php-developer/CLAUDE.md

# CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

## Project Overview

**core-developer** (`lthn/php-developer`) — developer tools module for the Core PHP Framework. Provides an admin panel for debugging and monitoring: log viewer, route inspector, database explorer, cache management, activity log, and SSH server connections.

- PHP 8.2+ / Laravel 11-12 / Livewire 3-4
- Module namespace: `Core\Developer\`
- Dependencies: `lthn/php` (core framework), `core/php-admin` (admin panel)
- All features gated behind "Hades" (god-mode) authorization

## Commands

```bash
# Tests
composer test                                 # All tests
composer test -- --testsuite=Unit             # Unit only
composer test -- --testsuite=Feature          # Feature only
composer test -- --filter="test name"         # Single test

# Code style (PSR-12 via Laravel Pint)
composer lint                                 # Fix code style
./vendor/bin/pint --dirty                     # Format changed files only

# Frontend
npm run dev      # Vite dev server
npm run build    # Production build
```

## Architecture

### Event-Driven Lazy Loading

The module registers via `Boot` (a `ServiceProvider` + `AdminMenuProvider`). Nothing loads until events fire:

```php
public static array $listens = [
    AdminPanelBooting::class => 'onAdminPanel',  // loads routes, views
    ConsoleBooting::class => 'onConsole',          // registers artisan commands
];
```

`boot()` always runs (translations, config merge, admin menu registration, rate limiters, query logging in local env).

### Routing

All routes defined in `src/Routes/admin.php`, loaded only when `AdminPanelBooting` fires:

- **Admin pages:** `/hub/dev/*` — Livewire components, route names `hub.dev.*`
- **API endpoints:** `/hub/api/dev/*` — JSON controller actions, route names `hub.api.dev.*`, each with throttle middleware

Both groups use `RequireHades` middleware. Rate limiters (`dev-cache-clear`, `dev-logs`, `dev-routes`, `dev-session`) are configured in `Boot::configureRateLimiting()`.

### Livewire Components

Located at `src/View/Modal/Admin/`. Use attribute-based syntax:

```php
#[Title('Application Logs')]
#[Layout('hub::admin.layouts.app')]
class Logs extends Component
```

Each component calls `$this->checkHadesAccess()` in `mount()` (private method that aborts 403). Views referenced as `developer::admin.{name}`, files in `src/View/Blade/admin/`.

### Authorization: Hades

Two enforcement layers:
1. `RequireHades` middleware on all route groups — checks `$user->isHades()`
2. `checkHadesAccess()` in each Livewire component's `mount()` — redundant guard

### SSH / Remote Server Management

`RemoteServerManager` trait (in `src/Concerns/`) provides SSH operations via phpseclib3. The `Server` model stores connection details with `private_key` encrypted via Laravel's `encrypted` cast. Key pattern:

```php
$this->withConnection($server, function () {
    $this->run('git pull');
});
```

The trait verifies workspace ownership before connecting.

### Multi-Tenancy

The `Server` model uses `BelongsToWorkspace` trait for workspace isolation, plus `LogsActivity` (Spatie) and `SoftDeletes`.

### Localization

All UI strings in `src/Lang/en_GB/developer.php`. Key structure: `developer::developer.{section}.{key}`.

## Testing

Tests use Pest-style syntax. Use-case acceptance tests live in `src/Tests/UseCase/`. Standard PHPUnit test directories: `tests/Unit/` and `tests/Feature/`.

PHPUnit configured with SQLite `:memory:`, Telescope/Pulse disabled (`phpunit.xml`).

## Key Conventions

- All PHP files use `declare(strict_types=1)`
- Controller extends `Core\Front\Controller` (not Laravel's base)
- Services injected via constructor (`DevController`) or resolved from container (`app(LogReaderService::class)`)
- `LogReaderService` auto-redacts sensitive data (API keys, tokens, credentials) in log output
- Config lives in `src/config.php`, merged as `developer.*` — SSH timeouts, Hades token, Horizon notification settings
- Module also overrides Pulse vendor views: `view()->addNamespace('pulse', ...)`