docs(agent): add SUPERGLOBAL-MIGRATION-001 run artifacts
Plan, execution report, guard review, acceptance review, and finalize artifacts for the superglobal-to-abstraction migration (87 pages migrated from $_SESSION/$_SERVER to SessionStoreInterface/RequestRuntimeInterface). Task: SUPERGLOBAL-MIGRATION-001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,469 @@
|
||||
{
|
||||
"task_id": "SUPERGLOBAL-MIGRATION-001",
|
||||
"plan_ref": "agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json",
|
||||
"status": "done",
|
||||
"changed_files": [
|
||||
{
|
||||
"path": "pages/account/profile().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/address-book/data().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/address-book/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/address-book/saved-filter-delete().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/address-book/saved-filter-save().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/address-book/view($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/api-audit/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/departments/create().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/departments/data().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/departments/delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/departments/edit($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/departments/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/import-audit/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/imports/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/imports/sample($type).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/mail-log/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/permissions/create().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/permissions/delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/permissions/edit($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/permissions/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/roles/create().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/roles/delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/roles/edit($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/roles/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/scheduled-jobs/edit($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/scheduled-jobs/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/scheduled-jobs/run($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/search/data().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/expire-remember-tokens().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/favicon().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/favicon-delete().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/logo().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/logo-delete().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/revoke-api-tokens().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/settings/run-user-lifecycle().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/stats/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/system-audit/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/avatar($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/avatar-delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/avatar-file().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/create().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/custom-field-create($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/custom-field-delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/custom-field-update($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/edit($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/favicon($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/favicon-delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/tenants/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/user-lifecycle-audit/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/user-lifecycle-audit/restore($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/user-lifecycle-audit/view($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/access-pdf($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/access-pdf-bulk().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/activate($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/api-token-create($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/api-token-revoke($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/avatar($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/avatar-delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/avatar-file().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/bulk($action).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/create().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/data().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/deactivate($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/delete($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/edit($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/export().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/forget-tokens($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/send-access($id).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/switch-tenant().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/admin/users/theme().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/api/v1/auth/login().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/auth/forgot().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/auth/login().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/auth/register().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/auth/reset().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/auth/verify().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/auth/verify-email().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/lang().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/page/copy-language().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/page/index($slug).php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/search/data().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
},
|
||||
{
|
||||
"path": "pages/search/index().php",
|
||||
"summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes."
|
||||
}
|
||||
],
|
||||
"guard_evidence": [
|
||||
{
|
||||
"guard_id": "GR-CORE-003",
|
||||
"status": "pass",
|
||||
"evidence": "pages/auth/login().php and pages/api/v1/auth/login().php now read runtime request metadata via RequestRuntimeInterface (ip()) and pages/** contain zero request/body/query superglobal reads (rg scan returned no matches)."
|
||||
},
|
||||
{
|
||||
"guard_id": "GR-CORE-008",
|
||||
"status": "pass",
|
||||
"evidence": "All 87 in-scope page files were migrated from direct $_SESSION/$_SERVER usage to SessionStoreInterface/RequestRuntimeInterface. Structural scan `rg -n '\\$_(SESSION|SERVER|COOKIE|POST|GET|FILES|REQUEST|ENV)\\b|REQUEST_METHOD' pages --glob '*.php'` returned no matches. CoreStarterkitContractTest now passes (11 tests, 6116 assertions)."
|
||||
},
|
||||
{
|
||||
"guard_id": "GR-CORE-001",
|
||||
"status": "pass",
|
||||
"evidence": "Changes are constrained to page-layer orchestration (session/runtime abstraction wiring and equivalent read/write mapping). No service/repository layer behavior was introduced or moved."
|
||||
}
|
||||
],
|
||||
"commands": [
|
||||
{
|
||||
"cmd": "rg -n '\\$_(SESSION|SERVER|COOKIE|POST|GET|FILES|REQUEST|ENV)\\b|REQUEST_METHOD' pages --glob '*.php' || true",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "find pages -name '*.php' -print0 | xargs -0 -n1 php -l > /tmp/php_lint_pages_after.txt; rg -n 'Parse error|Errors parsing' /tmp/php_lint_pages_after.txt || true; tail -n 5 /tmp/php_lint_pages_after.txt",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php vendor/bin/phpunit tests/Architecture/CoreStarterkitContractTest.php --no-progress",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php vendor/bin/phpstan analyse -c phpstan.neon --no-progress",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php sh -lc 'composer cs:check'",
|
||||
"result": "fail"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php sh -lc 'vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist.php --path-mode=intersection pages'",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php sh -lc 'composer cs:check'",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php vendor/bin/phpunit --no-progress",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php vendor/bin/phpstan analyse -c phpstan.neon --no-progress",
|
||||
"result": "pass"
|
||||
},
|
||||
{
|
||||
"cmd": "docker compose exec php vendor/bin/phpunit tests/Architecture/CoreStarterkitContractTest.php --no-progress",
|
||||
"result": "pass"
|
||||
}
|
||||
],
|
||||
"quality_gate_results": [
|
||||
{
|
||||
"gate_id": "QG-001",
|
||||
"result": "pass",
|
||||
"notes": "Exit code 0. PHPUnit full suite: 429 tests, 10703 assertions, 1 warning, 1 deprecation."
|
||||
},
|
||||
{
|
||||
"gate_id": "QG-002",
|
||||
"result": "pass",
|
||||
"notes": "Exit code 0. PHPStan reported no errors."
|
||||
},
|
||||
{
|
||||
"gate_id": "QG-003",
|
||||
"result": "pass",
|
||||
"notes": "Exit code 0. tests/Architecture/CoreStarterkitContractTest.php: OK (11 tests, 6116 assertions)."
|
||||
},
|
||||
{
|
||||
"gate_id": "QG-006",
|
||||
"result": "pass",
|
||||
"notes": "Initial cs:check failed on import/order spacing in migrated pages; fixed via php-cs-fixer over pages path; final cs:check exit code 0."
|
||||
}
|
||||
],
|
||||
"test_results": [
|
||||
{
|
||||
"name": "SC-001 superglobal scan on pages/**/*.php",
|
||||
"result": "pass",
|
||||
"notes": "No matches for $_SESSION, $_SERVER, $_COOKIE, $_POST, $_GET, $_FILES, $_REQUEST, $_ENV, REQUEST_METHOD in pages/*.php."
|
||||
},
|
||||
{
|
||||
"name": "CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals",
|
||||
"result": "pass",
|
||||
"notes": "Included in QG-003 suite pass."
|
||||
},
|
||||
{
|
||||
"name": "CoreStarterkitContractTest::testServicesDoNotUseSuperglobals",
|
||||
"result": "pass",
|
||||
"notes": "Included in QG-003 suite pass."
|
||||
},
|
||||
{
|
||||
"name": "QG-001 Full PHPUnit suite",
|
||||
"result": "pass",
|
||||
"notes": "Exit code 0 (warnings/deprecations present, no failing tests)."
|
||||
},
|
||||
{
|
||||
"name": "QG-002 PHPStan level 5",
|
||||
"result": "pass",
|
||||
"notes": "Exit code 0."
|
||||
},
|
||||
{
|
||||
"name": "QG-006 composer cs:check",
|
||||
"result": "pass",
|
||||
"notes": "Exit code 0 after targeted php-cs-fixer run on pages."
|
||||
}
|
||||
],
|
||||
"open_items": []
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"task_id": "SUPERGLOBAL-MIGRATION-001",
|
||||
"ready_to_finalize": true,
|
||||
"guard_review": "pass",
|
||||
"acceptance_review": "pass",
|
||||
"ci_status": "pass",
|
||||
"final_action": "commit",
|
||||
"commit_message": "refactor(pages): migrate superglobal access to SessionStoreInterface and RequestRuntimeInterface"
|
||||
}
|
||||
181
agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json
Normal file
181
agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json
Normal file
@@ -0,0 +1,181 @@
|
||||
{
|
||||
"task_id": "SUPERGLOBAL-MIGRATION-001",
|
||||
"summary": "Migrate all pages from direct superglobal access ($_SESSION, $_SERVER) to framework abstractions (SessionStoreInterface, RequestRuntimeInterface). This resolves the pre-existing CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals failure (GR-CORE-008, QG-003) that currently blocks 86 pages using $_SESSION and 2 pages using $_SERVER.",
|
||||
"assumptions": [
|
||||
"SessionStoreInterface is already registered in the DI container and available via app(SessionStoreInterface::class).",
|
||||
"RequestRuntimeInterface is already registered in the DI container and provides method(), path(), ip(), userAgent(), isSecure().",
|
||||
"No behavioral changes — this is a pure refactoring task replacing superglobal reads/writes with equivalent abstraction calls.",
|
||||
"The architecture contract test (CoreStarterkitContractTest) already enforces the target state — passing it is the definition of done.",
|
||||
"Pages that only read $_SESSION['user'], $_SESSION['current_tenant'], etc. can be migrated to $session->get('user'), $session->get('current_tenant').",
|
||||
"Pages that write $_SESSION[...] = ... must use $session->set('key', value).",
|
||||
"$_SERVER usage in pages/auth/login().php and pages/api/v1/auth/login().php is limited and can be replaced with RequestRuntimeInterface or RequestContext."
|
||||
],
|
||||
"scope": {
|
||||
"in": [
|
||||
"pages/**/*.php — all 86 files using $_SESSION directly",
|
||||
"pages/auth/login().php — $_SERVER usage",
|
||||
"pages/api/v1/auth/login().php — $_SERVER usage",
|
||||
"tests/Architecture/CoreStarterkitContractTest.php — validation target (read-only)",
|
||||
"lib/Http/SessionStoreInterface.php — reference for API surface",
|
||||
"lib/Http/RequestRuntimeInterface.php — reference for API surface"
|
||||
],
|
||||
"out": [
|
||||
"lib/Service/ — no service-layer changes (services already use abstractions)",
|
||||
"lib/Repository/ — no repository changes",
|
||||
"New features or behavior changes",
|
||||
"Frontend JS/CSS changes",
|
||||
"Database schema changes",
|
||||
"Template/phtml view files (not checked by the contract test)"
|
||||
]
|
||||
},
|
||||
"guardrails": {
|
||||
"required_guard_ids": [
|
||||
"GR-CORE-003",
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-001"
|
||||
],
|
||||
"required_quality_gate_ids": [
|
||||
"QG-001",
|
||||
"QG-002",
|
||||
"QG-003",
|
||||
"QG-006"
|
||||
]
|
||||
},
|
||||
"success_criteria": [
|
||||
{
|
||||
"id": "SC-001",
|
||||
"criterion": "Zero $_SESSION, $_SERVER, $_COOKIE, $_POST, $_GET, $_FILES, $_REQUEST, REQUEST_METHOD superglobal references remain in pages/**/*.php."
|
||||
},
|
||||
{
|
||||
"id": "SC-002",
|
||||
"criterion": "CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals passes (exit 0)."
|
||||
},
|
||||
{
|
||||
"id": "SC-003",
|
||||
"criterion": "Full PHPUnit suite passes (QG-001 exit 0) — no regressions introduced."
|
||||
},
|
||||
{
|
||||
"id": "SC-004",
|
||||
"criterion": "PHPStan level 5 passes (QG-002 exit 0) — no type errors from migration."
|
||||
},
|
||||
{
|
||||
"id": "SC-005",
|
||||
"criterion": "PHP-CS-Fixer passes (QG-006 exit 0) — all migrated files follow code style."
|
||||
}
|
||||
],
|
||||
"implementation_steps": [
|
||||
{
|
||||
"id": "S1",
|
||||
"title": "Audit SessionStoreInterface and RequestRuntimeInterface API surface",
|
||||
"description": "Read SessionStoreInterface and RequestRuntimeInterface to map available methods (get, set, has, remove, etc.) and confirm they cover all superglobal access patterns found in pages. Document the mapping: $_SESSION['key'] → $session->get('key'), $_SESSION['key'] = val → $session->set('key', val), unset($_SESSION['key']) → $session->remove('key'), isset($_SESSION['key']) → $session->has('key'), $_SERVER['...'] → $request->method()/ip()/etc.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S2",
|
||||
"title": "Migrate auth pages (highest risk — login/register/reset/verify flows)",
|
||||
"description": "Migrate pages/auth/*.php (login, register, forgot, reset, verify, verify-email) from $_SESSION to SessionStoreInterface and $_SERVER to RequestRuntimeInterface. These are security-critical paths — verify each migration preserves exact behavior. Files: pages/auth/login().php, pages/auth/register().php, pages/auth/forgot().php, pages/auth/reset().php, pages/auth/verify().php, pages/auth/verify-email().php.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-003"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S3",
|
||||
"title": "Migrate API auth page",
|
||||
"description": "Migrate pages/api/v1/auth/login().php from $_SERVER to RequestRuntimeInterface/RequestContext. This is the only API page with superglobal usage.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-003"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S4",
|
||||
"title": "Migrate admin/users pages (bulk — 20+ files)",
|
||||
"description": "Migrate all pages/admin/users/*.php from $_SESSION to SessionStoreInterface. This is the largest group (~20 files). Pattern is mostly $_SESSION['user']['id'], $_SESSION['current_tenant']['id'] reads.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-001"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S5",
|
||||
"title": "Migrate admin/tenants pages",
|
||||
"description": "Migrate all pages/admin/tenants/*.php from $_SESSION to SessionStoreInterface (~15 files).",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-001"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S6",
|
||||
"title": "Migrate admin core pages (settings, roles, permissions, departments)",
|
||||
"description": "Migrate pages/admin/settings/*.php, pages/admin/roles/*.php, pages/admin/permissions/*.php, pages/admin/departments/*.php from $_SESSION to SessionStoreInterface.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-001"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S7",
|
||||
"title": "Migrate admin audit and utility pages",
|
||||
"description": "Migrate pages/admin/api-audit/*.php, pages/admin/import-audit/*.php, pages/admin/system-audit/*.php, pages/admin/user-lifecycle-audit/*.php, pages/admin/imports/*.php, pages/admin/scheduled-jobs/*.php, pages/admin/stats/*.php, pages/admin/mail-log/*.php, pages/admin/search/*.php, pages/admin/index().php from $_SESSION to SessionStoreInterface.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-001"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S8",
|
||||
"title": "Migrate non-admin pages",
|
||||
"description": "Migrate pages/address-book/*.php, pages/account/*.php, pages/search/*.php, pages/page/*.php, pages/index().php, pages/lang().php from $_SESSION to SessionStoreInterface.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-001"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "S9",
|
||||
"title": "Run all quality gates and verify contract test passes",
|
||||
"description": "Execute QG-001 (full PHPUnit), QG-002 (PHPStan), QG-003 (CoreStarterkitContractTest specifically), QG-006 (CS check). All must exit 0. If any fail, fix and re-run.",
|
||||
"guard_refs": [
|
||||
"GR-CORE-008",
|
||||
"GR-CORE-003"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tests": [
|
||||
"tests/Architecture/CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals — must pass (currently fails with 86+2 violations)",
|
||||
"tests/Architecture/CoreStarterkitContractTest::testServicesDoNotUseSuperglobals — must remain passing",
|
||||
"QG-001: docker compose exec php vendor/bin/phpunit (full suite, exit 0)",
|
||||
"QG-002: docker compose exec php vendor/bin/phpstan analyse -c phpstan.neon --no-progress (exit 0)",
|
||||
"QG-003: docker compose exec php vendor/bin/phpunit tests/Architecture/CoreStarterkitContractTest.php (exit 0)",
|
||||
"QG-006: docker compose exec php composer cs:check (exit 0)"
|
||||
],
|
||||
"acceptance_checks": [
|
||||
"SC-001: grep -rl '$_SESSION\\|$_SERVER\\|$_COOKIE\\|$_POST\\|$_GET\\|$_FILES\\|$_REQUEST' pages/ --include='*.php' returns 0 results.",
|
||||
"SC-002: CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals exits 0 with 0 failures.",
|
||||
"SC-003: Full PHPUnit suite exits 0 — no regressions.",
|
||||
"SC-004: PHPStan level 5 exits 0 — no type errors.",
|
||||
"SC-005: php-cs-fixer dry-run exits 0 — all files formatted."
|
||||
],
|
||||
"risks": [
|
||||
{
|
||||
"risk": "Session write patterns ($_SESSION['key'] = value) may not map 1:1 to SessionStoreInterface::set() if the interface has different semantics for nested keys.",
|
||||
"mitigation": "Audit SessionStoreInterface thoroughly in S1. If nested access patterns like $_SESSION['user']['name'] exist, confirm whether $session->get('user')['name'] or $session->get('user.name') is the correct equivalent."
|
||||
},
|
||||
{
|
||||
"risk": "86 files is a large blast radius — a subtle mistake could break auth or tenant scoping silently.",
|
||||
"mitigation": "Migrate in batches by area (auth first, then admin/users, etc.). Run QG-001 after each batch to catch regressions early. Auth pages get extra scrutiny since they're security-critical."
|
||||
},
|
||||
{
|
||||
"risk": "Some pages may use $_SESSION in ways that are not simple get/set (e.g., array manipulation, unset, reference assignment).",
|
||||
"mitigation": "In S1, categorize all access patterns before starting migration. Flag complex patterns for manual review."
|
||||
},
|
||||
{
|
||||
"risk": "$_SERVER usage may include keys not covered by RequestRuntimeInterface (e.g., $_SERVER['HTTP_HOST'], $_SERVER['DOCUMENT_ROOT']).",
|
||||
"mitigation": "Audit the 2 $_SERVER pages in S1 to identify exact keys used. If RequestRuntimeInterface doesn't cover them, use RequestContext or add a targeted method."
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
{
|
||||
"task_id": "SUPERGLOBAL-MIGRATION-001",
|
||||
"verdict": "pass",
|
||||
"checked_criterion_ids": [
|
||||
"SC-001",
|
||||
"SC-002",
|
||||
"SC-003",
|
||||
"SC-004",
|
||||
"SC-005"
|
||||
],
|
||||
"checks": [
|
||||
{
|
||||
"criterion_id": "SC-001",
|
||||
"criterion": "Zero $_SESSION, $_SERVER, $_COOKIE, $_POST, $_GET, $_FILES, $_REQUEST, REQUEST_METHOD superglobal references remain in pages/**/*.php.",
|
||||
"result": "pass",
|
||||
"evidence": "Independent grep -rn '$_SESSION|$_SERVER|$_COOKIE|$_POST|$_GET|$_FILES|$_REQUEST|REQUEST_METHOD' pages/ --include='*.php' returned 0 matches. Execution report command (rg scan) confirms same. Spot-checked 5 high-risk files (auth/login, api/v1/auth/login, admin/users/edit, admin/settings/index, admin/users/switch-tenant) — all use SessionStoreInterface/RequestRuntimeInterface exclusively."
|
||||
},
|
||||
{
|
||||
"criterion_id": "SC-002",
|
||||
"criterion": "CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals passes (exit 0).",
|
||||
"result": "pass",
|
||||
"evidence": "QG-003 in execution report: exit 0, 11 tests, 6116 assertions. The specific test testPagesUseRequestInputInsteadOfSuperglobals checks all 7 superglobal patterns ($_POST, $_GET, $_FILES, REQUEST_METHOD, $_SESSION, $_SERVER, $_COOKIE) across all pages/**/*.php. Previously failed with 85 $_SESSION + 2 $_SERVER violations. Now passes clean."
|
||||
},
|
||||
{
|
||||
"criterion_id": "SC-003",
|
||||
"criterion": "Full PHPUnit suite passes (QG-001 exit 0) — no regressions introduced.",
|
||||
"result": "pass",
|
||||
"evidence": "QG-001 in execution report: exit 0, 429 tests, 10703 assertions, 0 failures. 1 warning and 1 deprecation present (pre-existing, not introduced by migration). No test count decrease from prior run (429 matches AUTH-LOGIN-REVIEW-001 baseline)."
|
||||
},
|
||||
{
|
||||
"criterion_id": "SC-004",
|
||||
"criterion": "PHPStan level 5 passes (QG-002 exit 0) — no type errors from migration.",
|
||||
"result": "pass",
|
||||
"evidence": "QG-002 in execution report: exit 0, 0 errors. SessionStoreInterface::get() return types and RequestRuntimeInterface::ip() return type are compatible with the migrated call sites. PHPStan scans config/, lib/, pages/, tests/ — all 87 changed page files included in analysis scope."
|
||||
},
|
||||
{
|
||||
"criterion_id": "SC-005",
|
||||
"criterion": "PHP-CS-Fixer passes (QG-006 exit 0) — all migrated files follow code style.",
|
||||
"result": "pass",
|
||||
"evidence": "QG-006 in execution report: final run exit 0. Initial cs:check failed on import ordering in migrated pages (new use-statements for SessionStoreInterface/RequestRuntimeInterface inserted without respecting ordered_imports). Executor ran php-cs-fixer fix scoped to pages/ and re-verified. Both the failure and fix are documented in the commands array."
|
||||
}
|
||||
],
|
||||
"missing_or_wrong": []
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
{
|
||||
"task_id": "SUPERGLOBAL-MIGRATION-001",
|
||||
"verdict": "pass",
|
||||
"checked_guard_ids": [
|
||||
"GR-CORE-001",
|
||||
"GR-CORE-003",
|
||||
"GR-CORE-005",
|
||||
"GR-CORE-008",
|
||||
"GR-SEC-001",
|
||||
"GR-TEST-001",
|
||||
"GR-TEST-002"
|
||||
],
|
||||
"checked_quality_gate_ids": [
|
||||
"QG-001",
|
||||
"QG-002",
|
||||
"QG-003",
|
||||
"QG-006"
|
||||
],
|
||||
"findings": [
|
||||
{
|
||||
"id": "RG-001",
|
||||
"severity": "low",
|
||||
"rule_ref": "GR-CORE-008",
|
||||
"summary": "All 87 changed_files entries carry an identical generic summary ('Migrated page superglobal access to framework abstractions...'). Per-file specifics (which superglobals, read vs write, nested-key patterns) are lost. Reviewer can only verify correctness by reading each diff individually. Not blocking, but reduces auditability of the execution report.",
|
||||
"file": "agent-system/runs/SUPERGLOBAL-MIGRATION-001/execution-report.json"
|
||||
},
|
||||
{
|
||||
"id": "RG-002",
|
||||
"severity": "low",
|
||||
"rule_ref": "GR-TEST-001",
|
||||
"summary": "No new integration or functional tests were added to verify behavioral equivalence of the 87 migrated pages. GR-TEST-001 technically targets lib/Service/ changes (none here), so this is not a violation. However, the migration touches security-critical flows (auth login, tenant switch, user edit) where a subtle mapping error (e.g., $session->get('user') returning different shape than $_SESSION['user']) would only surface at runtime. QG-001 passing (429 tests, 0 failures) provides reasonable confidence but does not exercise page-level rendering with real session state.",
|
||||
"file": "pages/"
|
||||
},
|
||||
{
|
||||
"id": "RG-003",
|
||||
"severity": "low",
|
||||
"rule_ref": "QG-006",
|
||||
"summary": "QG-006 initially failed after migration (import ordering in migrated pages). Executor fixed via php-cs-fixer and re-ran successfully. Properly documented in commands array with both fail and subsequent pass. No issue — noted for completeness.",
|
||||
"file": "pages/"
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user