Skip to content

Harden framework contracts and request-scoped state#431

Merged
binaryfire merged 20 commits into
0.4from
audit/contracts-coroutine-state-lifecycle
Jul 12, 2026
Merged

Harden framework contracts and request-scoped state#431
binaryfire merged 20 commits into
0.4from
audit/contracts-coroutine-state-lifecycle

Conversation

@binaryfire

@binaryfire binaryfire commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

Summary

This PR establishes a trustworthy contracts boundary for Hypervel 0.4 and fixes the shared-state problems exposed while tracing those contracts through their concrete implementations.

The previous architecture had three related weaknesses. Several public contracts did not describe their actual runtime values. The standalone contracts package depended implicitly on packages available only through the monorepo root. And a few Laravel-derived configuration patterns stored request-mutated objects or request data in worker-lifetime state, which is unsafe when sibling requests share a Swoole worker.

This change corrects those problems at their owning boundaries:

  • makes the split contracts package self-contained and adds the missing native types across console, container, foundation, Eloquent casting, Engine, filesystem, JSON schema, support, and validation contracts;
  • scopes session validation errors to the active coroutine instead of writing them into the singleton view factory;
  • treats configured Email, File, and Password defaults as immutable worker-lifetime prototypes and returns isolated rule instances for each use;
  • makes filesystem construction return its real contract and rejects invalid custom-driver results before publication;
  • restricts Eloquent model identifiers to values the Eloquent restoration path can reconstruct, including correct morph-map restoration for collections;
  • ports Laravel's current listener-discovery opt-out contract and documentation;
  • removes APIs directly deprecated by Laravel, dead migration-command wiring, and incorrect inherited spellings without retaining compatibility aliases;
  • documents worker-lifetime Gate mutators and native Engine failure behavior where the lifecycle is otherwise easy to misuse; and
  • replaces the old one-off coroutine review notes with a reusable framework-wide audit plan and compact findings ledger.

For more details, see: docs/plans/2026-07-12-framework-coroutine-state-lifecycle-audit.md

Contract integrity

The contracts subtree is released independently, so it must not rely on root-only dependency declarations. Its package metadata now declares every external parent interface it extends, and focused metadata coverage verifies that those dependencies remain present.

Native signatures now follow the values accepted and returned by the full caller/implementer graph. This is intentionally narrower than a mechanical typing pass: each changed signature was carried through concrete implementations and fixtures, while optional packages that appear only in lazy type positions remain optional.

The Engine contracts also document the native false/error and cleanup behavior that callers must handle. Coroutine creation failures now produce clear diagnostics both inside and outside coroutine context.

Long-lived worker state

Laravel normally gets a fresh object graph for each request. Hypervel does not. A singleton view factory and static validation defaults therefore need explicit ownership rules.

Session errors now live in a small coroutine-local request overlay. The render path composes worker-global shared data, request data, and per-view data once, preserving the expected precedence without cloning the factory or adding locks. Nested and exceptional middleware scopes restore the previous overlay in finally.

Configured validation defaults remain boot-time configuration, but the configured object is now a prototype. Each resolution clones the rule and its nested executable rules before validation can inject data, attach a validator, collect failures, or apply fluent mutations. This keeps configuration cheap and worker-global while making each validation independent.

Construction and serialization boundaries

The filesystem factory now accepts the disk-name forms already supported by the manager and returns Filesystem throughout. Custom creators are checked once at construction, before an invalid value can enter the manager cache. Resolved disk operations pay no additional cost.

Queue model identifiers are now created only for Eloquent models and Eloquent collections, because those are the values the restoration path knows how to rebuild. Other queue-contract objects use normal PHP serialization. Collection restoration resolves morph aliases before model construction and pivot checks, matching the existing single-model behavior.

API cleanup

Hypervel 0.4 has no compatibility burden, so deprecated aliases and misspelled low-level APIs are removed rather than preserved indefinitely. The removals are limited to APIs deprecated by the direct upstream framework, not methods merely backed by a deprecated dependency API that Laravel still supports.

This removes the request input mixer, forced-root URL alias, CSRF configuration alias, deprecated database inspection forwarders, the obsolete migration --fullpath path, and its dead Composer dependency. Handshake and process spellings are corrected across contracts, implementations, consumers, events, exceptions, and tests. Laravel's live console add() wrapper remains intact.

Performance

The hot-path changes are deliberately bounded:

  • view rendering retains a single array merge and adds one coroutine-context lookup per rendered view;
  • configured validation defaults add cloning only when an application opts into a configured default;
  • filesystem validation runs only when constructing a disk, before caching;
  • listener discovery remains boot-time work; and
  • the remaining changes are types, documentation, removals, or constant-time checks replacing existing checks.

No request-path locks, new registries, manager clones, recursive object-graph machinery, or compatibility shims are introduced.

Testing

Regression coverage exercises standalone contracts metadata, all changed contract implementations, listener discovery opt-outs, Engine diagnostics, configured-rule isolation and concurrent use, request-shared view-data interleaving and restoration, filesystem creator validation, non-Eloquent queue object round trips, morph-mapped Eloquent collection restoration, and supported command registration forms.

The complete formatting, static-analysis, and parallel test gate passes.

Summary by CodeRabbit

  • New Features

    • Event listeners can now opt out of automatic discovery.
    • View data and session errors are isolated per request, including concurrent requests.
    • Validation rule defaults are cloned to prevent cross-request or coroutine mutations.
    • Console command resolution accepts multiple commands and nested arrays.
    • Custom filesystem drivers are validated to return supported filesystem instances.
  • Bug Fixes

    • Corrected handshake, process enablement, and queue model serialization behavior.
  • Documentation

    • Clarified deprecated API replacements and coroutine-safety guidance.
  • Breaking Changes

    • Removed several deprecated aliases and options, including request, routing, CSRF, and migration helpers.

Establish a reusable package-by-package process for auditing coroutine safety, worker-lifetime state, resource ownership, liveness, native boundaries, test isolation, and hot-path performance across every framework package.

Track the 71-package run through a compact operating plan and a separate findings ledger so post-compaction context restoration remains bounded as completed-package history grows. Include lower-level-first ordering, cross-package revalidation, evidence and anti-overengineering gates, owner approval boundaries, validation and review workflows, and mandatory pre-commit summaries.

Remove the superseded package coroutine-safety guide after carrying its durable taxonomy and remediation lessons into the new source of truth.
Define upstream deprecation relative to the framework or package being ported, not one of its transitive dependencies.

This prevents dependency-level deprecations from being mistaken for Laravel API deprecations when Laravel intentionally retains and supports a wrapper.
Declare the external interfaces inherited by the standalone contracts package and document its upstream sources.

Add metadata coverage that loads every external parent interface through the split package dependencies, preventing a subtree release from relying accidentally on the monorepo root.
Replace incomplete console, container, and foundation signatures with evidence-backed native types and update every concrete implementation.

Normalize the supported resolveCommands input shapes at their shared boundary, retain Laravel's live add wrapper, and cover scalar, array, and variadic command registration without accepting misleading nested arrays.
Express the real model, value, and caster return types in the Eloquent casting contracts and align every implementation and fixture.

The narrower contracts make invalid caster implementations visible to static analysis while preserving the full set of values accepted and returned by the runtime casting pipeline.
Add the missing native return types to the JSON schema, once-hash, and validation contracts and update their concrete test surfaces.

These signatures now describe the behavior already required by callers, removing mixed and implicit returns without narrowing supported application behavior.
Describe the native error and lifecycle behavior of Engine channels, sockets, HTTP clients, servers, signals, and WebSocket primitives with accurate contract documentation.

Correct coroutine creation diagnostics at the shared boundary and add deterministic coverage both inside and outside coroutine context so failures remain actionable in either execution mode.
Port Laravel's current ShouldBeDiscovered contract and filter listeners that explicitly opt out of automatic discovery.

Include representative listener fixtures, discovery regressions, and public documentation so applications can keep selected listeners available for manual registration without changing the discovery policy for their directory.
Rename the inherited handshake and process symbols to standard English spellings across contracts, implementations, event names, consumers, exceptions, and tests.

Hypervel 0.4 has no compatibility burden, so the incorrect public names are removed outright instead of retaining aliases that would permanently duplicate the API.
Remove Request::get(), which combines route attributes and request input and is no longer part of Laravel's recommended request API.

Migrate framework callers and tests to the explicit input source, document the intentional omission, and leave no throwing compatibility tombstone so static analysis catches future accidental use.
Remove UrlGenerator::forceRootUrl() in favor of Laravel's supported useOrigin() API.

Update the focused coverage and record the intentional omission so future upstream ports preserve the modern surface instead of restoring a compatibility alias.
Remove Middleware::validateCsrfTokens() and keep preventRequestForgery() as the single supported configuration API.

Update the matching upstream test location and package differences note so future ports recognize that the alias was omitted deliberately rather than missed.
Remove the deprecated database-inspection forwarding methods and the migration generator's obsolete fullpath option.

Delete the now-unused Composer dependency from MigrateMakeCommand, update its tests, and document the supported schema and migration APIs so no dead compatibility wiring remains.
Mark Gate policy, ability, callback, and class-resolution mutators as boot-time configuration surfaces.

The warnings make their worker-wide lifetime explicit for long-running Swoole applications without changing runtime behavior or adding checks to authorization hot paths.
Treat configured Email, File, and Password defaults as worker-lifetime prototypes and return an isolated clone for each resolution.

Clone nested executable rules, reject callbacks that return the wrong rule family, and reset Email's static callback with the rest of its state. Regression coverage exercises mutation, nested rules, callable defaults, concurrent requests, invalid results, and reset behavior.
Move session validation errors out of the worker-singleton view factory and into a minimal coroutine-local request overlay.

Compose global, request, and per-view data once at render time with explicit precedence, restore nested scopes in finally blocks, and remove the singleton mutation that allowed concurrent requests to observe each other's errors.
Type the filesystem factory and manager construction path as Filesystem and accept the enum disk names already supported by the implementation.

Validate custom creator results once before caching or publication, turning an eventual unrelated method failure into an immediate boundary error without adding work to resolved-disk operations.
Create Eloquent model identifiers only for objects the restoration path can actually reconstruct, leaving custom queue-contract objects to normal PHP serialization.

Resolve morph-map aliases before every collection restoration use so morph-mapped Eloquent collections follow the same correct path as single models. Add regressions for custom entities, custom collections, relation stripping, and morph-mapped collections.
Capture the verified contracts work unit, its shared validation, view, filesystem, and queue findings, regression coverage, performance assessment, and completed review state.

Mark contracts complete in the framework audit and adopt one branch and pull request per work unit. Keep the ledger decision-focused by matching each work-unit heading to its pull-request title without duplicating repository links or commit history.
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@binaryfire, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 30 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 0656e1ff-36c9-4d99-a4eb-c81594fbecea

📥 Commits

Reviewing files that changed from the base of the PR and between 675fc06 and f7818f2.

📒 Files selected for processing (1)
  • src/database/src/Console/Migrations/MigrateMakeCommand.php
📝 Walkthrough

Walkthrough

The change set adds a coroutine-state audit plan and ledger, tightens public contracts, removes deprecated APIs, corrects event and process naming, hardens filesystem, queue, and validation behavior, and introduces request-scoped view data with supporting tests.

Changes

Framework audit and contract alignment

Layer / File(s) Summary
Audit plan and ledger
AGENTS.md, docs/plans/*
Documents audit scope, lifecycle rules, remediation patterns, findings, validation requirements, and completion workflow.
Public contract typing and documentation
src/contracts/*, src/console/*, src/container/*, src/engine/*, src/foundation/*, src/auth/*, tests/Contracts/*
Adds explicit API types, corrects public names, expands interface documentation, and declares contract package requirements.
Deprecated API removals
src/database/*, src/foundation/*, src/http/*, src/routing/*, tests/Database/*, tests/Foundation/*, tests/Http/*, tests/Routing/*
Removes deprecated database, migration, CSRF, request, and URL aliases and updates replacement guidance and tests.
Event, process, and handshake corrections
src/foundation/src/Events/*, src/server-process/*, src/server/*, src/reverb/*, src/websocket-server/*, tests/Integration/Foundation/*, tests/ServerProcess/*
Adds conditional listener discovery and standardizes process and WebSocket handshake naming.
Filesystem and queue boundaries
src/filesystem/*, src/queue/*, tests/Filesystem/*, tests/Integration/Queue/*, tests/Queue/*
Validates filesystem custom-driver results and restricts model identifier serialization and restoration to Eloquent types.
Validation default isolation
src/validation/*, tests/Validation/*
Clones configured validation rules, validates callback results, resets default state, and tests coroutine isolation.
Request-scoped view data
src/view/*, tests/View/*
Adds coroutine-local shared data, scopes session errors per request, and updates view data merging and rendering tests.

Estimated code review effort: 4 (Complex) | ~60 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main themes: stricter framework contracts and request-scoped state hardening.
Docstring Coverage ✅ Passed Docstring coverage is 99.24% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch audit/contracts-coroutine-state-lifecycle

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented Jul 12, 2026

Copy link
Copy Markdown

Greptile Summary

This PR addresses three categories of shared-state hazards in Hypervel's long-lived Swoole worker model and cleans up deprecated upstream APIs for the 0.4 release. The key architectural fixes are correct, well-tested with concurrent-coroutine regression coverage, and add no new per-request locks or clones beyond what the stated goals require.

  • Session errors isolated per-request: ShareErrorsFromSession now stores errors in a new RequestSharedData coroutine-context overlay via scope() with try/finally restoration, instead of mutating the singleton Factory. Factory::mergeSharedData() composes worker-global → request → per-view data in the right precedence order.
  • Validation defaults cloned on each use: Email, File, and Password default() methods now return clone $prototype (with deep-copy of nested executable rules via the new ClonesCustomRules trait) instead of the raw stored instance; Email::flushState() was also missing the $defaultCallback = null reset, which is fixed here.
  • ModelIdentifier morph-map fix for collections: getClass() resolves morph-map aliases before instantiation, matching the existing single-model path; serialization is narrowed to concrete EloquentCollection/Model since the restoration path only knows how to rebuild Eloquent objects.
  • Contracts package made self-contained, deprecated aliases removed (CSRF, request get(), forceRootUrl, --fullpath), and spelling corrections applied (handshake, isEnabled) across contracts, implementations, events, exceptions, and tests.

Confidence Score: 5/5

Safe to merge. All three architectural changes are correctly bounded to their owning surfaces with no new shared state introduced.

The concurrent-coroutine tests for both view isolation and validation-default isolation prove the fixed behaviors under real interleaving. The morph-map collection fix is covered by a new integration test. Spelling corrections and deprecated API removals are atomic across contracts, implementations, and callers. No incorrect logic, missing cleanup, or unsafe state mutation was found in any changed path.

No files require special attention. The RequestSharedData + ShareErrorsFromSession pair and the three validation-rule default() methods are the highest-impact changes and are covered by parallel-coroutine regression tests.

Important Files Changed

Filename Overview
src/view/src/RequestSharedData.php New class providing per-coroutine request-scoped view data via CoroutineContext; correctly uses try/finally to restore previous state on exception or normal exit
src/view/src/Middleware/ShareErrorsFromSession.php Replaced singleton factory share with RequestSharedData.scope() to isolate session errors per coroutine; correctly wraps $next($request) inside the scope
src/view/src/Factory.php Added mergeSharedData() merging worker-global shared data, request-scoped data, and per-view data; updated getShared() and gatherData() to use the new merge order with correct precedence
src/validation/src/Rules/Concerns/ClonesCustomRules.php New trait providing __clone() to deep-copy nested Rule/InvokableRule/ValidationRule objects in customRules; prevents prototype mutation when configured defaults are cloned before each use
src/validation/src/Rules/Email.php Fixes flushState() to also clear $defaultCallback; default() now clones the stored prototype before returning rather than returning the shared instance; tightened return type to static
src/validation/src/Rules/File.php default() now returns a cloned prototype instead of the stored instance; return type tightened to static; throws instead of silently falling back to new self when callback returns wrong type
src/validation/src/Rules/Password.php default() now clones the prototype before returning; return type tightened to static; throws on wrong callback return type; required()/sometimes() correctly operate on the cloned instance
src/queue/src/SerializesAndRestoresModelIdentifiers.php Narrowed serialization to concrete EloquentCollection and Model; restoreCollection now uses ModelIdentifier.getClass() enabling morph-map resolution for collections
src/contracts/src/Database/ModelIdentifier.php Added getClass() method that resolves morph-map aliases back to full class names; class property now nullable; Boot-only warning added to useMorphMap()
src/filesystem/src/FilesystemManager.php Return types narrowed from mixed to Filesystem throughout; callCustomCreator now validates the returned instance and throws before it can enter the disk cache
src/foundation/src/Events/DiscoverEvents.php Added ShouldBeDiscovered opt-out check after isInstantiable() guard; only skips listeners that explicitly return false
src/auth/src/Access/Gate.php Added Boot-only. docblock warnings to all singleton-mutating methods per AGENTS.md worker-lifetime documentation requirement
src/contracts/composer.json Added explicit PSR dependencies to make the standalone contracts package self-contained without relying on monorepo root
src/view/src/View.php gatherData() now uses factory.mergeSharedData() incorporating request-scoped data with correct precedence (global < request < per-view)

Reviews (2): Last reviewed commit: "Remove a stale migration autoload commen..." | Re-trigger Greptile

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
tests/Validation/ValidationDefaultRuleIsolationTest.php (1)

1-141: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Add cleanup for Password and Email test state. These defaults persist across test methods, so testInvalidCallableResultIsRejected() can leave Password::$defaultCallback pointing at the wrong type and pollute later tests. Add tearDown() to call Password::flushState() and Email::flushState().

♻️ Suggested cleanup
 class ValidationDefaultRuleIsolationTest extends TestCase
 {
+    protected function tearDown(): void
+    {
+        parent::tearDown();
+
+        Password::flushState();
+        Email::flushState();
+    }
+
     public function testConfiguredDefaultsAreClonedBeforeMutation(): void
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/Validation/ValidationDefaultRuleIsolationTest.php` around lines 1 -
141, Add a tearDown() method to ValidationDefaultRuleIsolationTest that calls
Password::flushState() and Email::flushState(), ensuring configured defaults and
callbacks are reset after every test.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/contracts/composer.json`:
- Line 33: Remove the "monolog/monolog" dependency from the contracts package
requirements in composer.json, leaving the existing psr/log dependency and all
other package requirements unchanged.

In `@src/contracts/src/JsonSchema/JsonSchema.php`:
- Around line 8-47: Add hypervel/json-schema as a direct dependency in
src/contracts/composer.json so the JsonSchema contract’s imported and returned
Hypervel\JsonSchema\Types classes are available when the contracts package is
installed independently.

In `@src/database/src/Console/Migrations/MigrateMakeCommand.php`:
- Around line 36-46: Update the stale comment near writeMigration() to remove
the obsolete claim that the framework dumps autoload or registers migrations
through class loaders. Keep the comment aligned with writeMigration()’s actual
behavior: creating the migration file and reporting the result.

---

Outside diff comments:
In `@tests/Validation/ValidationDefaultRuleIsolationTest.php`:
- Around line 1-141: Add a tearDown() method to
ValidationDefaultRuleIsolationTest that calls Password::flushState() and
Email::flushState(), ensuring configured defaults and callbacks are reset after
every test.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 7884f398-2519-4ce1-a260-ac2f6f3c3dab

📥 Commits

Reviewing files that changed from the base of the PR and between e9c038c and 675fc06.

📒 Files selected for processing (106)
  • AGENTS.md
  • docs/ai/package-coroutine-safety-review.md
  • docs/plans/2026-07-12-framework-coroutine-state-lifecycle-audit-ledger.md
  • docs/plans/2026-07-12-framework-coroutine-state-lifecycle-audit.md
  • src/auth/src/Access/Gate.php
  • src/boost/docs/events.md
  • src/console/src/Application.php
  • src/container/src/Container.php
  • src/contracts/README.md
  • src/contracts/composer.json
  • src/contracts/src/Console/Application.php
  • src/contracts/src/Console/Kernel.php
  • src/contracts/src/Container/Container.php
  • src/contracts/src/Database/Eloquent/Castable.php
  • src/contracts/src/Database/Eloquent/CastsAttributes.php
  • src/contracts/src/Database/Eloquent/CastsInboundAttributes.php
  • src/contracts/src/Database/Eloquent/SupportsPartialRelations.php
  • src/contracts/src/Database/ModelIdentifier.php
  • src/contracts/src/Engine/ChannelInterface.php
  • src/contracts/src/Engine/CoroutineInterface.php
  • src/contracts/src/Engine/Http/ClientInterface.php
  • src/contracts/src/Engine/Http/Http.php
  • src/contracts/src/Engine/Http/RawResponseInterface.php
  • src/contracts/src/Engine/Http/ServerFactoryInterface.php
  • src/contracts/src/Engine/Http/ServerInterface.php
  • src/contracts/src/Engine/Http/V2/ClientFactoryInterface.php
  • src/contracts/src/Engine/Http/V2/ClientInterface.php
  • src/contracts/src/Engine/Http/V2/RequestInterface.php
  • src/contracts/src/Engine/Http/V2/ResponseInterface.php
  • src/contracts/src/Engine/Http/Writable.php
  • src/contracts/src/Engine/SignalInterface.php
  • src/contracts/src/Engine/Socket/SocketFactoryInterface.php
  • src/contracts/src/Engine/Socket/SocketOptionInterface.php
  • src/contracts/src/Engine/SocketInterface.php
  • src/contracts/src/Engine/WebSocket/FrameInterface.php
  • src/contracts/src/Engine/WebSocket/ResponseInterface.php
  • src/contracts/src/Engine/WebSocket/WebSocketInterface.php
  • src/contracts/src/Events/ShouldBeDiscovered.php
  • src/contracts/src/Filesystem/Factory.php
  • src/contracts/src/Foundation/Application.php
  • src/contracts/src/JsonSchema/JsonSchema.php
  • src/contracts/src/Server/OnHandshakeInterface.php
  • src/contracts/src/ServerProcess/ProcessInterface.php
  • src/contracts/src/Support/HasOnceHash.php
  • src/contracts/src/Validation/ValidatesWhenResolved.php
  • src/database/README.md
  • src/database/src/Console/DatabaseInspectionCommand.php
  • src/database/src/Console/Migrations/MigrateMakeCommand.php
  • src/engine/src/Coroutine.php
  • src/filesystem/src/FilesystemManager.php
  • src/foundation/README.md
  • src/foundation/src/Application.php
  • src/foundation/src/Configuration/Middleware.php
  • src/foundation/src/Console/Kernel.php
  • src/foundation/src/Events/DiscoverEvents.php
  • src/http/README.md
  • src/http/src/Request.php
  • src/queue/src/SerializesAndRestoresModelIdentifiers.php
  • src/reverb/src/ReverbServiceProvider.php
  • src/routing/README.md
  • src/routing/src/UrlGenerator.php
  • src/server-process/src/AbstractProcess.php
  • src/server-process/src/Listeners/BootProcessListener.php
  • src/server/src/Event.php
  • src/validation/src/Rules/Concerns/ClonesCustomRules.php
  • src/validation/src/Rules/Email.php
  • src/validation/src/Rules/File.php
  • src/validation/src/Rules/Password.php
  • src/view/src/Concerns/ManagesEvents.php
  • src/view/src/Factory.php
  • src/view/src/Middleware/ShareErrorsFromSession.php
  • src/view/src/RequestSharedData.php
  • src/view/src/View.php
  • src/websocket-server/src/Exceptions/WebSocketHandshakeException.php
  • src/websocket-server/src/HandshakeHandler.php
  • src/websocket-server/src/Server.php
  • tests/Console/ConsoleApplicationResolveTest.php
  • tests/Contracts/Database/ModelIdentifierTest.php
  • tests/Contracts/PackageMetadataTest.php
  • tests/Contracts/Telescope/TelescopeTagTest.php
  • tests/Database/DatabaseEloquentModelTest.php
  • tests/Database/DatabaseMigrationMakeCommandTest.php
  • tests/Database/EloquentModelCustomCastingTest.php
  • tests/Database/Fixtures/TestCast.php
  • tests/Engine/CoroutineNonCoroutineTest.php
  • tests/Engine/CoroutineTest.php
  • tests/Filesystem/FilesystemManagerTest.php
  • tests/Foundation/Configuration/MiddlewareTest.php
  • tests/Foundation/Http/Middleware/ConvertEmptyStringsToNullTest.php
  • tests/Foundation/Http/Middleware/TransformsRequestTest.php
  • tests/Foundation/Http/Middleware/TrimStringsTest.php
  • tests/Http/HttpRequestTest.php
  • tests/Integration/Database/MariaDb/EloquentCastTest.php
  • tests/Integration/Database/MySql/EloquentCastTest.php
  • tests/Integration/Foundation/DiscoverEventsTest.php
  • tests/Integration/Foundation/Fixtures/EventDiscovery/ShouldBeDiscoveredListeners/RegisteredListener.php
  • tests/Integration/Foundation/Fixtures/EventDiscovery/ShouldBeDiscoveredListeners/SkippedListener.php
  • tests/Integration/Queue/ModelSerializationTest.php
  • tests/Queue/SerializesModelsTest.php
  • tests/Routing/RoutingUrlGeneratorTest.php
  • tests/ServerProcess/AbstractProcessTest.php
  • tests/ServerProcess/BootProcessListenerTest.php
  • tests/Validation/ValidationDefaultRuleIsolationTest.php
  • tests/Validation/ValidationPasswordRuleTest.php
  • tests/View/RequestSharedDataTest.php
  • tests/View/ViewTest.php
💤 Files with no reviewable changes (1)
  • docs/ai/package-coroutine-safety-review.md

Comment thread src/contracts/composer.json
Comment thread src/contracts/src/JsonSchema/JsonSchema.php
Comment thread src/database/src/Console/Migrations/MigrateMakeCommand.php
Migration creation no longer invokes Composer or dumps autoload files, but the surrounding comment still described that removed behavior.

Delete the obsolete comment instead of replacing it with narration of the self-explanatory writeMigration call.
@binaryfire

Copy link
Copy Markdown
Collaborator Author

@coderabbitai Thanks for the review. I traced all four findings through the split-package graph and the test lifecycle.

One change was required: f7818f2 removes the stale migration comment that still claimed make:migration dumps Composer autoload files. The command no longer owns Composer or performs that work, and the remaining call is self-explanatory.

The other three findings are intentionally unchanged:

  • monolog/monolog is a real contracts dependency because ContextLogProcessor directly extends Monolog's ProcessorInterface. psr/log does not provide that parent interface.
  • hypervel/json-schema already depends on hypervel/contracts. Adding the reverse requirement would create a hard cycle. PHP resolves the referenced return types lazily, and Laravel uses the same non-cyclic package arrangement.
  • ValidationDefaultRuleIsolationTest does not need local teardown. The globally registered AfterEachTestSubscriber runs after every test method and explicitly flushes Email, File, and Password state. Adding another teardown would duplicate the suite's authoritative cleanup path.

The focused migration command test passes, the diff check is clean, and the follow-up has completed review.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Tip

For best results, initiate chat on the files or code changes.

#!/bin/bash cd /tmp && rm -rf repo && git clone --depth 200 https://github.com/hypervel/components.git repo 2>&1 | tail -5 cd repo git log --oneline -10 431 2>/dev/null || true git fetch origin pull/431/head:pr431 2>&1 | tail -5 git checkout pr431 2>&1 | tail -5 git log --oneline -15

@binaryfire binaryfire merged commit 831cbf4 into 0.4 Jul 12, 2026
34 of 36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant