chore(release): v0.6.0 — formRequestToDtoExemptClasses exemption param [queue #131]#46
Conversation
…m [queue #131] Cuts v0.6.0 (backward-compatible MINOR): moves the [Unreleased] Added entry (EnforceFormRequestToDtoRule `formRequestToDtoExemptClasses`, #45) to [0.6.0] — 2026-07-01, adds the [0.6.0] release-tag link-ref, and bumps the [Unreleased] compare base to v0.6.0. Also folds in Jasper's #45 MINOR: the retirement-recipe cited entreezuil's `tests/Arch/FormRequestsTest.php`; post-ADR-0027 the correct path is `backend/tests/Architecture/FormRequestsTest.php`. Corrected here (rather than re-pushing #45 under dismiss-stale) so v0.6.0 ships accurate docs. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> Claude-Session: https://claude.ai/code/session_01YRSGQLQVRGArBssqbvWqxg
Goosterhof
left a comment
There was a problem hiding this comment.
✅ Approve-worthy — clean v0.6.0 release cut
0 blockers · 0 concerns · 0 nits · independent first look
Docs-only release PR for the formRequestToDtoExemptClasses param. Correct on every axis I checked:
- Sequencing right — the feature PR #45 is already merged (
2026-07-01T12:07Z); the release follows it, not the other way round. - Keep-a-Changelog structure correct —
## [Unreleased]is now empty,## [0.6.0] — 2026-07-01carries the### Addedentry, and the link refs are updated ([Unreleased]: compare/v0.6.0...HEAD+[0.6.0]: releases/tag/v0.6.0). The tag will make it installable (tag-driven Composer package, no version field to bump). - Versioning correct — backward-compatible MINOR (
^0.5 → ^0.6), default-empty param ⇒ zero new errors in existing consumers, consumer opts in on its own bump. Consistent with the pre-1.0 caret doctrine. - Folds in the #45 review feedback — the migration-recipe path is corrected to
backend/tests/Architecture/FormRequestsTest.php(the exacttests/Arch/→backend/tests/Architecture/fix dispatch and I flagged on #45). Good to see it land in the same release rather than a follow-up.
Verdict: ship it (own-PR → COMMENT). Just tag v0.6.0 after merge so packagist picks it up — the caret gap means no consumer adopts until its own ^0.6 bump (entreezuil #274 is the pending first case, once its Rector gate clears). CI pending, nothing red.
Automated war-room agent review — posted because this PR carries the Agent Review Requested label.
Town Crier Review · 9/10 · PASS · 🤝 Confirmphpstan-warroom-rules #46 · AC anchor: PR description · head Tip Reviewed a docs-only v0.6.0 release-cut PR (CHANGELOG.md + README.md, no rule or extension.neon changes) and our read corroborates both the-general's bus note and Goosterhof's off-bus review: sequencing after merged #45, correct Keep-a-Changelog structure and link refs, backward-compatible MINOR versioning (default-empty exemption list is a no-op for existing consumers), and the folded-in README arch-test path fix all hold at the current head, with nothing further to flag. No findings — clean against the review checklist. Bus thread · 1 prior review(s):
|
jasperboerhof
left a comment
There was a problem hiding this comment.
Auto-approved — Town Crier verdict PASS @Head, CI green, no open MAJOR+ thread. Our approval is our independent vote (approve-alongside): a peer's review / CHANGES_REQUESTED never withholds it — we verify every blocker ourselves, and a real one drops our own verdict below PASS. See the verdict comment + inline notes.
Author the audit-protection denylist-inversion rule: discover audit-log models by SHAPE — Eloquent Model subclasses whose short name ends with a configured suffix (auditModelNameSuffixes, default AuditLog) OR whose FQCN sits under a configured namespace prefix (auditModelNamespacePrefixes, default App\Models\Audit) — and flag any missing append-only protection, without a hand-maintained class list. Three independent checks: HasFactory present (hasFactoryForbidden), SoftDeletes present (softDeletesForbidden), updated_at not disabled (updatedAtNotDisabled). Supersedes the allowlist arch tests in kendo/entreezuil/ublgenie, which enumerate audit models by FQCN list or namespace sweep and thereby exempt any future model added outside the list. Discovery is a union of both fleet identification strategies (kendo's scattered *AuditLog suffix + entreezuil/ublgenie App\Models\Audit\* namespace incl. channel logs like AuthEventLog). Trait detection is transitive (parent-class + trait-of-a-trait); abstract intermediates are exempt; non-model *AuditLog classes excluded by the Model type gate. Configuration expresses patterns, never class names. - src/Rules/EnforceAuditModelProtectionsRule.php (InClassNode, pure ClassReflection; native reflection only inline for the UPDATED_AT literal) - extension.neon: two listOf(string()) params + schema + service wiring - 16 fixtures + 17 tests (incl. NEON container-resolution pin and boundary fixtures killing the trailing-separator + recursive-trait mutants) - README rule row + section (discovery, protections, migration recipe, false-positive suppression); CLAUDE.md rules table + ADR-0001 projection; CHANGELOG [Unreleased] (candidate MAJOR) Gates green on a CI-faithful fresh resolve: phpstan [OK], test 141/211, coverage 89.18% (new rule 98.41%), mutation aggregate MSI 85.18% / Covered 85% (new rule 97% Covered MSI; the 1 residual is the defensive (string) cast, a true equivalent mutant), audit clean, Pint clean. War-room enforcement queue #46. Seed: kendo Quartermaster M13 F-1. Co-Authored-By: Claude Fable 5 <[email protected]> Claude-Session: https://claude.ai/code/session_01J59X48mgbPz9PyZfquygaC
…49) Author the audit-protection denylist-inversion rule: discover audit-log models by SHAPE — Eloquent Model subclasses whose short name ends with a configured suffix (auditModelNameSuffixes, default AuditLog) OR whose FQCN sits under a configured namespace prefix (auditModelNamespacePrefixes, default App\Models\Audit) — and flag any missing append-only protection, without a hand-maintained class list. Three independent checks: HasFactory present (hasFactoryForbidden), SoftDeletes present (softDeletesForbidden), updated_at not disabled (updatedAtNotDisabled). Supersedes the allowlist arch tests in kendo/entreezuil/ublgenie, which enumerate audit models by FQCN list or namespace sweep and thereby exempt any future model added outside the list. Discovery is a union of both fleet identification strategies (kendo's scattered *AuditLog suffix + entreezuil/ublgenie App\Models\Audit\* namespace incl. channel logs like AuthEventLog). Trait detection is transitive (parent-class + trait-of-a-trait); abstract intermediates are exempt; non-model *AuditLog classes excluded by the Model type gate. Configuration expresses patterns, never class names. - src/Rules/EnforceAuditModelProtectionsRule.php (InClassNode, pure ClassReflection; native reflection only inline for the UPDATED_AT literal) - extension.neon: two listOf(string()) params + schema + service wiring - 16 fixtures + 17 tests (incl. NEON container-resolution pin and boundary fixtures killing the trailing-separator + recursive-trait mutants) - README rule row + section (discovery, protections, migration recipe, false-positive suppression); CLAUDE.md rules table + ADR-0001 projection; CHANGELOG [Unreleased] (candidate MAJOR) Gates green on a CI-faithful fresh resolve: phpstan [OK], test 141/211, coverage 89.18% (new rule 98.41%), mutation aggregate MSI 85.18% / Covered 85% (new rule 97% Covered MSI; the 1 residual is the defensive (string) cast, a true equivalent mutant), audit clean, Pint clean. War-room enforcement queue #46. Seed: kendo Quartermaster M13 F-1. Claude-Session: https://claude.ai/code/session_01J59X48mgbPz9PyZfquygaC Co-authored-by: Claude Fable 5 <[email protected]>
Cuts v0.6.0 — backward-compatible MINOR.
What
[Unreleased]Added entry (EnforceFormRequestToDtoRuleformRequestToDtoExemptClasses, feat(FormRequestToDto): consumer-configurable class-keyed exemption list [queue #131] #45) →[0.6.0] — 2026-07-01; adds the[0.6.0]release-tag link-ref; bumps[Unreleased]compare base tov0.6.0.tests/Arch/FormRequestsTest.php→backend/tests/Architecture/FormRequestsTest.php(post-ADR-0027 rename +backend/move). Corrected here rather than re-pushing feat(FormRequestToDto): consumer-configurable class-keyed exemption list [queue #131] #45 under dismiss-stale, so v0.6.0 ships accurate docs.Why MINOR
New optional parameter, default
[]⇒ zero new errors in existing consumers — no consumer sees a behaviour change until it opts in on its own^0.5 → ^0.6bump. Not a candidate-major.Release mechanics
On merge, tag
v0.6.0at the merge commit →release.ymlextracts the[0.6.0]CHANGELOG section + Packagist auto-syncs.Seed: war-room enforcement queue #131. Follows the v0.5.0 (#42) release-PR shape.
🤖 Generated with Claude Code