Validate and update links (STF-557)

.github/workflows/links.yml

@@ -0,0 +1,32 @@
+name: Links
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: "0 13 * * 1" # weekly, to catch external link rot without a commit
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup mise
+        uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
+        with:
+          install: false
+
+      # Install only lychee (not the repo's full toolchain) and run the check.
+      - name: Check links
+        env:
+          MISE_AUTO_INSTALL: "false"
+        run: |
+          mise install lychee
+          mise run check-links

.github/workflows/release.yml

@@ -35,4 +35,4 @@ jobs:
 
       # zizmor complains that 'v1' is a ref that can be provided by both the branch and tag namespaces.
       # specify that we want the v1 branch.
-      - uses: rubygems/release-gem@6317d8d1f7e28c24d28f6eff169ea854948bd9f7 # 1.2.0
+      - uses: rubygems/release-gem@6317d8d1f7e28c24d28f6eff169ea854948bd9f7 # v1.2.0

.gitignore

@@ -7,3 +7,4 @@ pkg
 *~
 .DS_Store
 .claude
+.lycheecache

CLAUDE.md

@@ -438,6 +438,6 @@ Report Transaction API:
 ## Additional Resources
 
 - [API Documentation](https://www.rubydoc.info/gems/minfraud)
-- [minFraud Web Services Docs](https://dev.maxmind.com/minfraud)
-- [Report Transaction API Docs](https://dev.maxmind.com/minfraud/report-a-transaction)
+- [minFraud Web Services Docs](https://dev.maxmind.com/minfraud/)
+- [Report Transaction API Docs](https://dev.maxmind.com/minfraud/report-a-transaction/)
 - GitHub Issues: https://github.com/maxmind/minfraud-api-ruby/issues

CODE_OF_CONDUCT.md

@@ -43,7 +43,7 @@ incident.
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 1.3.0, available at
-[https://contributor-covenant.org/version/1/3/0/][version]
+[https://www.contributor-covenant.org/version/1/3/0/][version]
 
-[homepage]: https://contributor-covenant.org
-[version]: https://contributor-covenant.org/version/1/3/0/
+[homepage]: https://www.contributor-covenant.org/
+[version]: https://www.contributor-covenant.org/version/1/3/0/

README.md

@@ -3,9 +3,9 @@
 ## Description
 
 This package provides an API for the [MaxMind minFraud web
-services](https://dev.maxmind.com/minfraud?lang=en). This includes minFraud Score,
+services](https://dev.maxmind.com/minfraud/?lang=en). This includes minFraud Score,
 Insights, and Factors. It also includes our [minFraud Report Transaction
-API](https://dev.maxmind.com/minfraud/report-a-transaction?lang=en).
+API](https://dev.maxmind.com/minfraud/report-a-transaction/?lang=en).
 
 The legacy minFraud Standard and Premium services are not supported by this
 API.
@@ -276,7 +276,7 @@ Please report all issues with this code using the
 
 If you are having an issue with the minFraud service that is not specific
 to the client API, please see
-[our support page](https://www.maxmind.com/en/support).
+[our support page](https://support.maxmind.com/knowledge-base).
 
 ## Requirements
 
@@ -288,7 +288,7 @@ Bug reports and pull requests are welcome on
 [GitHub](https://github.com/maxmind/minfraud-api-ruby). This project is
 intended to be a safe, welcoming space for collaboration, and contributors
 are expected to adhere to the [Contributor
-Covenant](https://contributor-covenant.org) code of conduct.
+Covenant](https://www.contributor-covenant.org/) code of conduct.
 
 ## Versioning
 
@@ -301,7 +301,7 @@ Copyright (c) 2016-2020 kushnir.yb.
 Copyright (c) 2020-2026 MaxMind, Inc.
 
 The gem is available as open source under the terms of the [MIT
-License](https://opensource.org/licenses/MIT).
+License](https://opensource.org/license/MIT).
 
 ## Thank You
 

lib/minfraud/assessments.rb

@@ -4,7 +4,7 @@ module Minfraud
   # Assessments is used to perform minFraud Score, Insights, and Factors
   # requests.
   #
-  # @see https://dev.maxmind.com/minfraud?lang=en
+  # @see https://dev.maxmind.com/minfraud/?lang=en
   class Assessments
     include ::Minfraud::Resolver
 

lib/minfraud/components/account.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Account corresponds to the account object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--account
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--account
     class Account < Base
       include Minfraud::Validates
 

lib/minfraud/components/billing.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Billing corresponds to the billing object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--billing
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--billing
     class Billing < Addressable; end
   end
 end

lib/minfraud/components/credit_card.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # CreditCard corresponds to the credit_card object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--credit-card
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--credit-card
     class CreditCard < Base
       include Minfraud::Validates
 
@@ -17,7 +17,7 @@ class CreditCard < Base
       # The last two or four digits of the credit card number. In most cases,
       # you should send the last four digits for +last_digits+.
       #
-      # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--credit-card__last_digits
+      # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--credit-card__last_digits
       #
       # @return [String, nil]
       attr_accessor :last_digits

lib/minfraud/components/custom_inputs.rb

@@ -5,7 +5,7 @@ module Components
     # CustomInputs corresponds to the custom_inputs object of a minFraud
     # request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--custom-inputs
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--custom-inputs
     class CustomInputs < Base
       include Minfraud::Validates
 

lib/minfraud/components/device.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Device corresponds to the device object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--device
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--device
     class Device < Base
       include Minfraud::Validates
 

lib/minfraud/components/event.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Event corresponds to the event object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--event
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--event
     class Event < Base
       include ::Minfraud::Enum
       include Minfraud::Validates
@@ -41,7 +41,7 @@ class Event < Base
       # be within the past year. If this field is not in the request, the
       # current time will be used.
       #
-      # @see https://tools.ietf.org/html/rfc3339
+      # @see https://datatracker.ietf.org/doc/html/rfc3339
       #
       # @return [String, nil]
       attr_accessor :time

lib/minfraud/components/order.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Order corresponds to the order object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--order
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--order
     class Order < Base
       include Minfraud::Validates
 

lib/minfraud/components/payment.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Payment corresponds to the payment object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--payment
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--payment
     class Payment < Base
       include ::Minfraud::Enum
       include Minfraud::Validates

lib/minfraud/components/report/transaction.rb

@@ -6,7 +6,7 @@ module Components
     module Report
       # Contains the fields used in the Report Transaction API.
       #
-      # @see https://dev.maxmind.com/minfraud/report-a-transaction?lang=en
+      # @see https://dev.maxmind.com/minfraud/report-a-transaction/?lang=en
       class Transaction < Base
         include ::Minfraud::Enum
         include ::Minfraud::Validates

lib/minfraud/components/shipping.rb

@@ -4,7 +4,7 @@ module Minfraud
   module Components
     # Shipping corresponds to the shipping object of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--shipping
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--shipping
     class Shipping < Addressable
       include ::Minfraud::Enum
 

lib/minfraud/components/shopping_cart.rb

@@ -5,7 +5,7 @@ module Components
     # ShoppingCart corresponds to the shopping_cart object of a minFraud
     # request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--shopping-cart
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--shopping-cart
     class ShoppingCart < Base
       # An array of Minfraud::Components::ShoppingCartItem instances.
       #

lib/minfraud/components/shopping_cart_item.rb

@@ -5,7 +5,7 @@ module Components
     # ShoppingCartItem corresponds to objects in the shopping_cart object
     # of a minFraud request.
     #
-    # @see https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en#schema--request--shopping-cart
+    # @see https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en#schema--request--shopping-cart
     class ShoppingCartItem < Base
       include Minfraud::Validates
 

lib/minfraud/model/device.rb

@@ -8,7 +8,7 @@ module Model
     #
     # In order to receive device output from minFraud Insights or minFraud
     # Factors, you must be using the Device Tracking Add-on
-    # (https://dev.maxmind.com/minfraud/track-devices?lang=en).
+    # (https://dev.maxmind.com/minfraud/track-devices/?lang=en).
     class Device < Abstract
       # This number represents our confidence that the device_id refers to a
       # unique device as opposed to a cluster of similar devices. A confidence

lib/minfraud/model/reason.rb

@@ -8,7 +8,7 @@ module Model
     #
     # This class provides both a machine-readable code and a human-readable
     # explanation of the reason for the risk score, see
-    # https://dev.maxmind.com/minfraud/api-documentation/responses/schema--response--risk-score-reason--multiplier-reason.
+    # https://dev.maxmind.com/minfraud/api-documentation/responses/#schema--response--risk-score-reason--multiplier-reason.
     # Although more codes may be added in the future, the current codes are:
     #
     # * BROWSER_LANGUAGE - Riskiness of the browser user-agent and

lib/minfraud/report.rb

@@ -3,7 +3,7 @@
 module Minfraud
   # Report is used to perform minFraud Report Transaction API requests.
   #
-  # @see https://dev.maxmind.com/minfraud/report-a-transaction?lang=en
+  # @see https://dev.maxmind.com/minfraud/report-a-transaction/?lang=en
   class Report
     # The Report::Transaction component.
     #

lychee.toml

@@ -0,0 +1,66 @@
+# Lychee link checker configuration
+# https://lychee.cli.rs/#/usage/config
+#
+# Run locally with:
+#   lychee './**/*.md' './lib/**/*.rb' './*.gemspec'
+
+# Include URL fragments in checks
+include_fragments = true
+
+# Don't allow any redirects, so links that have moved are surfaced and can be
+# updated to their canonical destination.
+max_redirects = 0
+
+# Accept these HTTP status codes
+# 100-103: Informational responses
+# 200-299: Success responses
+# 403: Forbidden (some sites use this for rate limiting)
+# 429: Too Many Requests
+# 500-599: Server errors (temporary issues shouldn't fail CI)
+# 999: LinkedIn's custom status code
+accept = ["100..=103", "200..=299", "403", "429", "500..=599", "999"]
+
+# Exclude URL patterns from checking (treated as regular expressions)
+exclude = [
+    # GitHub blob URLs with line-number fragments (not parseable as page anchors)
+    '^https://github\.com/[^/]+/[^/]+/blob/[0-9a-fA-F]+/.+#L\d+$',
+    # dev.maxmind.com API docs render their schema anchors client-side, so the
+    # fragment is absent from the static HTML lychee fetches. The page itself is
+    # a 200; only the fragment check is a false negative. This is the canonical
+    # URL used across all minFraud client libraries.
+    '^https://dev\.maxmind\.com/minfraud/api-documentation/responses/#schema--response--risk-score-reason--multiplier-reason$',
+    # Live / auth-gated MaxMind endpoints: appear as code string literals or
+    # require login, so they can't be verified by an anonymous request.
+    '^https://geoip\.maxmind\.com',
+    '^https://geolite\.info',
+    '^https://minfraud\.maxmind\.com',
+    '^https://sandbox\.maxmind\.com',
+    '^https://updates\.maxmind\.com',
+    '^https://www\.maxmind\.com/en/accounts/',
+    '^https://www\.maxmind\.com/en/account/login',
+    # Local / placeholder URLs (e.g. the proxy example in docstrings)
+    '^file://',
+    '^https?://example\.(com|org|net)',
+    '^http://localhost',
+    '127\.0\.0\.1',
+]
+
+# Exclude file paths from getting checked (regular expressions, matched against
+# the path relative to the working directory). Patterns are segment-anchored
+# with (^|/) so short names like "build" don't match unintended paths.
+exclude_path = [
+    '(^|/)vendor/',
+    '(^|/)pkg/',
+    '(^|/)doc/',
+    '(^|/)\.yardoc/',
+    '(^|/)coverage/',
+    # Changelog: historical entries are preserved as-is, not rewritten
+    '(^|/)CHANGELOG\.md$',
+]
+
+# Cache results for 1 day to speed up repeated checks
+cache = true
+max_cache_age = "1d"
+
+# Skip missing input files instead of erroring
+skip_missing = true

mise.toml

@@ -8,10 +8,15 @@ disable_backends = [
 
 [tools]
 ruby = "latest"
+lychee = "latest"
 
 [hooks]
 enter = "mise install --quiet --locked"
 
 [[watch_files]]
 patterns = ["mise.toml", "mise.lock"]
 run = "mise install --quiet --locked"
+
+[tasks.check-links]
+description = "Check links with lychee"
+run = "lychee --no-progress './**/*.md' './lib/**/*.rb' './*.gemspec'"