core/php - Lethean Network

core/php

Author	SHA1	Message	Date
Snider	303186323a	fix(scheduler): pre-filter files for #[Scheduled] before class_exists Some checks failed CI / PHP 8.3 (push) Failing after 2m3s Details CI / PHP 8.4 (push) Failing after 2m21s Details class_exists() can trigger uncatchable E_COMPILE_ERROR when autoloading classes with method signature mismatches (e.g. Activity model vs updated Spatie parent). Now checks file contents for '#[Scheduled' string before attempting to load — avoids autoloading hundreds of unrelated classes. Also fixes Activity::getChangesAttribute() return type to match the updated Spatie parent (Collection instead of array). Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-12 15:58:15 +00:00
Snider	d02f4361e3	fix(scheduler): skip test directories in ScheduledActionScanner Some checks failed CI / PHP 8.4 (push) Failing after 2m1s Details CI / PHP 8.3 (push) Failing after 2m8s Details Test files inside module Tests/ directories (e.g. app/Mod/Lem/Tests/) extend Tests\TestCase which isn't available in production without dev dependencies. The scanner now skips /Tests/ directories and *Test.php files, and wraps class_exists() in try/catch for defence in depth. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-12 15:45:45 +00:00
Snider	7db3637985	feat(webhook): add CronTrigger scheduled action — replaces 4 Docker cron containers Some checks failed CI / PHP 8.3 (push) Failing after 2m9s Details CI / PHP 8.4 (push) Failing after 2m14s Details Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 14:26:58 +00:00
Snider	0e038ff350	feat(webhook): add config + Boot — route registration, cron trigger config Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 14:25:17 +00:00
Snider	a1de171871	feat(webhook): add WebhookController — store, verify, fire event, return 200 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 14:23:32 +00:00
Snider	39ede84d0e	feat(webhook): add WebhookCall model, migration, event, verifier interface Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 14:21:20 +00:00
Snider	a0a0727c88	fix(actions): harden scheduled actions — security allowlists, trait verification, scan safety - Add ALLOWED_NAMESPACES prefix allowlist to ScheduleServiceProvider - Add ALLOWED_FREQUENCIES method allowlist (prevents arbitrary method dispatch) - Verify Action trait on scheduled classes before dispatch - Move try/catch inside foreach for per-action isolation - Add empty-scan guard to ScheduleSyncCommand (prevents disabling all rows) - Consolidate ScheduledActionScanner to single tokenisation pass - Cast numeric frequency args via ctype_digit() in ScheduledAction Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 13:56:14 +00:00
Snider	633fbeb559	feat(actions): add ScheduleServiceProvider — wires DB-backed actions into scheduler Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 12:42:59 +00:00
Snider	d1598882bb	feat(actions): add schedule:sync command — persists #[Scheduled] to database Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 12:41:17 +00:00
Snider	9ffb756969	feat(actions): add ScheduledActionScanner — discovers #[Scheduled] classes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 12:25:31 +00:00
Snider	ace48d57c2	feat(actions): add ScheduledAction model and migration Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 12:24:20 +00:00
Snider	8d0b2b64ec	feat(actions): add #[Scheduled] attribute for Action classes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 12:23:33 +00:00
Snider	7d7c489509	fix: add unsafe-eval to production CSP — Livewire uses eval() Some checks failed CI / PHP 8.3 (push) Failing after 1m52s Details CI / PHP 8.4 (push) Failing after 1m58s Details Alpine.js evaluates expressions via eval() at runtime. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-10 05:32:46 +00:00
Snider	87ae36ef22	fix: remove host_analytics from framework CSP config Some checks failed CI / PHP 8.3 (push) Failing after 1m53s Details CI / PHP 8.4 (push) Failing after 1m49s Details Website-specific CSP sources belong in app config, not framework. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-10 05:28:01 +00:00
Snider	95cd788bc9	fix: CSP defaults for Livewire — disable nonces, allow unsafe-inline Some checks failed CI / PHP 8.4 (push) Failing after 1m55s Details CI / PHP 8.3 (push) Failing after 2m6s Details Livewire and Alpine inject inline scripts/styles at runtime without nonce attributes. Nonce-based CSP breaks all Livewire apps out of the box. Change defaults: - nonce_enabled: false (opt-in via SECURITY_CSP_NONCE_ENABLED=true) - production env: add 'unsafe-inline' for script-src and style-src - Add host_analytics external source (SECURITY_CSP_HOST_ANALYTICS) Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-10 05:25:57 +00:00
Snider	affedb3d46	refactor: extract Service + Client to standalone packages Some checks failed CI / PHP 8.4 (push) Failing after 1m51s Details CI / PHP 8.3 (push) Failing after 1m59s Details Core\Service → core/php-service (lthn/service) Core\Website\Service → core/php-service (lthn/service) Core\Front\Client → core/php-client (lthn/client) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 18:56:43 +00:00
Snider	28d004ff61	feat: replace Go CLI with PHP framework Some checks failed CI / PHP 8.4 (push) Failing after 1m54s Details CI / PHP 8.3 (push) Failing after 1m58s Details Go CLI commands moved to core/go-php. This repo now contains the Laravel modular monolith framework (previously php-framework). - Remove all Go files (now in core/go-php) - Add PHP framework: event-driven module loading, lifecycle events - Composer package: core/php - core/php-framework remains as-is for backward compat Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-06 08:49:51 +00:00

17 commits