@reinteractive/rails-insight 1.0.11 → 1.0.13

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reinteractive/rails-insight",
-  "version": "1.0.11",
+  "version": "1.0.13",
   "description": "Rails-aware codebase indexer — MCP server for AI agents",
   "type": "module",
   "bin": {
@@ -59,4 +59,4 @@
   "engines": {
     "node": ">=18.0.0"
   }
-}
+}

package/src/core/blast-radius.js

@@ -483,7 +483,7 @@ function formatControllerSummary(name, controller) {
   const actionCount = (controller.actions || []).length
   if (actionCount > 0) parts.push(`${actionCount} actions`)
   const filters = controller.before_actions || controller.filters || []
-  if (filters.length > 0) parts.push(filters.map((f) => f.name || f).join(', '))
+  if (filters.length > 0) parts.push(filters.map((f) => f.method || f.name || JSON.stringify(f)).join(', '))
   return parts.join(' — ')
 }
 

package/src/core/indexer.js

@@ -223,7 +223,11 @@ export async function buildIndex(provider, options = {}) {
         extractionErrors,
       )
       if (model) extractions.models[className] = model
-    } else if (entry.categoryName === 'controllers') {
+    } else if (
+      entry.categoryName === 'controllers' ||
+      (entry.categoryName === 'authentication' &&
+        entry.path.includes('_controller.rb'))
+    ) {
       const ctrl = safeExtract(
         `controller:${entry.path}`,
         () => extractController(provider, entry.path),
@@ -232,7 +236,8 @@ export async function buildIndex(provider, options = {}) {
         extractionErrors,
       )
       if (ctrl) {
-        const name = pathToClassName(entry.path)
+        // Use the controller's own fully-qualified class name to avoid namespace collisions
+        const name = ctrl.class || pathToClassName(entry.path)
         extractions.controllers[name] = ctrl
       }
     } else if (entry.categoryName === 'components') {
@@ -581,7 +586,10 @@ function computeStatistics(manifest, extractions, relationships) {
   const entries = manifest.entries || []
   return {
     total_files: entries.length,
-    models: Object.keys(extractions.models || {}).length,
+    models: Object.values(extractions.models || {}).filter(
+      (m) => m.type !== 'concern' && !m.abstract,
+    ).length,
+    models_in_manifest: (manifest.stats || {}).models || 0,
     controllers: Object.keys(extractions.controllers || {}).length,
     components: Object.keys(extractions.components || {}).length,
     relationships: relationships.length,

package/src/core/patterns/authorization.js

@@ -4,7 +4,7 @@
 export const AUTHORIZATION_PATTERNS = {
   // Pundit
   policyClass: /class\s+(\w+)Policy\s*<\s*(\w+)/,
-  policyMethod: /def\s+(index|show|create|new|update|edit|destroy)\?/g,
+  policyMethod: /def\s+(\w+)\?/g,
   policyScopeClass: /class\s+Scope\s*<\s*(?:ApplicationPolicy::)?Scope/,
   policyScopeResolve: /def\s+resolve/,
   authorize: /authorize\s+(@?\w+)(?:,\s*:(\w+)\?)?/g,

package/src/core/patterns/gemfile.js

@@ -2,7 +2,7 @@
  * Regex patterns for Gemfile extraction.
  */
 export const GEMFILE_PATTERNS = {
-  gem: /^\s*gem\s+['"]([^'"]+)['"](?:,\s*['"]([^'"]+)['"])?(?:,\s*(.+))?$/m,
+  gem: /^\s*gem\s+['"]([^'"]+)['"](?:,\s*['"]([^'"]+)['"])?(?:,\s*([^#]+?))?(?:\s*#.*)?$/m,
   group: /^\s*group\s+(.+)\s+do/m,
   source: /^\s*source\s+['"]([^'"]+)['"]/m,
   ruby: /^\s*ruby\s+['"]([^'"]+)['"]/m,

package/src/core/patterns/model.js

@@ -21,6 +21,8 @@ export const MODEL_PATTERNS = {
   // === VALIDATIONS ===
   validates: /^\s*validates?\s+:?(\w+(?:,\s*:\w+)*)(?:,\s*(.+))?$/m,
   validate: /^\s*validate\s+:(\w+)/m,
+  validatesWithValidator: /^\s*validates_with\s+(\S+)(?:,\s*(.+))?$/m,
+  validatesOldStyle: /^\s*validates_(\w+?)(?:_of)?\s+:(\w+)(?:,\s*(.+))?$/m,
 
   // === SCOPES ===
   scope: /^\s*scope\s+:(\w+),\s*(?:->|lambda|proc)/m,

package/src/core/patterns/realtime.js

@@ -4,7 +4,7 @@
 export const REALTIME_PATTERNS = {
   channelClass: /class\s+(\w+Channel)\s*<\s*(\w+)/,
   subscribed: /def\s+subscribed/,
-  streamFrom: /stream_from\s+['"]?([^'"]+)['"]?/g,
+  streamFrom: /stream_from\s+(?:['"]([^'"]+)['"]|(\w+(?:\.\w+)*))/g,
   streamFor: /stream_for\s+(.+)/g,
   turboStreamFrom: /turbo_stream_from\s+(.+)/g,
   connectionConnect: /def\s+connect/,

package/src/core/patterns/route.js

@@ -10,7 +10,7 @@ export const ROUTE_PATTERNS = {
   constraints: /^\s*constraints\s*(?:\((.+)\))?\s*do/m,
   httpVerb:
     /^\s*(?:get|post|put|patch|delete)\s+['"]([^'"]+)['"](?:.*?(?:to:|=>)\s*['"]([^'"#]+)#?([^'"]*)['"'])?/m,
-  root: /^\s*root\s+(?:to:\s*)?['"]([^'"#]+)#?([^'"]*)['"']/m,
+  root: /^\s*root\s+(?:(?::to\s*=>|to:)\s*)?['"]([^'"#]+)#?([^'"]*)['"']/m,
   mount:
     /^\s*mount\s+(\w+(?:(?:::|\.)\w+)*)\s*(?:=>|,\s*at:)\s*['"]([^'"]+)['"]/m,
   concern: /^\s*concern\s+:(\w+)\s+do/m,

package/src/core/version-detector.js

@@ -110,7 +110,8 @@ function extractRubyVersion(gemfile, gemfileLock, provider) {
   // .ruby-version file
   const rubyVersion = provider.readFile('.ruby-version')
   if (rubyVersion) {
-    const ver = rubyVersion.trim().match(/^(\d+\.\d+\.\d+)/)
+    const cleaned = rubyVersion.trim().replace(/^ruby-/, '')
+    const ver = cleaned.match(/^(\d+\.\d+\.\d+)/)
     if (ver) return ver[1]
   }
 
@@ -196,7 +197,8 @@ function detectFramework(gemfile, gems, appConfig, provider) {
 
   // JS bundling
   let jsBundling = null
-  if (hasGem('webpacker')) jsBundling = 'webpacker'
+  if (hasGem('vite_rails') || hasGem('vite_ruby')) jsBundling = 'vite'
+  else if (hasGem('webpacker')) jsBundling = 'webpacker'
   else if (hasGem('importmap-rails')) jsBundling = 'importmap'
   else if (hasGem('jsbundling-rails')) {
     // Check package.json for specific bundler
@@ -240,9 +242,13 @@ function detectFramework(gemfile, gems, appConfig, provider) {
   let cacheStore = null
   if (hasGem('solid_cache')) cacheStore = 'solid_cache'
   else if (hasGem('redis')) cacheStore = 'redis'
-  // Also check config
-  const prodConfig =
+  // Also check config — strip comment lines first to avoid false positives
+  const prodConfigRaw =
     provider.readFile('config/environments/production.rb') || ''
+  const prodConfig = prodConfigRaw
+    .split('\n')
+    .filter((l) => !l.trim().startsWith('#'))
+    .join('\n')
   const cacheStoreMatch = prodConfig.match(/config\.cache_store\s*=\s*:(\w+)/)
   if (cacheStoreMatch) cacheStore = cacheStoreMatch[1]
 

package/src/extractors/auth.js

@@ -5,6 +5,15 @@
  */
 
 import { AUTH_PATTERNS } from '../core/patterns.js'
+import { stripRubyComments } from '../utils/ruby-parser.js'
+
+const REDACTED_DEVISE_KEYS = new Set([
+  'secret_key',
+  'pepper',
+  'secret_key_base',
+  'signing_salt',
+  'digest',
+])
 
 // -------------------------------------------------------
 // Helpers for reading native Rails 8 auth details
@@ -269,6 +278,22 @@ function scanForApiAuthPatterns(provider, entries) {
     const c = provider.readFile(entry.path)
     if (c) contents.push(c)
   }
+  // Also scan lib/ files for custom JWT implementations
+  const libEntries = entries.filter(
+    (e) => e.path.startsWith('lib/') && e.path.endsWith('.rb'),
+  )
+  for (const entry of libEntries) {
+    const c = provider.readFile(entry.path)
+    if (c) contents.push(c)
+  }
+  // If no lib entries in the index, try a glob
+  if (libEntries.length === 0) {
+    const libFiles = provider.glob?.('lib/**/*.rb') || []
+    for (const path of libFiles) {
+      const c = provider.readFile(path)
+      if (c) contents.push(c)
+    }
+  }
   const gemfileContent = provider.readFile('Gemfile') || ''
   const allContent = [...contents, gemfileContent].join('\n')
 
@@ -381,13 +406,20 @@ export function extractAuth(
     // Parse Devise initializer config
     const deviseConfig = provider.readFile('config/initializers/devise.rb')
     if (deviseConfig) {
+      const activeConfig = stripRubyComments(deviseConfig)
       const configRe = new RegExp(AUTH_PATTERNS.deviseConfig.source, 'g')
       let m
-      while ((m = configRe.exec(deviseConfig))) {
+      while ((m = configRe.exec(activeConfig))) {
         const key = m[1]
         const val = m[2].trim()
         result.devise.config[key] = val
       }
+      // Redact sensitive keys
+      for (const key of Object.keys(result.devise.config)) {
+        if (REDACTED_DEVISE_KEYS.has(key)) {
+          result.devise.config[key] = '[REDACTED]'
+        }
+      }
     }
 
     // Parse models for devise declarations

package/src/extractors/authorization.js

@@ -575,10 +575,36 @@ export function extractAuthorization(
   // CanCanCan
   if (hasCanCan) {
     if (!result.strategy) result.strategy = 'cancancan'
-    const abilityContent = provider.readFile('app/models/ability.rb')
+    let abilityContent = provider.readFile('app/models/ability.rb')
+    let abilityFile = 'app/models/ability.rb'
+    // Fallback: scan model and authorization files for CanCan::Ability
+    if (!abilityContent || !AUTHORIZATION_PATTERNS.abilityClass.test(abilityContent)) {
+      const abilityEntries = entries.filter(
+        (e) =>
+          (e.category === 'model' ||
+            e.categoryName === 'models' ||
+            e.category === 1 ||
+            e.categoryName === 'authorization' ||
+            e.category === 9) &&
+          e.path.endsWith('.rb'),
+      )
+      for (const entry of abilityEntries) {
+        const c = provider.readFile(entry.path)
+        if (
+          c &&
+          (AUTHORIZATION_PATTERNS.abilityClass.test(c) ||
+            AUTHORIZATION_PATTERNS.includeCanCan.test(c))
+        ) {
+          abilityContent = c
+          abilityFile = entry.path
+          break
+        }
+      }
+    }
     if (
       abilityContent &&
-      AUTHORIZATION_PATTERNS.abilityClass.test(abilityContent)
+      (AUTHORIZATION_PATTERNS.abilityClass.test(abilityContent) ||
+        AUTHORIZATION_PATTERNS.includeCanCan.test(abilityContent))
     ) {
       const abilities = []
       const canRe = new RegExp(AUTHORIZATION_PATTERNS.canDef.source, 'gm')
@@ -591,6 +617,21 @@ export function extractAuthorization(
         abilities.push({ type: 'cannot', definition: m[1].trim() })
       }
       result.abilities = abilities
+
+      // Extract roles from has_role? calls in the ability file
+      const roleRe = /has_role\?\s*\(:?['"]?(\w+)['"]?\)/g
+      const roles = new Set()
+      while ((m = roleRe.exec(abilityContent))) {
+        roles.add(m[1])
+      }
+      if (roles.size > 0) {
+        result.roles = {
+          source: 'ability_class',
+          model: 'User',
+          roles: [...roles],
+          file: abilityFile,
+        }
+      }
     }
   }
 

package/src/extractors/caching.js

@@ -4,6 +4,7 @@
  */
 
 import { CACHING_PATTERNS } from '../core/patterns.js'
+import { stripRubyComments } from '../utils/ruby-parser.js'
 
 /**
  * Extract caching information.
@@ -23,7 +24,8 @@ export function extractCaching(provider, entries) {
   for (const env of ['production', 'development', 'test']) {
     const content = provider.readFile(`config/environments/${env}.rb`)
     if (content) {
-      const storeMatch = content.match(CACHING_PATTERNS.cacheStore)
+      const activeContent = stripRubyComments(content)
+      const storeMatch = activeContent.match(CACHING_PATTERNS.cacheStore)
       if (storeMatch) {
         result.store[env] = storeMatch[1]
       }

package/src/extractors/config.js

@@ -5,6 +5,7 @@
 
 import { CONFIG_PATTERNS } from '../core/patterns.js'
 import { parseYaml } from '../utils/yaml-parser.js'
+import { stripRubyComments } from '../utils/ruby-parser.js'
 
 /**
  * Extract config information.
@@ -61,16 +62,42 @@ export function extractConfig(provider) {
     }
   }
 
+  // Fallback: try config/database.yml.example
+  if (!result.database.adapter) {
+    const dbExample = provider.readFile('config/database.yml.example')
+    if (dbExample) {
+      const parsed = parseYaml(dbExample)
+      const section =
+        parsed.production || parsed.development || parsed.default || {}
+      result.database.adapter = section.adapter || null
+      if (result.database.adapter) result.database.source = 'database.yml.example'
+    }
+  }
+
+  // Fallback: detect adapter from Gemfile when database.yml is absent
+  if (!result.database.adapter) {
+    const gemfile = provider.readFile('Gemfile') || ''
+    if (/gem\s+['"]mysql2['"]/.test(gemfile)) result.database.adapter = 'mysql2'
+    else if (/gem\s+['"]pg['"]/.test(gemfile))
+      result.database.adapter = 'postgresql'
+    else if (/gem\s+['"]sqlite3['"]/.test(gemfile))
+      result.database.adapter = 'sqlite3'
+    else if (/gem\s+['"]trilogy['"]/.test(gemfile))
+      result.database.adapter = 'trilogy'
+    if (result.database.adapter) result.database.source = 'gemfile'
+  }
+
   // config/environments/*.rb
   for (const env of ['production', 'development', 'test']) {
     const content = provider.readFile(`config/environments/${env}.rb`)
     if (!content) continue
 
+    const activeContent = stripRubyComments(content)
     const envConfig = {}
-    const csMatch = content.match(CONFIG_PATTERNS.cacheStore)
+    const csMatch = activeContent.match(CONFIG_PATTERNS.cacheStore)
     if (csMatch) envConfig.cache_store = csMatch[1]
 
-    if (CONFIG_PATTERNS.forceSSL.test(content)) envConfig.force_ssl = true
+    if (CONFIG_PATTERNS.forceSSL.test(activeContent)) envConfig.force_ssl = true
 
     if (Object.keys(envConfig).length > 0) {
       result.environments[env] = envConfig

package/src/extractors/controller.js

@@ -40,12 +40,12 @@ export function extractController(provider, filePath) {
   }
 
   // Filters — tag authorization guards
-  const filters = []
+  const rawFilters = []
   const filterRe = new RegExp(CONTROLLER_PATTERNS.filterType.source, 'gm')
   while ((m = filterRe.exec(content))) {
     const filterMethod = m[2]
     const isAuthzGuard = /^require_\w+!$/.test(filterMethod)
-    filters.push({
+    rawFilters.push({
       type: m[1],
       method: filterMethod,
       ...(isAuthzGuard ? { authorization_guard: true } : {}),
@@ -53,6 +53,60 @@ export function extractController(provider, filePath) {
     })
   }
 
+  // Expand multi-method filters: `before_action :a, :b, :c` → separate entries
+  const filters = []
+  for (const filter of rawFilters) {
+    const opts = filter.options
+    if (!opts) {
+      filters.push(filter)
+      continue
+    }
+
+    // Top-level comma split (ignores commas inside brackets)
+    const parts = []
+    let depth = 0
+    let current = ''
+    for (const ch of opts) {
+      if (ch === '[' || ch === '(' || ch === '{') depth++
+      else if (ch === ']' || ch === ')' || ch === '}') depth--
+      if (ch === ',' && depth === 0) {
+        parts.push(current.trim())
+        current = ''
+      } else {
+        current += ch
+      }
+    }
+    if (current.trim()) parts.push(current.trim())
+
+    const additionalMethods = []
+    const realOptions = []
+
+    for (const part of parts) {
+      if (/^:(\w+!?)$/.test(part)) {
+        // Bare symbol — another method, not a keyword option
+        additionalMethods.push(part.replace(/^:/, ''))
+      } else {
+        // Keyword option like `only: [:show]`, `if: :condition`
+        realOptions.push(part)
+      }
+    }
+
+    filters.push({
+      ...filter,
+      options: realOptions.length > 0 ? realOptions.join(', ') : null,
+    })
+
+    for (const method of additionalMethods) {
+      const isAuthz = /^require_\w+!$/.test(method)
+      filters.push({
+        type: filter.type,
+        method,
+        ...(isAuthz ? { authorization_guard: true } : {}),
+        options: realOptions.length > 0 ? realOptions.join(', ') : null,
+      })
+    }
+  }
+
   // Actions (public methods before private/protected) with line ranges
   const actions = []
   const action_line_ranges = {}

package/src/extractors/model.js

@@ -127,7 +127,7 @@ export function extractModel(provider, filePath, className) {
   }
   while ((m = extendRe.exec(content))) {
     const mod = m[1]
-    if (mod !== 'ActiveSupport::Concern' && mod !== 'FriendlyId') {
+    if (mod !== 'ActiveSupport::Concern') {
       extends_.push(mod)
     }
   }
@@ -175,6 +175,20 @@ export function extractModel(provider, filePath, className) {
   while ((m = validateRe.exec(content))) {
     custom_validators.push(m[1])
   }
+  const vwRe = new RegExp(MODEL_PATTERNS.validatesWithValidator.source, 'gm')
+  while ((m = vwRe.exec(content))) {
+    custom_validators.push(`validates_with:${m[1]}`)
+  }
+  // Old-style validators: validates_presence_of, validates_length_of, etc.
+  const oldStyleRe = /^\s*validates_(\w+?)(?:_of)?\s+:(\w+)(?:,\s*(.+))?$/gm
+  while ((m = oldStyleRe.exec(content))) {
+    const validationType = m[1]
+    const attr = m[2]
+    validations.push({
+      attributes: [attr],
+      rules: `${validationType}: true${m[3] ? ', ' + m[3] : ''}`,
+    })
+  }
 
   // Scopes — names array (backward-compat) + scope_queries dict with bodies
   const scopes = []
@@ -269,11 +283,17 @@ export function extractModel(provider, filePath, className) {
     }
   }
 
-  // Callbacks
+  // Callbacks — strip inline comments before matching; skip block-only callbacks
+  const cbLines = content
+    .split('\n')
+    .map((l) => l.replace(/#[^{].*$/, '').trimEnd())
+    .join('\n')
   const callbacks = []
   const cbRe = new RegExp(MODEL_PATTERNS.callbackType.source, 'gm')
-  while ((m = cbRe.exec(content))) {
-    callbacks.push({ type: m[1], method: m[2], options: m[3] || null })
+  while ((m = cbRe.exec(cbLines))) {
+    const method = m[2]
+    if (method === 'do' || method === '{') continue
+    callbacks.push({ type: m[1], method, options: m[3] || null })
   }
 
   // Delegations
@@ -376,26 +396,28 @@ export function extractModel(provider, filePath, className) {
     ? turboRefreshesMatch[1]
     : null
 
-  // Devise modules
+  // Devise modules — use matchAll to handle multiple devise() calls
   let devise_modules = []
-  const deviseMatch = content.match(MODEL_PATTERNS.devise)
-  if (deviseMatch) {
-    // Devise declaration can span multiple lines
+  const deviseGlobalRe = /^\s*devise\s+(.+)/gm
+  let deviseMatch
+  while ((deviseMatch = deviseGlobalRe.exec(content))) {
     let deviseStr = deviseMatch[1]
-    // Continue capturing if line ends with comma
-    const deviseStartIdx = content.indexOf(deviseMatch[0])
-    const afterMatch = content.slice(deviseStartIdx + deviseMatch[0].length)
-    const continuationLines = afterMatch.split('\n')
-    for (const line of continuationLines) {
-      const trimmed = line.trim()
-      if (trimmed.length === 0) continue
-      if (/^:/.test(trimmed) || /^,/.test(trimmed) || /^\w+.*:/.test(trimmed)) {
-        deviseStr += ' ' + trimmed
-      } else {
-        break
+    // Only continue if line ends with comma (argument list continues)
+    const afterMatch = content.slice(deviseMatch.index + deviseMatch[0].length)
+    if (deviseMatch[0].trimEnd().endsWith(',')) {
+      const continuationLines = afterMatch.split('\n')
+      for (const line of continuationLines) {
+        const trimmed = line.trim()
+        if (trimmed.length === 0) continue
+        if (/^:/.test(trimmed) || /^,\s*:/.test(trimmed)) {
+          deviseStr += ' ' + trimmed
+        } else {
+          break
+        }
       }
     }
-    devise_modules = (deviseStr.match(/:(\w+)/g) || []).map((s) => s.slice(1))
+    const modules = (deviseStr.match(/:(\w+)/g) || []).map((s) => s.slice(1))
+    devise_modules.push(...modules)
   }
 
   // Searchable

package/src/extractors/realtime.js

@@ -4,6 +4,7 @@
  */
 
 import { REALTIME_PATTERNS } from '../core/patterns.js'
+import { parseYaml } from '../utils/yaml-parser.js'
 
 /**
  * Extract realtime information.
@@ -25,15 +26,9 @@ export function extractRealtime(provider, entries, gemInfo = {}) {
   // Cable config
   const cableYml = provider.readFile('config/cable.yml')
   if (cableYml) {
-    const sections = cableYml.split(/\n(?=\w)/)
-    for (const section of sections) {
-      const envMatch = section.match(/^(\w+):/)
-      if (envMatch) {
-        const adapterMatch = section.match(REALTIME_PATTERNS.cableAdapter)
-        if (adapterMatch) {
-          result.adapter[envMatch[1]] = adapterMatch[1]
-        }
-      }
+    const parsed = parseYaml(cableYml)
+    for (const [env, cfg] of Object.entries(parsed || {})) {
+      if (cfg && cfg.adapter) result.adapter[env] = cfg.adapter
     }
   }
 
@@ -71,7 +66,7 @@ export function extractRealtime(provider, entries, gemInfo = {}) {
     const fromRe = new RegExp(REALTIME_PATTERNS.streamFrom.source, 'g')
     let m
     while ((m = fromRe.exec(content))) {
-      channel.streams_from.push(m[1])
+      channel.streams_from.push(m[1] || m[2])
     }
 
     const forRe = new RegExp(REALTIME_PATTERNS.streamFor.source, 'g')

package/src/extractors/routes.js

@@ -19,6 +19,7 @@ export function extractRoutes(provider) {
     concerns: [],
     drawn_files: [],
     nested_relationships: [],
+    devise_routes: [],
   }
 
   const content = provider.readFile('config/routes.rb')
@@ -55,18 +56,35 @@ function parseRouteContent(content, result, provider, namespaceStack) {
       continue
     }
 
-    // Draw (route splitting)
-    const drawMatch = trimmed.match(ROUTE_PATTERNS.draw)
-    if (drawMatch) {
-      const drawFile = drawMatch[1]
+    // Draw (route splitting) — handles both `draw :name` and `draw_routes :name`
+    const drawRawMatch = trimmed.match(
+      /^\s*(?:draw_routes|draw)\s*\(?:?(\w+)\)?/,
+    )
+    if (drawRawMatch) {
+      const drawFile = drawRawMatch[1]
       result.drawn_files.push(drawFile)
-      const drawContent = provider.readFile('config/routes/' + drawFile + '.rb')
+      // Try config/routes/<name>.rb and config/routes/<name>_routes.rb
+      const drawContent =
+        provider.readFile(`config/routes/${drawFile}.rb`) ||
+        provider.readFile(`config/routes/${drawFile}_routes.rb`)
       if (drawContent) {
         parseRouteContent(drawContent, result, provider, [...namespaceStack])
       }
       continue
     }
 
+    // devise_for
+    const deviseForMatch = trimmed.match(
+      /^\s*devise_for\s+:(\w+)(?:,\s*(.+))?/,
+    )
+    if (deviseForMatch) {
+      result.devise_routes.push({
+        model: deviseForMatch[1],
+        options: deviseForMatch[2] || null,
+      })
+      continue
+    }
+
     // Mount
     const mountMatch = trimmed.match(ROUTE_PATTERNS.mount)
     if (mountMatch) {

package/src/extractors/storage.js

@@ -25,25 +25,31 @@ export function extractStorage(provider, entries, gemInfo = {}) {
   // Storage services from config/storage.yml
   const storageYml = provider.readFile('config/storage.yml')
   if (storageYml) {
+    const activeYml = storageYml
+      .split('\n')
+      .filter((l) => !l.trim().startsWith('#'))
+      .join('\n')
     const serviceRe = new RegExp(STORAGE_PATTERNS.storageService.source, 'g')
     let m
-    while ((m = serviceRe.exec(storageYml))) {
+    while ((m = serviceRe.exec(activeYml))) {
       result.services[m[1]] = { service: m[2] }
     }
 
     // Mirror service
-    if (STORAGE_PATTERNS.mirrorService.test(storageYml)) {
+    if (STORAGE_PATTERNS.mirrorService.test(activeYml)) {
       result.services.mirror = { service: 'Mirror' }
     }
 
     // Direct uploads
-    if (STORAGE_PATTERNS.directUpload.test(storageYml)) {
+    if (STORAGE_PATTERNS.directUpload.test(activeYml)) {
       result.direct_uploads = true
     }
   }
 
   // Attachments from model files
-  const modelEntries = entries.filter((e) => e.category === 'model')
+  const modelEntries = entries.filter(
+    (e) => e.category === 'model' || e.category === 1 || e.categoryName === 'models',
+  )
   for (const entry of modelEntries) {
     const content = provider.readFile(entry.path)
     if (!content) continue
@@ -82,6 +88,30 @@ export function extractStorage(provider, entries, gemInfo = {}) {
     }
   }
 
+  // Paperclip attachments
+  if (gems.paperclip) {
+    for (const entry of modelEntries) {
+      const content = provider.readFile(entry.path)
+      if (!content) continue
+      const className = entry.path
+        .split('/')
+        .pop()
+        .replace('.rb', '')
+        .split('_')
+        .map((w) => w.charAt(0).toUpperCase() + w.slice(1))
+        .join('')
+      const pcRe = /^\s*has_attached_file\s+:(\w+)/gm
+      let m
+      while ((m = pcRe.exec(content))) {
+        result.attachments.push({
+          model: className,
+          name: m[1],
+          type: 'has_attached_file',
+        })
+      }
+    }
+  }
+
   // Image processing
   if (gems.image_processing) {
     result.image_processing = {

package/src/extractors/test-conventions.js

@@ -66,9 +66,11 @@ export function extractTestConventions(provider, entries, gemInfo = {}) {
     pattern_reference_files: [],
   }
 
-  // Scan spec files for convention patterns
+  // Scan spec/test files for convention patterns
   const specEntries = entries.filter(
-    (e) => e.categoryName === 'testing' && e.path.endsWith('_spec.rb'),
+    (e) =>
+      e.categoryName === 'testing' &&
+      (e.path.endsWith('_spec.rb') || e.path.endsWith('_test.rb')),
   )
 
   // Count spec files by specCategory
@@ -319,9 +321,13 @@ function findPatternReferences(provider, specEntries) {
     const content = provider.readFile(entry.path)
     if (!content) continue
 
-    const describeCount = (content.match(/^\s*(?:describe|context)\s/gm) || [])
-      .length
-    const exampleCount = (content.match(/^\s*it\s/gm) || []).length
+    // Handle both RSpec and Minitest structural patterns
+    const describeCount = (
+      content.match(/^\s*(?:describe|context|class\s+\w+Test)\s/gm) || []
+    ).length
+    const exampleCount = (
+      content.match(/^\s*(?:it\s|def\s+test_|test\s+['"])/gm) || []
+    ).length
 
     // Skip trivially small files
     if (exampleCount < 3) continue

package/src/extractors/views.js

@@ -11,17 +11,16 @@ import { VIEW_PATTERNS } from '../core/patterns.js'
  * @returns {string}
  */
 function detectEngine(entries) {
-  let erb = 0,
-    haml = 0,
-    slim = 0
+  const counts = { erb: 0, haml: 0, slim: 0 }
   for (const e of entries) {
-    if (e.path.endsWith('.erb')) erb++
-    else if (e.path.endsWith('.haml')) haml++
-    else if (e.path.endsWith('.slim')) slim++
+    if (e.path.endsWith('.erb')) counts.erb++
+    else if (e.path.endsWith('.haml')) counts.haml++
+    else if (e.path.endsWith('.slim')) counts.slim++
   }
-  if (haml > erb && haml > slim) return 'haml'
-  if (slim > erb && slim > haml) return 'slim'
-  return 'erb'
+  const found = Object.entries(counts).filter(([, c]) => c > 0)
+  if (found.length === 0) return 'erb'
+  if (found.length === 1) return found[0][0]
+  return found.map(([engine, count]) => `${engine}(${count})`).join(', ')
 }
 
 /**

package/src/tools/handlers/get-deep-analysis.js

@@ -49,8 +49,19 @@ export function register(server, state) {
         case 'email':
           return respond(extractions.email || {})
 
-        case 'storage':
-          return respond(extractions.storage || {})
+        case 'storage': {
+          const storage = extractions.storage || {}
+          const uploaders = extractions.uploaders || {}
+          return respond({
+            ...storage,
+            carrierwave_uploaders: uploaders.uploaders
+              ? Object.entries(uploaders.uploaders).map(([name, u]) => ({
+                  name,
+                  ...u,
+                }))
+              : [],
+          })
+        }
 
         case 'caching':
           return respond(extractions.caching || {})

package/src/tools/handlers/get-overview.js

@@ -98,26 +98,27 @@ export function register(server, state) {
         .map(([n]) => n)
 
       // Custom pattern counts
+      const dp = tier2.design_patterns || {}
       const customPatterns = {
-        services: tier2.services?.length || tier2.service_objects?.length || 0,
+        services: dp.services || 0,
         concerns: Object.values(models).filter((m) => m.type === 'concern')
           .length,
-        form_objects: tier2.form_objects?.length || 0,
-        presenters: tier2.presenters?.length || 0,
-        policies: tier3.policies?.count || 0,
+        form_objects: dp.forms || 0,
+        presenters: dp.presenters || 0,
+        policies: (index.extractions?.authorization?.policies || []).length || 0,
       }
 
       const overview = {
         rails_version: v.rails || 'unknown',
         ruby_version: v.ruby || 'unknown',
         database: config.database || v.database || 'unknown',
-        asset_pipeline: v.asset_pipeline || 'unknown',
+        asset_pipeline: v.framework?.assetPipeline || v.asset_pipeline || 'unknown',
         frontend_stack: v.frontend || [],
         authentication: authSummary,
         authorization: authzSummary,
         job_adapter: config.queue_adapter || jobs.adapter || 'unknown',
         cache_store: caching.store || 'unknown',
-        test_framework: v.test_framework || 'unknown',
+        test_framework: v.framework?.testFramework || v.test_framework || 'unknown',
         key_models: keyModels,
         key_controllers: keyControllers,
         custom_patterns: customPatterns,

package/src/tools/handlers/get-subgraph.js

@@ -1,6 +1,87 @@
 import { z } from 'zod'
 import { noIndex, respond } from './helpers.js'
 
+/**
+ * Collect seed entity names for a given skill from the index extractions.
+ * @param {string} skill
+ * @param {object} index
+ * @returns {Set<string>}
+ */
+function getSkillSeeds(skill, index) {
+  const extractions = index.extractions || {}
+  const seeds = new Set()
+
+  switch (skill) {
+    case 'authentication': {
+      // Models with Devise, has_secure_password, or Session/Current naming
+      for (const [name, model] of Object.entries(extractions.models || {})) {
+        if (
+          model.has_secure_password ||
+          (model.devise_modules && model.devise_modules.length > 0) ||
+          /^(User|Session|Current|Account|Identity)$/.test(name)
+        ) {
+          seeds.add(name)
+        }
+      }
+      // Controllers related to auth
+      for (const [name] of Object.entries(extractions.controllers || {})) {
+        if (
+          /session|registration|password|confirmation|login|signup|auth/i.test(
+            name,
+          )
+        ) {
+          seeds.add(name)
+        }
+      }
+      break
+    }
+    case 'database': {
+      // All non-concern, non-abstract AR models
+      for (const [name, model] of Object.entries(extractions.models || {})) {
+        if (model.type !== 'concern' && !model.abstract) seeds.add(name)
+      }
+      break
+    }
+    case 'frontend': {
+      for (const sc of extractions.stimulus_controllers || []) {
+        seeds.add(sc.identifier || sc.class)
+      }
+      for (const [name] of Object.entries(extractions.components || {})) {
+        seeds.add(name)
+      }
+      for (const [name] of Object.entries(extractions.controllers || {})) {
+        if (/pages|home|static|landing/i.test(name)) seeds.add(name)
+      }
+      break
+    }
+    case 'api': {
+      for (const [name, ctrl] of Object.entries(extractions.controllers || {})) {
+        if (/api|v\d+|json/i.test(name) || ctrl.api_only) seeds.add(name)
+      }
+      break
+    }
+    case 'jobs': {
+      for (const [name] of Object.entries(extractions.workers || {})) {
+        seeds.add(name)
+      }
+      for (const job of extractions.jobs?.jobs || []) {
+        seeds.add(job.class || job.name)
+      }
+      break
+    }
+    case 'email': {
+      for (const [name] of Object.entries(extractions.mailers || {})) {
+        seeds.add(name)
+      }
+      break
+    }
+    default:
+      break
+  }
+
+  return seeds
+}
+
 /**
  * Register the get_subgraph tool.
  * @param {import('@modelcontextprotocol/sdk/server/mcp.js').McpServer} server
@@ -20,47 +101,31 @@ export function register(server, state) {
     async ({ skill }) => {
       if (!state.index) return noIndex()
 
-      const skillDomains = {
-        authentication: [
-          'auth',
-          'devise',
-          'session',
-          'current',
-          'password',
-          'registration',
-          'confirmation',
-        ],
-        database: ['model', 'schema', 'migration', 'concern'],
-        frontend: ['component', 'stimulus', 'view', 'turbo', 'hotwire'],
-        api: ['api', 'serializer', 'blueprint', 'graphql'],
-        jobs: ['job', 'worker', 'sidekiq', 'queue'],
-        email: ['mailer', 'mail', 'mailbox'],
-      }
+      const KNOWN_SKILLS = [
+        'authentication',
+        'database',
+        'frontend',
+        'api',
+        'jobs',
+        'email',
+      ]
 
-      const domains = skillDomains[skill]
-      if (!domains) {
+      if (!KNOWN_SKILLS.includes(skill)) {
         return respond({
           error: `Unknown skill '${skill}'`,
-          available: Object.keys(skillDomains),
+          available: KNOWN_SKILLS,
         })
       }
 
+      const seeds = getSkillSeeds(skill, state.index)
       const allRels = state.index.relationships || []
       const rankings = state.index.rankings || {}
-      const relevantEntities = new Set()
+
+      // BFS one hop from seeds using relationships
+      const relevantEntities = new Set(seeds)
       for (const rel of allRels) {
-        const fromMatch = domains.some((d) =>
-          rel.from.toLowerCase().includes(d),
-        )
-        const toMatch = domains.some((d) => rel.to.toLowerCase().includes(d))
-        if (fromMatch || toMatch) {
-          relevantEntities.add(rel.from)
-          relevantEntities.add(rel.to)
-        }
-      }
-      for (const key of Object.keys(rankings)) {
-        if (domains.some((d) => key.toLowerCase().includes(d)))
-          relevantEntities.add(key)
+        if (seeds.has(rel.from)) relevantEntities.add(rel.to)
+        if (seeds.has(rel.to)) relevantEntities.add(rel.from)
       }
 
       const subgraphRels = allRels.filter(

package/src/tools/handlers/index-project.js

@@ -24,6 +24,7 @@ export function register(server, state) {
         })
       }
       const start = Date.now()
+      state.index = null
       state.index = await buildIndex(state.provider, { verbose: state.verbose })
       const duration_ms = Date.now() - start
       return respond({

package/src/tools/handlers/search-patterns.js

@@ -87,7 +87,11 @@ export function register(server, state) {
         const filters = ctrl.filters || []
         for (const f of filters) {
           const filterStr = typeof f === 'string' ? f : f.name || f.method || ''
-          if (filterStr.toLowerCase().includes(lowerPattern))
+          const filterType = typeof f === 'string' ? '' : f.type || ''
+          if (
+            filterStr.toLowerCase().includes(lowerPattern) ||
+            filterType.toLowerCase().includes(lowerPattern)
+          )
             matches.push({ type: 'filter', detail: f })
         }
         if (matches.length > 0)

package/src/utils/ruby-parser.js

@@ -88,6 +88,19 @@ export function extractIncludesExtends(content) {
   return { includes, extends: extends_ }
 }
 
+/**
+ * Strip Ruby single-line comments from source content.
+ * Preserves string literals containing # characters.
+ * @param {string} content - Ruby file content
+ * @returns {string} Content with comment lines removed
+ */
+export function stripRubyComments(content) {
+  return content
+    .split('\n')
+    .filter((line) => !line.trim().startsWith('#'))
+    .join('\n')
+}
+
 /**
  * Extract the visibility sections (public/private/protected) from Ruby source.
  * Returns methods grouped by visibility.

package/src/utils/spec-style-detector.js

@@ -6,7 +6,7 @@
  */
 
 /**
- * Detect spec style (request vs controller specs).
+ * Detect spec style (request vs controller specs), with Minitest fallback.
  * @param {Array<{path: string}>} entries
  * @returns {{primary: string, request_count: number, controller_count: number, has_mixed: boolean}}
  */
@@ -17,6 +17,19 @@ export function detectSpecStyle(entries) {
   const controllerCount = entries.filter((e) =>
     e.path.startsWith('spec/controllers/'),
   ).length
+  const hasAnySpec = entries.some((e) => e.path.startsWith('spec/'))
+  const hasMinitestDir = entries.some((e) => e.path.startsWith('test/'))
+
+  // Minitest fallback: test/ dir present but no spec/ dir
+  if (!hasAnySpec && hasMinitestDir) {
+    return {
+      primary: 'minitest',
+      request_count: 0,
+      controller_count: 0,
+      has_mixed: false,
+    }
+  }
+
   return {
     primary: requestCount >= controllerCount ? 'request' : 'controller',
     request_count: requestCount,