2026-01-28 19:26:57 +00:00
|
|
|
package php
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
"encoding/json"
|
2026-02-05 18:14:59 +00:00
|
|
|
goio "io"
|
2026-01-28 19:26:57 +00:00
|
|
|
"os"
|
|
|
|
|
"os/exec"
|
|
|
|
|
"path/filepath"
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
"strings"
|
2026-01-31 11:39:19 +00:00
|
|
|
|
|
|
|
|
"github.com/host-uk/core/pkg/cli"
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
"github.com/host-uk/core/pkg/i18n"
|
2026-01-28 19:26:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// FormatOptions configures PHP code formatting.
|
|
|
|
|
type FormatOptions struct {
|
|
|
|
|
// Dir is the project directory (defaults to current working directory).
|
|
|
|
|
Dir string
|
|
|
|
|
|
|
|
|
|
// Fix automatically fixes formatting issues.
|
|
|
|
|
Fix bool
|
|
|
|
|
|
|
|
|
|
// Diff shows a diff of changes instead of modifying files.
|
|
|
|
|
Diff bool
|
|
|
|
|
|
2026-02-01 06:32:35 +00:00
|
|
|
// JSON outputs results in JSON format.
|
|
|
|
|
JSON bool
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Paths limits formatting to specific paths.
|
|
|
|
|
Paths []string
|
|
|
|
|
|
|
|
|
|
// Output is the writer for output (defaults to os.Stdout).
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AnalyseOptions configures PHP static analysis.
|
|
|
|
|
type AnalyseOptions struct {
|
|
|
|
|
// Dir is the project directory (defaults to current working directory).
|
|
|
|
|
Dir string
|
|
|
|
|
|
|
|
|
|
// Level is the PHPStan analysis level (0-9).
|
|
|
|
|
Level int
|
|
|
|
|
|
|
|
|
|
// Paths limits analysis to specific paths.
|
|
|
|
|
Paths []string
|
|
|
|
|
|
|
|
|
|
// Memory is the memory limit for analysis (e.g., "2G").
|
|
|
|
|
Memory string
|
|
|
|
|
|
2026-02-01 06:32:35 +00:00
|
|
|
// JSON outputs results in JSON format.
|
|
|
|
|
JSON bool
|
|
|
|
|
|
|
|
|
|
// SARIF outputs results in SARIF format for GitHub Security tab.
|
|
|
|
|
SARIF bool
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Output is the writer for output (defaults to os.Stdout).
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// FormatterType represents the detected formatter.
|
|
|
|
|
type FormatterType string
|
|
|
|
|
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// Formatter type constants.
|
2026-01-28 19:26:57 +00:00
|
|
|
const (
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// FormatterPint indicates Laravel Pint code formatter.
|
2026-01-28 19:26:57 +00:00
|
|
|
FormatterPint FormatterType = "pint"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// AnalyserType represents the detected static analyser.
|
|
|
|
|
type AnalyserType string
|
|
|
|
|
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// Static analyser type constants.
|
2026-01-28 19:26:57 +00:00
|
|
|
const (
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// AnalyserPHPStan indicates standard PHPStan analyser.
|
|
|
|
|
AnalyserPHPStan AnalyserType = "phpstan"
|
|
|
|
|
// AnalyserLarastan indicates Laravel-specific Larastan analyser.
|
2026-01-31 11:39:19 +00:00
|
|
|
AnalyserLarastan AnalyserType = "larastan"
|
2026-01-28 19:26:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// DetectFormatter detects which formatter is available in the project.
|
|
|
|
|
func DetectFormatter(dir string) (FormatterType, bool) {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Check for Pint config
|
|
|
|
|
pintConfig := filepath.Join(dir, "pint.json")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(pintConfig) {
|
2026-01-28 19:26:57 +00:00
|
|
|
return FormatterPint, true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for vendor binary
|
|
|
|
|
pintBin := filepath.Join(dir, "vendor", "bin", "pint")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(pintBin) {
|
2026-01-28 19:26:57 +00:00
|
|
|
return FormatterPint, true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "", false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DetectAnalyser detects which static analyser is available in the project.
|
|
|
|
|
func DetectAnalyser(dir string) (AnalyserType, bool) {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Check for PHPStan config
|
|
|
|
|
phpstanConfig := filepath.Join(dir, "phpstan.neon")
|
|
|
|
|
phpstanDistConfig := filepath.Join(dir, "phpstan.neon.dist")
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
hasConfig := m.Exists(phpstanConfig) || m.Exists(phpstanDistConfig)
|
2026-01-28 19:26:57 +00:00
|
|
|
|
|
|
|
|
// Check for vendor binary
|
|
|
|
|
phpstanBin := filepath.Join(dir, "vendor", "bin", "phpstan")
|
2026-02-05 18:14:59 +00:00
|
|
|
hasBin := m.Exists(phpstanBin)
|
2026-01-28 19:26:57 +00:00
|
|
|
|
|
|
|
|
if hasConfig || hasBin {
|
|
|
|
|
// Check if it's Larastan (Laravel-specific PHPStan)
|
|
|
|
|
larastanPath := filepath.Join(dir, "vendor", "larastan", "larastan")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(larastanPath) {
|
2026-01-28 19:26:57 +00:00
|
|
|
return AnalyserLarastan, true
|
|
|
|
|
}
|
|
|
|
|
// Also check nunomaduro/larastan
|
|
|
|
|
larastanPath2 := filepath.Join(dir, "vendor", "nunomaduro", "larastan")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(larastanPath2) {
|
2026-01-28 19:26:57 +00:00
|
|
|
return AnalyserLarastan, true
|
|
|
|
|
}
|
|
|
|
|
return AnalyserPHPStan, true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "", false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Format runs Laravel Pint to format PHP code.
|
|
|
|
|
func Format(ctx context.Context, opts FormatOptions) error {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.WrapVerb(err, "get", "working directory")
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Output == nil {
|
|
|
|
|
opts.Output = os.Stdout
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if formatter is available
|
|
|
|
|
formatter, found := DetectFormatter(opts.Dir)
|
|
|
|
|
if !found {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.Err("no formatter found (install Laravel Pint: composer require laravel/pint --dev)")
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var cmdName string
|
|
|
|
|
var args []string
|
|
|
|
|
|
|
|
|
|
switch formatter {
|
|
|
|
|
case FormatterPint:
|
|
|
|
|
cmdName, args = buildPintCommand(opts)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd := exec.CommandContext(ctx, cmdName, args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
cmd.Stdout = opts.Output
|
|
|
|
|
cmd.Stderr = opts.Output
|
|
|
|
|
|
|
|
|
|
return cmd.Run()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Analyse runs PHPStan or Larastan for static analysis.
|
|
|
|
|
func Analyse(ctx context.Context, opts AnalyseOptions) error {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.WrapVerb(err, "get", "working directory")
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Output == nil {
|
|
|
|
|
opts.Output = os.Stdout
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if analyser is available
|
|
|
|
|
analyser, found := DetectAnalyser(opts.Dir)
|
|
|
|
|
if !found {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.Err("no static analyser found (install PHPStan: composer require phpstan/phpstan --dev)")
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var cmdName string
|
|
|
|
|
var args []string
|
|
|
|
|
|
|
|
|
|
switch analyser {
|
|
|
|
|
case AnalyserPHPStan, AnalyserLarastan:
|
|
|
|
|
cmdName, args = buildPHPStanCommand(opts)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd := exec.CommandContext(ctx, cmdName, args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
cmd.Stdout = opts.Output
|
|
|
|
|
cmd.Stderr = opts.Output
|
|
|
|
|
|
|
|
|
|
return cmd.Run()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// buildPintCommand builds the command for running Laravel Pint.
|
|
|
|
|
func buildPintCommand(opts FormatOptions) (string, []string) {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Check for vendor binary first
|
|
|
|
|
vendorBin := filepath.Join(opts.Dir, "vendor", "bin", "pint")
|
|
|
|
|
cmdName := "pint"
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(vendorBin) {
|
2026-01-28 19:26:57 +00:00
|
|
|
cmdName = vendorBin
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var args []string
|
|
|
|
|
|
|
|
|
|
if !opts.Fix {
|
|
|
|
|
args = append(args, "--test")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Diff {
|
|
|
|
|
args = append(args, "--diff")
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-01 06:32:35 +00:00
|
|
|
if opts.JSON {
|
|
|
|
|
args = append(args, "--format=json")
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Add specific paths if provided
|
|
|
|
|
args = append(args, opts.Paths...)
|
|
|
|
|
|
|
|
|
|
return cmdName, args
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// buildPHPStanCommand builds the command for running PHPStan.
|
|
|
|
|
func buildPHPStanCommand(opts AnalyseOptions) (string, []string) {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Check for vendor binary first
|
|
|
|
|
vendorBin := filepath.Join(opts.Dir, "vendor", "bin", "phpstan")
|
|
|
|
|
cmdName := "phpstan"
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(vendorBin) {
|
2026-01-28 19:26:57 +00:00
|
|
|
cmdName = vendorBin
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
args := []string{"analyse"}
|
|
|
|
|
|
|
|
|
|
if opts.Level > 0 {
|
2026-01-31 11:39:19 +00:00
|
|
|
args = append(args, "--level", cli.Sprintf("%d", opts.Level))
|
2026-01-28 19:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Memory != "" {
|
|
|
|
|
args = append(args, "--memory-limit", opts.Memory)
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-01 06:32:35 +00:00
|
|
|
// Output format - SARIF takes precedence over JSON
|
|
|
|
|
if opts.SARIF {
|
|
|
|
|
args = append(args, "--error-format=sarif")
|
|
|
|
|
} else if opts.JSON {
|
|
|
|
|
args = append(args, "--error-format=json")
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-28 19:26:57 +00:00
|
|
|
// Add specific paths if provided
|
|
|
|
|
args = append(args, opts.Paths...)
|
|
|
|
|
|
|
|
|
|
return cmdName, args
|
|
|
|
|
}
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
|
|
|
|
|
// =============================================================================
|
|
|
|
|
// Psalm Static Analysis
|
|
|
|
|
// =============================================================================
|
|
|
|
|
|
|
|
|
|
// PsalmOptions configures Psalm static analysis.
|
|
|
|
|
type PsalmOptions struct {
|
|
|
|
|
Dir string
|
|
|
|
|
Level int // Error level (1=strictest, 8=most lenient)
|
|
|
|
|
Fix bool // Auto-fix issues where possible
|
|
|
|
|
Baseline bool // Generate/update baseline file
|
|
|
|
|
ShowInfo bool // Show info-level issues
|
2026-02-01 06:32:35 +00:00
|
|
|
JSON bool // Output in JSON format
|
|
|
|
|
SARIF bool // Output in SARIF format for GitHub Security tab
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PsalmType represents the detected Psalm configuration.
|
|
|
|
|
type PsalmType string
|
|
|
|
|
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// Psalm configuration type constants.
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
const (
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// PsalmStandard indicates standard Psalm configuration.
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
PsalmStandard PsalmType = "psalm"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// DetectPsalm checks if Psalm is available in the project.
|
|
|
|
|
func DetectPsalm(dir string) (PsalmType, bool) {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
// Check for psalm.xml config
|
|
|
|
|
psalmConfig := filepath.Join(dir, "psalm.xml")
|
|
|
|
|
psalmDistConfig := filepath.Join(dir, "psalm.xml.dist")
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
hasConfig := m.Exists(psalmConfig) || m.Exists(psalmDistConfig)
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
|
|
|
|
|
// Check for vendor binary
|
|
|
|
|
psalmBin := filepath.Join(dir, "vendor", "bin", "psalm")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(psalmBin) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
return PsalmStandard, true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if hasConfig {
|
|
|
|
|
return PsalmStandard, true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "", false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RunPsalm runs Psalm static analysis.
|
|
|
|
|
func RunPsalm(ctx context.Context, opts PsalmOptions) error {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.WrapVerb(err, "get", "working directory")
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Output == nil {
|
|
|
|
|
opts.Output = os.Stdout
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
// Build command
|
|
|
|
|
vendorBin := filepath.Join(opts.Dir, "vendor", "bin", "psalm")
|
|
|
|
|
cmdName := "psalm"
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(vendorBin) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
cmdName = vendorBin
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
args := []string{"--no-progress"}
|
|
|
|
|
|
|
|
|
|
if opts.Level > 0 && opts.Level <= 8 {
|
2026-01-31 11:39:19 +00:00
|
|
|
args = append(args, cli.Sprintf("--error-level=%d", opts.Level))
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Fix {
|
|
|
|
|
args = append(args, "--alter", "--issues=all")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Baseline {
|
|
|
|
|
args = append(args, "--set-baseline=psalm-baseline.xml")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.ShowInfo {
|
|
|
|
|
args = append(args, "--show-info=true")
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-01 06:32:35 +00:00
|
|
|
// Output format - SARIF takes precedence over JSON
|
|
|
|
|
if opts.SARIF {
|
|
|
|
|
args = append(args, "--output-format=sarif")
|
|
|
|
|
} else if opts.JSON {
|
|
|
|
|
args = append(args, "--output-format=json")
|
|
|
|
|
}
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
cmd := exec.CommandContext(ctx, cmdName, args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
cmd.Stdout = opts.Output
|
|
|
|
|
cmd.Stderr = opts.Output
|
|
|
|
|
|
|
|
|
|
return cmd.Run()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// =============================================================================
|
|
|
|
|
// Security Audit
|
|
|
|
|
// =============================================================================
|
|
|
|
|
|
|
|
|
|
// AuditOptions configures dependency security auditing.
|
|
|
|
|
type AuditOptions struct {
|
|
|
|
|
Dir string
|
|
|
|
|
JSON bool // Output in JSON format
|
|
|
|
|
Fix bool // Auto-fix vulnerabilities (npm only)
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AuditResult holds the results of a security audit.
|
|
|
|
|
type AuditResult struct {
|
|
|
|
|
Tool string
|
|
|
|
|
Vulnerabilities int
|
|
|
|
|
Advisories []AuditAdvisory
|
|
|
|
|
Error error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AuditAdvisory represents a single security advisory.
|
|
|
|
|
type AuditAdvisory struct {
|
|
|
|
|
Package string
|
|
|
|
|
Severity string
|
|
|
|
|
Title string
|
|
|
|
|
URL string
|
|
|
|
|
Identifiers []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RunAudit runs security audits on dependencies.
|
|
|
|
|
func RunAudit(ctx context.Context, opts AuditOptions) ([]AuditResult, error) {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return nil, cli.WrapVerb(err, "get", "working directory")
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Output == nil {
|
|
|
|
|
opts.Output = os.Stdout
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var results []AuditResult
|
|
|
|
|
|
|
|
|
|
// Run composer audit
|
|
|
|
|
composerResult := runComposerAudit(ctx, opts)
|
|
|
|
|
results = append(results, composerResult)
|
|
|
|
|
|
|
|
|
|
// Run npm audit if package.json exists
|
2026-02-05 18:14:59 +00:00
|
|
|
if getMedium().Exists(filepath.Join(opts.Dir, "package.json")) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
npmResult := runNpmAudit(ctx, opts)
|
|
|
|
|
results = append(results, npmResult)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return results, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func runComposerAudit(ctx context.Context, opts AuditOptions) AuditResult {
|
|
|
|
|
result := AuditResult{Tool: "composer"}
|
|
|
|
|
|
|
|
|
|
args := []string{"audit", "--format=json"}
|
|
|
|
|
|
|
|
|
|
cmd := exec.CommandContext(ctx, "composer", args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
|
|
|
|
|
output, err := cmd.Output()
|
|
|
|
|
if err != nil {
|
|
|
|
|
// composer audit returns non-zero if vulnerabilities found
|
|
|
|
|
if exitErr, ok := err.(*exec.ExitError); ok {
|
|
|
|
|
output = append(output, exitErr.Stderr...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Parse JSON output
|
|
|
|
|
var auditData struct {
|
|
|
|
|
Advisories map[string][]struct {
|
|
|
|
|
Title string `json:"title"`
|
|
|
|
|
Link string `json:"link"`
|
|
|
|
|
CVE string `json:"cve"`
|
|
|
|
|
AffectedRanges string `json:"affectedVersions"`
|
|
|
|
|
} `json:"advisories"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if jsonErr := json.Unmarshal(output, &auditData); jsonErr == nil {
|
|
|
|
|
for pkg, advisories := range auditData.Advisories {
|
|
|
|
|
for _, adv := range advisories {
|
|
|
|
|
result.Advisories = append(result.Advisories, AuditAdvisory{
|
|
|
|
|
Package: pkg,
|
|
|
|
|
Title: adv.Title,
|
|
|
|
|
URL: adv.Link,
|
|
|
|
|
Identifiers: []string{adv.CVE},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
result.Vulnerabilities = len(result.Advisories)
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
result.Error = err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func runNpmAudit(ctx context.Context, opts AuditOptions) AuditResult {
|
|
|
|
|
result := AuditResult{Tool: "npm"}
|
|
|
|
|
|
|
|
|
|
args := []string{"audit", "--json"}
|
|
|
|
|
if opts.Fix {
|
|
|
|
|
args = []string{"audit", "fix"}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd := exec.CommandContext(ctx, "npm", args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
|
|
|
|
|
output, err := cmd.Output()
|
|
|
|
|
if err != nil {
|
|
|
|
|
if exitErr, ok := err.(*exec.ExitError); ok {
|
|
|
|
|
output = append(output, exitErr.Stderr...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !opts.Fix {
|
|
|
|
|
// Parse JSON output
|
|
|
|
|
var auditData struct {
|
|
|
|
|
Metadata struct {
|
|
|
|
|
Vulnerabilities struct {
|
|
|
|
|
Total int `json:"total"`
|
|
|
|
|
} `json:"vulnerabilities"`
|
|
|
|
|
} `json:"metadata"`
|
|
|
|
|
Vulnerabilities map[string]struct {
|
|
|
|
|
Severity string `json:"severity"`
|
|
|
|
|
Via []any `json:"via"`
|
|
|
|
|
} `json:"vulnerabilities"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if jsonErr := json.Unmarshal(output, &auditData); jsonErr == nil {
|
|
|
|
|
result.Vulnerabilities = auditData.Metadata.Vulnerabilities.Total
|
|
|
|
|
for pkg, vuln := range auditData.Vulnerabilities {
|
|
|
|
|
result.Advisories = append(result.Advisories, AuditAdvisory{
|
|
|
|
|
Package: pkg,
|
|
|
|
|
Severity: vuln.Severity,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
result.Error = err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// =============================================================================
|
|
|
|
|
// Rector Automated Refactoring
|
|
|
|
|
// =============================================================================
|
|
|
|
|
|
|
|
|
|
// RectorOptions configures Rector code refactoring.
|
|
|
|
|
type RectorOptions struct {
|
|
|
|
|
Dir string
|
|
|
|
|
Fix bool // Apply changes (default is dry-run)
|
|
|
|
|
Diff bool // Show detailed diff
|
|
|
|
|
ClearCache bool // Clear cache before running
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DetectRector checks if Rector is available in the project.
|
|
|
|
|
func DetectRector(dir string) bool {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
// Check for rector.php config
|
|
|
|
|
rectorConfig := filepath.Join(dir, "rector.php")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(rectorConfig) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for vendor binary
|
|
|
|
|
rectorBin := filepath.Join(dir, "vendor", "bin", "rector")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(rectorBin) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RunRector runs Rector for automated code refactoring.
|
|
|
|
|
func RunRector(ctx context.Context, opts RectorOptions) error {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.WrapVerb(err, "get", "working directory")
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Output == nil {
|
|
|
|
|
opts.Output = os.Stdout
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
// Build command
|
|
|
|
|
vendorBin := filepath.Join(opts.Dir, "vendor", "bin", "rector")
|
|
|
|
|
cmdName := "rector"
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(vendorBin) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
cmdName = vendorBin
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
args := []string{"process"}
|
|
|
|
|
|
|
|
|
|
if !opts.Fix {
|
|
|
|
|
args = append(args, "--dry-run")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Diff {
|
|
|
|
|
args = append(args, "--output-format", "diff")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.ClearCache {
|
|
|
|
|
args = append(args, "--clear-cache")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd := exec.CommandContext(ctx, cmdName, args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
cmd.Stdout = opts.Output
|
|
|
|
|
cmd.Stderr = opts.Output
|
|
|
|
|
|
|
|
|
|
return cmd.Run()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// =============================================================================
|
|
|
|
|
// Infection Mutation Testing
|
|
|
|
|
// =============================================================================
|
|
|
|
|
|
|
|
|
|
// InfectionOptions configures Infection mutation testing.
|
|
|
|
|
type InfectionOptions struct {
|
|
|
|
|
Dir string
|
|
|
|
|
MinMSI int // Minimum mutation score indicator (0-100)
|
|
|
|
|
MinCoveredMSI int // Minimum covered mutation score (0-100)
|
|
|
|
|
Threads int // Number of parallel threads
|
|
|
|
|
Filter string // Filter files by pattern
|
|
|
|
|
OnlyCovered bool // Only mutate covered code
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DetectInfection checks if Infection is available in the project.
|
|
|
|
|
func DetectInfection(dir string) bool {
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
// Check for infection config files
|
|
|
|
|
configs := []string{"infection.json", "infection.json5", "infection.json.dist"}
|
|
|
|
|
for _, config := range configs {
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(filepath.Join(dir, config)) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for vendor binary
|
|
|
|
|
infectionBin := filepath.Join(dir, "vendor", "bin", "infection")
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(infectionBin) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RunInfection runs Infection mutation testing.
|
|
|
|
|
func RunInfection(ctx context.Context, opts InfectionOptions) error {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return cli.WrapVerb(err, "get", "working directory")
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Output == nil {
|
|
|
|
|
opts.Output = os.Stdout
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
|
|
|
|
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
// Build command
|
|
|
|
|
vendorBin := filepath.Join(opts.Dir, "vendor", "bin", "infection")
|
|
|
|
|
cmdName := "infection"
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(vendorBin) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
cmdName = vendorBin
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var args []string
|
|
|
|
|
|
|
|
|
|
// Set defaults
|
|
|
|
|
minMSI := opts.MinMSI
|
|
|
|
|
if minMSI == 0 {
|
|
|
|
|
minMSI = 50
|
|
|
|
|
}
|
|
|
|
|
minCoveredMSI := opts.MinCoveredMSI
|
|
|
|
|
if minCoveredMSI == 0 {
|
|
|
|
|
minCoveredMSI = 70
|
|
|
|
|
}
|
|
|
|
|
threads := opts.Threads
|
|
|
|
|
if threads == 0 {
|
|
|
|
|
threads = 4
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-31 11:39:19 +00:00
|
|
|
args = append(args, cli.Sprintf("--min-msi=%d", minMSI))
|
|
|
|
|
args = append(args, cli.Sprintf("--min-covered-msi=%d", minCoveredMSI))
|
|
|
|
|
args = append(args, cli.Sprintf("--threads=%d", threads))
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
|
|
|
|
|
if opts.Filter != "" {
|
|
|
|
|
args = append(args, "--filter="+opts.Filter)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.OnlyCovered {
|
|
|
|
|
args = append(args, "--only-covered")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd := exec.CommandContext(ctx, cmdName, args...)
|
|
|
|
|
cmd.Dir = opts.Dir
|
|
|
|
|
cmd.Stdout = opts.Output
|
|
|
|
|
cmd.Stderr = opts.Output
|
|
|
|
|
|
|
|
|
|
return cmd.Run()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// =============================================================================
|
|
|
|
|
// QA Pipeline
|
|
|
|
|
// =============================================================================
|
|
|
|
|
|
|
|
|
|
// QAOptions configures the full QA pipeline.
|
|
|
|
|
type QAOptions struct {
|
|
|
|
|
Dir string
|
|
|
|
|
Quick bool // Only run quick checks
|
|
|
|
|
Full bool // Run all stages including slow checks
|
|
|
|
|
Fix bool // Auto-fix issues where possible
|
|
|
|
|
JSON bool // Output results as JSON
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// QAStage represents a stage in the QA pipeline.
|
|
|
|
|
type QAStage string
|
|
|
|
|
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// QA pipeline stage constants.
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
const (
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// QAStageQuick runs fast checks only (audit, fmt, stan).
|
|
|
|
|
QAStageQuick QAStage = "quick"
|
|
|
|
|
// QAStageStandard runs standard checks including tests.
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
QAStageStandard QAStage = "standard"
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
// QAStageFull runs all checks including slow security scans.
|
|
|
|
|
QAStageFull QAStage = "full"
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// QACheckResult holds the result of a single QA check.
|
|
|
|
|
type QACheckResult struct {
|
|
|
|
|
Name string
|
|
|
|
|
Stage QAStage
|
|
|
|
|
Passed bool
|
|
|
|
|
Duration string
|
|
|
|
|
Error error
|
|
|
|
|
Output string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// QAResult holds the results of the full QA pipeline.
|
|
|
|
|
type QAResult struct {
|
|
|
|
|
Stages []QAStage
|
|
|
|
|
Checks []QACheckResult
|
|
|
|
|
Passed bool
|
|
|
|
|
Summary string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetQAStages returns the stages to run based on options.
|
|
|
|
|
func GetQAStages(opts QAOptions) []QAStage {
|
|
|
|
|
if opts.Quick {
|
|
|
|
|
return []QAStage{QAStageQuick}
|
|
|
|
|
}
|
|
|
|
|
if opts.Full {
|
|
|
|
|
return []QAStage{QAStageQuick, QAStageStandard, QAStageFull}
|
|
|
|
|
}
|
|
|
|
|
// Default: quick + standard
|
|
|
|
|
return []QAStage{QAStageQuick, QAStageStandard}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetQAChecks returns the checks for a given stage.
|
|
|
|
|
func GetQAChecks(dir string, stage QAStage) []string {
|
|
|
|
|
switch stage {
|
|
|
|
|
case QAStageQuick:
|
2026-01-30 20:06:51 +00:00
|
|
|
checks := []string{"audit", "fmt", "stan"}
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
return checks
|
|
|
|
|
case QAStageStandard:
|
|
|
|
|
checks := []string{}
|
|
|
|
|
if _, found := DetectPsalm(dir); found {
|
|
|
|
|
checks = append(checks, "psalm")
|
|
|
|
|
}
|
|
|
|
|
checks = append(checks, "test")
|
|
|
|
|
return checks
|
|
|
|
|
case QAStageFull:
|
|
|
|
|
checks := []string{}
|
|
|
|
|
if DetectRector(dir) {
|
|
|
|
|
checks = append(checks, "rector")
|
|
|
|
|
}
|
|
|
|
|
if DetectInfection(dir) {
|
|
|
|
|
checks = append(checks, "infection")
|
|
|
|
|
}
|
|
|
|
|
return checks
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// =============================================================================
|
|
|
|
|
// Security Checks
|
|
|
|
|
// =============================================================================
|
|
|
|
|
|
|
|
|
|
// SecurityOptions configures security scanning.
|
|
|
|
|
type SecurityOptions struct {
|
|
|
|
|
Dir string
|
|
|
|
|
Severity string // Minimum severity (critical, high, medium, low)
|
|
|
|
|
JSON bool // Output in JSON format
|
|
|
|
|
SARIF bool // Output in SARIF format
|
|
|
|
|
URL string // URL to check HTTP headers (optional)
|
2026-02-05 18:14:59 +00:00
|
|
|
Output goio.Writer
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SecurityResult holds the results of security scanning.
|
|
|
|
|
type SecurityResult struct {
|
|
|
|
|
Checks []SecurityCheck
|
|
|
|
|
Summary SecuritySummary
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SecurityCheck represents a single security check result.
|
|
|
|
|
type SecurityCheck struct {
|
|
|
|
|
ID string
|
|
|
|
|
Name string
|
|
|
|
|
Description string
|
|
|
|
|
Severity string
|
|
|
|
|
Passed bool
|
|
|
|
|
Message string
|
|
|
|
|
Fix string
|
|
|
|
|
CWE string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SecuritySummary summarizes security check results.
|
|
|
|
|
type SecuritySummary struct {
|
|
|
|
|
Total int
|
|
|
|
|
Passed int
|
|
|
|
|
Critical int
|
|
|
|
|
High int
|
|
|
|
|
Medium int
|
|
|
|
|
Low int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RunSecurityChecks runs security checks on the project.
|
|
|
|
|
func RunSecurityChecks(ctx context.Context, opts SecurityOptions) (*SecurityResult, error) {
|
|
|
|
|
if opts.Dir == "" {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return nil, cli.WrapVerb(err, "get", "working directory")
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
opts.Dir = cwd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result := &SecurityResult{}
|
|
|
|
|
|
|
|
|
|
// Run composer audit
|
|
|
|
|
auditResults, _ := RunAudit(ctx, AuditOptions{Dir: opts.Dir})
|
|
|
|
|
for _, audit := range auditResults {
|
|
|
|
|
check := SecurityCheck{
|
|
|
|
|
ID: audit.Tool + "_audit",
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
Name: i18n.Title(audit.Tool) + " Security Audit",
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
Description: "Check " + audit.Tool + " dependencies for vulnerabilities",
|
|
|
|
|
Severity: "critical",
|
|
|
|
|
Passed: audit.Vulnerabilities == 0 && audit.Error == nil,
|
|
|
|
|
CWE: "CWE-1395",
|
|
|
|
|
}
|
|
|
|
|
if !check.Passed {
|
2026-01-31 11:39:19 +00:00
|
|
|
check.Message = cli.Sprintf("Found %d vulnerabilities", audit.Vulnerabilities)
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
}
|
|
|
|
|
result.Checks = append(result.Checks, check)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check .env file for security issues
|
|
|
|
|
envChecks := runEnvSecurityChecks(opts.Dir)
|
|
|
|
|
result.Checks = append(result.Checks, envChecks...)
|
|
|
|
|
|
|
|
|
|
// Check filesystem security
|
|
|
|
|
fsChecks := runFilesystemSecurityChecks(opts.Dir)
|
|
|
|
|
result.Checks = append(result.Checks, fsChecks...)
|
|
|
|
|
|
|
|
|
|
// Calculate summary
|
|
|
|
|
for _, check := range result.Checks {
|
|
|
|
|
result.Summary.Total++
|
|
|
|
|
if check.Passed {
|
|
|
|
|
result.Summary.Passed++
|
|
|
|
|
} else {
|
|
|
|
|
switch check.Severity {
|
|
|
|
|
case "critical":
|
|
|
|
|
result.Summary.Critical++
|
|
|
|
|
case "high":
|
|
|
|
|
result.Summary.High++
|
|
|
|
|
case "medium":
|
|
|
|
|
result.Summary.Medium++
|
|
|
|
|
case "low":
|
|
|
|
|
result.Summary.Low++
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func runEnvSecurityChecks(dir string) []SecurityCheck {
|
|
|
|
|
var checks []SecurityCheck
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
envPath := filepath.Join(dir, ".env")
|
2026-02-05 18:14:59 +00:00
|
|
|
envContent, err := m.Read(envPath)
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return checks
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 18:14:59 +00:00
|
|
|
envLines := strings.Split(envContent, "\n")
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
envMap := make(map[string]string)
|
|
|
|
|
for _, line := range envLines {
|
|
|
|
|
line = strings.TrimSpace(line)
|
|
|
|
|
if line == "" || strings.HasPrefix(line, "#") {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
parts := strings.SplitN(line, "=", 2)
|
|
|
|
|
if len(parts) == 2 {
|
|
|
|
|
envMap[parts[0]] = parts[1]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check APP_DEBUG
|
|
|
|
|
if debug, ok := envMap["APP_DEBUG"]; ok {
|
|
|
|
|
check := SecurityCheck{
|
|
|
|
|
ID: "debug_mode",
|
|
|
|
|
Name: "Debug Mode Disabled",
|
|
|
|
|
Description: "APP_DEBUG should be false in production",
|
|
|
|
|
Severity: "critical",
|
|
|
|
|
Passed: strings.ToLower(debug) != "true",
|
|
|
|
|
CWE: "CWE-215",
|
|
|
|
|
}
|
|
|
|
|
if !check.Passed {
|
|
|
|
|
check.Message = "Debug mode exposes sensitive information"
|
|
|
|
|
check.Fix = "Set APP_DEBUG=false in .env"
|
|
|
|
|
}
|
|
|
|
|
checks = append(checks, check)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check APP_KEY
|
|
|
|
|
if key, ok := envMap["APP_KEY"]; ok {
|
|
|
|
|
check := SecurityCheck{
|
|
|
|
|
ID: "app_key_set",
|
|
|
|
|
Name: "Application Key Set",
|
|
|
|
|
Description: "APP_KEY must be set and valid",
|
|
|
|
|
Severity: "critical",
|
|
|
|
|
Passed: len(key) >= 32,
|
|
|
|
|
CWE: "CWE-321",
|
|
|
|
|
}
|
|
|
|
|
if !check.Passed {
|
|
|
|
|
check.Message = "Missing or weak encryption key"
|
|
|
|
|
check.Fix = "Run: php artisan key:generate"
|
|
|
|
|
}
|
|
|
|
|
checks = append(checks, check)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check APP_URL for HTTPS
|
|
|
|
|
if url, ok := envMap["APP_URL"]; ok {
|
|
|
|
|
check := SecurityCheck{
|
|
|
|
|
ID: "https_enforced",
|
|
|
|
|
Name: "HTTPS Enforced",
|
|
|
|
|
Description: "APP_URL should use HTTPS in production",
|
|
|
|
|
Severity: "high",
|
|
|
|
|
Passed: strings.HasPrefix(url, "https://"),
|
|
|
|
|
CWE: "CWE-319",
|
|
|
|
|
}
|
|
|
|
|
if !check.Passed {
|
|
|
|
|
check.Message = "Application not using HTTPS"
|
|
|
|
|
check.Fix = "Update APP_URL to use https://"
|
|
|
|
|
}
|
|
|
|
|
checks = append(checks, check)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return checks
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func runFilesystemSecurityChecks(dir string) []SecurityCheck {
|
|
|
|
|
var checks []SecurityCheck
|
2026-02-05 18:14:59 +00:00
|
|
|
m := getMedium()
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
|
|
|
|
|
// Check .env not in public
|
|
|
|
|
publicEnvPaths := []string{"public/.env", "public_html/.env"}
|
|
|
|
|
for _, path := range publicEnvPaths {
|
|
|
|
|
fullPath := filepath.Join(dir, path)
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(fullPath) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
checks = append(checks, SecurityCheck{
|
|
|
|
|
ID: "env_not_public",
|
|
|
|
|
Name: ".env Not Publicly Accessible",
|
|
|
|
|
Description: ".env file should not be in public directory",
|
|
|
|
|
Severity: "critical",
|
|
|
|
|
Passed: false,
|
|
|
|
|
Message: "Environment file exposed to web at " + path,
|
|
|
|
|
CWE: "CWE-538",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check .git not in public
|
|
|
|
|
publicGitPaths := []string{"public/.git", "public_html/.git"}
|
|
|
|
|
for _, path := range publicGitPaths {
|
|
|
|
|
fullPath := filepath.Join(dir, path)
|
2026-02-05 18:14:59 +00:00
|
|
|
if m.Exists(fullPath) {
|
feat(php): add quality commands and split cmd/php for maintainability
Add new PHP quality commands:
- psalm: Psalm static analysis with auto-fix support
- audit: Security audit for composer and npm dependencies
- security: Filesystem security checks (.env exposure, permissions)
- qa: Full QA pipeline with quick/standard/full stages
- rector: Automated code refactoring with dry-run
- infection: Mutation testing
Split cmd/php/php.go (2k+ lines) into logical files:
- php.go: Styles and command registration
- php_dev.go: dev, logs, stop, status, ssl
- php_build.go: build, serve, shell
- php_quality.go: test, fmt, analyse, psalm, audit, security, qa, rector, infection
- php_packages.go: packages link/unlink/update/list
- php_deploy.go: deploy commands
QA pipeline improvements:
- Suppress tool output noise in pipeline mode
- Show actionable "To fix:" suggestions with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:58:03 +00:00
|
|
|
checks = append(checks, SecurityCheck{
|
|
|
|
|
ID: "git_not_public",
|
|
|
|
|
Name: ".git Not Publicly Accessible",
|
|
|
|
|
Description: ".git directory should not be in public",
|
|
|
|
|
Severity: "critical",
|
|
|
|
|
Passed: false,
|
|
|
|
|
Message: "Git repository exposed to web (source code leak)",
|
|
|
|
|
CWE: "CWE-538",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return checks
|
|
|
|
|
}
|