Lint: Extend no-direct-filesystem-access-in-model (C9017) to ban pathlib imports

Co-authored-by: David Foster <david@dafoster.net>

Author: Copilot

src/crystal/filesystem/__init__.py

@@ -309,6 +309,9 @@ def copystat(self, src: str, dst: str) -> None:
         * OSError
         """
         shutil.copystat(src, dst)
+    
+    def as_uri(self, path: str) -> str:
+        return pathlib.Path(path).as_uri()
 
 
 class S3Filesystem(_AbstractFilesystem):

src/crystal/lint/rules.py

@@ -491,6 +491,11 @@ def visit_import(self, node: nodes.Import) -> None:
         for (module_name, _) in node.names:
             if module_name == 'pytest' and self._is_in_e2e_tests_layer(node):
                 self.add_message('no-pytest-in-e2e-tests', node=node)
+        
+        # import pathlib (in model layer)
+        for (module_name, _) in node.names:
+            if module_name == 'pathlib' and self._is_in_model_layer(node):
+                self.add_message('no-direct-filesystem-access-in-model', node=node)
 
     _BANNED_FILESYSTEM_IMPORTS = frozenset({
         'flush_renames_in_directory',
@@ -517,6 +522,10 @@ def visit_importfrom(self, node: nodes.ImportFrom) -> None:
                 if name in self._BANNED_FILESYSTEM_IMPORTS:
                     self.add_message('no-direct-filesystem-access-in-model', node=node)
                     break
+
+        # from pathlib import ... (in model layer)
+        if self._is_in_model_layer(node) and node.modname == 'pathlib':
+            self.add_message('no-direct-filesystem-access-in-model', node=node)
 
     # === Visit Attribute (wx constants + banned os attr reads) ===
 

src/crystal/model/project.py

@@ -52,7 +52,6 @@
 import json
 import math
 import os
-import pathlib
 import re
 from send2trash import TrashPermissionError
 import shutil
@@ -786,9 +785,9 @@ def _apply_migrations(self,
                     # HACK: Must also set icon location as a brittle absolute path
                     #       because Desktop Items doesn't understand the
                     #       'metadata::custom-icon-name' GIO attribute.
-                    crystalproj_png_icon_url = pathlib.Path(
+                    crystalproj_png_icon_url = lfs.as_uri(
                         resources_.get_filepath('docicon.png')
-                    ).as_uri()
+                    )
                     try:
                         gio.set(self.path, 'metadata::custom-icon', crystalproj_png_icon_url)
                     except gio.GioNotAvailable:

tests/test_lint_rules.py

@@ -755,6 +755,44 @@ def test_other_method_is_allowed(self) -> None:
         _assert_no_message_emitted(code, 'no-direct-database-rollback')
 
 
+# === C9017: no-direct-filesystem-access-in-model ===
+
+class TestNoDirectFilesystemAccessInModelInMemory:
+    """In-memory tests for the no-direct-filesystem-access-in-model rule (C9017)."""
+
+    def test_import_pathlib_in_model_is_flagged(self) -> None:
+        code = dedent(
+            '''\
+            import pathlib
+            '''
+        )
+        _assert_message_emitted_in_model(code, 'no-direct-filesystem-access-in-model')
+
+    def test_from_pathlib_import_in_model_is_flagged(self) -> None:
+        code = dedent(
+            '''\
+            from pathlib import Path
+            '''
+        )
+        _assert_message_emitted_in_model(code, 'no-direct-filesystem-access-in-model')
+
+    def test_import_pathlib_outside_model_is_allowed(self) -> None:
+        code = dedent(
+            '''\
+            import pathlib
+            '''
+        )
+        _assert_no_message_emitted(code, 'no-direct-filesystem-access-in-model')
+
+    def test_from_pathlib_import_outside_model_is_allowed(self) -> None:
+        code = dedent(
+            '''\
+            from pathlib import Path
+            '''
+        )
+        _assert_no_message_emitted(code, 'no-direct-filesystem-access-in-model')
+
+
 # === Utilities ===
 
 # Counter for generating unique fake filenames
@@ -774,6 +812,20 @@ def _assert_message_emitted(code: str, message_id: str) -> None:
     )
 
 
+def _assert_message_emitted_in_model(code: str, message_id: str) -> None:
+    """
+    Assert that checker emits the specified message given the specified code,
+    simulating a file in the model layer (crystal/model/).
+    
+    message_id should be the symbolic name (e.g. 'no-direct-filesystem-access-in-model').
+    """
+    messages = _run_checker_on_code_in_model(code)
+    message_ids = [msg.msg_id for msg in messages]
+    assert message_id in message_ids, (
+        f'Expected message {message_id} not found. Got: {message_ids}'
+    )
+
+
 def _assert_no_message_emitted(code: str, message_id: str) -> None:
     """
     Assert that checker does not emit the specified message given the specified code.
@@ -815,6 +867,26 @@ def _run_checker_on_code(code: str) -> list[pylint.testutils.MessageTest]:
         return test_case.linter.release_messages()
 
 
+def _run_checker_on_code_in_model(code: str) -> list[pylint.testutils.MessageTest]:
+    """
+    Run a pylint checker on code, simulating a file in the model layer (crystal/model/).
+    """
+    fake_filename = f'/src/crystal/model/test_file_{next(_fake_filename_counter)}.py'
+    
+    code_lines = tuple(code.splitlines(keepends=True))
+    with mock.patch('crystal.lint.rules._read_source_lines', return_value=code_lines):
+        test_case = _InMemoryCheckerTestCase()
+        test_case.CHECKER_CLASS = CrystalLintRules
+        test_case.setup_method()
+        
+        module = astroid.parse(code, module_name=fake_filename)
+        module.file = fake_filename
+        
+        test_case.walk(module)
+        
+        return test_case.linter.release_messages()
+
+
 class _InMemoryCheckerTestCase(pylint.testutils.CheckerTestCase):
     """
     Base class for in-memory pylint checker tests.