rigortype 0.1.9 → 0.1.11

data/plugins/rigor-pundit/lib/rigor/plugin/pundit/analyzer.rb

@@ -0,0 +1,194 @@
+# frozen_string_literal: true
+
+require "did_you_mean"
+require "prism"
+
+module Rigor
+  module Plugin
+    class Pundit < Rigor::Plugin::Base
+      # Walks a parsed file's AST looking for Pundit
+      # entry-point calls and validates each against the
+      # {PolicyIndex}.
+      #
+      # Recognised shapes:
+      #
+      # - `authorize(record, :action)` — record's inferred
+      #   type → `<Type>Policy#<action>?` lookup. Both the
+      #   policy class and the predicate must exist.
+      # - `authorize(record)` — without an action argument,
+      #   we only validate that `<Type>Policy` exists. The
+      #   action name is determined at runtime from the
+      #   controller's current action; static validation
+      #   isn't possible without controller context.
+      # - `policy(record)` / `policy_scope(scope)` — same
+      #   `<Type>Policy` existence check.
+      #
+      # When the first argument's inferred type is NOT a
+      # `Nominal[T]` (e.g. an untyped local variable), the
+      # call is silently passed through. The plugin only
+      # validates what it can prove from the static type
+      # carrier.
+      module Analyzer
+        ENTRY_METHODS = %i[authorize policy policy_scope].freeze
+
+        Diagnostic = Struct.new(:path, :line, :column, :severity, :rule, :message, keyword_init: true)
+
+        module_function
+
+        # @param path [String]
+        # @param root [Prism::Node]
+        # @param policy_index [PolicyIndex]
+        # @param scope [Rigor::Inference::Scope, nil]
+        # @return [Array<Diagnostic>]
+        def diagnose(path:, root:, policy_index:, scope:)
+          diagnostics = []
+          walk(root) do |call_node|
+            record_node = call_node.arguments&.arguments&.first
+            next if record_node.nil?
+
+            policy_class_name = derive_policy_class_name(record_node, scope)
+            next if policy_class_name.nil?
+
+            policy_entry = policy_index.find(policy_class_name)
+            if policy_entry.nil?
+              diagnostics << unknown_policy_class_diagnostic(path, call_node, policy_class_name, policy_index)
+              next
+            end
+
+            diagnostics << policy_call_info(path, call_node, policy_class_name)
+
+            next unless call_node.name == :authorize
+
+            action_diag = action_check(path, call_node, policy_entry)
+            diagnostics << action_diag if action_diag
+          end
+          diagnostics
+        end
+
+        def walk(node, &)
+          return unless node.is_a?(Prism::Node)
+
+          yield node if node.is_a?(Prism::CallNode) && entry_call?(node)
+          node.compact_child_nodes.each { |child| walk(child, &) }
+        end
+
+        def entry_call?(node)
+          ENTRY_METHODS.include?(node.name) && node.receiver.nil?
+        end
+
+        # Resolves the first-argument expression to a policy
+        # class name. The candidates are:
+        # - `Foo` (a constant) → `FooPolicy`
+        # - `Foo.method(...)` whose inferred type is
+        #   `Nominal[Bar]` → `BarPolicy`
+        # - any other expression whose inferred type is
+        #   `Nominal[Bar]` → `BarPolicy`
+        # Returns `nil` when the type isn't statically
+        # determinable.
+        def derive_policy_class_name(record_node, scope)
+          if record_node.is_a?(Prism::ConstantReadNode) || record_node.is_a?(Prism::ConstantPathNode)
+            constant_name = constant_receiver_name(record_node)
+            return "#{constant_name.delete_prefix('::')}Policy" if constant_name
+          end
+
+          return nil if scope.nil?
+
+          type = safe_type_of(scope, record_node)
+          return nil unless type.is_a?(Rigor::Type::Nominal)
+
+          "#{type.class_name.to_s.delete_prefix('::')}Policy"
+        end
+
+        def safe_type_of(scope, node)
+          scope.type_of(node)
+        rescue StandardError
+          nil
+        end
+
+        def policy_call_info(path, call_node, policy_class_name)
+          location = call_node.location
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :info,
+            rule: "policy-call",
+            message: "`#{call_node.name}(...)` resolves to `#{policy_class_name}`"
+          )
+        end
+
+        def unknown_policy_class_diagnostic(path, call_node, policy_class_name, policy_index)
+          location = call_node.location
+          suggestions = DidYouMean::SpellChecker.new(dictionary: policy_index.names).correct(policy_class_name)
+          suggestion_part = suggestions.empty? ? "" : " (did you mean `#{suggestions.first}`?)"
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :error,
+            rule: "unknown-policy-class",
+            message: "no policy class `#{policy_class_name}` for `#{call_node.name}` call#{suggestion_part}"
+          )
+        end
+
+        # Validates the `authorize(record, :action)` form.
+        # Returns nil when the call has no second argument
+        # (the runtime infers it from the controller — out
+        # of scope here) or when the second argument isn't
+        # a literal symbol / string.
+        def action_check(path, call_node, policy_entry)
+          args = call_node.arguments&.arguments || []
+          return nil if args.size < 2
+
+          action_node = args[1]
+          action_name = literal_symbol_or_string(action_node)
+          return nil if action_name.nil?
+
+          predicate = policy_entry.normalize(action_name)
+          return nil if policy_entry.includes_method?(predicate)
+
+          location = call_node.location
+          dictionary = policy_entry.predicate_methods.map(&:to_s)
+          suggestions = DidYouMean::SpellChecker.new(dictionary: dictionary).correct(predicate.to_s)
+          suggestion_part = suggestions.empty? ? "" : " (did you mean `:#{suggestions.first.delete_suffix('?')}`?)"
+          Diagnostic.new(
+            path: path,
+            line: location.start_line,
+            column: location.start_column + 1,
+            severity: :error,
+            rule: "unknown-policy-method",
+            message: "`#{policy_entry.policy_class_name}##{predicate}` is not defined " \
+                     "(known: #{policy_entry.known_methods.join(', ')})#{suggestion_part}"
+          )
+        end
+
+        def literal_symbol_or_string(node)
+          case node
+          when Prism::SymbolNode then node.unescaped
+          when Prism::StringNode then node.unescaped
+          end
+        end
+
+        def constant_receiver_name(node)
+          case node
+          when Prism::ConstantReadNode then node.name.to_s
+          when Prism::ConstantPathNode then constant_path_name(node)
+          end
+        end
+
+        def constant_path_name(node)
+          parts = []
+          current = node
+          while current.is_a?(Prism::ConstantPathNode)
+            parts.unshift(current.name.to_s)
+            current = current.parent
+          end
+          case current
+          when nil then "::#{parts.join('::')}"
+          when Prism::ConstantReadNode then "#{current.name}::#{parts.join('::')}"
+          end
+        end
+      end
+    end
+  end
+end

data/plugins/rigor-pundit/lib/rigor/plugin/pundit/policy_discoverer.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+require "prism"
+
+require_relative "policy_index"
+
+module Rigor
+  module Plugin
+    class Pundit < Rigor::Plugin::Base
+      # Walks the configured policy-search paths via the
+      # plugin's `IoBoundary`, parses each `.rb` file with
+      # Prism, and collects classes whose immediate
+      # superclass is one of the configured base classes.
+      #
+      # For each discovered policy class, the discoverer
+      # collects every instance-side `def name?` predicate
+      # method. Non-predicate methods (`initialize`,
+      # `resolve`, helper methods) are ignored — Pundit's
+      # `authorize` only ever calls predicate methods.
+      #
+      # Limitations (intentional for v0.1.0):
+      #
+      # - Direct-superclass match only.
+      # - Predicate methods are read from the syntactic
+      #   `def` list. Methods built via `define_method` /
+      #   inherited from a sibling concern are out of scope.
+      class PolicyDiscoverer
+        def initialize(io_boundary:, search_paths:, base_classes:)
+          @io_boundary = io_boundary
+          @search_paths = search_paths
+          @base_classes = base_classes.to_set
+        end
+
+        # @return [PolicyIndex]
+        def discover
+          entries = []
+          ruby_files_under(@search_paths).each do |path|
+            contents = read_safely(path)
+            next if contents.nil?
+
+            tree = Prism.parse(contents).value
+            walk_for_policies(tree, []) do |class_name, predicates|
+              entries << PolicyIndex::Entry.new(
+                policy_class_name: class_name,
+                file_path: path,
+                predicate_methods: predicates.to_set.freeze
+              )
+            end
+          end
+          PolicyIndex.new(entries)
+        end
+
+        private
+
+        def read_safely(path)
+          @io_boundary.read_file(path)
+        rescue Plugin::AccessDeniedError, Errno::ENOENT
+          nil
+        end
+
+        def ruby_files_under(roots)
+          roots.flat_map do |root|
+            absolute = File.expand_path(root)
+            next [] unless File.directory?(absolute)
+
+            Dir.glob(File.join(absolute, "**", "*.rb"))
+          end
+        end
+
+        def walk_for_policies(node, lexical_path, &)
+          return if node.nil?
+
+          case node
+          when Prism::ClassNode then visit_class(node, lexical_path, &)
+          when Prism::ModuleNode then visit_module(node, lexical_path, &)
+          else
+            node.compact_child_nodes.each { |child| walk_for_policies(child, lexical_path, &) }
+          end
+        end
+
+        def visit_class(node, lexical_path, &)
+          class_local_name = constant_path_name(node.constant_path)
+          return if class_local_name.nil?
+
+          full_name = (lexical_path + [class_local_name]).join("::")
+          superclass = constant_path_name(node.superclass) if node.superclass
+          if superclass && @base_classes.include?(superclass) && full_name.end_with?("Policy")
+            predicates = collect_predicate_methods(node.body)
+            yield full_name, predicates
+          end
+
+          inner_path = lexical_path + [class_local_name]
+          walk_for_policies(node.body, inner_path, &) if node.body
+        end
+
+        def visit_module(node, lexical_path, &)
+          module_local_name = constant_path_name(node.constant_path)
+          return if module_local_name.nil?
+
+          inner_path = lexical_path + [module_local_name]
+          walk_for_policies(node.body, inner_path, &) if node.body
+        end
+
+        def constant_path_name(node)
+          return nil if node.nil?
+
+          case node
+          when Prism::ConstantReadNode then node.name.to_s
+          when Prism::ConstantPathNode
+            parts = []
+            current = node
+            while current.is_a?(Prism::ConstantPathNode)
+              parts.unshift(current.name.to_s)
+              current = current.parent
+            end
+            case current
+            when nil then "::#{parts.join('::')}"
+            when Prism::ConstantReadNode then "#{current.name}::#{parts.join('::')}"
+            end
+          end
+        end
+
+        # Returns symbolic predicate names (`:update?`,
+        # `:show?`, …) defined on the policy. Only
+        # instance-side names that end in `?` are recorded.
+        def collect_predicate_methods(body)
+          return [] if body.nil?
+
+          body.compact_child_nodes.flat_map do |node|
+            next [] unless node.is_a?(Prism::DefNode)
+            next [] if node.receiver.is_a?(Prism::SelfNode)
+            next [] unless node.name.to_s.end_with?("?")
+
+            [node.name]
+          end
+        end
+      end
+    end
+  end
+end

data/plugins/rigor-pundit/lib/rigor/plugin/pundit/policy_index.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Rigor
+  module Plugin
+    class Pundit < Rigor::Plugin::Base
+      # Frozen catalogue of discovered Pundit policy classes
+      # keyed by policy class name (e.g. `"PostPolicy"`).
+      # Each entry tracks the set of predicate methods
+      # defined on the policy (instance-side `def name?`)
+      # plus the source file path.
+      #
+      # The analyzer maps a record's inferred type
+      # (`Nominal[Post]`) to the policy class name
+      # (`"PostPolicy"`) and looks up the predicate.
+      class PolicyIndex
+        Entry = Data.define(:policy_class_name, :file_path, :predicate_methods) do
+          def includes_method?(method_name)
+            predicate_methods.include?(normalize(method_name))
+          end
+
+          def known_methods
+            predicate_methods.to_a.sort
+          end
+
+          # Normalises an action symbol / string by ensuring
+          # a trailing `?`. `:update` and `:update?` both
+          # resolve to `update?`.
+          def normalize(name)
+            string = name.to_s
+            string.end_with?("?") ? string.to_sym : :"#{string}?"
+          end
+        end
+
+        attr_reader :entries
+
+        def initialize(entries)
+          @entries = entries.freeze
+          @by_name = entries.to_h { |entry| [entry.policy_class_name, entry] }.freeze
+          freeze
+        end
+
+        # @return [Entry, nil]
+        def find(policy_class_name)
+          @by_name[policy_class_name.to_s]
+        end
+
+        def known?(policy_class_name)
+          @by_name.key?(policy_class_name.to_s)
+        end
+
+        def empty?
+          @entries.empty?
+        end
+
+        def size
+          @entries.size
+        end
+
+        def names
+          @by_name.keys
+        end
+      end
+    end
+  end
+end

data/plugins/rigor-pundit/lib/rigor/plugin/pundit.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require "rigor/plugin"
+
+require_relative "pundit/policy_index"
+require_relative "pundit/policy_discoverer"
+require_relative "pundit/analyzer"
+
+module Rigor
+  module Plugin
+    # rigor-pundit — validates Pundit `authorize` /
+    # `policy` / `policy_scope` calls against the project's
+    # `app/policies/` tree.
+    #
+    # Tier 3B of the [Rails plugins roadmap](../../../../docs/design/20260508-rails-plugins-roadmap.md).
+    # Statically discovers policy classes by walking
+    # `policy_search_paths` and parsing each file with
+    # Prism — no `pundit` runtime dependency.
+    #
+    # ## Configuration
+    #
+    #     plugins:
+    #       - gem: rigor-pundit
+    #         config:
+    #           policy_search_paths: ["app/policies"]    # default; optional
+    #           policy_base_classes: ["ApplicationPolicy"]  # default; optional
+    #
+    # ## What it checks
+    #
+    # 1. **Policy class existence** — `authorize(record, ...)`
+    #    looks up `<inferred-type>Policy` in the index.
+    #    Missing policies emit `unknown-policy-class` with
+    #    a did-you-mean suggestion.
+    # 2. **Predicate method existence** — for the
+    #    `authorize(record, :action)` form, validates that
+    #    `<Policy>#<action>?` is defined. Missing methods
+    #    emit `unknown-policy-method` listing the known
+    #    predicates.
+    #
+    # ## Limitations (v0.1.0)
+    #
+    # - Records whose inferred type is NOT a `Nominal[T]`
+    #   (untyped local variables, untyped instance
+    #   variables) are silently passed through. The plugin
+    #   only validates what it can prove from the static
+    #   carrier.
+    # - The two-argument form
+    #   `authorize(record, :action_symbol)` is the only
+    #   one validated. The implicit form
+    #   `authorize(record)` (which Pundit resolves at
+    #   runtime against the controller's current action) is
+    #   passed through with the policy-class check only.
+    # - Direct-superclass match for `policy_base_classes`.
+    #   Indirect inheritance (`AdminPolicy <
+    #   ApplicationPolicy`) needs `AdminPolicy` listed in
+    #   `policy_base_classes` if subclasses inherit from
+    #   it.
+    class Pundit < Rigor::Plugin::Base
+      manifest(
+        id: "pundit",
+        version: "0.1.0",
+        description: "Validates Pundit policy / authorize calls.",
+        config_schema: {
+          "policy_search_paths" => :array,
+          "policy_base_classes" => :array
+        }
+      )
+
+      DEFAULT_POLICY_SEARCH_PATHS = ["app/policies"].freeze
+      DEFAULT_POLICY_BASE_CLASSES = %w[ApplicationPolicy].freeze
+
+      producer :policy_index do |_params|
+        PolicyDiscoverer.new(
+          io_boundary: io_boundary,
+          search_paths: @policy_search_paths,
+          base_classes: @policy_base_classes
+        ).discover
+      end
+
+      def init(_services)
+        @policy_search_paths = Array(config.fetch("policy_search_paths", DEFAULT_POLICY_SEARCH_PATHS)).map(&:to_s)
+        @policy_base_classes = Array(config.fetch("policy_base_classes", DEFAULT_POLICY_BASE_CLASSES)).map(&:to_s)
+        @policy_index = nil
+        @load_error = nil
+      end
+
+      def diagnostics_for_file(path:, scope:, root:)
+        index = policy_index_or_nil
+        return [load_error_diagnostic(path)] if index.nil? && @load_error
+        return [] if index.nil? || index.empty?
+
+        Analyzer.diagnose(
+          path: path,
+          root: root,
+          policy_index: index,
+          scope: scope
+        ).map { |diag| build_diagnostic(diag) }
+      end
+
+      private
+
+      def policy_index_or_nil
+        return @policy_index if @policy_index
+
+        @policy_index = cache_for(:policy_index, params: {}).call
+      rescue StandardError => e
+        @load_error = "rigor-pundit: failed to discover policies: #{e.class}: #{e.message}"
+        nil
+      end
+
+      def load_error_diagnostic(path)
+        Rigor::Analysis::Diagnostic.new(
+          path: path, line: 1, column: 1,
+          message: @load_error,
+          severity: :warning,
+          rule: "load-error"
+        )
+      end
+
+      def build_diagnostic(diag)
+        Rigor::Analysis::Diagnostic.new(
+          path: diag.path, line: diag.line, column: diag.column,
+          message: diag.message, severity: diag.severity, rule: diag.rule
+        )
+      end
+    end
+
+    Rigor::Plugin.register(Pundit)
+  end
+end

data/plugins/rigor-pundit/lib/rigor-pundit.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative "rigor/plugin/pundit"

data/plugins/rigor-rails/lib/rigor-rails.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+# Convenience entry point. `require "rigor-rails"` requires
+# every Tier 1+2 Rails ecosystem plugin in one go, so projects
+# that prefer a single require statement (some `spec_helper`
+# patterns, ad-hoc scripts) do not have to list seven require
+# lines.
+#
+# Note: requiring this entry point does NOT mark every plugin as
+# active. The Rigor plugin loader walks `.rigor.yml`'s `plugins:`
+# list and instantiates only the plugins enumerated there. This
+# is per ADR-12 WD1's "Gemfile-convenience meta-gem" pattern —
+# users still control which plugins participate in analysis via
+# `.rigor.yml`.
+#
+# Sub-plugins ARE registered with `Rigor::Plugin` when this file
+# loads (each gem's entry point side-effects a `Plugin.register`
+# call); the loader's lookup phase finds them by id when listed.
+#
+# Adding the gem to a project's Gemfile without listing any
+# plugin in `.rigor.yml` is harmless: the requires happen on
+# `Bundler.require`, but no plugin's `init` / `prepare` / hooks
+# run.
+
+require "rigor-rails-routes"
+require "rigor-rails-i18n"
+require "rigor-actionmailer"
+require "rigor-activejob"
+require "rigor-activerecord"
+require "rigor-actionpack"
+require "rigor-factorybot"