Skip to content

chore(release): v0.6.0 — formRequestToDtoExemptClasses exemption param [queue #131]#46

Merged
Goosterhof merged 1 commit into
mainfrom
release/v0.6.0
Jul 1, 2026
Merged

chore(release): v0.6.0 — formRequestToDtoExemptClasses exemption param [queue #131]#46
Goosterhof merged 1 commit into
mainfrom
release/v0.6.0

Conversation

@Goosterhof

Copy link
Copy Markdown
Contributor

Cuts v0.6.0 — backward-compatible MINOR.

What

Why MINOR

New optional parameter, default [] ⇒ zero new errors in existing consumers — no consumer sees a behaviour change until it opts in on its own ^0.5 → ^0.6 bump. Not a candidate-major.

Release mechanics

On merge, tag v0.6.0 at the merge commit → release.yml extracts the [0.6.0] CHANGELOG section + Packagist auto-syncs.

Seed: war-room enforcement queue #131. Follows the v0.5.0 (#42) release-PR shape.

🤖 Generated with Claude Code

…m [queue #131]

Cuts v0.6.0 (backward-compatible MINOR): moves the [Unreleased] Added entry
(EnforceFormRequestToDtoRule `formRequestToDtoExemptClasses`, #45) to
[0.6.0] — 2026-07-01, adds the [0.6.0] release-tag link-ref, and bumps the
[Unreleased] compare base to v0.6.0.

Also folds in Jasper's #45 MINOR: the retirement-recipe cited entreezuil's
`tests/Arch/FormRequestsTest.php`; post-ADR-0027 the correct path is
`backend/tests/Architecture/FormRequestsTest.php`. Corrected here (rather than
re-pushing #45 under dismiss-stale) so v0.6.0 ships accurate docs.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Claude-Session: https://claude.ai/code/session_01YRSGQLQVRGArBssqbvWqxg
@Goosterhof Goosterhof requested a review from a team as a code owner July 1, 2026 12:09
@Goosterhof Goosterhof added the Agent Review Requested Requesting review of specialized AI review agents. label Jul 1, 2026

@Goosterhof Goosterhof left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Approve-worthy — clean v0.6.0 release cut

0 blockers · 0 concerns · 0 nits · independent first look

Docs-only release PR for the formRequestToDtoExemptClasses param. Correct on every axis I checked:

  • Sequencing right — the feature PR #45 is already merged (2026-07-01T12:07Z); the release follows it, not the other way round.
  • Keep-a-Changelog structure correct## [Unreleased] is now empty, ## [0.6.0] — 2026-07-01 carries the ### Added entry, and the link refs are updated ([Unreleased]: compare/v0.6.0...HEAD + [0.6.0]: releases/tag/v0.6.0). The tag will make it installable (tag-driven Composer package, no version field to bump).
  • Versioning correct — backward-compatible MINOR (^0.5 → ^0.6), default-empty param ⇒ zero new errors in existing consumers, consumer opts in on its own bump. Consistent with the pre-1.0 caret doctrine.
  • Folds in the #45 review feedback — the migration-recipe path is corrected to backend/tests/Architecture/FormRequestsTest.php (the exact tests/Arch/backend/tests/Architecture/ fix dispatch and I flagged on #45). Good to see it land in the same release rather than a follow-up.

Verdict: ship it (own-PR → COMMENT). Just tag v0.6.0 after merge so packagist picks it up — the caret gap means no consumer adopts until its own ^0.6 bump (entreezuil #274 is the pending first case, once its Rector gate clears). CI pending, nothing red.

Automated war-room agent review — posted because this PR carries the Agent Review Requested label.

@jasperboerhof

Copy link
Copy Markdown
Contributor

Town Crier Review · 9/10 · PASS · 🤝 Confirm

phpstan-warroom-rules #46 · AC anchor: PR description · head 6187b41bf8 · via the town-crier bus (request #167)

Tip

Reviewed a docs-only v0.6.0 release-cut PR (CHANGELOG.md + README.md, no rule or extension.neon changes) and our read corroborates both the-general's bus note and Goosterhof's off-bus review: sequencing after merged #​45, correct Keep-a-Changelog structure and link refs, backward-compatible MINOR versioning (default-empty exemption list is a no-op for existing consumers), and the folded-in README arch-test path fix all hold at the current head, with nothing further to flag.

No findings — clean against the review checklist.

Bus thread · 1 prior review(s):

  • the-general (independent): Approve-worthy v0.6.0 release cut: follows merged #​45, correct Keep-a-Changelog structure + link refs, backward-compat MINOR, and folds in the #​45 README path fix (backend/tests/Architecture). Tag …

@jasperboerhof jasperboerhof left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved — Town Crier verdict PASS @Head, CI green, no open MAJOR+ thread. Our approval is our independent vote (approve-alongside): a peer's review / CHANGES_REQUESTED never withholds it — we verify every blocker ourselves, and a real one drops our own verdict below PASS. See the verdict comment + inline notes.

@Goosterhof Goosterhof merged commit 1e37859 into main Jul 1, 2026
2 checks passed
@Goosterhof Goosterhof deleted the release/v0.6.0 branch July 1, 2026 13:13
Goosterhof added a commit that referenced this pull request Jul 3, 2026
Author the audit-protection denylist-inversion rule: discover audit-log
models by SHAPE — Eloquent Model subclasses whose short name ends with a
configured suffix (auditModelNameSuffixes, default AuditLog) OR whose FQCN
sits under a configured namespace prefix (auditModelNamespacePrefixes,
default App\Models\Audit) — and flag any missing append-only protection,
without a hand-maintained class list. Three independent checks: HasFactory
present (hasFactoryForbidden), SoftDeletes present (softDeletesForbidden),
updated_at not disabled (updatedAtNotDisabled). Supersedes the allowlist
arch tests in kendo/entreezuil/ublgenie, which enumerate audit models by
FQCN list or namespace sweep and thereby exempt any future model added
outside the list.

Discovery is a union of both fleet identification strategies (kendo's
scattered *AuditLog suffix + entreezuil/ublgenie App\Models\Audit\*
namespace incl. channel logs like AuthEventLog). Trait detection is
transitive (parent-class + trait-of-a-trait); abstract intermediates are
exempt; non-model *AuditLog classes excluded by the Model type gate.
Configuration expresses patterns, never class names.

- src/Rules/EnforceAuditModelProtectionsRule.php (InClassNode, pure
  ClassReflection; native reflection only inline for the UPDATED_AT literal)
- extension.neon: two listOf(string()) params + schema + service wiring
- 16 fixtures + 17 tests (incl. NEON container-resolution pin and boundary
  fixtures killing the trailing-separator + recursive-trait mutants)
- README rule row + section (discovery, protections, migration recipe,
  false-positive suppression); CLAUDE.md rules table + ADR-0001 projection;
  CHANGELOG [Unreleased] (candidate MAJOR)

Gates green on a CI-faithful fresh resolve: phpstan [OK], test 141/211,
coverage 89.18% (new rule 98.41%), mutation aggregate MSI 85.18% / Covered
85% (new rule 97% Covered MSI; the 1 residual is the defensive (string)
cast, a true equivalent mutant), audit clean, Pint clean.

War-room enforcement queue #46. Seed: kendo Quartermaster M13 F-1.

Co-Authored-By: Claude Fable 5 <[email protected]>
Claude-Session: https://claude.ai/code/session_01J59X48mgbPz9PyZfquygaC
Goosterhof added a commit that referenced this pull request Jul 3, 2026
…49)

Author the audit-protection denylist-inversion rule: discover audit-log
models by SHAPE — Eloquent Model subclasses whose short name ends with a
configured suffix (auditModelNameSuffixes, default AuditLog) OR whose FQCN
sits under a configured namespace prefix (auditModelNamespacePrefixes,
default App\Models\Audit) — and flag any missing append-only protection,
without a hand-maintained class list. Three independent checks: HasFactory
present (hasFactoryForbidden), SoftDeletes present (softDeletesForbidden),
updated_at not disabled (updatedAtNotDisabled). Supersedes the allowlist
arch tests in kendo/entreezuil/ublgenie, which enumerate audit models by
FQCN list or namespace sweep and thereby exempt any future model added
outside the list.

Discovery is a union of both fleet identification strategies (kendo's
scattered *AuditLog suffix + entreezuil/ublgenie App\Models\Audit\*
namespace incl. channel logs like AuthEventLog). Trait detection is
transitive (parent-class + trait-of-a-trait); abstract intermediates are
exempt; non-model *AuditLog classes excluded by the Model type gate.
Configuration expresses patterns, never class names.

- src/Rules/EnforceAuditModelProtectionsRule.php (InClassNode, pure
  ClassReflection; native reflection only inline for the UPDATED_AT literal)
- extension.neon: two listOf(string()) params + schema + service wiring
- 16 fixtures + 17 tests (incl. NEON container-resolution pin and boundary
  fixtures killing the trailing-separator + recursive-trait mutants)
- README rule row + section (discovery, protections, migration recipe,
  false-positive suppression); CLAUDE.md rules table + ADR-0001 projection;
  CHANGELOG [Unreleased] (candidate MAJOR)

Gates green on a CI-faithful fresh resolve: phpstan [OK], test 141/211,
coverage 89.18% (new rule 98.41%), mutation aggregate MSI 85.18% / Covered
85% (new rule 97% Covered MSI; the 1 residual is the defensive (string)
cast, a true equivalent mutant), audit clean, Pint clean.

War-room enforcement queue #46. Seed: kendo Quartermaster M13 F-1.


Claude-Session: https://claude.ai/code/session_01J59X48mgbPz9PyZfquygaC

Co-authored-by: Claude Fable 5 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Agent Review Requested Requesting review of specialized AI review agents.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants