rigortype 0.2.6 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -3
- data/docs/manual/02-cli-reference.md +2 -1
- data/docs/manual/08-skills.md +21 -0
- data/lib/rigor/cli/coverage_command.rb +42 -10
- data/lib/rigor/cli/skill_command.rb +52 -1
- data/lib/rigor/environment/rbs_loader.rb +28 -0
- data/lib/rigor/inference/statement_evaluator.rb +0 -4
- data/lib/rigor/sig_gen/generator.rb +25 -0
- data/lib/rigor/sig_gen/method_candidate.rb +7 -2
- data/lib/rigor/sig_gen/writer.rb +60 -13
- data/lib/rigor/version.rb +1 -1
- data/plugins/rigor-actionpack/lib/rigor/plugin/actionpack.rb +63 -2
- data/plugins/rigor-activerecord/lib/rigor/plugin/activerecord.rb +2 -3
- data/plugins/rigor-hanami/lib/rigor/plugin/hanami/action_checker.rb +14 -24
- data/plugins/rigor-hanami/lib/rigor/plugin/hanami.rb +10 -3
- data/plugins/rigor-sorbet/lib/rigor/plugin/sorbet.rb +33 -76
- data/skills/rigor-ask/SKILL.md +21 -1
- data/skills/rigor-baseline-reduce/SKILL.md +16 -0
- data/skills/rigor-ci-setup/SKILL.md +96 -249
- data/skills/rigor-doctor/SKILL.md +39 -49
- data/skills/rigor-doctor/references/01-checks.md +52 -0
- data/skills/rigor-editor-setup/SKILL.md +14 -0
- data/skills/rigor-mcp-setup/SKILL.md +14 -0
- data/skills/rigor-monkeypatch-resolve/SKILL.md +15 -0
- data/skills/rigor-plugin-author/SKILL.md +16 -0
- data/skills/rigor-plugin-review/SKILL.md +174 -0
- data/skills/rigor-plugin-review/references/01-best-practices-checklist.md +214 -0
- data/skills/rigor-plugin-tune/SKILL.md +21 -2
- data/skills/rigor-project-init/SKILL.md +16 -0
- data/skills/rigor-protection-uplift/SKILL.md +15 -0
- data/skills/rigor-rbs-setup/SKILL.md +15 -0
- data/skills/rigor-upgrade/SKILL.md +16 -0
- metadata +7 -4
|
@@ -11,13 +11,32 @@ metadata:
|
|
|
11
11
|
# Rigor CI Setup
|
|
12
12
|
|
|
13
13
|
Wire Rigor into a project's CI so type diagnostics appear **inline on the
|
|
14
|
-
pull / merge request**, not just in the job log. This skill is
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
14
|
+
pull / merge request**, not just in the job log. This skill is the
|
|
15
|
+
*workflow* — detect the platform, choose the surface, apply the matching
|
|
16
|
+
template, pin, gate, verify. It does **not** copy the CI YAML inline: the
|
|
17
|
+
authoritative, version-matched templates live in the manual's CI chapter
|
|
18
|
+
(`rigor docs ci`) and as ready-to-copy files, so this skill cannot drift
|
|
19
|
+
out of date as `--format` surfaces and action versions move.
|
|
20
|
+
|
|
21
|
+
This is for **users running Rigor on their own project** with the
|
|
22
|
+
published `rigor` executable — Rigor is a tool, not a library, so it is
|
|
23
|
+
**not** added to the project's `Gemfile`.
|
|
24
|
+
|
|
25
|
+
## First: load the version-current copy
|
|
26
|
+
|
|
27
|
+
Follow the copy that ships with the **installed** Rigor, not any vendored
|
|
28
|
+
or frozen copy of this file. Two version-matched sources, both offline once
|
|
29
|
+
Rigor is installed:
|
|
30
|
+
|
|
31
|
+
```sh
|
|
32
|
+
rigor skill --full rigor-ci-setup # this skill's current workflow, in one call
|
|
33
|
+
rigor docs ci # the manual's CI chapter — the actual templates
|
|
34
|
+
rigor docs --list manual | grep ci-templates # ready-to-copy template files
|
|
35
|
+
```
|
|
18
36
|
|
|
19
|
-
If
|
|
20
|
-
|
|
37
|
+
If you already loaded this skill *via* `rigor skill` you have the current
|
|
38
|
+
copy — just proceed. If `rigor` is not on `PATH`, this task needs it: run
|
|
39
|
+
**`rigor-next-steps`** to install Rigor first, then come back.
|
|
21
40
|
|
|
22
41
|
## The one hard rule: Rigor gets its own job
|
|
23
42
|
|
|
@@ -26,17 +45,17 @@ so a job that provisions the project's test Ruby (often 3.x, or a matrix)
|
|
|
26
45
|
**cannot** also provision Rigor's 4.0 — the second `setup-ruby` clobbers the
|
|
27
46
|
first. Always give Rigor a **separate job** (better: a separate workflow
|
|
28
47
|
file, for its own triggers, concurrency, and status badge). Every template
|
|
29
|
-
|
|
48
|
+
in `rigor docs ci` does this.
|
|
30
49
|
|
|
31
50
|
## Phase 0 — Detect the project's CI platform
|
|
32
51
|
|
|
33
52
|
**Inspect the repository first; do not ask what you can detect.** Look for
|
|
34
53
|
these markers from the project root and let them drive the platform choice:
|
|
35
54
|
|
|
36
|
-
| Marker (check existence) | Platform
|
|
55
|
+
| Marker (check existence) | Platform |
|
|
37
56
|
| --- | --- |
|
|
38
|
-
| `.github/workflows/` directory exists | **GitHub Actions**
|
|
39
|
-
| `.gitlab-ci.yml` exists | **GitLab CI**
|
|
57
|
+
| `.github/workflows/` directory exists | **GitHub Actions** |
|
|
58
|
+
| `.gitlab-ci.yml` exists | **GitLab CI** |
|
|
40
59
|
| `.circleci/config.yml` exists | **CircleCI** (generic recipe, `junit`) |
|
|
41
60
|
| `Jenkinsfile` exists | **Jenkins** (generic recipe, `junit` / `checkstyle`) |
|
|
42
61
|
| `bitbucket-pipelines.yml` / `azure-pipelines.yml` / `.drone.yml` | that platform (generic recipe) |
|
|
@@ -50,11 +69,11 @@ Concretely (the agent has file tools — use them):
|
|
|
50
69
|
change the format / steps that are wrong or missing. The same applies to
|
|
51
70
|
an existing `rigor` job inside `.gitlab-ci.yml`.
|
|
52
71
|
- Check for an existing pin: `.github/rigor/Gemfile` (+ lockfile) means the
|
|
53
|
-
project already pins Rigor — keep it (Phase
|
|
72
|
+
project already pins Rigor — keep it (Phase 3).
|
|
54
73
|
- Check for `.rigor-baseline.yml` — if present, the project is in baseline
|
|
55
|
-
adoption mode, which changes the gate advice (Phase
|
|
74
|
+
adoption mode, which changes the gate advice (Phase 4).
|
|
56
75
|
- Grep existing CI files for `reviewdog` — if already used, prefer the
|
|
57
|
-
reviewdog
|
|
76
|
+
reviewdog surface for consistency.
|
|
58
77
|
|
|
59
78
|
**Routing:** exactly one platform marker → use it, state what you found, and
|
|
60
79
|
proceed. Multiple (e.g. both `.github/workflows/` and `.gitlab-ci.yml`) →
|
|
@@ -62,238 +81,64 @@ tell the user both were found and ask which to wire (or do both). None → ask.
|
|
|
62
81
|
|
|
63
82
|
## Phase 1 — Pick the surface (what the reviewer should see)
|
|
64
83
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
**
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
jobs:
|
|
122
|
-
rigor:
|
|
123
|
-
runs-on: ubuntu-latest
|
|
124
|
-
steps:
|
|
125
|
-
- uses: actions/checkout@v4
|
|
126
|
-
- uses: ruby/setup-ruby@v1
|
|
127
|
-
with:
|
|
128
|
-
ruby-version: "4.0"
|
|
129
|
-
- run: gem install rigortype
|
|
130
|
-
- run: rigor check --format github
|
|
131
|
-
```
|
|
132
|
-
|
|
133
|
-
### GitHub — SARIF → code scanning
|
|
134
|
-
|
|
135
|
-
Use this **only if code scanning is available** for the repo — a public repo
|
|
136
|
-
(free), or a private repo with GitHub Advanced Security / Code Security.
|
|
137
|
-
Otherwise `upload-sarif` fails; use the annotations template above.
|
|
138
|
-
|
|
139
|
-
```yaml
|
|
140
|
-
# .github/workflows/rigor.yml
|
|
141
|
-
name: rigor
|
|
142
|
-
on: [push, pull_request]
|
|
143
|
-
permissions:
|
|
144
|
-
contents: read
|
|
145
|
-
security-events: write # required by upload-sarif
|
|
146
|
-
jobs:
|
|
147
|
-
rigor:
|
|
148
|
-
runs-on: ubuntu-latest
|
|
149
|
-
steps:
|
|
150
|
-
- uses: actions/checkout@v4
|
|
151
|
-
- uses: ruby/setup-ruby@v1
|
|
152
|
-
with:
|
|
153
|
-
ruby-version: "4.0"
|
|
154
|
-
- run: gem install rigortype
|
|
155
|
-
- run: rigor check --format sarif > rigor.sarif
|
|
156
|
-
continue-on-error: true # so a non-zero exit still uploads
|
|
157
|
-
- uses: github/codeql-action/upload-sarif@v3
|
|
158
|
-
if: always()
|
|
159
|
-
with:
|
|
160
|
-
sarif_file: rigor.sarif
|
|
161
|
-
```
|
|
162
|
-
|
|
163
|
-
### GitLab — Code Quality widget
|
|
164
|
-
|
|
165
|
-
```yaml
|
|
166
|
-
# .gitlab-ci.yml
|
|
167
|
-
rigor:
|
|
168
|
-
image: ruby:4.0
|
|
169
|
-
script:
|
|
170
|
-
- gem install rigortype
|
|
171
|
-
- rigor check --format gitlab > gl-code-quality-report.json
|
|
172
|
-
artifacts:
|
|
173
|
-
reports:
|
|
174
|
-
codequality: gl-code-quality-report.json
|
|
175
|
-
when: always
|
|
176
|
-
```
|
|
177
|
-
|
|
178
|
-
`--format gitlab` emits exactly the
|
|
179
|
-
[Code Quality report format](https://docs.gitlab.com/ci/testing/code_quality/)
|
|
180
|
-
GitLab requires: each finding carries `description`, `check_name`,
|
|
181
|
-
`fingerprint` (a stable SHA-256, so a finding keeps its identity across
|
|
182
|
-
runs), `severity` (`major`/`minor`/`info`), and `location.path` +
|
|
183
|
-
`location.lines.begin`. Paths are repo-relative with no `./` prefix and the
|
|
184
|
-
JSON has no BOM, both of which GitLab demands. For the MR widget to show a
|
|
185
|
-
*diff* of new vs resolved findings, the report must exist on **both** the
|
|
186
|
-
target (default) branch and the MR branch — the job above runs on each
|
|
187
|
-
pipeline, which satisfies that automatically once it has run once on the
|
|
188
|
-
default branch. (Note: a long-standing GitLab display bug can hide
|
|
189
|
-
`check_name`; Rigor already folds the rule id into `description` as
|
|
190
|
-
`… [rule]`, so the identifier shows regardless.)
|
|
191
|
-
|
|
192
|
-
### Other runners (generic)
|
|
193
|
-
|
|
194
|
-
Provision Ruby 4.0, `gem install rigortype`, then
|
|
195
|
-
`rigor check --format junit > junit.xml` (or `checkstyle`, `json`) and
|
|
196
|
-
publish the file with whatever artifact mechanism the platform offers.
|
|
197
|
-
|
|
198
|
-
## Phase 3 — reviewdog (inline review comments)
|
|
199
|
-
|
|
200
|
-
[reviewdog](https://github.com/reviewdog/reviewdog) turns Rigor's output
|
|
201
|
-
into PR/MR review comments. It reads Rigor's `checkstyle` (preferred — light,
|
|
202
|
-
no code scanning) or `sarif`, so the format is the same everywhere — **but
|
|
203
|
-
the `-reporter` is platform-specific, so it must match the platform you
|
|
204
|
-
detected in Phase 0.** Pick the reporter first, then the token/env it needs:
|
|
205
|
-
|
|
206
|
-
| Phase 0 platform | `-reporter` | Token / env | Other needs |
|
|
207
|
-
| --- | --- | --- | --- |
|
|
208
|
-
| GitHub | `github-pr-review` (threaded comments) · `github-pr-check` (Check run) · `github-pr-annotations` | `REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}` | `permissions: pull-requests: write` |
|
|
209
|
-
| GitLab | `gitlab-mr-discussion` (threaded) · `gitlab-mr-commit` | `REVIEWDOG_GITLAB_API_TOKEN` (a project/personal token) + `CI_API_V4_URL` | runs on MR pipelines |
|
|
210
|
-
| Gerrit / Bitbucket / Gitea | `gerrit-change-review` · `bitbucket-code-report` · `gitea-pr-review` | the platform's token var (see reviewdog README) | — |
|
|
211
|
-
|
|
212
|
-
There is **no cross-platform reviewdog reporter** — `github-*` posts only to
|
|
213
|
-
GitHub, `gitlab-*` only to GitLab. So a reviewdog setup is always tied to one
|
|
214
|
-
platform; if a project targets two (e.g. a GitHub mirror of a GitLab repo),
|
|
215
|
-
wire one reviewdog job per platform, or use the platform-native format
|
|
216
|
-
(`sarif` / `gitlab`) on each.
|
|
217
|
-
|
|
218
|
-
Install reviewdog with
|
|
219
|
-
[`reviewdog/action-setup`](https://github.com/reviewdog/action-setup) (GitHub)
|
|
220
|
-
or `go install` / the binary (GitLab and others).
|
|
221
|
-
|
|
222
|
-
**GitHub** (`.github/workflows/rigor.yml`):
|
|
223
|
-
|
|
224
|
-
```yaml
|
|
225
|
-
name: rigor
|
|
226
|
-
on: [pull_request]
|
|
227
|
-
permissions:
|
|
228
|
-
contents: read
|
|
229
|
-
pull-requests: write # required for github-pr-review
|
|
230
|
-
jobs:
|
|
231
|
-
rigor:
|
|
232
|
-
runs-on: ubuntu-latest
|
|
233
|
-
steps:
|
|
234
|
-
- uses: actions/checkout@v4
|
|
235
|
-
- uses: ruby/setup-ruby@v1
|
|
236
|
-
with:
|
|
237
|
-
ruby-version: "4.0"
|
|
238
|
-
- run: gem install rigortype
|
|
239
|
-
- uses: reviewdog/action-setup@v1
|
|
240
|
-
with:
|
|
241
|
-
reviewdog_version: latest
|
|
242
|
-
- run: rigor check --format checkstyle | reviewdog -f=checkstyle -reporter=github-pr-review -fail-level=error
|
|
243
|
-
env:
|
|
244
|
-
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
245
|
-
```
|
|
246
|
-
|
|
247
|
-
**GitLab** (`.gitlab-ci.yml`) — install the reviewdog binary, then pipe:
|
|
248
|
-
|
|
249
|
-
```yaml
|
|
250
|
-
rigor:
|
|
251
|
-
image: ruby:4.0
|
|
252
|
-
rules:
|
|
253
|
-
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
|
254
|
-
variables:
|
|
255
|
-
REVIEWDOG_GITLAB_API_TOKEN: $RIGOR_REVIEWDOG_TOKEN # a CI/CD variable you set
|
|
256
|
-
script:
|
|
257
|
-
- gem install rigortype
|
|
258
|
-
- wget -O - -q https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b /usr/local/bin
|
|
259
|
-
- rigor check --format checkstyle | reviewdog -f=checkstyle -reporter=gitlab-mr-discussion -fail-level=error
|
|
260
|
-
```
|
|
261
|
-
|
|
262
|
-
Knobs (both platforms):
|
|
263
|
-
|
|
264
|
-
- **`-fail-level`** — `error` fails the step only on Rigor errors (matches
|
|
265
|
-
Rigor's exit code); `any` fails on warnings too; `none` is comment-only.
|
|
266
|
-
Default `error`.
|
|
267
|
-
- **`-filter-mode`** — reviewdog's default `added` comments only on lines
|
|
268
|
-
the PR/MR changed; `nofilter` comments on everything. Keep `added` to adopt
|
|
269
|
-
on an existing codebase (the reviewdog analogue of Rigor's baseline).
|
|
270
|
-
- **`checkstyle` vs `sarif`** — both work (`-f=checkstyle` / `-f=sarif`);
|
|
271
|
-
prefer `checkstyle` (lighter, no code scanning). Use `sarif` only if the
|
|
272
|
-
job *also* uploads to the GitHub Security tab and wants a single format.
|
|
273
|
-
|
|
274
|
-
## Phase 4 — Pin Rigor's version (reproducible CI)
|
|
275
|
-
|
|
276
|
-
The templates install the latest `rigortype` at run time. To pin it:
|
|
277
|
-
|
|
278
|
-
- **CI-only `Gemfile` (recommended, Dependabot-updatable).** Commit
|
|
279
|
-
`.github/rigor/Gemfile` (`source "https://rubygems.org"` +
|
|
280
|
-
`gem "rigortype", "~> 0.1"`) and its lockfile, set
|
|
281
|
-
`env: BUNDLE_GEMFILE: .github/rigor/Gemfile` on the Rigor job, use
|
|
282
|
-
`ruby/setup-ruby` with `bundler-cache: true`, and run `bundle exec rigor
|
|
283
|
-
check …`. Add a Dependabot `bundler` entry scoped to `/.github/rigor`.
|
|
284
|
-
This file is read only by the Rigor job — it never enters the project's
|
|
285
|
-
resolution.
|
|
286
|
-
- **Pinned `gem install`.** `gem install rigortype -v "X.Y.Z"`. Simple, but
|
|
287
|
-
Dependabot can't see it (manual updates).
|
|
288
|
-
|
|
289
|
-
## Phase 5 — Gate behaviour (optional, with the user)
|
|
290
|
-
|
|
291
|
-
- **Baseline adoption.** If the project uses `.rigor-baseline.yml`
|
|
292
|
-
(rigor-project-init / rigor-baseline-reduce), the same `rigor check`
|
|
293
|
-
honours it — CI fails only on *new* diagnostics. Add `--baseline-strict`
|
|
294
|
-
to also fail when the baseline has drifted loose (a CI gate that forces
|
|
84
|
+
All `--format` surfaces are pure renderings of the same diagnostics; the
|
|
85
|
+
exit code is unchanged (`0` clean, `1` on errors), so the job still gates.
|
|
86
|
+
The full format→platform table and severity mapping are in `rigor docs ci`;
|
|
87
|
+
this is the *decision*:
|
|
88
|
+
|
|
89
|
+
- **GitHub → lead with `github` (annotations).** It works on **every**
|
|
90
|
+
repository with zero setup — no upload, no permissions, no paid features.
|
|
91
|
+
In fact Rigor **auto-detects** GitHub Actions / TeamCity and emits native
|
|
92
|
+
annotations even without `--format`, so a plain `rigor check` already
|
|
93
|
+
annotates the PR (`--no-ci-detect` turns that off). Only upgrade when
|
|
94
|
+
there is a concrete reason:
|
|
95
|
+
- **`sarif`** (Security tab, deduped/persistent alerts) — *only when code
|
|
96
|
+
scanning is available*: a **public** repo (free) or a private repo with
|
|
97
|
+
**GitHub Advanced Security**. Without it `upload-sarif` fails. If you
|
|
98
|
+
cannot tell, **do not default to SARIF** — use `github` and offer SARIF
|
|
99
|
+
to a public-repo / GHAS user.
|
|
100
|
+
- **reviewdog** when the team wants threaded **review comments** filtered
|
|
101
|
+
to changed lines (works on private repos; needs a token — Phase 2).
|
|
102
|
+
- Annotation caveat: the run UI caps annotations per type, so on a first
|
|
103
|
+
adoption of a large codebase prefer the baseline gate (Phase 4) or
|
|
104
|
+
SARIF/reviewdog, which page through everything.
|
|
105
|
+
- **GitLab →** `gitlab` (the MR Code Quality widget) or reviewdog.
|
|
106
|
+
- **Any test-report CI (CircleCI, Jenkins, …) →** `junit`.
|
|
107
|
+
|
|
108
|
+
## Phase 2 — Apply the matching template
|
|
109
|
+
|
|
110
|
+
Take the template for your (platform, surface) choice from `rigor docs ci`
|
|
111
|
+
— or copy a ready file listed by `rigor docs --list manual | grep
|
|
112
|
+
ci-templates` (GitHub annotations / SARIF / reviewdog, and GitLab). Copy it
|
|
113
|
+
in, adjust nothing but the trigger unless asked, and pin the version next
|
|
114
|
+
(Phase 3).
|
|
115
|
+
|
|
116
|
+
**reviewdog is platform-specific.** It reads Rigor's `checkstyle`
|
|
117
|
+
(preferred — light, no code scanning) or `sarif`, but the `-reporter` must
|
|
118
|
+
match the platform: `github-pr-review` posts only to GitHub,
|
|
119
|
+
`gitlab-mr-discussion` only to GitLab — there is **no cross-platform
|
|
120
|
+
reporter**. So a reviewdog setup is tied to one platform; for a repo
|
|
121
|
+
mirrored across two, wire one reviewdog job per platform (or use each
|
|
122
|
+
platform's native format). The reporter table, tokens, and the
|
|
123
|
+
`-fail-level` / `-filter-mode` knobs are in `rigor docs ci` — keep
|
|
124
|
+
`-filter-mode=added` to adopt on an existing codebase (the reviewdog
|
|
125
|
+
analogue of a baseline).
|
|
126
|
+
|
|
127
|
+
## Phase 3 — Pin Rigor's version (reproducible CI)
|
|
128
|
+
|
|
129
|
+
The templates install the latest `rigortype` at run time. To pin it, use a
|
|
130
|
+
**CI-only `Gemfile`** (`.github/rigor/Gemfile`, read only by the Rigor job,
|
|
131
|
+
Dependabot-updatable) or a **pinned `gem install rigortype -v "X.Y.Z"`**.
|
|
132
|
+
The exact recipe (the `BUNDLE_GEMFILE` wiring, the Dependabot entry) is in
|
|
133
|
+
`rigor docs ci` § "Pinning Rigor's version".
|
|
134
|
+
|
|
135
|
+
## Phase 4 — Gate behaviour (optional, with the user)
|
|
136
|
+
|
|
137
|
+
- **Baseline adoption.** If the project uses `.rigor-baseline.yml`, the same
|
|
138
|
+
`rigor check` honours it — CI fails only on *new* diagnostics. Add
|
|
139
|
+
`--baseline-strict` to also fail when the baseline drifts loose (forces
|
|
295
140
|
regeneration). With reviewdog, `-filter-mode=added` plays the analogous
|
|
296
|
-
role
|
|
141
|
+
role.
|
|
297
142
|
- **Determinism.** Add `--no-cache` in CI if you want each run independent
|
|
298
143
|
of any persisted `.rigor/cache`.
|
|
299
144
|
|
|
@@ -308,12 +153,14 @@ The templates install the latest `rigortype` at run time. To pin it:
|
|
|
308
153
|
|
|
309
154
|
## References
|
|
310
155
|
|
|
311
|
-
- Manual: `rigor`'s CI chapter —
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
156
|
+
- Manual: `rigor`'s CI chapter — the authoritative templates, severity
|
|
157
|
+
mapping, and pinning recipe, **offline and version-matched** with
|
|
158
|
+
`rigor docs ci` (ready files: `rigor docs --list manual | grep
|
|
159
|
+
ci-templates`). Web fallback, before Rigor is installed:
|
|
160
|
+
<https://github.com/rigortype/rigor/blob/master/docs/manual/11-ci.md>.
|
|
161
|
+
- [ADR-51](https://github.com/rigortype/rigor/blob/master/docs/adr/51-ci-diagnostic-output-formats.md)
|
|
315
162
|
— the output-format surface (the severity / identifier contract).
|
|
316
|
-
- [ADR-27](https://github.com/rigortype/rigor/blob/
|
|
163
|
+
- [ADR-27](https://github.com/rigortype/rigor/blob/master/docs/adr/27-tool-distribution-model.md)
|
|
317
164
|
— why Rigor installs standalone and runs in its own job.
|
|
318
165
|
- [reviewdog](https://github.com/reviewdog/reviewdog) /
|
|
319
166
|
[action-setup](https://github.com/reviewdog/action-setup).
|
|
@@ -11,63 +11,49 @@ metadata:
|
|
|
11
11
|
# Rigor Doctor
|
|
12
12
|
|
|
13
13
|
`rigor skill describe` reports what *exists* (presence checks). This skill
|
|
14
|
-
goes a level deeper: it *runs* Rigor's validators to confirm the setup
|
|
15
|
-
actually working — the difference between "a `.rigor.yml` is present"
|
|
16
|
-
"it parses, loads its plugins, and analyses the right files."
|
|
17
|
-
the diagnostics look wrong (suspiciously zero, or suspiciously
|
|
18
|
-
after editing the config.
|
|
14
|
+
goes a level deeper: it *runs* Rigor's own validators to confirm the setup
|
|
15
|
+
is actually working — the difference between "a `.rigor.yml` is present"
|
|
16
|
+
and "it parses, loads its plugins, and analyses the right files." Reach for
|
|
17
|
+
it when the diagnostics look wrong (suspiciously zero, or suspiciously
|
|
18
|
+
many) or after editing the config. It needs no special command — it
|
|
19
|
+
orchestrates checks Rigor already ships and interprets the results.
|
|
19
20
|
|
|
20
|
-
|
|
21
|
-
ships and interprets the results.
|
|
21
|
+
## First: load the version-current copy
|
|
22
22
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
23
|
+
This skill's exact commands, flags, and config keys drift between Rigor
|
|
24
|
+
releases, so follow the copy that ships with the **installed** Rigor rather
|
|
25
|
+
than any vendored or frozen copy of this file. Get the complete current
|
|
26
|
+
procedure in one call:
|
|
26
27
|
|
|
27
28
|
```sh
|
|
28
|
-
rigor
|
|
29
|
+
rigor skill --full rigor-doctor # this body + all its references/, inline
|
|
29
30
|
```
|
|
30
31
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
at `evidence_tier: high`), a `libraries:` name RBS does not recognise, a
|
|
36
|
-
`disable:` / `severity_overrides:` id naming no real rule, or a missing
|
|
37
|
-
`bundler` / `rbs_collection` path. **Each warning here is a real
|
|
38
|
-
misconfiguration — fix it.** None appearing is the healthy state.
|
|
39
|
-
|
|
40
|
-
### 2. Every configured plugin loads
|
|
41
|
-
|
|
42
|
-
```sh
|
|
43
|
-
rigor plugins --strict
|
|
44
|
-
```
|
|
45
|
-
|
|
46
|
-
Reports the activation status of each plugin in `plugins:`; `--strict`
|
|
47
|
-
exits non-zero on any failure. A failure is usually a misspelled id or a
|
|
48
|
-
plugin whose `signature_paths:` did not resolve. Fix it, or the plugin's
|
|
49
|
-
type knowledge is silently absent.
|
|
50
|
-
|
|
51
|
-
### 3. The baseline is not stale (if one exists)
|
|
32
|
+
If you already loaded this skill *via* `rigor skill` you have the current
|
|
33
|
+
copy — just proceed (read any `references/NN-*.md` from the directory the
|
|
34
|
+
header names). If `rigor` is not on `PATH`, this task needs it: run
|
|
35
|
+
**`rigor-next-steps`** to install Rigor first, then come back.
|
|
52
36
|
|
|
53
|
-
|
|
54
|
-
rigor baseline drift
|
|
55
|
-
```
|
|
37
|
+
## When to use
|
|
56
38
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
39
|
+
- After editing `.rigor.yml` / `.rigor.dist.yml`.
|
|
40
|
+
- When `rigor check` reports suspiciously few or suspiciously many
|
|
41
|
+
diagnostics, or the config feels like it isn't taking effect.
|
|
42
|
+
- NOT for first-time setup (→ `rigor-project-init`) or working real
|
|
43
|
+
diagnostics down (→ `rigor-baseline-reduce`).
|
|
61
44
|
|
|
62
|
-
|
|
45
|
+
## What it validates
|
|
63
46
|
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
47
|
+
Four validators, each a check Rigor already ships. The exact commands and
|
|
48
|
+
how to read each output live in the version-current
|
|
49
|
+
[`references/01-checks.md`](references/01-checks.md) (loaded per the
|
|
50
|
+
directive above):
|
|
67
51
|
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
52
|
+
1. **Config resolves with nothing silently inert** — no `config_warnings`.
|
|
53
|
+
2. **Every configured plugin loads** — `rigor plugins --strict` is clean.
|
|
54
|
+
3. **The baseline is not stale** (if one exists) — no large drift.
|
|
55
|
+
4. **The analysis is actually seeing your code** — the source-file count
|
|
56
|
+
matches the project.
|
|
71
57
|
|
|
72
58
|
## Interpreting the result
|
|
73
59
|
|
|
@@ -75,12 +61,16 @@ directory. The analysis is only as good as the files it reads.
|
|
|
75
61
|
code, not the configuration. Move on to `rigor-baseline-reduce` or
|
|
76
62
|
`rigor-protection-uplift`.
|
|
77
63
|
- **A `config_warning` or a plugin failure** → that is the real problem;
|
|
78
|
-
fixing it usually
|
|
64
|
+
fixing it usually clears a whole cluster of confusing downstream
|
|
79
65
|
diagnostics at once.
|
|
80
66
|
|
|
81
67
|
For deeper symptoms (hover shows `untyped` everywhere, completion empty,
|
|
82
|
-
LSP silent)
|
|
83
|
-
|
|
68
|
+
LSP silent) read the manual's troubleshooting chapter — offline and
|
|
69
|
+
version-matched:
|
|
70
|
+
|
|
71
|
+
```sh
|
|
72
|
+
rigor docs troubleshooting
|
|
73
|
+
```
|
|
84
74
|
|
|
85
75
|
## Next step
|
|
86
76
|
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# 01 — The four checks
|
|
2
|
+
|
|
3
|
+
Each check runs a validator Rigor already ships and interprets its
|
|
4
|
+
output. Run them in order; the first failure is usually the root cause of
|
|
5
|
+
a cluster of confusing downstream diagnostics.
|
|
6
|
+
|
|
7
|
+
## 1. Config resolves with nothing silently inert
|
|
8
|
+
|
|
9
|
+
```sh
|
|
10
|
+
rigor check --format json # read the `config_warnings` array
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
`rigor check` audits the config and emits `config_warnings` for the typo
|
|
14
|
+
class whose only symptom is a confusing downstream error: a
|
|
15
|
+
`signature_paths:` that is missing / not a directory / holds no `.rbs`
|
|
16
|
+
(which would turn every covered call into a false `call.undefined-method`
|
|
17
|
+
at `evidence_tier: high`), a `libraries:` name RBS does not recognise, a
|
|
18
|
+
`disable:` / `severity_overrides:` id naming no real rule, or a missing
|
|
19
|
+
`bundler` / `rbs_collection` path. **Each warning here is a real
|
|
20
|
+
misconfiguration — fix it.** None appearing is the healthy state.
|
|
21
|
+
|
|
22
|
+
## 2. Every configured plugin loads
|
|
23
|
+
|
|
24
|
+
```sh
|
|
25
|
+
rigor plugins --strict
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
Reports the activation status of each plugin in `plugins:`; `--strict`
|
|
29
|
+
exits non-zero on any failure. A failure is usually a misspelled id or a
|
|
30
|
+
plugin whose `signature_paths:` did not resolve. Fix it, or the plugin's
|
|
31
|
+
type knowledge is silently absent.
|
|
32
|
+
|
|
33
|
+
## 3. The baseline is not stale (if one exists)
|
|
34
|
+
|
|
35
|
+
```sh
|
|
36
|
+
rigor baseline drift
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
Shows whether the live diagnostics have drifted from `.rigor-baseline.yml`
|
|
40
|
+
— entries the baseline ignores that no longer occur (safe to prune) and
|
|
41
|
+
new diagnostics outside the envelope. A large drift means the baseline
|
|
42
|
+
needs regenerating (often after an upgrade — see `rigor-upgrade`).
|
|
43
|
+
|
|
44
|
+
## 4. The analysis is actually seeing your code
|
|
45
|
+
|
|
46
|
+
```sh
|
|
47
|
+
rigor check --format json # check the "Ruby source files" count
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
If the file count is `0` or far below your project size, `paths:` /
|
|
51
|
+
`exclude:` are mis-scoped, or the command is running from the wrong
|
|
52
|
+
directory. The analysis is only as good as the files it reads.
|
|
@@ -29,6 +29,20 @@ This skill is the *workflow* around it (identify the editor → apply the
|
|
|
29
29
|
manual's snippet → verify), so it does not duplicate (and cannot
|
|
30
30
|
stale-out) the config details.
|
|
31
31
|
|
|
32
|
+
## First: load the version-current copy
|
|
33
|
+
|
|
34
|
+
The config details already come live from `rigor docs`; this section keeps
|
|
35
|
+
the *workflow itself* current too. Prefer the copy of this skill that ships
|
|
36
|
+
with the **installed** Rigor over any vendored or frozen copy of this file:
|
|
37
|
+
|
|
38
|
+
```sh
|
|
39
|
+
rigor skill --full rigor-editor-setup
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
If you already loaded this skill *via* `rigor skill` you have the current
|
|
43
|
+
copy — just proceed. If `rigor` is not on `PATH`, this task needs it: run
|
|
44
|
+
**`rigor-next-steps`** to install Rigor first, then come back.
|
|
45
|
+
|
|
32
46
|
## When to use
|
|
33
47
|
|
|
34
48
|
- A developer wants Rigor feedback live in their editor, not just from
|
|
@@ -31,6 +31,20 @@ This skill is the *workflow* around it (identify the client → apply the
|
|
|
31
31
|
manual's snippet → verify the handshake), so it does not duplicate (and
|
|
32
32
|
cannot stale-out) the config details.
|
|
33
33
|
|
|
34
|
+
## First: load the version-current copy
|
|
35
|
+
|
|
36
|
+
The config details already come live from `rigor docs`; this keeps the
|
|
37
|
+
*workflow itself* current too. Prefer the copy of this skill that ships
|
|
38
|
+
with the **installed** Rigor over any vendored or frozen copy of this file:
|
|
39
|
+
|
|
40
|
+
```sh
|
|
41
|
+
rigor skill --full rigor-mcp-setup
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
If you already loaded this skill *via* `rigor skill` you have the current
|
|
45
|
+
copy — just proceed. If `rigor` is not on `PATH`, this task needs it: run
|
|
46
|
+
**`rigor-next-steps`** to install Rigor first, then come back.
|
|
47
|
+
|
|
34
48
|
## When to use
|
|
35
49
|
|
|
36
50
|
- A developer wants their AI agent to call Rigor's tools mid-session.
|
|
@@ -18,6 +18,21 @@ top-level helper). `pre_eval:` ([ADR-17](https://github.com/rigortype/rigor/blob
|
|
|
18
18
|
fixes this: it pre-evaluates the listed project files and registers every
|
|
19
19
|
method they define with a **literal** `def` / `def self.`.
|
|
20
20
|
|
|
21
|
+
## First: load the version-current copy
|
|
22
|
+
|
|
23
|
+
This skill's exact commands, flags, and config keys drift between Rigor
|
|
24
|
+
releases, so follow the copy that ships with the **installed** Rigor rather
|
|
25
|
+
than any vendored or frozen copy of this file. Get the complete current
|
|
26
|
+
procedure in one call:
|
|
27
|
+
|
|
28
|
+
```sh
|
|
29
|
+
rigor skill --full rigor-monkeypatch-resolve
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
If you already loaded this skill *via* `rigor skill` you have the current
|
|
33
|
+
copy — just proceed. If `rigor` is not on `PATH`, this task needs it: run
|
|
34
|
+
**`rigor-next-steps`** to install Rigor first, then come back.
|
|
35
|
+
|
|
21
36
|
## When to use
|
|
22
37
|
|
|
23
38
|
- `rigor triage` shows a cluster of `call.undefined-method` /
|