{ "$id": "https://stella.ops/schema/php-analyzer-bootstrap.json", "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "PhpAnalyzerBootstrap", "description": "PHP Language Analyzer bootstrap specification for composer-based projects with autoload graph analysis", "type": "object", "oneOf": [ { "$ref": "#/$defs/PluginManifest" }, { "$ref": "#/$defs/AnalyzerConfig" }, { "$ref": "#/$defs/AnalysisOutput" }, { "$ref": "#/$defs/CapabilityReport" } ], "$defs": { "PluginManifest": { "type": "object", "required": ["schemaVersion", "id", "displayName", "version", "entryPoint", "capabilities"], "description": "Plugin manifest for language analyzer discovery and loading", "properties": { "schemaVersion": { "type": "string", "const": "1.0", "description": "Manifest schema version" }, "id": { "type": "string", "pattern": "^stellaops\\.analyzer\\.lang\\.[a-z]+$", "description": "Unique plugin identifier", "examples": ["stellaops.analyzer.lang.php"] }, "displayName": { "type": "string", "description": "Human-readable plugin name", "examples": ["StellaOps PHP Analyzer"] }, "version": { "type": "string", "pattern": "^\\d+\\.\\d+\\.\\d+(-[a-zA-Z0-9]+)?$", "description": "Semantic version" }, "requiresRestart": { "type": "boolean", "default": true, "description": "Whether scanner restart is required after plugin load" }, "entryPoint": { "$ref": "#/$defs/EntryPoint", "description": "Plugin entry point configuration" }, "capabilities": { "type": "array", "items": { "type": "string", "enum": [ "language-analyzer", "php", "composer", "packagist", "autoload", "phar", "framework-detection", "extension-scan" ] }, "minItems": 1, "description": "Plugin capabilities" }, "metadata": { "type": "object", "properties": { "org.stellaops.analyzer.language": { "type": "string", "const": "php" }, "org.stellaops.analyzer.kind": { "type": "string", "const": "language" }, "org.stellaops.restart.required": { "type": "string", "enum": ["true", "false"] } }, "description": "OCI-style metadata labels" }, "dependencies": { "type": "array", "items": { "$ref": "#/$defs/PluginDependency" }, "description": "Required plugin dependencies" } } }, "EntryPoint": { "type": "object", "required": ["type", "assembly", "typeName"], "properties": { "type": { "type": "string", "enum": ["dotnet", "native"], "description": "Entry point type" }, "assembly": { "type": "string", "description": "Assembly filename", "examples": ["StellaOps.Scanner.Analyzers.Lang.Php.dll"] }, "typeName": { "type": "string", "description": "Fully qualified type name", "examples": ["StellaOps.Scanner.Analyzers.Lang.Php.PhpAnalyzerPlugin"] } } }, "PluginDependency": { "type": "object", "required": ["pluginId", "versionRange"], "properties": { "pluginId": { "type": "string", "description": "Dependent plugin identifier" }, "versionRange": { "type": "string", "description": "SemVer version range", "examples": [">=1.0.0", "^1.0.0", "1.x"] } } }, "AnalyzerConfig": { "type": "object", "required": ["configType", "analyzerId"], "description": "Runtime configuration for PHP analyzer", "properties": { "configType": { "type": "string", "const": "ANALYZER_CONFIG" }, "analyzerId": { "type": "string", "const": "php" }, "enabled": { "type": "boolean", "default": true, "description": "Whether analyzer is enabled" }, "composerDetection": { "$ref": "#/$defs/ComposerDetectionConfig", "description": "Composer manifest detection settings" }, "autoloadAnalysis": { "$ref": "#/$defs/AutoloadAnalysisConfig", "description": "Autoload graph analysis settings" }, "capabilityScanning": { "$ref": "#/$defs/CapabilityScanConfig", "description": "Runtime capability scanning settings" }, "frameworkDetection": { "$ref": "#/$defs/FrameworkDetectionConfig", "description": "Framework detection settings" }, "pharScanning": { "$ref": "#/$defs/PharScanConfig", "description": "PHAR archive scanning settings" }, "extensionScanning": { "$ref": "#/$defs/ExtensionScanConfig", "description": "PHP extension detection settings" }, "timeouts": { "$ref": "#/$defs/AnalyzerTimeouts", "description": "Per-phase timeout settings" } } }, "ComposerDetectionConfig": { "type": "object", "properties": { "searchPaths": { "type": "array", "items": { "type": "string" }, "default": ["composer.json"], "description": "Paths to search for composer manifests" }, "includeLockfile": { "type": "boolean", "default": true, "description": "Parse composer.lock for exact versions" }, "includeInstalledJson": { "type": "boolean", "default": true, "description": "Parse vendor/composer/installed.json" }, "ignoreDevDependencies": { "type": "boolean", "default": false, "description": "Skip require-dev packages" }, "trustLockfileVersions": { "type": "boolean", "default": true, "description": "Use lockfile versions as authoritative" } } }, "AutoloadAnalysisConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true, "description": "Enable autoload graph analysis" }, "includePsr0": { "type": "boolean", "default": true, "description": "Analyze PSR-0 autoload mappings" }, "includePsr4": { "type": "boolean", "default": true, "description": "Analyze PSR-4 autoload mappings" }, "includeClassmap": { "type": "boolean", "default": true, "description": "Analyze classmap autoloading" }, "includeFiles": { "type": "boolean", "default": true, "description": "Analyze files autoloading" }, "maxDepth": { "type": "integer", "minimum": 1, "maximum": 100, "default": 50, "description": "Maximum autoload resolution depth" } } }, "CapabilityScanConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true, "description": "Enable capability scanning" }, "detectFileOperations": { "type": "boolean", "default": true, "description": "Detect file I/O capabilities" }, "detectNetworkOperations": { "type": "boolean", "default": true, "description": "Detect network capabilities" }, "detectProcessOperations": { "type": "boolean", "default": true, "description": "Detect process execution capabilities" }, "detectCryptoOperations": { "type": "boolean", "default": true, "description": "Detect cryptographic operations" }, "maxFilesToScan": { "type": "integer", "minimum": 1, "default": 10000, "description": "Maximum PHP files to scan" } } }, "FrameworkDetectionConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true, "description": "Enable framework detection" }, "frameworks": { "type": "array", "items": { "type": "string", "enum": [ "laravel", "symfony", "wordpress", "drupal", "magento", "yii", "codeigniter", "cakephp", "slim", "lumen", "zend", "laminas" ] }, "default": ["laravel", "symfony", "wordpress", "drupal"], "description": "Frameworks to detect" }, "detectPlugins": { "type": "boolean", "default": true, "description": "Detect framework plugins/bundles" } } }, "PharScanConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true, "description": "Enable PHAR archive scanning" }, "extractContents": { "type": "boolean", "default": true, "description": "Extract and analyze PHAR contents" }, "verifySignatures": { "type": "boolean", "default": true, "description": "Verify PHAR signatures" }, "maxPharSize": { "type": "integer", "minimum": 1, "default": 104857600, "description": "Maximum PHAR size to process (bytes)" } } }, "ExtensionScanConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true, "description": "Enable extension scanning" }, "checkPhpIni": { "type": "boolean", "default": true, "description": "Parse php.ini for extensions" }, "checkDockerConfig": { "type": "boolean", "default": true, "description": "Parse Dockerfile for php-ext-install" }, "requiredExtensions": { "type": "array", "items": { "type": "string" }, "description": "Extensions to verify presence" } } }, "AnalyzerTimeouts": { "type": "object", "properties": { "composerParseMs": { "type": "integer", "minimum": 100, "default": 5000, "description": "Composer manifest parse timeout" }, "autoloadAnalysisMs": { "type": "integer", "minimum": 100, "default": 30000, "description": "Autoload graph analysis timeout" }, "capabilityScanMs": { "type": "integer", "minimum": 100, "default": 60000, "description": "Capability scan timeout" }, "totalAnalysisMs": { "type": "integer", "minimum": 1000, "default": 300000, "description": "Total analysis timeout" } } }, "AnalysisOutput": { "type": "object", "required": ["outputType", "analyzerId", "completedAt", "packages"], "description": "PHP analyzer output with discovered packages", "properties": { "outputType": { "type": "string", "const": "ANALYSIS_OUTPUT" }, "analyzerId": { "type": "string", "const": "php" }, "completedAt": { "type": "string", "format": "date-time", "description": "Analysis completion timestamp" }, "durationMs": { "type": "integer", "minimum": 0, "description": "Analysis duration in milliseconds" }, "projectMetadata": { "$ref": "#/$defs/PhpProjectMetadata", "description": "Detected project metadata" }, "packages": { "type": "array", "items": { "$ref": "#/$defs/PhpPackage" }, "description": "Discovered packages" }, "autoloadGraph": { "$ref": "#/$defs/AutoloadGraph", "description": "Autoload dependency graph" }, "capabilities": { "$ref": "#/$defs/CapabilityReport", "description": "Detected runtime capabilities" }, "warnings": { "type": "array", "items": { "$ref": "#/$defs/AnalysisWarning" }, "description": "Non-fatal warnings during analysis" } } }, "PhpProjectMetadata": { "type": "object", "properties": { "name": { "type": "string", "description": "Project name from composer.json" }, "description": { "type": "string", "description": "Project description" }, "phpVersion": { "type": "string", "description": "Required PHP version constraint" }, "type": { "type": "string", "enum": ["project", "library", "metapackage", "composer-plugin"], "description": "Composer package type" }, "license": { "type": "string", "description": "License identifier" }, "framework": { "type": "string", "description": "Detected framework" }, "frameworkVersion": { "type": "string", "description": "Detected framework version" } } }, "PhpPackage": { "type": "object", "required": ["name", "version", "purl"], "properties": { "name": { "type": "string", "description": "Package name (vendor/package format)" }, "version": { "type": "string", "description": "Installed version" }, "purl": { "type": "string", "pattern": "^pkg:composer/", "description": "Package URL", "examples": ["pkg:composer/symfony/http-foundation@6.4.0"] }, "componentKey": { "type": "string", "description": "Stable component identifier for ordering" }, "isDev": { "type": "boolean", "default": false, "description": "Whether package is a dev dependency" }, "source": { "type": "string", "enum": ["lockfile", "installed.json", "manifest", "inferred"], "description": "How package was discovered" }, "installPath": { "type": "string", "description": "Relative installation path" }, "autoloadType": { "type": "string", "enum": ["psr-0", "psr-4", "classmap", "files"], "description": "Primary autoload type" }, "license": { "type": "string", "description": "Package license" }, "homepage": { "type": "string", "format": "uri", "description": "Package homepage" }, "sourceRef": { "$ref": "#/$defs/SourceReference", "description": "VCS source reference" }, "distRef": { "$ref": "#/$defs/DistReference", "description": "Distribution reference" } } }, "SourceReference": { "type": "object", "properties": { "type": { "type": "string", "enum": ["git", "svn", "hg"], "description": "VCS type" }, "url": { "type": "string", "format": "uri", "description": "Repository URL" }, "reference": { "type": "string", "description": "Commit/tag reference" } } }, "DistReference": { "type": "object", "properties": { "type": { "type": "string", "enum": ["zip", "tar", "gzip"], "description": "Distribution type" }, "url": { "type": "string", "format": "uri", "description": "Distribution URL" }, "shasum": { "type": "string", "description": "Distribution checksum" } } }, "AutoloadGraph": { "type": "object", "properties": { "nodes": { "type": "array", "items": { "$ref": "#/$defs/AutoloadNode" }, "description": "Autoload graph nodes" }, "edges": { "type": "array", "items": { "$ref": "#/$defs/AutoloadEdge" }, "description": "Autoload graph edges" }, "entryPoints": { "type": "array", "items": { "type": "string" }, "description": "Application entry points" } } }, "AutoloadNode": { "type": "object", "required": ["id", "type"], "properties": { "id": { "type": "string", "description": "Node identifier (namespace or file path)" }, "type": { "type": "string", "enum": ["namespace", "class", "file", "package"], "description": "Node type" }, "package": { "type": "string", "description": "Owning package" } } }, "AutoloadEdge": { "type": "object", "required": ["from", "to", "edgeType"], "properties": { "from": { "type": "string", "description": "Source node ID" }, "to": { "type": "string", "description": "Target node ID" }, "edgeType": { "type": "string", "enum": ["autoloads", "includes", "requires", "uses"], "description": "Edge relationship type" } } }, "CapabilityReport": { "type": "object", "properties": { "reportType": { "type": "string", "const": "CAPABILITY_REPORT" }, "fileOperations": { "$ref": "#/$defs/FileCapabilities" }, "networkOperations": { "$ref": "#/$defs/NetworkCapabilities" }, "processOperations": { "$ref": "#/$defs/ProcessCapabilities" }, "cryptoOperations": { "$ref": "#/$defs/CryptoCapabilities" }, "extensions": { "$ref": "#/$defs/ExtensionCapabilities" }, "pharArchives": { "type": "array", "items": { "$ref": "#/$defs/PharInfo" }, "description": "Detected PHAR archives" }, "evidences": { "type": "array", "items": { "$ref": "#/$defs/CapabilityEvidence" }, "description": "Evidence supporting capability detection" } } }, "FileCapabilities": { "type": "object", "properties": { "detected": { "type": "boolean" }, "reads": { "type": "boolean" }, "writes": { "type": "boolean" }, "deletes": { "type": "boolean" }, "executes": { "type": "boolean" }, "tempFiles": { "type": "boolean" }, "uploads": { "type": "boolean" } } }, "NetworkCapabilities": { "type": "object", "properties": { "detected": { "type": "boolean" }, "httpClient": { "type": "boolean" }, "sockets": { "type": "boolean" }, "curl": { "type": "boolean" }, "dnsLookup": { "type": "boolean" }, "smtp": { "type": "boolean" } } }, "ProcessCapabilities": { "type": "object", "properties": { "detected": { "type": "boolean" }, "exec": { "type": "boolean" }, "shell_exec": { "type": "boolean" }, "system": { "type": "boolean" }, "passthru": { "type": "boolean" }, "proc_open": { "type": "boolean" }, "backticks": { "type": "boolean" } } }, "CryptoCapabilities": { "type": "object", "properties": { "detected": { "type": "boolean" }, "openssl": { "type": "boolean" }, "sodium": { "type": "boolean" }, "mcrypt": { "type": "boolean" }, "hash": { "type": "boolean" }, "password_hash": { "type": "boolean" } } }, "ExtensionCapabilities": { "type": "object", "properties": { "required": { "type": "array", "items": { "type": "string" }, "description": "Required PHP extensions" }, "suggested": { "type": "array", "items": { "type": "string" }, "description": "Suggested PHP extensions" }, "detected": { "type": "array", "items": { "type": "string" }, "description": "Extensions detected in code" } } }, "PharInfo": { "type": "object", "required": ["path"], "properties": { "path": { "type": "string", "description": "PHAR file path" }, "alias": { "type": "string", "description": "PHAR alias" }, "signatureType": { "type": "string", "enum": ["md5", "sha1", "sha256", "sha512", "openssl", "none"], "description": "Signature algorithm" }, "signatureValid": { "type": "boolean", "description": "Signature verification result" }, "fileCount": { "type": "integer", "description": "Number of files in archive" }, "uncompressedSize": { "type": "integer", "description": "Uncompressed size in bytes" } } }, "CapabilityEvidence": { "type": "object", "required": ["capability", "file", "line"], "properties": { "capability": { "type": "string", "description": "Capability type" }, "file": { "type": "string", "description": "Source file path" }, "line": { "type": "integer", "description": "Line number" }, "function": { "type": "string", "description": "Function/method name" }, "snippet": { "type": "string", "description": "Code snippet (redacted if sensitive)" } } }, "AnalysisWarning": { "type": "object", "required": ["code", "message"], "properties": { "code": { "type": "string", "examples": [ "COMPOSER_LOCK_MISSING", "INSTALLED_JSON_MISSING", "AUTOLOAD_RESOLUTION_FAILED", "PHAR_SIGNATURE_INVALID", "TIMEOUT_EXCEEDED" ] }, "message": { "type": "string" }, "file": { "type": "string" }, "recoverable": { "type": "boolean", "default": true } } } }, "examples": [ { "schemaVersion": "1.0", "id": "stellaops.analyzer.lang.php", "displayName": "StellaOps PHP Analyzer", "version": "0.1.0", "requiresRestart": true, "entryPoint": { "type": "dotnet", "assembly": "StellaOps.Scanner.Analyzers.Lang.Php.dll", "typeName": "StellaOps.Scanner.Analyzers.Lang.Php.PhpAnalyzerPlugin" }, "capabilities": [ "language-analyzer", "php", "composer", "packagist", "autoload", "framework-detection" ], "metadata": { "org.stellaops.analyzer.language": "php", "org.stellaops.analyzer.kind": "language", "org.stellaops.restart.required": "true" } }, { "outputType": "ANALYSIS_OUTPUT", "analyzerId": "php", "completedAt": "2025-11-21T10:15:00Z", "durationMs": 2500, "projectMetadata": { "name": "acme/webapp", "phpVersion": "^8.2", "type": "project", "framework": "laravel", "frameworkVersion": "10.0" }, "packages": [ { "name": "laravel/framework", "version": "10.48.0", "purl": "pkg:composer/laravel/framework@10.48.0", "componentKey": "laravel/framework@10.48.0", "isDev": false, "source": "lockfile", "autoloadType": "psr-4", "license": "MIT" }, { "name": "symfony/http-foundation", "version": "6.4.0", "purl": "pkg:composer/symfony/http-foundation@6.4.0", "componentKey": "symfony/http-foundation@6.4.0", "isDev": false, "source": "lockfile", "autoloadType": "psr-4", "license": "MIT" } ], "capabilities": { "fileOperations": { "detected": true, "reads": true, "writes": true, "uploads": true }, "networkOperations": { "detected": true, "httpClient": true, "curl": true }, "extensions": { "required": ["openssl", "pdo", "mbstring", "tokenizer"], "detected": ["redis", "imagick"] } } } ] }