stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/scanner/design/php-autoload-design.md
StellaOps Bot 108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
sm-remote-ci / build-and-test (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
up
2025-12-09 09:38:09 +02:00

2.1 KiB
Raw Blame History

PHP Analyzer Autoload & Restore Design (2025-12-09)

Goals

  • Stabilize PHP analyzer pipeline (SCANNER-ENG-0010 / 27-001) by defining autoload graph handling, composer restore posture, and fixtures.
  • Provide deterministic evidence suitable for CI and reachability alignment with Concelier/Signals.

Inputs

  • composer.json + composer.lock.
  • vendor/composer/*.php autoload files (autoload_psr4.php, autoload_classmap.php, autoload_files.php, autoload_static.php).
  • Installed vendor tree under vendor/.
  • Optional: composer.phar version metadata for diagnostics (no execution).

Outputs

  • Package inventory: pkg:composer/<name>@<version> with source/dist hashes from lockfile.
  • Autoload graph:
    • PSR-4/PSR-0 mappings (namespace → path), classmap entries, files includes.
    • Emit edges from package → file and namespace → path with deterministic ordering.
  • Restore diagnostics:
    • Detect missing vendor install vs lockfile drift; emit findings instead of network restore.
  • Metadata:
    • Composer version (from lock/platform field when present).
    • Platform PHP extensions/version constraints.

Determinism & Offline

  • No composer install/updates; read-only parsing of lock/autoload/vendor.
  • Stable ordering: sort packages, namespaces, classmap entries, files includes (ordinal, POSIX paths).
  • Hashes: use lockfile dist/shasum when present; otherwise SHA-256 over on-disk file bytes for autoloaded files.

Fixtures / Backlog

  1. PSR-4 project with namespaced classes and classmap mix.
  2. Project with autoload_files.php includes (functions/constants).
  3. Lockfile present but vendor missing → expect finding, no inventory.
  4. Path repo override + dist hash present.

Implementation Steps

  • Parser for composer.lock (packages + platform reqs) and autoload PHP arrays (psr-4, psr-0, classmap, files).
  • Graph builder producing deterministic edges and evidence records.
  • Findings for missing vendor, mismatched lock hash, or absent autoload files.
  • Tests under src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Php.Tests with goldens for each fixture; add TRX/binlogs to readiness once stable.