchor in
+      # the published diagnostics catalogue; the page itself points at
+      # `rigor explain <rule>` as the authoritative per-rule reference.
+      # Mirrors the gemspec `documentation_uri` URL scheme (`…/tree/main`).
+      DOCUMENTATION_BASE = "https://github.com/rigortype/rigor/blob/main/docs/manual/04-diagnostics.md"
+
       class Entry < Data.define(:id, :summary, :fires_when, :does_not_fire_when,
-                                :suppression, :severity_authored, :severity_by_profile, :since)
+                                :suppression, :severity_authored, :severity_by_profile,
+                                :evidence_tier, :since)
         def aliases
           CheckRules::LEGACY_RULE_ALIASES.select { |_legacy, canonical| canonical == id }.keys
         end
 
+        # Stable per-rule documentation URL (see {RuleCatalog.documentation_url}).
+        def documentation_url
+          RuleCatalog.documentation_url(id)
+        end
+
         # Hash-shaped form for `--format=json` consumers. Keys are
         # Strings so the payload is JSON-stable without a transform
-        # pass.
+        # pass. `evidence_tier` is omitted when nil (informational
+        # helpers carry no confidence tier).
         def to_h
-          {
+          base = {
             "id" => id,
             "aliases" => aliases,
             "summary" => summary,
@@ -50,8 +79,11 @@ module Rigor
             "suppression" => suppression,
             "severity_authored" => severity_authored.to_s,
             "severity_by_profile" => severity_by_profile.transform_keys(&:to_s).transform_values(&:to_s),
+            "documentation_url" => documentation_url,
             "since" => since
           }
+          base["evidence_tier"] = evidence_tier.to_s if evidence_tier
+          base
         end
       end
 
@@ -75,6 +107,7 @@ module Rigor
                        "or `disable: [\"call.undefined-method\"]` in `.rigor.yml`.",
           severity_authored: :error,
           severity_by_profile: { lenient: :error, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.0.1"
         ),
 
@@ -98,9 +131,43 @@ module Rigor
                        "`severity_overrides: { call.self-undefined-method: warning }` in `.rigor.yml`.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :off, balanced: :off, strict: :off },
+          # Off by default and metaprogramming-prone — a firing on a
+          # class whose real surface the per-class scan cannot enumerate
+          # (C-extension, `class << self`, dynamic accessors) is the
+          # known FP mode, so a firing is a candidate to review, not a
+          # high-confidence bug.
+          evidence_tier: :low,
           since: "0.1.17"
         ),
 
+        CheckRules::RULE_UNRESOLVED_TOPLEVEL => Entry.new(
+          id: CheckRules::RULE_UNRESOLVED_TOPLEVEL,
+          summary: "Top-level implicit-self call resolves against no def, pre_eval: patch, or Kernel method.",
+          fires_when: [
+            "The call is an implicit-self call (no receiver) at top level (outside any class / module body).",
+            "Its name resolves against no same-file top-level `def`.",
+            "No ADR-17 `pre_eval:` monkey-patch on `Object` / `Kernel` declares it.",
+            "It is not a standard `Kernel` / `Object` private method (`puts`, `require`, `loop`, …)."
+          ],
+          does_not_fire_when: [
+            "The call has an explicit receiver, or sits inside a `def` / `class` / `module` body (ADR-24 WD3 " \
+            "stays lenient there).",
+            "A project file defines the name via a top-level `def` or an Object/Kernel monkey-patch listed in " \
+            "`.rigor.yml`'s `pre_eval:` (ADR-17).",
+            "The name is a Kernel/Object method visible in the loaded RBS environment."
+          ],
+          suppression: "`# rigor:disable call.unresolved-toplevel` on the call line, or list the defining " \
+                       "file in `.rigor.yml`'s `pre_eval:` so the analyzer sees the top-level `def` / patch.",
+          severity_authored: :warning,
+          severity_by_profile: { lenient: :off, balanced: :warning, strict: :error },
+          # A firing is frequently a resolution gap — the defining file
+          # is not in the analyzed set or injects the method via a
+          # metaprogramming patch the analyzer does not see — rather than
+          # a definite typo, so it routes to the `pre_eval:` review path.
+          evidence_tier: :low,
+          since: "0.1.14"
+        ),
+
         CheckRules::RULE_WRONG_ARITY => Entry.new(
           id: CheckRules::RULE_WRONG_ARITY,
           summary: "Call's positional argument count is outside the declared overloads' envelope.",
@@ -117,6 +184,7 @@ module Rigor
           suppression: "`# rigor:disable call.wrong-arity`.",
           severity_authored: :error,
           severity_by_profile: { lenient: :error, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.0.1"
         ),
 
@@ -125,17 +193,22 @@ module Rigor
           summary: "Call passes an argument whose type the parameter cannot accept.",
           fires_when: [
             "The parameter type rejects the argument under `accepts(arg, mode: :gradual)`.",
-            "Method has a single overload (multi-overload checking is deferred).",
+            "Single-overload: no overload accepts the arg class (ADR-64 non-nil channel).",
+            "Multi-overload: every overload rejects a pure-`nil` arg (ADR-64 nil channel) " \
+            "or every overload rejects a single concrete non-nil arg class (non-nil channel).",
             "Both sides have a non-Dynamic concrete type."
           ],
           does_not_fire_when: [
             "Either the parameter or the argument is `Dynamic[T]`.",
-            "Method has multiple overloads.",
-            "Method has `*rest_positionals`, required keywords, or trailing positionals."
+            "The call is a coerce-dispatch operator (`+`, `-`, `*`, `/`, `<`, `>`, …) — " \
+            "excluded because the `coerce` protocol makes acceptance undecidable.",
+            "Method has `*rest_positionals`, required keywords, or trailing positionals.",
+            "The argument type is a union (not a single concrete class)."
           ],
           suppression: "`# rigor:disable call.argument-type-mismatch`.",
           severity_authored: :error,
           severity_by_profile: { lenient: :warning, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.0.2"
         ),
 
@@ -155,6 +228,7 @@ module Rigor
           suppression: "`# rigor:disable call.possible-nil-receiver`.",
           severity_authored: :error,
           severity_by_profile: { lenient: :warning, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.0.2"
         ),
 
@@ -171,6 +245,9 @@ module Rigor
           suppression: "Remove the `dump_type` call (it's a debug helper, not a real diagnostic).",
           severity_authored: :info,
           severity_by_profile: { lenient: :info, balanced: :info, strict: :error },
+          # Informational helper, not a correctness finding — no
+          # confidence tier applies.
+          evidence_tier: nil,
           since: "0.0.1"
         ),
 
@@ -187,6 +264,7 @@ module Rigor
           suppression: "Update the assertion to the actual inferred type, or correct the source.",
           severity_authored: :error,
           severity_by_profile: { lenient: :error, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.0.1"
         ),
 
@@ -205,6 +283,7 @@ module Rigor
           suppression: "`# rigor:disable flow.always-raises`.",
           severity_authored: :error,
           severity_by_profile: { lenient: :warning, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.0.3"
         ),
 
@@ -224,6 +303,9 @@ module Rigor
                        "points at the dead branch, not the predicate, so the suppression goes there).",
           severity_authored: :warning,
           severity_by_profile: { lenient: :info, balanced: :warning, strict: :error },
+          # The literal-only firing envelope makes the deadness provable
+          # from syntax alone — no inference uncertainty.
+          evidence_tier: :high,
           since: "0.1.2"
         ),
 
@@ -246,6 +328,11 @@ module Rigor
           suppression: "`# rigor:disable always-truthy-condition` on the predicate line.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :info, balanced: :warning, strict: :error },
+          # Rests on inferred-constant folding, which inherits the
+          # loop / mutation FP envelope the `does_not_fire_when` guards
+          # narrow — true positive in the common case, but not literal-
+          # provable like `unreachable-branch`.
+          evidence_tier: :medium,
           since: "0.1.2"
         ),
 
@@ -271,6 +358,9 @@ module Rigor
           # ADR-47 WD4: balanced stays :info (one notch below its `flow.*`
           # siblings' :warning) until the regression-corpus FP gate is green.
           severity_by_profile: { lenient: :info, balanced: :info, strict: :warning },
+          # Narrowing-driven proof that inherits the `always-truthy`
+          # FP envelope; balanced keeps it `:info` pending the corpus gate.
+          evidence_tier: :medium,
           since: "0.1.17"
         ),
 
@@ -292,6 +382,11 @@ module Rigor
           suppression: "`# rigor:disable dead-assignment` on the offending line, or rename the local to `_<name>`.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :info, balanced: :warning, strict: :error },
+          # The unread-write proof is reliable, but it flags a code
+          # smell rather than a runtime fault, and the syntactic write
+          # classification has narrow corners (the `does_not_fire_when`
+          # exclusions).
+          evidence_tier: :medium,
           since: "0.1.2"
         ),
 
@@ -313,6 +408,10 @@ module Rigor
           suppression: "`# rigor:disable def.return-type-mismatch`.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :warning, balanced: :warning, strict: :error },
+          # Depends on re-typing the body against an authored RBS return;
+          # RBS strict-on-returns plus incomplete body inference makes a
+          # firing usually-right but not concrete-call certain.
+          evidence_tier: :medium,
           since: "0.1.0"
         ),
 
@@ -333,6 +432,7 @@ module Rigor
           suppression: "`# rigor:disable method-visibility-mismatch`.",
           severity_authored: :error,
           severity_by_profile: { lenient: :warning, balanced: :error, strict: :error },
+          evidence_tier: :high,
           since: "0.1.2"
         ),
 
@@ -356,6 +456,10 @@ module Rigor
           suppression: "`# rigor:disable def.override-visibility-reduced` on the override.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :off, balanced: :warning, strict: :error },
+          # Both the override and the shadowed ancestor visibility are
+          # statically observed from project source — the substitutability
+          # violation is concrete.
+          evidence_tier: :high,
           since: "0.1.15"
         ),
 
@@ -383,6 +487,9 @@ module Rigor
           suppression: "`# rigor:disable def.override-return-widened` on the override.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :off, balanced: :warning, strict: :error },
+          # Gated on both-sides-authored RBS and a resolvable subtype
+          # relationship, so a firing is a concrete covariance violation.
+          evidence_tier: :high,
           since: "0.1.15"
         ),
 
@@ -413,6 +520,9 @@ module Rigor
           suppression: "`# rigor:disable def.override-param-narrowed` on the override.",
           severity_authored: :warning,
           severity_by_profile: { lenient: :off, balanced: :warning, strict: :error },
+          # Gated on both-sides-authored RBS and a resolvable subtype
+          # relationship, so a firing is a concrete contravariance violation.
+          evidence_tier: :high,
           since: "0.1.15"
         ),
 
@@ -434,6 +544,9 @@ module Rigor
           suppression: "`# rigor:disable ivar-write-mismatch` on the offending write.",
           severity_authored: :error,
           severity_by_profile: { lenient: :warning, balanced: :warning, strict: :error },
+          # Both writes resolve to concrete classes before firing; the
+          # union / Dynamic / clear-idiom escapes are excluded.
+          evidence_tier: :high,
           since: "0.1.2"
         )
       }.freeze
@@ -466,6 +579,40 @@ module Rigor
       def all
         ENTRIES.values.sort_by(&:id)
       end
+
+      # Rigor's confidence tier (`:high` / `:medium` / `:low`) that a
+      # firing of `token` is a true positive, or nil for an
+      # informational rule (`dump.type`) or an unknown / non-built-in
+      # token (plugin and `rbs_extended.*` rules carry no built-in
+      # tier). Resolves legacy aliases. See {Entry}'s `evidence_tier`
+      # documentation for the tier semantics.
+      def evidence_tier(token)
+        entries = resolve(token)
+        return nil unless entries.size == 1
+
+        entries.first.evidence_tier
+      end
+
+      # Stable documentation URL for `token`, or nil for an unknown /
+      # non-built-in token. The URL is the published diagnostics
+      # catalogue page anchored at the rule's per-rule anchor
+      # (`#rule-<id-with-dots-as-dashes>`); the page itself names
+      # `rigor explain <rule>` as the authoritative per-rule reference.
+      # Resolves legacy aliases to the canonical id.
+      def documentation_url(token)
+        entries = resolve(token)
+        return nil unless entries.size == 1
+
+        "#{DOCUMENTATION_BASE}##{doc_anchor(entries.first.id)}"
+      end
+
+      # The per-rule fragment a `documentation_url` points at:
+      # `call.undefined-method` → `rule-call-undefined-method`. The
+      # `04-diagnostics.md` catalogue carries the matching `<a id>`
+      # anchors.
+      def doc_anchor(rule_id)
+        "rule-#{rule_id.tr('.', '-')}"
+      end
     end
   end
 end

data/lib/rigor/analysis/runner/diagnostic_aggregator.rb

@@ -423,23 +423,6 @@ module Rigor
           unresolved + lossy
         end
 
-        # ADR-10 slice 5c — drains the per-run
-        # {DependencySourceInference::BoundaryCrossReporter} into
-        # `dynamic.dependency-source.boundary-cross` `:info`
-        # diagnostics. Each event flags a call site where RBS
-        # dispatch produced a concrete answer AND a `mode: :full`
-        # opt-in gem's source catalog ALSO contains an entry for
-        # the same `(class_name, method_name)` — i.e., both
-        # contracts have an opinion. RBS still wins on the
-        # dispatch result; the diagnostic is purely advisory so
-        # the user can verify the two contracts haven't drifted.
-        #
-        # Severity profile re-stamps the rule per project taste.
-        # The diagnostic carries no `path` / `line` / `column`
-        # because the crossing is per-method-per-gem, not
-        # per-call-site — the diagnostic anchors at `.rigor.yml`
-        # like the other `dependency-source.*` diagnostics that
-        # report on opt-in configuration.
         # ADR-32 WD6 — drains the per-run
         # {Plugin::SourceRbsSynthesisReporter} into
         # `source-rbs-synthesis-failed` `:info` diagnostics. Each
@@ -469,6 +452,23 @@ module Rigor
           end
         end
 
+        # ADR-10 slice 5c — drains the per-run
+        # {DependencySourceInference::BoundaryCrossReporter} into
+        # `dynamic.dependency-source.boundary-cross` `:info`
+        # diagnostics. Each event flags a call site where RBS
+        # dispatch produced a concrete answer AND a `mode: :full`
+        # opt-in gem's source catalog ALSO contains an entry for
+        # the same `(class_name, method_name)` — i.e., both
+        # contracts have an opinion. RBS still wins on the
+        # dispatch result; the diagnostic is purely advisory so
+        # the user can verify the two contracts haven't drifted.
+        #
+        # Severity profile re-stamps the rule per project taste.
+        # The diagnostic carries no `path` / `line` / `column`
+        # because the crossing is per-method-per-gem, not
+        # per-call-site — the diagnostic anchors at `.rigor.yml`
+        # like the other `dependency-source.*` diagnostics that
+        # report on opt-in configuration.
         def boundary_cross_diagnostics
           return [] if @boundary_cross_reporter.empty?
 

data/lib/rigor/analysis/runner/project_pre_passes.rb

@@ -45,7 +45,8 @@ module Rigor
           :discovered_class_sources,
           :discovered_method_visibilities,
           :discovered_methods,
-          :data_member_layouts
+          :data_member_layouts,
+          :struct_member_layouts
         )
 
         # @param configuration [Rigor::Configuration]
@@ -139,7 +140,8 @@ module Rigor
             discovered_class_sources: def_index.fetch(:class_sources),
             discovered_method_visibilities: def_index.fetch(:method_visibilities),
             discovered_methods: def_index.fetch(:methods),
-            data_member_layouts: def_index.fetch(:data_member_layouts)
+            data_member_layouts: def_index.fetch(:data_member_layouts),
+            struct_member_layouts: def_index.fetch(:struct_member_layouts)
           )
         end
 
@@ -182,7 +184,8 @@ module Rigor
             discovered_class_sources: nil,
             discovered_method_visibilities: nil,
             discovered_methods: nil,
-            data_member_layouts: nil
+            data_member_layouts: nil,
+            struct_member_layouts: nil
           )
         end
 
@@ -278,11 +281,9 @@ module Rigor
         # `#diagnostics_for_file` raise envelope in
         # `plugin_runtime_error_diagnostic`.
         #
-        # Slice 3 visits plugins in registration order. Slice 5
-        # introduces topological ordering by `manifest(consumes:)`
-        # so producers always run before consumers; until then,
-        # `Configuration#plugins` order MUST be producer-first if
-        # cross-plugin dependencies exist.
+        # `Plugin::Loader` returns plugins in topological order by
+        # `manifest(consumes:)` (ADR-9 slice 5), so producers
+        # always run before consumers.
         def plugin_prepare_diagnostics(plugin_registry)
           return [] if plugin_registry.empty?
 

data/lib/rigor/analysis/runner.rb

@@ -58,11 +58,10 @@ module Rigor
       #   slices route real producers through it.
       # @param workers [Integer] ADR-15 Phase 4b — when greater
       #   than zero, per-file analysis dispatches across a pool of
-      #   N Ractor workers built around {WorkerSession}. Default
-      #   `0` keeps the sequential code path bit-for-bit
-      #   unchanged. Phase 4c will wire the CLI / `.rigor.yml`
-      #   surface that produces non-zero values; this slice
-      #   leaves the parameter as a programmatic opt-in only.
+      #   N workers. Default `0` keeps the sequential code path
+      #   bit-for-bit unchanged. Controlled via the
+      #   `RIGOR_RACTOR_WORKERS` env var or `.rigor.yml`
+      #   `parallel.workers:` (Phase 4c, fully wired).
       # @param collect_stats [Boolean] when true (default), `#run`
       #   builds a {RunStats} summary exposed via `result.stats`
       #   — this forces the RBS env build at end-of-run so the
@@ -163,6 +162,7 @@ module Rigor
         @project_discovered_method_visibilities = {}.freeze
         @project_discovered_methods = {}.freeze
         @project_data_member_layouts = {}.freeze
+        @project_struct_member_layouts = {}.freeze
         build_collaborators
       end
 
@@ -479,6 +479,7 @@ module Rigor
         end
         @project_discovered_methods = result.discovered_methods if result.discovered_methods
         @project_data_member_layouts = result.data_member_layouts if result.data_member_layouts
+        @project_struct_member_layouts = result.struct_member_layouts if result.struct_member_layouts
       end
       private :run_project_pre_passes, :adopt_prebuilt_project_scan, :apply_pre_passes_result
 
@@ -837,7 +838,7 @@ module Rigor
           tables[:discovered_method_visibilities] = @project_discovered_method_visibilities
         end
         tables[:discovered_methods] = @project_discovered_methods unless @project_discovered_methods.empty?
-        tables[:data_member_layouts] = @project_data_member_layouts unless @project_data_member_layouts.empty?
+        seed_member_layout_tables(tables)
         # ADR-46 slice 1 — the class-declaration source map is read only by
         # the ancestry accessors during dependency recording, so seed it
         # only when recording is on; a normal run never carries it.
@@ -847,6 +848,16 @@ module Rigor
         tables
       end
 
+      # ADR-48 — seed the Data + Struct member-layout tables (each only when
+      # non-empty). Extracted to keep {#project_scope_seed_tables} under the
+      # complexity budget.
+      def seed_member_layout_tables(tables)
+        tables[:data_member_layouts] = @project_data_member_layouts unless @project_data_member_layouts.empty?
+        return if @project_struct_member_layouts.empty?
+
+        tables[:struct_member_layouts] = @project_struct_member_layouts
+      end
+
       # ADR-46 slice 1 — when dependency recording is enabled, wrap the
       # per-file analysis so the cross-file reads its inference makes are
       # captured into `file_dependencies[path]`. Off by default: a normal

data/lib/rigor/analysis/self_call_resolution_recorder.rb

@@ -21,10 +21,9 @@ module Rigor
     # reach the recorder. This module is the ADR-46 / ADR-47 "collect at
     # evaluation time, never recompute" lesson applied to self-calls.
     #
-    # A later slice consumes the recorded misses behind a confidently-
-    # closed-class gate to emit `call.self-undefined-method`, behind its
-    # own external-corpus false-positive gate. This slice (4a) lands the
-    # plumbing OFF by default — {active?} is false on a normal run, so the
+    # ADR-24 slice 4 (`call.self-undefined-method`) consumes the recorded
+    # misses behind a confidently-closed-class gate (see `CheckRules` L775).
+    # The rule ships `:off` by default — {active?} is false on a normal run, so the
     # instrumented choke-point pays a single integer read and records
     # nothing. Recording is purely observational; it never changes a
     # diagnostic.

data/lib/rigor/analysis/worker_session.rb

@@ -21,21 +21,19 @@ module Rigor
   module Analysis
     # ADR-15 Phase 4a — per-worker analysis substrate.
     # [ADR-15](../../../docs/adr/15-ractor-concurrency.md)
-    # § Phase 4 carves the eventual Ractor-isolated worker pool
-    # into three sub-phases; this is the substrate that 4b will
-    # wrap in `Ractor.new` and 4c will gate behind
-    # `RIGOR_RACTOR_WORKERS`. NO Ractor in the loop yet — 4a
-    # exists so the per-worker ownership boundary is testable in
-    # the absence of any Ractor coordination.
+    # § Phase 4 carves the Ractor-isolated worker pool into sub-phases;
+    # 4a/4b/4c all landed, but the Ractor pool (4b) is blocked by Ruby
+    # Bug #22075 (UAF) — the active pool backend is fork (ADR-15 Amendment).
+    # This class exists so the per-worker ownership boundary is testable
+    # independently of any pool coordinator.
     #
     # The constructor takes only `Ractor.shareable?` inputs:
     #
     # - `configuration` — Phase 2a ({Rigor::Configuration} is
     #   `Ractor.shareable?`).
-    # - `cache_store` — frozen-shareable handle is NOT a precondition;
-    #   future 4b workers build their OWN Store at the shared
-    #   `cache_root` directory. 4a accepts an already-built Store
-    #   for the no-Ractor coordinator path.
+    # - `cache_store` — the fork backend passes the parent runner's
+    #   pre-built Store (`cache_store: @cache_store` in PoolCoordinator);
+    #   workers share it rather than building their own at `cache_root`.
     # - `plugin_blueprints` — Phase 3a
     #   (`Array<Plugin::Blueprint>` is `Ractor.shareable?`).
     # - `explain` — Boolean.
@@ -234,11 +232,9 @@ module Rigor
         Prism.parse(File.read(physical), filepath: path, version: @configuration.target_ruby)
       end
 
-      # Mirrors {Runner#build_trust_policy}. Workers under Phase
-      # 4b will need the same trust derivation, and the
-      # configuration is already shareable, so deriving it inside
+      # Mirrors {Runner#build_trust_policy}. Deriving trust inside
       # the session keeps the substrate decoupled from the
-      # coordinator's helper.
+      # coordinator; configuration is already Ractor-shareable.
       def build_trust_policy
         trusted_gems = @configuration.plugins.map { |entry| trusted_gem_name(entry) }.uniq
         roots = [Dir.pwd]