rubocop-callback_checker 0.1.0

data/lib/rubocop/cop/callback_checker/conditional_style.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module CallbackChecker
+      # This cop enforces using named methods instead of procs or strings
+      # for callback conditionals (if: and unless:).
+      #
+      # Procs and strings are harder to debug, test, and override in subclasses.
+      # Named methods provide better readability and maintainability.
+      #
+      # @example
+      #   # bad
+      #   before_save :do_thing, if: -> { status == 'active' && !deleted? }
+      #   after_create :notify, unless: proc { Rails.env.test? }
+      #   before_validation :check, if: "status == 'active'"
+      #
+      #   # good
+      #   before_save :do_thing, if: :active_and_present?
+      #   after_create :notify, unless: :test_environment?
+      #   before_validation :check, if: :active?
+      #
+      #   private
+      #
+      #   def active_and_present?
+      #     status == 'active' && !deleted?
+      #   end
+      class ConditionalStyle < Base
+        MSG = "Use a named method instead of a %<type>s for callback conditionals. " \
+              "Extract the logic to a private method with a descriptive name."
+
+        CALLBACK_METHODS = %i[
+          before_validation after_validation
+          before_save after_save around_save
+          before_create after_create around_create
+          before_update after_update around_update
+          before_destroy after_destroy around_destroy
+          after_commit after_rollback
+          after_touch
+          after_create_commit after_update_commit after_destroy_commit after_save_commit
+        ].freeze
+
+        CONDITIONAL_KEYS = %i[if unless].freeze
+
+        def on_send(node)
+          return unless callback_method?(node)
+          
+          check_callback_conditionals(node)
+        end
+
+        private
+
+        def callback_method?(node)
+          CALLBACK_METHODS.include?(node.method_name)
+        end
+
+        def check_callback_conditionals(node)
+          # Look for hash arguments that contain if: or unless: keys
+          node.arguments.each do |arg|
+            next unless arg.hash_type?
+
+            arg.pairs.each do |pair|
+              check_conditional_pair(pair)
+            end
+          end
+        end
+
+        def check_conditional_pair(pair)
+          return unless conditional_key?(pair.key)
+
+          value = pair.value
+
+          if value.lambda? || value.block_type?
+            add_offense(value, message: format(MSG, type: 'proc/lambda'))
+          elsif value.str_type?
+            add_offense(value, message: format(MSG, type: 'string'))
+          end
+        end
+
+        def conditional_key?(key)
+          return false unless key.sym_type?
+          
+          CONDITIONAL_KEYS.include?(key.value)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/callback_checker/no_side_effects_in_callbacks.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module CallbackChecker
+      # This cop checks for side effects (API calls, mailers, background jobs, or modifying other records)
+      # in Active Record callbacks that execute within a database transaction.
+      #
+      # @example
+      #   # bad
+      #   after_create { UserMailer.welcome(self).deliver_now }
+      #   after_save :notify_external_api
+      #
+      #   # good
+      #   after_commit :notify_external_api, on: :create
+      class NoSideEffectsInCallbacks < Base
+        MSG = "Avoid side effects (API calls, mailers, background jobs, or modifying other records) " \
+              "in %<callback>s. Use `after_commit` instead."
+
+        SIDE_EFFECT_SENSITIVE_CALLBACKS = %i[
+          before_validation before_save after_save
+          before_create after_create
+          before_update after_update
+          before_destroy after_destroy
+          around_save around_create around_update around_destroy
+          after_touch
+        ].freeze
+
+        SELF_PERSISTENCE_METHODS = %i[
+          save save! update update! update_attribute update_attributes
+          update_attributes! update_column update_columns
+          toggle! increment! decrement! touch
+        ].freeze
+
+        # Added common HTTP clients and SDKs
+        def_node_matcher :external_library_call?, <<~PATTERN
+          (send (const {nil? cbase} {:RestClient :Faraday :HTTParty :Net :HTTP :Excon :Typhoeus :Stripe :Aws :Intercom :Sidekiq :ActionCable}) ...)
+        PATTERN
+
+        # Match calls to any constant (e.g., NewsletterSDK, CustomSDK, etc.)
+        def_node_matcher :constant_method_call?, <<~PATTERN
+          (send (const {nil? cbase} _) _ ...)
+        PATTERN
+
+        # Added synchronous delivery and ActiveJob/Sidekiq variants
+        def_node_matcher :async_delivery?, <<~PATTERN
+          (send ... {:deliver_now :deliver_now! :deliver_later :deliver_later! :perform_later :perform_async :perform_at :perform_in :broadcast_later})
+        PATTERN
+
+        # Catches persistence on other objects: constants, local vars, or method calls (like associations)
+        # Explicitly excludes calls without receivers (implicit self) and explicit self calls
+        def_node_matcher :side_effect_persistence?, <<~PATTERN
+          (send !{nil? (self)} {:save :save! :update :update! :update_columns :destroy :destroy! :create :create! :toggle! :touch} ...)
+        PATTERN
+
+        def on_send(node)
+          return unless side_effect_sensitive_callback?(node)
+
+          check_callback_block(node) if node.block_literal?
+          check_callback_arguments(node)
+        end
+
+        private
+
+        def side_effect_sensitive_callback?(node)
+          SIDE_EFFECT_SENSITIVE_CALLBACKS.include?(node.method_name)
+        end
+
+        def check_callback_block(node)
+          check_method_contents(node.block_node.body, node.method_name)
+        end
+
+        def check_callback_arguments(node)
+          node.arguments.each do |arg|
+            process_callback_argument(node, arg)
+          end
+        end
+
+        def process_callback_argument(node, arg)
+          if arg.sym_type?
+            check_symbol_callback(node, arg.value)
+          elsif callback_proc?(arg)
+            check_method_contents(arg.body, node.method_name)
+          end
+        end
+
+        def callback_proc?(arg)
+          arg.block_type? || arg.lambda? || arg.proc?
+        end
+
+        def check_symbol_callback(node, method_name)
+          # Find the class/module containing the callback
+          scope = node.each_ancestor(:class, :module).first
+          return unless scope
+
+          # Search for the method definition anywhere in the class
+          method_def = scope.each_descendant(:def).find { |d| d.method_name == method_name }
+          return unless method_def
+
+          check_method_contents(method_def.body, node.method_name)
+        end
+
+        def check_method_contents(node, callback_name)
+          return unless node
+
+          # Collect all send nodes first to avoid duplicate reporting in chains
+          node.each_node(:send) do |send_node|
+            next unless side_effect_call?(send_node)
+            next if part_of_reported_chain?(send_node)
+
+            add_offense(send_node, message: format(MSG, callback: callback_name))
+          end
+        end
+
+        def side_effect_call?(send_node)
+          external_library_call?(send_node) ||
+            async_delivery?(send_node) ||
+            side_effect_persistence?(send_node) ||
+            suspicious_constant_call?(send_node)
+        end
+
+        # Check if this node is part of a method chain where a parent would be reported
+        def part_of_reported_chain?(send_node)
+          parent = send_node.parent
+          return false unless parent&.send_type?
+          
+          # If parent is also a side effect, we'll report the parent instead
+          # This handles cases like UserMailer.welcome(self).deliver_now
+          # We want to report the .deliver_now, not the .welcome
+          return false if async_delivery?(send_node) # Always report delivery methods
+          
+          # If this is a receiver of a delivery method, don't report it
+          parent.receiver == send_node && async_delivery?(parent)
+        end
+
+        def suspicious_constant_call?(send_node)
+          return false unless constant_method_call?(send_node)
+          return false if safe_constant_new_call?(send_node)
+
+          # Exclude known safe Rails constants and common utilities
+          receiver = send_node.receiver
+          return false unless receiver&.const_type?
+
+          const_name = receiver.const_name
+          safe_constants = %w[
+            Rails ActiveRecord ActiveSupport ActiveModel ActionController
+            ActionView ActionMailer ApplicationRecord
+            File Dir Pathname URI JSON YAML CSV
+            Time Date DateTime
+            Math Random SecureRandom
+            Logger
+          ]
+
+          # If it's a known safe constant, it's not suspicious
+          return false if safe_constants.any? { |safe| const_name.start_with?(safe) }
+
+          # If it's calling a method that looks like a side effect, flag it
+          # This will catch things like NewsletterSDK.subscribe, CustomAPI.call, etc.
+          true
+        end
+
+        # Check if this is a safe .new call on a constant (e.g., OtherRecord.new)
+        def safe_constant_new_call?(send_node)
+          send_node.method?(:new)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/cops.rb

@@ -0,0 +1,5 @@
+require_relative "callback_checker/no_side_effects_in_callbacks"
+require_relative "callback_checker/avoid_self_persistence"
+require_relative "callback_checker/attribute_assignment_only"
+require_relative "callback_checker/callback_method_length"
+require_relative "callback_checker/conditional_style"

data/sig/rubocop/callback_checker.rbs

@@ -0,0 +1,6 @@
+module Rubocop
+  module CallbackChecker
+    VERSION: String
+    # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+  end
+end

metadata

@@ -0,0 +1,166 @@
+--- !ruby/object:Gem::Specification
+name: rubocop-callback_checker
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- rahsheen
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2026-03-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-ast
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+description: A RuboCop extension focused on avoiding callback hell in Rails.
+email:
+- rahsheen.porter@gmail.com
+executables:
+- rubocop-callback-checker
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- config/default.yml
+- exe/rubocop-callback-checker
+- lib/callback_checker/cli.rb
+- lib/callback_checker/prism_analyzer.rb
+- lib/rubocop/callback_checker.rb
+- lib/rubocop/callback_checker/version.rb
+- lib/rubocop/cop/callback_checker/attribute_assignment_only.rb
+- lib/rubocop/cop/callback_checker/avoid_self_persistence.rb
+- lib/rubocop/cop/callback_checker/callback_method_length.rb
+- lib/rubocop/cop/callback_checker/conditional_style.rb
+- lib/rubocop/cop/callback_checker/no_side_effects_in_callbacks.rb
+- lib/rubocop/cop/cops.rb
+- sig/rubocop/callback_checker.rbs
+homepage: https://github.com/rahsheen/rubocop-callback_checker
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/rahsheen/rubocop-callback_checker
+  source_code_uri: https://github.com/rahsheen/rubocop-callback_checker
+  changelog_uri: https://github.com/rahsheen/rubocop-callback_checker/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.9
+signing_key:
+specification_version: 4
+summary: rubocop
+test_files: []