php-agentic/Models/Task.php

<?php

declare(strict_types=1);

namespace Core\Mod\Agentic\Models;

use Core\Tenant\Concerns\BelongsToWorkspace;
use Illuminate\Database\Eloquent\Model;

class Task extends Model
{
    use BelongsToWorkspace;

    protected $fillable = [
        'workspace_id',
        'title',
        'description',
        'status',
        'priority',
        'category',
        'file_ref',
        'line_ref',
    ];

    protected $casts = [
        'line_ref' => 'integer',
    ];

    public function scopePending($query)
    {
        return $query->where('status', 'pending');
    }

    public function scopeInProgress($query)
    {
        return $query->where('status', 'in_progress');
    }

    public function scopeDone($query)
    {
        return $query->where('status', 'done');
    }

    public function scopeActive($query)
    {
        return $query->whereIn('status', ['pending', 'in_progress']);
    }

    /**
     * Order by priority using CASE statement with whitelisted values.
     *
     * This is a safe replacement for orderByRaw("FIELD(priority, ...)") which
     * could be vulnerable to SQL injection if extended with user input.
     */
    public function scopeOrderByPriority($query, string $direction = 'asc')
    {
        return $query->orderByRaw('CASE priority
            WHEN ? THEN 1
            WHEN ? THEN 2
            WHEN ? THEN 3
            WHEN ? THEN 4
            ELSE 5
        END '.($direction === 'desc' ? 'DESC' : 'ASC'), ['urgent', 'high', 'normal', 'low']);
    }

    /**
     * Order by status using CASE statement with whitelisted values.
     *
     * This is a safe replacement for orderByRaw("FIELD(status, ...)") which
     * could be vulnerable to SQL injection if extended with user input.
     */
    public function scopeOrderByStatus($query, string $direction = 'asc')
    {
        return $query->orderByRaw('CASE status
            WHEN ? THEN 1
            WHEN ? THEN 2
            WHEN ? THEN 3
            ELSE 4
        END '.($direction === 'desc' ? 'DESC' : 'ASC'), ['in_progress', 'pending', 'done']);
    }

    public function getStatusBadgeAttribute(): string
    {
        return match ($this->status) {
            'done' => '✓',
            'in_progress' => '→',
            default => '○',
        };
    }

    public function getPriorityBadgeAttribute(): string
    {
        return match ($this->priority) {
            'urgent' => '🔴',
            'high' => '🟠',
            'low' => '🔵',
            default => '',
        };
    }
}
monorepo sepration 2026-01-27 00:28:29 +00:00			`<?php`

			`declare(strict_types=1);`

refactor: rename namespace Core\Agentic to Core\Mod\Agentic Updates all classes to use the new modular namespace convention. Adds Service/ layer with Core\Service\Agentic for service definition. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-27 16:12:58 +00:00			`namespace Core\Mod\Agentic\Models;`
monorepo sepration 2026-01-27 00:28:29 +00:00
refactor: update namespaces for L1/L2 package convention - Core\Mod\Tenant -> Core\Tenant - Core\Service\Agentic -> Core\Mod\Agentic\Service Part of namespace restructure to align with L1/L2 module conventions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-27 17:34:46 +00:00			`use Core\Tenant\Concerns\BelongsToWorkspace;`
chore: fix pint code style and add test config Add phpunit.xml for standalone test execution. Apply Laravel Pint formatting fixes across all source files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-23 03:50:09 +00:00			`use Illuminate\Database\Eloquent\Model;`
monorepo sepration 2026-01-27 00:28:29 +00:00
			`class Task extends Model`
			`{`
			`use BelongsToWorkspace;`

			`protected $fillable = [`
			`'workspace_id',`
			`'title',`
			`'description',`
			`'status',`
			`'priority',`
			`'category',`
			`'file_ref',`
			`'line_ref',`
			`];`

			`protected $casts = [`
			`'line_ref' => 'integer',`
			`];`

			`public function scopePending($query)`
			`{`
			`return $query->where('status', 'pending');`
			`}`

			`public function scopeInProgress($query)`
			`{`
			`return $query->where('status', 'in_progress');`
			`}`

			`public function scopeDone($query)`
			`{`
			`return $query->where('status', 'done');`
			`}`

			`public function scopeActive($query)`
			`{`
			`return $query->whereIn('status', ['pending', 'in_progress']);`
			`}`

security: fix SQL injection and add workspace scoping to MCP tools - Replace orderByRaw with parameterised CASE statements - Add Task::scopeOrderByPriority() and scopeOrderByStatus() - Add AgentPlan::scopeOrderByStatus() - Add workspace validation to StateSet, StateGet, StateList tools - Add workspace validation to PlanGet, PlanList tools - Add SecurityTest.php with comprehensive isolation tests Fixes SEC-002, SEC-003 from security audit. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 12:21:01 +00:00			`/**`
			`* Order by priority using CASE statement with whitelisted values.`
			`*`
			`* This is a safe replacement for orderByRaw("FIELD(priority, ...)") which`
			`* could be vulnerable to SQL injection if extended with user input.`
			`*/`
			`public function scopeOrderByPriority($query, string $direction = 'asc')`
			`{`
			`return $query->orderByRaw('CASE priority`
			`WHEN ? THEN 1`
			`WHEN ? THEN 2`
			`WHEN ? THEN 3`
			`WHEN ? THEN 4`
			`ELSE 5`
chore: fix pint code style and add test config Add phpunit.xml for standalone test execution. Apply Laravel Pint formatting fixes across all source files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-23 03:50:09 +00:00			`END '.($direction === 'desc' ? 'DESC' : 'ASC'), ['urgent', 'high', 'normal', 'low']);`
security: fix SQL injection and add workspace scoping to MCP tools - Replace orderByRaw with parameterised CASE statements - Add Task::scopeOrderByPriority() and scopeOrderByStatus() - Add AgentPlan::scopeOrderByStatus() - Add workspace validation to StateSet, StateGet, StateList tools - Add workspace validation to PlanGet, PlanList tools - Add SecurityTest.php with comprehensive isolation tests Fixes SEC-002, SEC-003 from security audit. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 12:21:01 +00:00			`}`

			`/**`
			`* Order by status using CASE statement with whitelisted values.`
			`*`
			`* This is a safe replacement for orderByRaw("FIELD(status, ...)") which`
			`* could be vulnerable to SQL injection if extended with user input.`
			`*/`
			`public function scopeOrderByStatus($query, string $direction = 'asc')`
			`{`
			`return $query->orderByRaw('CASE status`
			`WHEN ? THEN 1`
			`WHEN ? THEN 2`
			`WHEN ? THEN 3`
			`ELSE 4`
chore: fix pint code style and add test config Add phpunit.xml for standalone test execution. Apply Laravel Pint formatting fixes across all source files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-23 03:50:09 +00:00			`END '.($direction === 'desc' ? 'DESC' : 'ASC'), ['in_progress', 'pending', 'done']);`
security: fix SQL injection and add workspace scoping to MCP tools - Replace orderByRaw with parameterised CASE statements - Add Task::scopeOrderByPriority() and scopeOrderByStatus() - Add AgentPlan::scopeOrderByStatus() - Add workspace validation to StateSet, StateGet, StateList tools - Add workspace validation to PlanGet, PlanList tools - Add SecurityTest.php with comprehensive isolation tests Fixes SEC-002, SEC-003 from security audit. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-29 12:21:01 +00:00			`}`

monorepo sepration 2026-01-27 00:28:29 +00:00			`public function getStatusBadgeAttribute(): string`
			`{`
			`return match ($this->status) {`
			`'done' => '✓',`
			`'in_progress' => '→',`
			`default => '○',`
			`};`
			`}`

			`public function getPriorityBadgeAttribute(): string`
			`{`
			`return match ($this->priority) {`
			`'urgent' => '🔴',`
			`'high' => '🟠',`
			`'low' => '🔵',`
			`default => '',`
			`};`
			`}`
			`}`