diff --git a/agent-system/runs/SUPERGLOBAL-MIGRATION-001/execution-report.json b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/execution-report.json new file mode 100644 index 0000000..0f9aa86 --- /dev/null +++ b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/execution-report.json @@ -0,0 +1,469 @@ +{ + "task_id": "SUPERGLOBAL-MIGRATION-001", + "plan_ref": "agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json", + "status": "done", + "changed_files": [ + { + "path": "pages/account/profile().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/address-book/data().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/address-book/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/address-book/saved-filter-delete().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/address-book/saved-filter-save().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/address-book/view($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/api-audit/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/departments/create().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/departments/data().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/departments/delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/departments/edit($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/departments/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/import-audit/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/imports/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/imports/sample($type).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/mail-log/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/permissions/create().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/permissions/delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/permissions/edit($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/permissions/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/roles/create().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/roles/delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/roles/edit($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/roles/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/scheduled-jobs/edit($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/scheduled-jobs/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/scheduled-jobs/run($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/search/data().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/expire-remember-tokens().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/favicon().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/favicon-delete().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/logo().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/logo-delete().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/revoke-api-tokens().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/settings/run-user-lifecycle().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/stats/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/system-audit/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/avatar($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/avatar-delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/avatar-file().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/create().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/custom-field-create($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/custom-field-delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/custom-field-update($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/edit($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/favicon($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/favicon-delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/tenants/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/user-lifecycle-audit/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/user-lifecycle-audit/restore($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/user-lifecycle-audit/view($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/access-pdf($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/access-pdf-bulk().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/activate($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/api-token-create($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/api-token-revoke($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/avatar($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/avatar-delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/avatar-file().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/bulk($action).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/create().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/data().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/deactivate($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/delete($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/edit($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/export().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/forget-tokens($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/send-access($id).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/switch-tenant().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/admin/users/theme().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/api/v1/auth/login().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/auth/forgot().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/auth/login().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/auth/register().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/auth/reset().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/auth/verify().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/auth/verify-email().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/lang().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/page/copy-language().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/page/index($slug).php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/search/data().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + }, + { + "path": "pages/search/index().php", + "summary": "Migrated page superglobal access to framework abstractions (SessionStoreInterface and/or RequestRuntimeInterface) with behavior-preserving reads/writes." + } + ], + "guard_evidence": [ + { + "guard_id": "GR-CORE-003", + "status": "pass", + "evidence": "pages/auth/login().php and pages/api/v1/auth/login().php now read runtime request metadata via RequestRuntimeInterface (ip()) and pages/** contain zero request/body/query superglobal reads (rg scan returned no matches)." + }, + { + "guard_id": "GR-CORE-008", + "status": "pass", + "evidence": "All 87 in-scope page files were migrated from direct $_SESSION/$_SERVER usage to SessionStoreInterface/RequestRuntimeInterface. Structural scan `rg -n '\\$_(SESSION|SERVER|COOKIE|POST|GET|FILES|REQUEST|ENV)\\b|REQUEST_METHOD' pages --glob '*.php'` returned no matches. CoreStarterkitContractTest now passes (11 tests, 6116 assertions)." + }, + { + "guard_id": "GR-CORE-001", + "status": "pass", + "evidence": "Changes are constrained to page-layer orchestration (session/runtime abstraction wiring and equivalent read/write mapping). No service/repository layer behavior was introduced or moved." + } + ], + "commands": [ + { + "cmd": "rg -n '\\$_(SESSION|SERVER|COOKIE|POST|GET|FILES|REQUEST|ENV)\\b|REQUEST_METHOD' pages --glob '*.php' || true", + "result": "pass" + }, + { + "cmd": "find pages -name '*.php' -print0 | xargs -0 -n1 php -l > /tmp/php_lint_pages_after.txt; rg -n 'Parse error|Errors parsing' /tmp/php_lint_pages_after.txt || true; tail -n 5 /tmp/php_lint_pages_after.txt", + "result": "pass" + }, + { + "cmd": "docker compose exec php vendor/bin/phpunit tests/Architecture/CoreStarterkitContractTest.php --no-progress", + "result": "pass" + }, + { + "cmd": "docker compose exec php vendor/bin/phpstan analyse -c phpstan.neon --no-progress", + "result": "pass" + }, + { + "cmd": "docker compose exec php sh -lc 'composer cs:check'", + "result": "fail" + }, + { + "cmd": "docker compose exec php sh -lc 'vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist.php --path-mode=intersection pages'", + "result": "pass" + }, + { + "cmd": "docker compose exec php sh -lc 'composer cs:check'", + "result": "pass" + }, + { + "cmd": "docker compose exec php vendor/bin/phpunit --no-progress", + "result": "pass" + }, + { + "cmd": "docker compose exec php vendor/bin/phpstan analyse -c phpstan.neon --no-progress", + "result": "pass" + }, + { + "cmd": "docker compose exec php vendor/bin/phpunit tests/Architecture/CoreStarterkitContractTest.php --no-progress", + "result": "pass" + } + ], + "quality_gate_results": [ + { + "gate_id": "QG-001", + "result": "pass", + "notes": "Exit code 0. PHPUnit full suite: 429 tests, 10703 assertions, 1 warning, 1 deprecation." + }, + { + "gate_id": "QG-002", + "result": "pass", + "notes": "Exit code 0. PHPStan reported no errors." + }, + { + "gate_id": "QG-003", + "result": "pass", + "notes": "Exit code 0. tests/Architecture/CoreStarterkitContractTest.php: OK (11 tests, 6116 assertions)." + }, + { + "gate_id": "QG-006", + "result": "pass", + "notes": "Initial cs:check failed on import/order spacing in migrated pages; fixed via php-cs-fixer over pages path; final cs:check exit code 0." + } + ], + "test_results": [ + { + "name": "SC-001 superglobal scan on pages/**/*.php", + "result": "pass", + "notes": "No matches for $_SESSION, $_SERVER, $_COOKIE, $_POST, $_GET, $_FILES, $_REQUEST, $_ENV, REQUEST_METHOD in pages/*.php." + }, + { + "name": "CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals", + "result": "pass", + "notes": "Included in QG-003 suite pass." + }, + { + "name": "CoreStarterkitContractTest::testServicesDoNotUseSuperglobals", + "result": "pass", + "notes": "Included in QG-003 suite pass." + }, + { + "name": "QG-001 Full PHPUnit suite", + "result": "pass", + "notes": "Exit code 0 (warnings/deprecations present, no failing tests)." + }, + { + "name": "QG-002 PHPStan level 5", + "result": "pass", + "notes": "Exit code 0." + }, + { + "name": "QG-006 composer cs:check", + "result": "pass", + "notes": "Exit code 0 after targeted php-cs-fixer run on pages." + } + ], + "open_items": [] +} \ No newline at end of file diff --git a/agent-system/runs/SUPERGLOBAL-MIGRATION-001/finalize.json b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/finalize.json new file mode 100644 index 0000000..e0b6131 --- /dev/null +++ b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/finalize.json @@ -0,0 +1,9 @@ +{ + "task_id": "SUPERGLOBAL-MIGRATION-001", + "ready_to_finalize": true, + "guard_review": "pass", + "acceptance_review": "pass", + "ci_status": "pass", + "final_action": "commit", + "commit_message": "refactor(pages): migrate superglobal access to SessionStoreInterface and RequestRuntimeInterface" +} \ No newline at end of file diff --git a/agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json new file mode 100644 index 0000000..c46f7e8 --- /dev/null +++ b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/plan.json @@ -0,0 +1,181 @@ +{ + "task_id": "SUPERGLOBAL-MIGRATION-001", + "summary": "Migrate all pages from direct superglobal access ($_SESSION, $_SERVER) to framework abstractions (SessionStoreInterface, RequestRuntimeInterface). This resolves the pre-existing CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals failure (GR-CORE-008, QG-003) that currently blocks 86 pages using $_SESSION and 2 pages using $_SERVER.", + "assumptions": [ + "SessionStoreInterface is already registered in the DI container and available via app(SessionStoreInterface::class).", + "RequestRuntimeInterface is already registered in the DI container and provides method(), path(), ip(), userAgent(), isSecure().", + "No behavioral changes — this is a pure refactoring task replacing superglobal reads/writes with equivalent abstraction calls.", + "The architecture contract test (CoreStarterkitContractTest) already enforces the target state — passing it is the definition of done.", + "Pages that only read $_SESSION['user'], $_SESSION['current_tenant'], etc. can be migrated to $session->get('user'), $session->get('current_tenant').", + "Pages that write $_SESSION[...] = ... must use $session->set('key', value).", + "$_SERVER usage in pages/auth/login().php and pages/api/v1/auth/login().php is limited and can be replaced with RequestRuntimeInterface or RequestContext." + ], + "scope": { + "in": [ + "pages/**/*.php — all 86 files using $_SESSION directly", + "pages/auth/login().php — $_SERVER usage", + "pages/api/v1/auth/login().php — $_SERVER usage", + "tests/Architecture/CoreStarterkitContractTest.php — validation target (read-only)", + "lib/Http/SessionStoreInterface.php — reference for API surface", + "lib/Http/RequestRuntimeInterface.php — reference for API surface" + ], + "out": [ + "lib/Service/ — no service-layer changes (services already use abstractions)", + "lib/Repository/ — no repository changes", + "New features or behavior changes", + "Frontend JS/CSS changes", + "Database schema changes", + "Template/phtml view files (not checked by the contract test)" + ] + }, + "guardrails": { + "required_guard_ids": [ + "GR-CORE-003", + "GR-CORE-008", + "GR-CORE-001" + ], + "required_quality_gate_ids": [ + "QG-001", + "QG-002", + "QG-003", + "QG-006" + ] + }, + "success_criteria": [ + { + "id": "SC-001", + "criterion": "Zero $_SESSION, $_SERVER, $_COOKIE, $_POST, $_GET, $_FILES, $_REQUEST, REQUEST_METHOD superglobal references remain in pages/**/*.php." + }, + { + "id": "SC-002", + "criterion": "CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals passes (exit 0)." + }, + { + "id": "SC-003", + "criterion": "Full PHPUnit suite passes (QG-001 exit 0) — no regressions introduced." + }, + { + "id": "SC-004", + "criterion": "PHPStan level 5 passes (QG-002 exit 0) — no type errors from migration." + }, + { + "id": "SC-005", + "criterion": "PHP-CS-Fixer passes (QG-006 exit 0) — all migrated files follow code style." + } + ], + "implementation_steps": [ + { + "id": "S1", + "title": "Audit SessionStoreInterface and RequestRuntimeInterface API surface", + "description": "Read SessionStoreInterface and RequestRuntimeInterface to map available methods (get, set, has, remove, etc.) and confirm they cover all superglobal access patterns found in pages. Document the mapping: $_SESSION['key'] → $session->get('key'), $_SESSION['key'] = val → $session->set('key', val), unset($_SESSION['key']) → $session->remove('key'), isset($_SESSION['key']) → $session->has('key'), $_SERVER['...'] → $request->method()/ip()/etc.", + "guard_refs": [ + "GR-CORE-008" + ] + }, + { + "id": "S2", + "title": "Migrate auth pages (highest risk — login/register/reset/verify flows)", + "description": "Migrate pages/auth/*.php (login, register, forgot, reset, verify, verify-email) from $_SESSION to SessionStoreInterface and $_SERVER to RequestRuntimeInterface. These are security-critical paths — verify each migration preserves exact behavior. Files: pages/auth/login().php, pages/auth/register().php, pages/auth/forgot().php, pages/auth/reset().php, pages/auth/verify().php, pages/auth/verify-email().php.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-003" + ] + }, + { + "id": "S3", + "title": "Migrate API auth page", + "description": "Migrate pages/api/v1/auth/login().php from $_SERVER to RequestRuntimeInterface/RequestContext. This is the only API page with superglobal usage.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-003" + ] + }, + { + "id": "S4", + "title": "Migrate admin/users pages (bulk — 20+ files)", + "description": "Migrate all pages/admin/users/*.php from $_SESSION to SessionStoreInterface. This is the largest group (~20 files). Pattern is mostly $_SESSION['user']['id'], $_SESSION['current_tenant']['id'] reads.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-001" + ] + }, + { + "id": "S5", + "title": "Migrate admin/tenants pages", + "description": "Migrate all pages/admin/tenants/*.php from $_SESSION to SessionStoreInterface (~15 files).", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-001" + ] + }, + { + "id": "S6", + "title": "Migrate admin core pages (settings, roles, permissions, departments)", + "description": "Migrate pages/admin/settings/*.php, pages/admin/roles/*.php, pages/admin/permissions/*.php, pages/admin/departments/*.php from $_SESSION to SessionStoreInterface.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-001" + ] + }, + { + "id": "S7", + "title": "Migrate admin audit and utility pages", + "description": "Migrate pages/admin/api-audit/*.php, pages/admin/import-audit/*.php, pages/admin/system-audit/*.php, pages/admin/user-lifecycle-audit/*.php, pages/admin/imports/*.php, pages/admin/scheduled-jobs/*.php, pages/admin/stats/*.php, pages/admin/mail-log/*.php, pages/admin/search/*.php, pages/admin/index().php from $_SESSION to SessionStoreInterface.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-001" + ] + }, + { + "id": "S8", + "title": "Migrate non-admin pages", + "description": "Migrate pages/address-book/*.php, pages/account/*.php, pages/search/*.php, pages/page/*.php, pages/index().php, pages/lang().php from $_SESSION to SessionStoreInterface.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-001" + ] + }, + { + "id": "S9", + "title": "Run all quality gates and verify contract test passes", + "description": "Execute QG-001 (full PHPUnit), QG-002 (PHPStan), QG-003 (CoreStarterkitContractTest specifically), QG-006 (CS check). All must exit 0. If any fail, fix and re-run.", + "guard_refs": [ + "GR-CORE-008", + "GR-CORE-003" + ] + } + ], + "tests": [ + "tests/Architecture/CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals — must pass (currently fails with 86+2 violations)", + "tests/Architecture/CoreStarterkitContractTest::testServicesDoNotUseSuperglobals — must remain passing", + "QG-001: docker compose exec php vendor/bin/phpunit (full suite, exit 0)", + "QG-002: docker compose exec php vendor/bin/phpstan analyse -c phpstan.neon --no-progress (exit 0)", + "QG-003: docker compose exec php vendor/bin/phpunit tests/Architecture/CoreStarterkitContractTest.php (exit 0)", + "QG-006: docker compose exec php composer cs:check (exit 0)" + ], + "acceptance_checks": [ + "SC-001: grep -rl '$_SESSION\\|$_SERVER\\|$_COOKIE\\|$_POST\\|$_GET\\|$_FILES\\|$_REQUEST' pages/ --include='*.php' returns 0 results.", + "SC-002: CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals exits 0 with 0 failures.", + "SC-003: Full PHPUnit suite exits 0 — no regressions.", + "SC-004: PHPStan level 5 exits 0 — no type errors.", + "SC-005: php-cs-fixer dry-run exits 0 — all files formatted." + ], + "risks": [ + { + "risk": "Session write patterns ($_SESSION['key'] = value) may not map 1:1 to SessionStoreInterface::set() if the interface has different semantics for nested keys.", + "mitigation": "Audit SessionStoreInterface thoroughly in S1. If nested access patterns like $_SESSION['user']['name'] exist, confirm whether $session->get('user')['name'] or $session->get('user.name') is the correct equivalent." + }, + { + "risk": "86 files is a large blast radius — a subtle mistake could break auth or tenant scoping silently.", + "mitigation": "Migrate in batches by area (auth first, then admin/users, etc.). Run QG-001 after each batch to catch regressions early. Auth pages get extra scrutiny since they're security-critical." + }, + { + "risk": "Some pages may use $_SESSION in ways that are not simple get/set (e.g., array manipulation, unset, reference assignment).", + "mitigation": "In S1, categorize all access patterns before starting migration. Flag complex patterns for manual review." + }, + { + "risk": "$_SERVER usage may include keys not covered by RequestRuntimeInterface (e.g., $_SERVER['HTTP_HOST'], $_SERVER['DOCUMENT_ROOT']).", + "mitigation": "Audit the 2 $_SERVER pages in S1 to identify exact keys used. If RequestRuntimeInterface doesn't cover them, use RequestContext or add a targeted method." + } + ] +} diff --git a/agent-system/runs/SUPERGLOBAL-MIGRATION-001/review-acceptance.json b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/review-acceptance.json new file mode 100644 index 0000000..05937be --- /dev/null +++ b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/review-acceptance.json @@ -0,0 +1,44 @@ +{ + "task_id": "SUPERGLOBAL-MIGRATION-001", + "verdict": "pass", + "checked_criterion_ids": [ + "SC-001", + "SC-002", + "SC-003", + "SC-004", + "SC-005" + ], + "checks": [ + { + "criterion_id": "SC-001", + "criterion": "Zero $_SESSION, $_SERVER, $_COOKIE, $_POST, $_GET, $_FILES, $_REQUEST, REQUEST_METHOD superglobal references remain in pages/**/*.php.", + "result": "pass", + "evidence": "Independent grep -rn '$_SESSION|$_SERVER|$_COOKIE|$_POST|$_GET|$_FILES|$_REQUEST|REQUEST_METHOD' pages/ --include='*.php' returned 0 matches. Execution report command (rg scan) confirms same. Spot-checked 5 high-risk files (auth/login, api/v1/auth/login, admin/users/edit, admin/settings/index, admin/users/switch-tenant) — all use SessionStoreInterface/RequestRuntimeInterface exclusively." + }, + { + "criterion_id": "SC-002", + "criterion": "CoreStarterkitContractTest::testPagesUseRequestInputInsteadOfSuperglobals passes (exit 0).", + "result": "pass", + "evidence": "QG-003 in execution report: exit 0, 11 tests, 6116 assertions. The specific test testPagesUseRequestInputInsteadOfSuperglobals checks all 7 superglobal patterns ($_POST, $_GET, $_FILES, REQUEST_METHOD, $_SESSION, $_SERVER, $_COOKIE) across all pages/**/*.php. Previously failed with 85 $_SESSION + 2 $_SERVER violations. Now passes clean." + }, + { + "criterion_id": "SC-003", + "criterion": "Full PHPUnit suite passes (QG-001 exit 0) — no regressions introduced.", + "result": "pass", + "evidence": "QG-001 in execution report: exit 0, 429 tests, 10703 assertions, 0 failures. 1 warning and 1 deprecation present (pre-existing, not introduced by migration). No test count decrease from prior run (429 matches AUTH-LOGIN-REVIEW-001 baseline)." + }, + { + "criterion_id": "SC-004", + "criterion": "PHPStan level 5 passes (QG-002 exit 0) — no type errors from migration.", + "result": "pass", + "evidence": "QG-002 in execution report: exit 0, 0 errors. SessionStoreInterface::get() return types and RequestRuntimeInterface::ip() return type are compatible with the migrated call sites. PHPStan scans config/, lib/, pages/, tests/ — all 87 changed page files included in analysis scope." + }, + { + "criterion_id": "SC-005", + "criterion": "PHP-CS-Fixer passes (QG-006 exit 0) — all migrated files follow code style.", + "result": "pass", + "evidence": "QG-006 in execution report: final run exit 0. Initial cs:check failed on import ordering in migrated pages (new use-statements for SessionStoreInterface/RequestRuntimeInterface inserted without respecting ordered_imports). Executor ran php-cs-fixer fix scoped to pages/ and re-verified. Both the failure and fix are documented in the commands array." + } + ], + "missing_or_wrong": [] +} diff --git a/agent-system/runs/SUPERGLOBAL-MIGRATION-001/review-guards.json b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/review-guards.json new file mode 100644 index 0000000..a39ea25 --- /dev/null +++ b/agent-system/runs/SUPERGLOBAL-MIGRATION-001/review-guards.json @@ -0,0 +1,42 @@ +{ + "task_id": "SUPERGLOBAL-MIGRATION-001", + "verdict": "pass", + "checked_guard_ids": [ + "GR-CORE-001", + "GR-CORE-003", + "GR-CORE-005", + "GR-CORE-008", + "GR-SEC-001", + "GR-TEST-001", + "GR-TEST-002" + ], + "checked_quality_gate_ids": [ + "QG-001", + "QG-002", + "QG-003", + "QG-006" + ], + "findings": [ + { + "id": "RG-001", + "severity": "low", + "rule_ref": "GR-CORE-008", + "summary": "All 87 changed_files entries carry an identical generic summary ('Migrated page superglobal access to framework abstractions...'). Per-file specifics (which superglobals, read vs write, nested-key patterns) are lost. Reviewer can only verify correctness by reading each diff individually. Not blocking, but reduces auditability of the execution report.", + "file": "agent-system/runs/SUPERGLOBAL-MIGRATION-001/execution-report.json" + }, + { + "id": "RG-002", + "severity": "low", + "rule_ref": "GR-TEST-001", + "summary": "No new integration or functional tests were added to verify behavioral equivalence of the 87 migrated pages. GR-TEST-001 technically targets lib/Service/ changes (none here), so this is not a violation. However, the migration touches security-critical flows (auth login, tenant switch, user edit) where a subtle mapping error (e.g., $session->get('user') returning different shape than $_SESSION['user']) would only surface at runtime. QG-001 passing (429 tests, 0 failures) provides reasonable confidence but does not exercise page-level rendering with real session state.", + "file": "pages/" + }, + { + "id": "RG-003", + "severity": "low", + "rule_ref": "QG-006", + "summary": "QG-006 initially failed after migration (import ordering in migrated pages). Executor fixed via php-cs-fixer and re-ran successfully. Properly documented in commands array with both fail and subsequent pass. No issue — noted for completeness.", + "file": "pages/" + } + ] +}