From b0074e58702874ddfe6858ffcb239f45497f4620 Mon Sep 17 00:00:00 2001
From: Snider <snider@host.uk.com>
Date: Fri, 13 Mar 2026 10:06:58 +0000
Subject: [PATCH] refactor: move config YAMLs into .core/ convention

Moves php-commands.yaml, qa.yaml, security-checks.yaml into .core/
directory. Updates internal references to use .core/ paths.

Co-Authored-By: Virgil <virgil@lethean.io>
---
 php-commands.yaml => .core/php-commands.yaml     | 16 ++++++++--------
 qa.yaml => .core/qa.yaml                         |  0
 .../security-checks.yaml                         |  0
 .gitattributes                                   |  1 -
 4 files changed, 8 insertions(+), 9 deletions(-)
 rename php-commands.yaml => .core/php-commands.yaml (95%)
 rename qa.yaml => .core/qa.yaml (100%)
 rename security-checks.yaml => .core/security-checks.yaml (100%)

diff --git a/php-commands.yaml b/.core/php-commands.yaml
similarity index 95%
rename from php-commands.yaml
rename to .core/php-commands.yaml
index 1d8eb78..b23a4cd 100644
--- a/php-commands.yaml
+++ b/.core/php-commands.yaml
@@ -92,7 +92,7 @@ commands:
   security:
     description: Security vulnerability scanning
     long_description: |
-      Scan for security vulnerabilities using security-checks.yaml rules.
+      Scan for security vulnerabilities using .core/security-checks.yaml rules.
 
       Checks environment config, file permissions, code patterns,
       and runs security-focused static analysis.
@@ -121,10 +121,10 @@ commands:
         type: string
         description: URL to check HTTP headers (optional)
 
-    config_file: security-checks.yaml
+    config_file: .core/security-checks.yaml
 
     implementation_notes: |
-      Parse security-checks.yaml and run checks by category:
+      Parse .core/security-checks.yaml and run checks by category:
       1. env_checks: Parse .env file
       2. filesystem_checks: Use os.Stat, filepath.Glob
       3. config_checks: Regex on PHP files
@@ -138,7 +138,7 @@ commands:
   qa:
     description: Run full QA pipeline
     long_description: |
-      Run the complete quality assurance pipeline defined in qa.yaml.
+      Run the complete quality assurance pipeline defined in .core/qa.yaml.
 
       Stages:
         quick:    Security audit, code style, PHPStan (< 30s)
@@ -168,19 +168,19 @@ commands:
         type: bool
         description: Output results as JSON
 
-    config_file: qa.yaml
+    config_file: .core/qa.yaml
 
     default_stages: [quick, standard]
 
     implementation_notes: |
-      Parse qa.yaml and run stages in order:
-      1. Load stage definitions from qa.yaml
+      Parse .core/qa.yaml and run stages in order:
+      1. Load stage definitions from .core/qa.yaml
       2. For each stage in selected stages:
          - Run each check command
          - If --fix and fix_command exists, run that instead
          - Collect results
       3. Output summary with pass/fail per stage
-      4. Exit with appropriate code per qa.yaml exit_codes
+      4. Exit with appropriate code per .core/qa.yaml exit_codes
 
   # ==========================================================================
   # NEW: core php rector
diff --git a/qa.yaml b/.core/qa.yaml
similarity index 100%
rename from qa.yaml
rename to .core/qa.yaml
diff --git a/security-checks.yaml b/.core/security-checks.yaml
similarity index 100%
rename from security-checks.yaml
rename to .core/security-checks.yaml
diff --git a/.gitattributes b/.gitattributes
index 1b2c4de..2458e03 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -11,6 +11,5 @@ tests/            export-ignore
 .forgejo/         export-ignore
 phpunit.xml       export-ignore
 phpstan.neon      export-ignore
-qa.yaml           export-ignore
 CLAUDE.md         export-ignore
 CONTRIBUTING.md   export-ignore