Commit Graph

12 Commits

Author SHA1 Message Date
fs
5f156661fd docs: fix guard count drift in CLAUDE.md, README, and workflow
Update security guard references from 9 to 10 (GR-SEC-010 was missing),
code reviewer guards from 13 to 17 (new GR-CORE-LAYERS, GR-CORE-MODULE,
GR-CORE-META, GR-UI-TAXONOMY), and total guard count from 22 to 27.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 20:50:24 +02:00
fs
ea0b31ba67 chore(guards): map all 85 architecture tests to guards, add 4 new guards
Add GR-CORE-LAYERS (layer isolation), GR-CORE-MODULE (module boundaries),
GR-CORE-META (agent/codex system integrity), GR-UI-TAXONOMY (status
taxonomy consistency). Extend existing guards GR-SEC-008, GR-UI-DETAIL,
GR-UI-LIST, GR-UI-A11Y, GR-UI-REUSE, GR-TEST-002, GR-SEC-002 with
their previously unmapped architecture tests. Coverage goes from 23/85
mapped tests (27%) to 85/85 (100%).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 20:39:51 +02:00
fs
576a0c51cd feat(guards): add GR-SEC-010 — output escaping enforcement in views
Add architecture test ViewLayerOutputEscapingContractTest that flags
raw <?php echo in .phtml files. Legitimate uses (pre-built ARIA attrs
from navActive(), hardcoded role values, pre-rendered HTML fragments)
must carry an inline // raw-html-ok: reason marker.

Annotated all 11 existing raw echo sites with justification markers.
Added guard to catalog, enforcement map (automated), CLAUDE.md security
section, and never-do-this list.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 12:08:25 +02:00
fs
5d07236758 feat(search): refresh global search UI and align qa/docs updates 2026-04-02 10:49:35 +02:00
fs
5699bc6c5b refactor(config): remove runtime config files and centralize route/bootstrap 2026-04-01 20:27:42 +02:00
fs
dba589b495 chore(agents): implement v2 hardening and enforcement-ready QA 2026-04-01 19:41:56 +02:00
fs
0bf7f62fd8 chore: move php-cs-fixer config into tools
- relocate .php-cs-fixer.dist.php to tools/php-cs-fixer/.php-cs-fixer.dist.php

- update composer scripts, docs, quality gates, and style skill references

- keep finder scope stable via project-root resolution

- fix pre-existing unused imports reported by php-cs-fixer
2026-04-01 16:38:58 +02:00
fs
7a222f0b1f fix(audit): harden module isolation and fix post-extraction drift
Fix 5 broken FQCN references (runtime errors) where core pages referenced
non-existent MintyPHP\Service\Audit\AuditMetadataEnricher and SystemAuditService.
Add AuditMetadataEnricherInterface with NullAuditMetadataEnricher fallback so
deactivating the audit module no longer crashes core edit pages.

Move audit search resources from core Search*Provider files into the module
via a new AuditSearchResourceProvider implementing the existing
SearchResourceProvider contract. Add module-specific purge permissions
(audit.api.purge, audit.imports.purge) replacing core ABILITY_ADMIN_SETTINGS_UPDATE.

Also fixes: session key prefix convention, hardcoded English string, $_SERVER
superglobal fallback, and manifest schema drift (i18n_path, group in ui_slots).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 10:03:27 +01:00
fs
c34e62d729 harden: restore gate baseline, split dev/prod PHP profile, atomic module runtime build
Phase A — Gate Reliability:
- Fix typography token violations in app-breadcrumb.css
- Switch QG-006 from composer cs:check to direct php-cs-fixer
- Align all docs/skills with new gate command

Phase B — Production Profile:
- Multi-stage Dockerfile: dev (xdebug) / prod (no xdebug)
- Compose files target explicit build stages

Phase C — Module Runtime Hardening:
- Atomic staging+swap build in ModuleRuntimePageBuilder
- SHA-256 fingerprint from manifest content + page entries
- 11 new regression tests for build safety and fingerprint drift

Task: STARTERKIT-HARDENING-ONPREM-001

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 20:13:16 +01:00
fs
1c5648c727 fix: replace grid action column with link-column on primary data cell
Remove the dedicated "Edit"/"Open" action button column from all list
pages. Instead, wrap the primary data column (name, description, subject,
etc.) in a clickable <a> link via the new rowInteraction.linkColumn option.

Double-click, Enter-key, and click-to-focus row navigation preserved.
Pages with explicit actions config are unaffected. Address-book opts out
of auto-wrapping (linkColumn: false) and renders the link in its own
formatter to avoid nested <a> with avatar lightbox.

Also fixes pre-existing XSS in insertActionColumn (unescaped href/label)
and updates typography test for --text-page-title token change.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 19:43:03 +01:00
fs
4dd6d451f6 refactor: relocate agent-system/ to .agents/ with 7-role workflow restructure
Moves the agent workflow system from agent-system/ to .agents/ (dotfile convention).
Restructured from 5-role to 7-role pipeline: adds Analyst and splits Reviewer into
Code Reviewer + Security Reviewer. Removes all old workflow run artifacts.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 18:23:04 +01:00
fs
ef72b34c40 feat: module architecture improvements — session keys, dependency graph, event dispatcher, deactivation hooks
Six targeted improvements to the modular monolith platform:

1. Fix AddressBook session key prefix to follow module.<id>.* convention
2. Move ADDRESS_BOOK_VIEW permission constant from core PermissionService into module
3. Add declarative JSON schema for module manifests (.agents/contracts/)
4. Add `requires` field with missing-dependency and circular-dependency detection
5. Add lightweight fire-and-forget event dispatcher (user.created/deleted/login/logout)
6. Add module deactivation hook interface and CLI script (bin/module-deactivate.php)

Includes 15 new architecture/unit tests covering all new functionality.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 18:20:13 +01:00