core/php-api
8
0
Fork 0
Code Issues 17 Pull requests Projects Releases Packages Wiki Activity Actions 2
php-api/TODO-PHASE1.md
Clotho 7c73d3c043 docs(phase0): complete environment assessment and architecture review (#1) 
Phase 0 Assessment Summary:
- Comprehensive codebase architecture review completed
- 107 PHP files analysed across Core\Api and Core\Website\Api namespaces
- Identified critical dependency blocker: host-uk/core package not found
- Documented all architectural patterns, security features, and test coverage
- Cannot run tests/lint/analysis until dependency resolved

Key Findings:
-  Excellent architecture: event-driven, two-namespace design
-  Comprehensive test coverage: ~6,500 lines across 11 feature test files
-  Strong security: bcrypt hashing, IP whitelisting, HMAC-SHA256 webhooks
-  Production-ready rate limiting: sliding window with burst allowance
-  Sophisticated OpenAPI documentation: 819-line builder with attributes
-  BLOCKER: composer install fails (missing host-uk/core dependency)

Deliverables:
- FINDINGS.md: 15-section comprehensive assessment report
- TODO-PHASE1.md: Dependency resolution roadmap with 7 tasks

Architecture Highlights:
- Event-driven boot system ($listens array pattern)
- Immutable result objects (RateLimitResult)
- IP restriction service (IPv4/IPv6/CIDR support)
- Webhook delivery with exponential backoff
- OpenAPI attribute-based documentation

Test Coverage (cannot execute):
- ApiKeySecurityTest (14.8 KB) - bcrypt, rotation, scopes
- WebhookDeliveryTest (24.9 KB) - HMAC signatures, retries
- RateLimitingTest (28.6 KB) - tier-based, burst allowance
- ApiScopeEnforcementTest (29.8 KB) - wildcards, inheritance
- OpenApiDocumentationComprehensiveTest (41.3 KB) - spec generation

Next Steps (Phase 1):
1. Resolve host-uk/core dependency (path repo/private registry)
2. Add require-dev dependencies (Pest, Pint, PHPStan)
3. Run test suite and establish baseline
4. Document lint/static analysis results
5. Proceed to Phase 2 improvements

Co-Authored-By: Clotho <clotho@lthn.ai>
2026-02-20 03:13:33 +00:00

326 lines
5.8 KiB
Markdown
Raw Blame History

# Phase 1: Dependency Resolution + Test Baseline
**Created:** 20 February 2026
**Agent:** Clotho
**Related:** Issue #1, FINDINGS.md
---
## Critical Blocker: Missing Dependency
### Issue
`composer install` fails because `host-uk/core` package cannot be found:
```json
{
"require": {
"host-uk/core": "@dev" // ← NOT FOUND
}
}
```
### Impact
- ❌ Cannot install vendor dependencies
- ❌ Cannot run tests (`vendor/bin/pest`)
- ❌ Cannot run linter (`vendor/bin/pint`)
- ❌ Cannot run static analysis (`vendor/bin/phpstan`)
- ❌ No development environment
---
## Phase 1 Tasks
### Task 1: Resolve `host-uk/core` Dependency
**Priority:** CRITICAL
**Estimated Time:** 1-2 hours (depending on approach)
**Choose ONE approach:**
#### Option A: Path Repository (Monorepo)
If `host-uk/core` exists locally (e.g., `../core/`):
1. Update `composer.json`:
```json
{
"repositories": [
{
"type": "path",
"url": "../core"
}
],
"require": {
"host-uk/core": "@dev"
}
}
```
2. Run `composer install --no-interaction`
#### Option B: Private Composer Registry
If using Satis or Private Packagist:
1. Update `composer.json`:
```json
{
"repositories": [
{
"type": "composer",
"url": "https://composer.example.com/"
}
]
}
```
2. Configure credentials if needed
3. Run `composer install --no-interaction`
#### Option C: Symlink Development (Temporary)
1. Clone `host-uk/core` to `../core`
2. Use Option A (path repository)
**Acceptance Criteria:**
- ✅ `composer install` completes successfully
- ✅ `vendor/` directory created
- ✅ `composer.lock` generated
- ✅ No dependency errors
---
### Task 2: Add Missing Dev Dependencies
**Priority:** HIGH
**Estimated Time:** 15 minutes
Current `composer.json` is missing `require-dev` section.
**Action:**
Add to `composer.json`:
```json
{
"require-dev": {
"pestphp/pest": "^2.0",
"pestphp/pest-plugin-laravel": "^2.0",
"laravel/pint": "^1.0",
"phpstan/phpstan": "^1.10",
"orchestra/testbench": "^9.0",
"mockery/mockery": "^1.6",
"nunomaduro/collision": "^8.0"
}
}
```
Then run:
```bash
composer update --no-interaction
```
**Acceptance Criteria:**
- ✅ All dev tools installed
- ✅ `vendor/bin/pest` available
- ✅ `vendor/bin/pint` available
- ✅ `vendor/bin/phpstan` available
---
### Task 3: Establish Test Baseline
**Priority:** HIGH
**Estimated Time:** 30 minutes
Once dependencies are resolved, run full test suite:
```bash
vendor/bin/pest --testdox
```
**Expected Results (from FINDINGS.md):**
- 11 feature test files
- ~50-70 test cases
- All tests passing (as of January 2026)
**Document:**
- Total tests run
- Pass/fail count
- Execution time
- Any failures (unexpected)
**Output to:** `BASELINE-TESTS.md`
---
### Task 4: Establish Lint Baseline
**Priority:** MEDIUM
**Estimated Time:** 15 minutes
Run code style checker:
```bash
vendor/bin/pint --test
```
**Expected Results:**
- 0 violations (code follows PSR-12)
- No formatting changes needed
**If violations found:**
```bash
vendor/bin/pint --dirty # Fix changed files only
```
**Document:**
- Violations found (if any)
- Files affected
- Auto-fix results
**Output to:** `BASELINE-LINT.md`
---
### Task 5: Establish Static Analysis Baseline
**Priority:** MEDIUM
**Estimated Time:** 30 minutes
Run PHPStan analysis:
```bash
vendor/bin/phpstan analyse --memory-limit=512M
```
**Expected Issues (from TODO.md):**
- Array shape types in resources
- Missing return types
- Property type declarations
**Document:**
- Current PHPStan level
- Total errors found
- Error categories
- Plan to reach Level 5
**Output to:** `BASELINE-PHPSTAN.md`
---
### Task 6: Commit Baseline Files
**Priority:** HIGH
**Estimated Time:** 15 minutes
Commit all baseline documentation:
```bash
git add composer.json composer.lock
git add BASELINE-*.md
git commit -m "chore: establish test, lint, and static analysis baselines (#1)
- Add require-dev dependencies (Pest, Pint, PHPStan)
- Run full test suite: XX tests passing
- Run code linter: 0 violations
- Run static analysis: XX errors at level X
- Document baseline results for future comparison
Co-Authored-By: Clotho <clotho@lthn.ai>"
```
**Acceptance Criteria:**
- ✅ `composer.lock` committed
- ✅ Baseline documents committed
- ✅ Conventional commit message
- ✅ References issue #1
---
### Task 7: Update Documentation
**Priority:** LOW
**Estimated Time:** 15 minutes
Update README.md with setup instructions:
Add section:
```markdown
## Development Setup
### Prerequisites
- PHP 8.2+
- Composer 2.0+
- Access to `host-uk/core` package (see below)
### Installation
1. Clone repository:
bash
git clone <repo-url>
cd php-api
2. Install dependencies:
bash
composer install
3. Run tests:
bash
vendor/bin/pest
4. Run linter:
bash
vendor/bin/pint --test
5. Run static analysis:
bash
vendor/bin/phpstan analyse
```
---
## Phase 1 Completion Criteria
- ✅ `composer install` works without errors
- ✅ All test suites pass
- ✅ Lint baseline documented
- ✅ Static analysis baseline documented
- ✅ `composer.lock` committed
- ✅ Baseline files committed
- ✅ README updated with setup instructions
---
## After Phase 1
Proceed to Phase 2 based on TODO.md priorities:
**High Priority (Phase 2):**
- [ ] Fix PHPStan Level 5 errors
- [ ] Add missing test coverage (usage alerts)
- [ ] API versioning support
**Medium Priority (Phase 3):**
- [ ] Response caching optimisation
- [ ] N+1 query elimination
- [ ] Webhook analytics dashboard
See `TODO.md` for full roadmap.
---
**Next Actions:**
1. Team chooses dependency resolution strategy (Option A/B/C)
2. Update `composer.json` accordingly
3. Run through Tasks 1-7
4. Mark Phase 1 complete
5. Begin Phase 2
**Estimated Total Time:** 3-4 hours (excluding dependency setup decision time)
Reference in a new issue View git blame Copy permalink