rubocop-neeto 0.1.10 → 0.1.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65a32761246169e77982d6364c9156c03ae7b614d6d642ace4adcb4a9e677cf4
-  data.tar.gz: c67a334dff9c932ddaae6608a2f9d9873e7a3dfad9d6de601a711a0efd79921b
+  metadata.gz: 1b93018be6b3def6d6c449b2809931330ce9e1bbf05420ce31c8c8a17e958abf
+  data.tar.gz: a717e43ba5754ba004d0460e43445d33a9b8ce056b75c16a1a55be0fcea6aed2
 SHA512:
-  metadata.gz: b05f087a60f13cfedf618e9a0f7837502f28bf955ae9bee1bf2c9679faf5518847e2ee60c02543a379915467ddc3494aeefcee22f0185780c395f0b997cb1150
-  data.tar.gz: e0d5d9d6eade058f53fc63ec0d7e67f865d4c4e45b7fcf947a8dea0992721911d95f89c8a4af601f831e1077ab4aa24ea3464793849b53bd2d7eac51bea3dc47
+  metadata.gz: 6ef0c717345ffc75c8a451c6ea80cce118e4f260d36d29c4252cd54f86ac94db385a61b65512c437fd37c1afa0ccf9cd97c8c5aeae16efed937bb036e5447ca7
+  data.tar.gz: 7b7d8da23d45418253ced5c59266123bda9e1815ca1b9ee2d515450a4b803b7cd12d30fb6860c2ca5d48ee03b868653bd97cd1ed3e3af817c9a5fabc61d0a6b6

data/README.md

@@ -4,6 +4,7 @@
 
 1. [Neeto/UnsafeTableDeletion](https://rubocop-neeto.neetodeployapp.com/docs/RuboCop/Cop/Neeto/UnsafeTableDeletion)
 2. [Neeto/UnsafeColumnDeletion](https://rubocop-neeto.neetodeployapp.com/docs/RuboCop/Cop/Neeto/UnsafeColumnDeletion)
+3. [Neeto/DirectEnvAccess](https://rubocop-neeto.neetodeployapp.com/docs/RuboCop/Cop/Neeto/DirectEnvAccess)
 
 ## Installation
 
@@ -42,7 +43,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/bigbinary/rubocop-neeto.
+Bug reports and pull requests are welcome.
 
 ## License
 

data/config/default.yml

@@ -23,3 +23,17 @@ Neeto/UnsafeColumnDeletion:
   VersionAdded: '0.1'
   Include:
     - db/**/*.rb
+
+Neeto/DirectEnvAccess:
+  Description: >-
+    Rails had `secrets.yml` which provided a single source of truth for all
+    environment variables and their fallback values. Rails deprecated this in
+    favor of encrypted credentials, so we created Secvault to maintain
+    centralized configuration. Direct usage of `ENV` bypasses this system,
+    making it harder to track what environment variables are being used and
+    their defaults. Use `Secvault.secrets` instead.
+  Enabled: true
+  Severity: refactor
+  VersionAdded: '0.1'
+  Include:
+    - app/**/*.rb

data/lib/rubocop/cop/neeto/direct_env_access.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Neeto
+      # Rails had `secrets.yml` which provided a single source of truth for all
+      # environment variables and their fallback values. Rails deprecated this in
+      # favor of encrypted credentials, so we created Secvault
+      # (https://github.com/neetozone/secvault) to maintain centralized configuration.
+      # Direct usage of `ENV` bypasses this system, making it harder to track what
+      # environment variables are being used and their defaults. This cop enforces
+      # that all environment variable access goes through `Secvault.secrets`.
+      #
+      # @example DirectEnvAccess: true (default)
+      #   # Enforces the usage of `Secvault.secrets` over direct `ENV` access.
+      #
+      #   # bad
+      #   api_key = ENV['STRIPE_API_KEY']
+      #
+      #   # bad
+      #   default_timezone = ENV['DEFAULT_TIMEZONE'] || 'UTC'
+      #
+      #   # good
+      #   api_key = Secvault.secrets.stripe_api_key
+      #
+      #   # good
+      #   default_timezone = Secvault.secrets.default_timezone
+      #
+      #   # good (ENV access is permitted in directories other than the app directory)
+      #   config.log_level = ENV.fetch('LOG_LEVEL', 'info')
+      #
+      class DirectEnvAccess < Base
+        MSG = "Do not use ENV directly. " \
+              "Use Secvault.secrets to maintain a single source of truth for configuration."
+
+        def_node_matcher :env_access?, <<~PATTERN
+          (const {nil? cbase} :ENV)
+        PATTERN
+
+        def on_const(node)
+          return unless env_access?(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/neeto_cops.rb

@@ -2,3 +2,4 @@
 
 require_relative "neeto/unsafe_table_deletion"
 require_relative "neeto/unsafe_column_deletion"
+require_relative "neeto/direct_env_access"

data/lib/rubocop/neeto/version.rb

@@ -2,6 +2,6 @@
 
 module RuboCop
   module Neeto
-    VERSION = "0.1.10"
+    VERSION = "0.1.12"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-neeto
 version: !ruby/object:Gem::Version
-  version: 0.1.10
+  version: 0.1.12
 platform: ruby
 authors:
 - Abhay V Ashokan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-16 00:00:00.000000000 Z
+date: 2026-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -35,17 +35,18 @@ files:
 - Rakefile
 - config/default.yml
 - lib/rubocop-neeto.rb
+- lib/rubocop/cop/neeto/direct_env_access.rb
 - lib/rubocop/cop/neeto/unsafe_column_deletion.rb
 - lib/rubocop/cop/neeto/unsafe_table_deletion.rb
 - lib/rubocop/cop/neeto_cops.rb
 - lib/rubocop/neeto.rb
 - lib/rubocop/neeto/inject.rb
 - lib/rubocop/neeto/version.rb
-homepage: https://github.com/bigbinary/rubocop-neeto
+homepage: https://github.com/neetozone/rubocop-neeto
 licenses: []
 metadata:
-  homepage_uri: https://github.com/bigbinary/rubocop-neeto
-  source_code_uri: https://github.com/bigbinary/rubocop-neeto
+  homepage_uri: https://github.com/neetozone/rubocop-neeto
+  source_code_uri: https://github.com/neetozone/rubocop-neeto
 post_install_message:
 rdoc_options: []
 require_paths: