rigortype 0.1.9 → 0.1.11

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack/controller_discoverer.rb

@@ -0,0 +1,150 @@
+# frozen_string_literal: true
+
+require "prism"
+
+require_relative "controller_index"
+
+module Rigor
+  module Plugin
+    class Actionpack < Rigor::Plugin::Base
+      # Walks `controller_search_paths` building a
+      # {ControllerIndex} of `(class_name, methods,
+      # parent_class_name)` triples. Used by Phase 2 (filter
+      # chains) to validate that `before_action :name`
+      # references a method defined on the controller or its
+      # immediate parent.
+      #
+      # Limitations (per the Phase 2 design):
+      #
+      # - Single-class-per-file is the assumption — the walker
+      #   records the first top-level class node it encounters
+      #   per file. Files with multiple classes (rare in
+      #   `app/controllers/` outside of nested namespaces) only
+      #   contribute their first class.
+      # - One level of inheritance only. `class FooController <
+      #   ApplicationController` records `FooController`'s
+      #   methods + parent_class_name `"ApplicationController"`,
+      #   and the index resolves the inherited methods at lookup
+      #   time. Two-level chains (`AdminController <
+      #   AdminBaseController < ApplicationController`) are not
+      #   walked transitively in Phase 2; `AdminController`'s
+      #   inherited methods are limited to what
+      #   `AdminBaseController` directly defines, not what
+      #   `AdminBaseController` inherits.
+      # - Modules / `concerning :Auth` blocks are not walked.
+      class ControllerDiscoverer
+        def initialize(io_boundary:, search_paths:)
+          @io_boundary = io_boundary
+          @search_paths = search_paths
+        end
+
+        # @return [ControllerIndex]
+        def discover
+          entries = {}
+          ruby_files_under(@search_paths).each do |path|
+            harvest(path, entries)
+          end
+          ControllerIndex.new(entries.freeze)
+        end
+
+        private
+
+        def ruby_files_under(roots)
+          roots.flat_map do |root|
+            absolute = File.expand_path(root)
+            next [] unless File.directory?(absolute)
+
+            Dir.glob(File.join(absolute, "**", "*.rb"))
+          end
+        end
+
+        def harvest(path, entries)
+          contents = @io_boundary.read_file(path)
+          parse_result = Prism.parse(contents)
+          return unless parse_result.errors.empty?
+
+          locate_classes_and_modules(parse_result.value).each do |declaration_node|
+            entry = build_entry(declaration_node)
+            entries[entry.class_name] = entry if entry.class_name
+          end
+        rescue Plugin::AccessDeniedError, Errno::ENOENT
+          nil
+        end
+
+        # Recursive top-level descent. Returns every `ClassNode`
+        # and `ModuleNode` reachable through nested `module` /
+        # `class` blocks. Pre-fix only the **first** ClassNode
+        # was harvested, which meant controller files that
+        # define multiple classes lost coverage AND concern
+        # modules under `app/controllers/concerns/` were ignored
+        # entirely. The latter was the dominant Mastodon /
+        # Redmine FP: `before_action :require_account_signature!`
+        # references a method defined in a concern module that
+        # the harvester never visited.
+        def locate_classes_and_modules(node, into = [])
+          return into unless node.is_a?(Prism::Node)
+
+          into << node if node.is_a?(Prism::ClassNode) || node.is_a?(Prism::ModuleNode)
+          node.compact_child_nodes.each do |child|
+            locate_classes_and_modules(child, into)
+          end
+          into
+        end
+
+        def build_entry(declaration_node)
+          name = qualified_name_for(declaration_node.constant_path)
+          parent_name = if declaration_node.is_a?(Prism::ClassNode) && declaration_node.superclass
+                          qualified_name_for(declaration_node.superclass)
+                        end
+          methods = collect_def_names(declaration_node.body)
+          includes = collect_include_targets(declaration_node.body)
+          ControllerIndex::Entry.new(
+            class_name: name,
+            defined_methods: methods.freeze,
+            parent_class_name: parent_name,
+            included_module_names: includes.freeze
+          )
+        end
+
+        def collect_def_names(node, accumulator = [])
+          return accumulator unless node.is_a?(Prism::Node)
+
+          accumulator << node.name if node.is_a?(Prism::DefNode) && node.receiver.nil?
+          node.compact_child_nodes.each { |child| collect_def_names(child, accumulator) }
+          accumulator
+        end
+
+        # Collects the qualified-constant targets passed to
+        # `include` calls inside the body. Stops at nested
+        # `ClassNode` / `ModuleNode` boundaries so a class
+        # declared inside a concern doesn't pull the concern's
+        # includes into itself.
+        def collect_include_targets(node, accumulator = [])
+          return accumulator unless node.is_a?(Prism::Node)
+          return accumulator if node.is_a?(Prism::ClassNode) || node.is_a?(Prism::ModuleNode)
+
+          if node.is_a?(Prism::CallNode) && node.receiver.nil? && node.name == :include
+            (node.arguments&.arguments || []).each do |arg|
+              name = qualified_name_for(arg)
+              accumulator << name if name
+            end
+          end
+
+          node.compact_child_nodes.each { |child| collect_include_targets(child, accumulator) }
+          accumulator
+        end
+
+        def qualified_name_for(node)
+          case node
+          when Prism::ConstantReadNode then node.name.to_s
+          when Prism::ConstantPathNode
+            parent = node.parent.nil? ? nil : qualified_name_for(node.parent)
+            return nil if !node.parent.nil? && parent.nil?
+
+            parent.nil? ? node.name.to_s : "#{parent}::#{node.name}"
+          end
+        end
+      end
+    end
+  end
+end

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack/controller_index.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    class Actionpack < Rigor::Plugin::Base
+      # Per-run frozen index of discovered controllers AND
+      # concerns (modules) in `controller_search_paths`. Phase 2
+      # (filter-chain validation) consults the index at every
+      # call site to check that `before_action :name` references
+      # a method that actually exists on the controller, its
+      # parent (one level of inheritance), or any module the
+      # controller or its ancestor chain transitively `include`s.
+      #
+      # Real-world example (Mastodon):
+      #   AccountsController < ApplicationController
+      #     include SignatureAuthentication      # local concern
+      #   SignatureAuthentication < module
+      #     include SignatureVerification         # local concern
+      #   SignatureVerification < module
+      #     def require_account_signature!        # ← the filter target
+      #
+      # The include chain spans three concern modules.
+      # `effective_methods_for("AccountsController")` walks all
+      # of them transitively to collect `require_account_signature!`.
+      class ControllerIndex
+        # `defined_methods` carries the discovered method names
+        # (Symbols). `included_module_names` carries the constant
+        # names passed to `include X` calls inside the
+        # class / module body (Strings). `parent_class_name` is
+        # the immediate superclass (nil for plain modules).
+        Entry = Data.define(:class_name, :defined_methods, :parent_class_name, :included_module_names)
+
+        attr_reader :entries
+
+        def initialize(entries)
+          @entries = entries.freeze
+          freeze
+        end
+
+        # @return [Entry, nil]
+        def find(class_name)
+          @entries[class_name]
+        end
+
+        # Resolves the **effective** method set for a controller,
+        # including methods inherited from its parent class
+        # (one level) and methods contributed by every module the
+        # controller / its parent transitively `include`s
+        # (unbounded depth, cycle-safe via a visited set).
+        def effective_methods_for(class_name)
+          seen = {}
+          methods = []
+          collect_methods(class_name, seen, methods)
+          if (parent = @entries[class_name]&.parent_class_name)
+            collect_methods(parent, seen, methods)
+          end
+          methods.uniq.freeze
+        end
+
+        # @return [Boolean] true when the class has at least one
+        #   include we couldn't resolve in the index (typically
+        #   a gem-shipped concern such as Devise's
+        #   `Devise::Controllers::Helpers`). Phase 2 uses this
+        #   to downgrade `unknown-filter-method` to silence —
+        #   the unresolved module may legitimately contribute
+        #   the filter, and there's no way for the static
+        #   analyzer to verify.
+        def unresolved_include?(class_name)
+          entry = @entries[class_name]
+          return false if entry.nil?
+
+          chain = [class_name]
+          chain << entry.parent_class_name if entry.parent_class_name
+          chain.any? do |c|
+            walk_includes(c, {}) { |m| return true unless @entries.key?(m) }
+            false
+          end
+        end
+
+        def empty?
+          @entries.empty?
+        end
+
+        def known?(class_name)
+          @entries.key?(class_name)
+        end
+
+        def class_names
+          @entries.keys
+        end
+
+        private
+
+        def collect_methods(name, seen, into)
+          entry = @entries[name]
+          return if entry.nil? || seen[name]
+
+          seen[name] = true
+          into.concat(entry.defined_methods)
+          entry.included_module_names.each do |included|
+            collect_methods(included, seen, into)
+          end
+        end
+
+        # Yields each transitively-included module name (whether
+        # we have an entry for it or not). Returns nil; callers
+        # use it for visit-and-classify, not to collect.
+        def walk_includes(name, seen, &)
+          return if seen[name]
+
+          seen[name] = true
+          entry = @entries[name]
+          return unless entry
+
+          entry.included_module_names.each do |included|
+            yield included
+            walk_includes(included, seen, &)
+          end
+        end
+      end
+    end
+  end
+end

data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack.rb

@@ -0,0 +1,247 @@
+# frozen_string_literal: true
+
+require "rigor/plugin"
+
+require_relative "actionpack/analyzer"
+require_relative "actionpack/controller_discoverer"
+require_relative "actionpack/controller_index"
+
+module Rigor
+  module Plugin
+    # rigor-actionpack — validates Action Pack DSL calls in
+    # controller files.
+    #
+    # **Phase 4 of the Action Pack plugin family** (route-helper
+    # consumption). Reads the `:helper_table` fact published by
+    # `rigor-rails-routes` (ADR-9 cross-plugin API) and validates
+    # every implicit-self `*_path` / `*_url` call inside files
+    # under `controller_search_paths` (default `app/controllers`).
+    #
+    # Tier 2 of the [Rails plugins roadmap](../../../../docs/design/20260508-rails-plugins-roadmap.md).
+    # Phase 1 (strong-parameters → AR column validation), Phase 2
+    # (filter chains), and Phase 3 (render targets) ship as
+    # separate slices; each phase composes additively under the
+    # same plugin id.
+    #
+    # ## Configuration
+    #
+    #     plugins:
+    #       - gem: rigor-rails-routes      # producer (must come first
+    #                                       # in `Configuration#plugins`
+    #                                       # ordering, OR the loader's
+    #                                       # ADR-9 topo sort handles it)
+    #       - gem: rigor-actionpack
+    #         config:
+    #           controller_search_paths: ["app/controllers"]   # default; optional
+    #
+    # ## What it checks
+    #
+    # - **Helper existence** — every `*_path` / `*_url` call
+    #   inside a controller file is looked up in the helper
+    #   table. Missing entries emit `unknown-helper` with a
+    #   `DidYouMean` suggestion drawn from the table.
+    # - **Helper arity** — the call's positional-argument count
+    #   is matched against the helper's recorded arity (a
+    #   trailing `KeywordHashNode` like `users_path(format: :json)`
+    #   is excluded; same convention `rigor-rails-routes` uses).
+    #   Mismatches emit `wrong-helper-arity`.
+    # - **Trace** — recognised helpers also emit a
+    #   `helper-call` info diagnostic naming the action and
+    #   path, mirroring the trace shape of the upstream plugin.
+    #
+    # ## Limitations
+    #
+    # - Implicit-self calls only. `Rails.application.routes.url_helpers.users_path`
+    #   and other explicit-receiver shapes are passed through;
+    #   they're rare in controller code and the helper table
+    #   doesn't include any extra context to validate them.
+    # - Files outside `controller_search_paths` are skipped.
+    #   The plugin doesn't try to detect "is this a controller?"
+    #   by class hierarchy — Phase 1's strong-parameters work
+    #   needs that, so it lives there. Phase 4's job is the
+    #   single-purpose helper check.
+    # - When `rigor-rails-routes` is not installed (or its
+    #   helper table is empty), Phase 4 silently degrades to a
+    #   no-op. No load-error diagnostic is emitted; the user
+    #   gets the "no checks happened" failure mode rather than
+    #   a wall of "is this configured right?" warnings.
+    class Actionpack < Rigor::Plugin::Base
+      manifest(
+        id: "actionpack",
+        version: "0.1.0",
+        description: "Validates Action Pack route-helper calls and filter chains inside controllers.",
+        config_schema: {
+          "controller_search_paths" => :array,
+          "view_search_paths" => :array
+        },
+        consumes: [
+          { plugin_id: "rails-routes", name: :helper_table, optional: true },
+          { plugin_id: "activerecord", name: :model_index, optional: true }
+        ]
+      )
+
+      DEFAULT_CONTROLLER_SEARCH_PATHS = ["app/controllers"].freeze
+      DEFAULT_VIEW_SEARCH_PATHS = ["app/views"].freeze
+
+      # Phase 2 cached producer — the controller index built
+      # from `controller_search_paths`. The IoBoundary records
+      # a `FileEntry` digest for every file the discoverer
+      # reads, so the cache invalidates when any controller
+      # file changes.
+      producer :controller_index do |_params|
+        ControllerDiscoverer.new(
+          io_boundary: io_boundary,
+          search_paths: @controller_search_paths
+        ).discover
+      end
+
+      def init(services)
+        @services = services
+        @controller_search_paths = Array(
+          config.fetch("controller_search_paths", DEFAULT_CONTROLLER_SEARCH_PATHS)
+        ).map(&:to_s)
+        @view_search_paths = Array(
+          config.fetch("view_search_paths", DEFAULT_VIEW_SEARCH_PATHS)
+        ).map(&:to_s)
+        @helper_table = nil
+        @helper_table_resolved = false
+        @controller_index = nil
+        @model_index_value = nil
+        @model_index_resolved = false
+      end
+
+      def diagnostics_for_file(path:, scope:, root:) # rubocop:disable Lint/UnusedMethodArgument
+        return [] unless controller_file?(path)
+
+        helper_diagnostics(path, root) +
+          filter_diagnostics(path, root) +
+          render_diagnostics(path, root) +
+          permit_diagnostics(path, root)
+      end
+
+      private
+
+      def helper_diagnostics(path, root)
+        table = helper_table
+        return [] if table.nil? || table.empty?
+
+        Analyzer.diagnose(path: path, root: root, helper_table: table)
+                .map { |diag| build_diagnostic(diag) }
+      end
+
+      # Phase 2 — runs the filter-chain validator over the
+      # controller's class body using the cached
+      # {ControllerIndex}. Skips silently when the index is
+      # absent or doesn't recognise the file's top-level class.
+      def filter_diagnostics(path, root)
+        index = controller_index_or_nil
+        return [] if index.nil? || index.empty?
+
+        Analyzer.diagnose_filters(path: path, root: root, controller_index: index)
+                .map { |diag| build_diagnostic(diag) }
+      end
+
+      # Phase 3 — runs the render-target validator against the
+      # configured `view_search_paths`. Always invoked
+      # regardless of whether the controller is in the index;
+      # render shapes are recognised purely from the call site
+      # + class name, no per-controller pre-discovery needed.
+      def render_diagnostics(path, root)
+        Analyzer.diagnose_renders(path: path, root: root, view_search_roots: @view_search_paths)
+                .map { |diag| build_diagnostic(diag) }
+      end
+
+      # Phase 1 — strong-parameter validation. Reads the
+      # `:model_index` fact from the cross-plugin fact store
+      # (published by rigor-activerecord) and validates every
+      # `params.require(:user).permit(:name, :email)` chain
+      # against the User model's column list.
+      def permit_diagnostics(path, root)
+        index = model_index
+        return [] if index.nil? || index.empty?
+
+        Analyzer.diagnose_permits(path: path, root: root, model_index: index)
+                .map { |diag| build_diagnostic(diag) }
+      end
+
+      def controller_index_or_nil
+        return @controller_index if @controller_index
+
+        # Read project source first so the IoBoundary's
+        # FileEntry digests get captured into the descriptor
+        # before `cache_for` snapshots it (mirrors
+        # rigor-rails-routes / rigor-pundit's pattern).
+        prime_io_boundary_for_index
+        @controller_index = cache_for(:controller_index, params: {}).call
+      rescue StandardError
+        nil
+      end
+
+      def prime_io_boundary_for_index
+        @controller_search_paths.each do |root|
+          absolute = File.expand_path(root)
+          next unless File.directory?(absolute)
+
+          Dir.glob(File.join(absolute, "**", "*.rb")).each do |path|
+            io_boundary.read_file(path)
+          rescue Plugin::AccessDeniedError, Errno::ENOENT
+            nil
+          end
+        end
+      end
+
+      # Lazily resolves the helper table from the cross-plugin
+      # fact store. The cache is per-run because the runner
+      # builds a fresh `FactStore` per invocation; memoizing on
+      # the plugin instance saves the per-file `read` while
+      # still picking up a freshly-published table on the next
+      # `bundle exec rigor check` run.
+      def helper_table
+        return @helper_table if @helper_table_resolved
+
+        @helper_table = @services.fact_store.read(
+          plugin_id: "rails-routes", name: :helper_table
+        )
+        @helper_table_resolved = true
+        @helper_table
+      end
+
+      # Phase 1 — lazily reads the cross-plugin :model_index
+      # fact from rigor-activerecord. The cache is per-run
+      # because the runner builds a fresh FactStore per
+      # invocation; memoizing on the plugin instance saves the
+      # per-file read while still picking up a freshly
+      # published index on the next `bundle exec rigor check`.
+      def model_index
+        return @model_index_value if @model_index_resolved
+
+        @model_index_value = @services.fact_store.read(
+          plugin_id: "activerecord", name: :model_index
+        )
+        @model_index_resolved = true
+        @model_index_value
+      end
+
+      def controller_file?(path)
+        @controller_search_paths.any? do |root|
+          # The runner may pass `path` as either an absolute
+          # path (when `paths:` was configured absolutely) or a
+          # relative one (when configured relatively). The
+          # `controller_search_paths` knob is always project-
+          # root-relative. Match the configured root as a
+          # /-bracketed substring so both shapes resolve.
+          path.include?("/#{root}/") || path.start_with?("#{root}/") || path == root
+        end
+      end
+
+      def build_diagnostic(diag)
+        Rigor::Analysis::Diagnostic.new(
+          path: diag.path, line: diag.line, column: diag.column,
+          message: diag.message, severity: diag.severity, rule: diag.rule
+        )
+      end
+    end
+
+    Rigor::Plugin.register(Actionpack)
+  end
+end

data/plugins/rigor-actionpack/lib/rigor-actionpack.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative "rigor/plugin/actionpack"

data/plugins/rigor-activejob/lib/rigor/plugin/activejob/analyzer.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require "prism"
+
+module Rigor
+  module Plugin
+    class Activejob < Rigor::Plugin::Base
+      # Walks a parsed file's AST looking for
+      # `<JobClass>.perform_later(...)` /
+      # `.perform_now(...)` / `.perform(...)` calls and
+      # validates each against the {JobIndex}.
+      #
+      # The plugin recognises a call as job-shaped when the
+      # receiver is a `ConstantReadNode` / `ConstantPathNode`
+      # whose resolved name appears in the index, and the
+      # method name is one of the three ActiveJob entry
+      # points.
+      module Analyzer
+        # Methods that delegate to the job's `#perform`. All
+        # three accept the same argument shape — `perform_later`
+        # is the most common (queues for later execution),
+        # `perform_now` runs synchronously, and `perform` is
+        # the bare execution path.
+        ENTRY_METHODS = %i[perform_later perform_now perform].freeze
+
+        Diagnostic = Struct.new(:path, :line, :column, :severity, :rule, :message, keyword_init: true)
+
+        module_function
+
+        # @param path [String]
+        # @param root [Prism::Node]
+        # @param job_index [JobIndex]
+        # @return [Array<Diagnostic>]
+        def diagnose(path:, root:, job_index:)
+          diagnostics = []
+          walk(root) do |call_node|
+            class_name = constant_receiver_name(call_node.receiver)
+            next if class_name.nil?
+
+            entry = job_index.find(class_name) || job_index.find("::#{class_name}")
+            next if entry.nil?
+
+            diagnostics << info_diagnostic(path, call_node, entry)
+            arity = arity_check(path, call_node, entry)
+            diagnostics << arity if arity
+          end
+          diagnostics
+        end
+
+        def walk(node, &)
+          return unless node.is_a?(Prism::Node)
+
+          yield node if node.is_a?(Prism::CallNode) && entry_call?(node)
+          node.compact_child_nodes.each { |child| walk(child, &) }
+        end
+
+        def entry_call?(node)
+          ENTRY_METHODS.include?(node.name) &&
+            (node.receiver.is_a?(Prism::ConstantReadNode) || node.receiver.is_a?(Prism::ConstantPathNode))
+        end
+
+        def info_diagnostic(path, call_node, entry)
+          location = call_node.location
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :info,
+            rule: "job-call",
+            message: "`#{entry.class_name}.#{call_node.name}` matches `#perform` (arity #{entry.arity_label})"
+          )
+        end
+
+        def arity_check(path, call_node, entry)
+          actual = (call_node.arguments&.arguments || []).size
+          return nil if entry.accepts?(actual)
+
+          location = call_node.location
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :error,
+            rule: "wrong-arity",
+            message: "`#{entry.class_name}.#{call_node.name}` expects #{entry.arity_label} argument(s), got #{actual}"
+          )
+        end
+
+        # Renders a constant-path receiver as a String.
+        # Mirrors the helpers in rigor-activerecord /
+        # rigor-rails-routes for parity.
+        def constant_receiver_name(node)
+          case node
+          when Prism::ConstantReadNode then node.name.to_s
+          when Prism::ConstantPathNode then constant_path_name(node)
+          end
+        end
+
+        def constant_path_name(node)
+          parts = []
+          current = node
+          while current.is_a?(Prism::ConstantPathNode)
+            parts.unshift(current.name.to_s)
+            current = current.parent
+          end
+          case current
+          when nil then "::#{parts.join('::')}"
+          when Prism::ConstantReadNode then "#{current.name}::#{parts.join('::')}"
+          end
+        end
+      end
+    end
+  end
+end