Fix ltrim

fix ltrim

Full Changelog: v0.6.0...v0.6.1

Fix False Positives

Added

• Content-Security-Policy meta tag in HTML reports — restricts scripts, styles, and external resources to prevent XSS in report files
• New legitimate suffixes in SpecificClassInjection: Pool, Logger, and Config suffixes are no longer flagged as concrete class injections
• Expanded Classes::BASIC_TYPES — now includes object, callable, iterable, void, never, self, static, parent, true, false, PHP standard classes (DateTime, DateTimeImmutable, Closure, stdClass, JsonSerializable), and exception types (Throwable, Exception, RuntimeException)
• New tests for SpecificClassInjection: Pool/Logger/Config suffix handling, PHP standard class detection, nullable basic type handling

Fixed

• HtmlReporter: Added ENT_SUBSTITUTE flag to all htmlspecialchars() calls — prevents silent data loss on malformed UTF-8 sequences in file paths and messages
• Classes utility: Nullable type hints (e.g. ?int, ?string) are now properly stripped before basic-type checking, preventing false positives in constructor analysis

Changed

• Release workflow fixes (v0.5.1)

Full Changelog: v0.5.1...v0.6.0

v0.5.1

Full Changelog: v0.5.0...v0.5.1

Works & Flows

Changed

• Release workflow: Replaced Notify middleware webhook step with version-aligned deployment — CLI release now checks middleware readiness and triggers symlink switch via deploy webhook before publishing, ensuring CLI and middleware versions are always in sync

Fixed

• UseOfObjectManager: Metadata now distinguishes get vs create calls — injections values changed from $propertyName to ['property' => $propertyName, 'method' => 'get'|'create'] so the middleware fixer can inject a Factory for create() calls instead of always generating singleton DI
• SpecificClassInjection: Removed str_contains($className, 'Model') guard that prevented collection, repository, resource model, and API interface detection when the containing class was outside a Model namespace (e.g., controllers, services, helpers)
• SpecificClassInjection: Collection check now inspects the injected parameter class instead of the containing class, fixing misclassification of collections as resource models
• SpecificClassInjection: Added $shouldCheckModel cascade to prevent double-detection (collections/repositories in ResourceModel namespace no longer also flagged as resource model injections)
• SpecificClassInjection: Legitimate resource model injections (in repositories, in other resource models) no longer fall through to the generic specificClassInjection rule

Full Changelog: v0.4.0...v0.5.0

Qualified Simplification

Added

• 3 new processors (19 total):
  • CollectionInLoop: Detects N+1 query patterns (model/repository loading inside loops)
  • CountOnCollection: Detects count() on collections instead of getSize() -> fixable with middleware
  • DiAreaScope: Detects plugins/preferences in global di.xml targeting area-specific classes
• 6 new utility classes for shared logic across processors:
  • DiScope: DI scope detection, XML loading, and class area detection
  • Types: Type checking helpers (isCollectionType, isRepository, isResourceModel, hasApiInterface, etc.)
  • Modules: Module extraction, file grouping, and di.xml lookup
  • Functions: Function content extraction and brace block parsing
  • Xml: Safe XML loading with libxml error suppression
  • Extended Classes with findClassDeclarationLine, isFactoryClass, isCommandClass, derivePropertyName
  • Extended Content with removeComments, findApproximateLine
• Console Command tests (ScanTest, FixApplyTest, AuthTest, ActivateSelfSignedTest)
• Unit tests for all new processors and utilities (CollectionInLoop, CountOnCollection, DiAreaScope, DiScope, Types, Modules, Functions, Classes)
• Expanded tests for existing processors (Helpers, NoProxyInCommands, Preferences, ProxyForHeavyClasses, SpecificClassInjection, UseOfObjectManager, UseOfRegistry)

Changed

• Preferences processor now scope-aware: duplicate preferences in different scopes (e.g., frontend/di.xml vs adminhtml/di.xml) are no longer flagged as conflicts
• Refactored 10 processors to use shared utility classes instead of inline logic (Types, Modules, Content, Functions, Classes)
• Moved support classes from src/Support/ to src/Service/ (Env, Paths, ProjectIdentifier)
• Constructor injection in all Console Commands (Scan, FixApply) replacing static instantiation — enables mocking in tests
• Scanner now uses injected dependency instead of hardcoded Api instantiation
• Code coverage increased from 77% to 92.82% (2521/2716 lines), 750 tests
• Excluded untestable infrastructure files from coverage (Api.php, Env.php, Auth.php)
• Psalm 5 static analysis integrated:
  • Fixed redundant casts, missing return paths, dead code, docblock mismatches
  • Configured psalm.xml with issue handlers for auto-discovered classes and runtime constants
• Developer Guide documentation:
  • Writing Processors — architecture, step-by-step guide, best practices, testing
  • Utilities Reference — all 8 utility classes with method signatures and examples

Fixed

• AuthTest no longer writes test credentials to real config directory (uses temp XDG_CONFIG_HOME)

Removed

• src/Support/ namespace (replaced by src/Service/)

What's Changed

• Bump actions/upload-pages-artifact from 3 to 4 by @dependabot[bot] in #2

Full Changelog: v0.3.0...v0.4.0

Reports & Docs

Added

• HTML report format (--format=html):
  • Self-contained single-file dashboard with inline CSS
  • Color-coded summary cards (Total, Errors, Warnings, Notes)
  • Collapsible rule sections with severity badges and file tables
  • Interactive filtering: click any summary card to filter rules by severity
  • Print-to-PDF support with @media print styles (4 cards on one row, all rules expanded)
• GitHub Pages documentation site:
  • Custom layout with responsive navigation and mobile hamburger menu
  • Dark teal (#142d37) header/footer matching report branding
  • Deployed via deploy-docs.yml GitHub Actions workflow
  • "Buy Fixer Credits" CTA link in navigation
• 17 new unit test files covering Args, Filenames, HtmlReporter, ExternalToolMapping, Scanner, ClassToProxy, CliWriter, Paths, Version, and multiple processors (AroundPlugins, AdvancedBlockVsViewModel, PaymentInterfaceUseAudit, SpecificClassInjection, Classes, Content, Formater, Functions)

Changed

• SpecificClassInjection processor refactored: inlined private methods (addGenericClassWarning, addModelWithInterfaceError, addResourceModelError, guessInterfaceName, printResults), reduced duplicate Classes::getChildren() calls per parameter
• Documentation overhaul across 16 files:
  • Added summary table to processors.md with all 16 rules at a glance
  • Added table of contents to cli-usage.md, request-pr.md, github-actions.md, and fixtures README
  • Fixed exit code capture bug in all 7 CI/CD platform docs (EXIT_CODE=$? replaced with || EXIT_CODE=$? pattern for set -e compatibility)
  • Fixed upload-sarif action version inconsistency (standardized to @v4)
  • Replaced 45-line paid PR workflow YAML in README with concise summary + link
  • Reorganized fixtures README from session-based to category-based headings
  • Added breadcrumb navigation to all CI/CD platform docs
  • Removed broken Jenkins "Fail on Errors" example (kept correct returnStatus approach)
  • Fixed PR template markdown formatting

Fixed

• Improved ObjectManager detection for fixing (better identification of actual usages vs imports)
• Fixed class name comparison in UseOfRegistry and SpecificClassInjection processors (leading backslash normalization)

Full Changelog: v0.2.0...v0.3.0

Cleared & Cleaned

Added

• CliWriter service for centralized CLI output formatting:
  • Colored output methods: success(), error(), warning(), info()
  • Inline color helpers: green(), blue(), bold()
  • Progress bar with credits display
  • Menu item rendering for interactive selection
  • Result line with severity icons
• New exceptions for better error handling:
  • CliException with exit code support
  • CouldNotPreparePayloadException for payload preparation failures
  • CurlResponseException for API response errors
  • RuleNotAppliedException for rule selection errors
  • NoChildrenException for class hierarchy queries
• AbstractPreparer base class for payload preparers with shared logic
• Rule mapping via MAPPED_RULES constant for proxy configuration rules
• phpcs.xml configuration for PSR-12 code style enforcement
• Required PHP extensions declared in composer.json: ext-curl, ext-libxml, ext-simplexml
• Codecov token authentication in GitHub Actions workflow

Changed

• FixApply command completely refactored:
  • Extracted into smaller focused methods
  • Uses CliWriter for all output
  • Proper exception handling instead of exit codes
  • Better separation of concerns
• UseOfObjectManager processor improved detection:
  • Now correctly identifies useless imports vs actual usage
  • Won't false-positive on unrelated ->get() or ->create() calls
  • Uses class constants for ObjectManager patterns
  • Leverages Classes utility for constructor analysis
• SpecificClassInjection processor simplified:
  • Consolidated 7 result arrays into resultsByCategory with RULE_CONFIGS
  • Single addViolation() method replaces multiple add methods
  • Uses CliWriter::resultLine() for output
• Payload preparers now extend AbstractPreparer:
  • GeneralPreparer and DiPreparer share common logic
  • Throws typed exceptions instead of RuntimeException
• UnusedModules processor improved config.php detection:
  • Now traverses up from scan path until config.php is found
  • Removed hardcoded relative path guessing
• Auth command simplified option parsing using Args utility
• Args utility refactored with parseLongOption() and parseShortFlags() methods
• Exit code now respects exception code via $e->getCode() ?: 1
• All processors updated for PSR-12 compliance (line length ≤150)

Removed

• credits command (unused, stub only)
• fix-plan command (unused, stub only)
• Redundant checks like hasChildren() and getChildren() in SpecificClassInjection (uses Classes::getChildren())
• Removed implicit EnvAuthException throw when credentials are empty

Fixed

• ObjectManager useless import detection no longer triggers API fix attempts
• PSR-12 violations across all source files
• Missing newlines at end of files

Full Changelog: v0.1.2...v0.2.0

v0.1.2

Added

• Version compatibility system for CLI-Middleware communication:
  • New Version class with VERSION and HASH constants
  • --version / -v CLI flag to display version information
  • X-CLI-Version and X-CLI-Hash headers sent with all API requests
  • UpgradeRequiredException for handling HTTP 426 (Upgrade Required) responses
• Automated release workflow:
  • GitHub Actions builds PHAR with embedded version and SHA-512 hash
  • Webhook notification to middleware for version registration
  • Automatic GitHub Release creation with PHAR artifact
  • Docker image tagging with version numbers

Changed

• Dockerfile simplified: Now uses PHAR distribution instead of copying source files
• Removed unused imports and variables across multiple files
• FixApply refactored to use instance property for error tracking

Removed

• Deleted src/Core/Scan/Util/Fixable.php (unused)
• Removed metadata section from box.json

Full Changelog: v0.1.1...v0.1.2

Better CI/CD

Added

• Version compatibility system for CLI-Middleware communication:
  • New Version class with VERSION and HASH constants
  • --version / -v CLI flag to display version information
  • X-CLI-Version and X-CLI-Hash headers sent with all API requests
  • UpgradeRequiredException for handling HTTP 426 (Upgrade Required) responses
• Automated release workflow:
  • GitHub Actions builds PHAR with embedded version and SHA-512 hash
  • Webhook notification to middleware for version registration
  • Automatic GitHub Release creation with PHAR artifact
  • Docker image tagging with version numbers

Changed

• Dockerfile simplified: Now uses PHAR distribution instead of copying source files
• Removed unused imports and variables across multiple files
• FixApply refactored to use instance property for error tracking

Removed

• Deleted src/Core/Scan/Util/Fixable.php (unused)
• Removed metadata section from box.json

Full Changelog: v0.1.0...v0.1.1

Full Changelog: v0.1.0...v0.1.1

Full Changelog: v0.1.0...v0.1.1

Full Changelog: v0.1.0...v0.1.1

The Integration Release

Added

• GitHub repository templates:
  • Bug report and feature request issue templates (YAML forms)
  • Pull request template
  • Issue template chooser with contact links
  • Dependabot configuration for Composer and GitHub Actions
• Code coverage with Codecov integration in CI workflow
• CI/CD documentation for multiple platforms:
  • GitHub Actions, GitLab CI, Azure DevOps
  • Jenkins, CircleCI, Travis CI, Bitbucket Pipelines
• MIT License file
• CI/CD environment detection for API requests:
  • New CiEnvironmentDetector service detects 7 CI providers
  • X-CI-Provider and X-CI-Identity headers sent with API requests
  • Supports GitHub Actions, GitLab CI, Azure DevOps, CircleCI, Jenkins, Travis CI, Bitbucket Pipelines
• Interactive --fix-by-rule mode for fix-apply command:
  • Select which rule to fix via interactive menu
  • Patches organized into rule-specific subdirectories (patches/{ruleId}/...)
  • Sequenced filenames for multiple patches per file (File-2.patch, File-3.patch)
  • Relative path preservation in patch output structure
• ClassToProxy service with 220+ heavy Magento classes:
  • Shared detection between ProxyForHeavyClasses and SpecificClassInjection processors
  • Includes repositories, resource connections, config readers, session handlers, etc.
• New ignored patterns in SpecificClassInjection:
  • Classes ending with Provider or Resolver
  • All Magento\Framework classes
  • Catalog visibility/status classes, sales order config, store manager, etc.
• New Filenames::getRelativePath() and Filenames::getSequencedPath() utility methods
• Integration test suite in phpunit.xml
• Tests for ClassToProxy integration in SpecificClassInjectionTest

Changed

• SpecificClassInjection now skips CLI commands (Symfony Console) entirely
• ProxyForHeavyClasses uses ClassToProxy service instead of hardcoded list
• PreparerInterface::prepareFiles() now accepts optional $selectedRule parameter
• Removed Collection and ResourceModel from pattern-based heavy class detection (now uses explicit list)

Fixed

• Reduced false positives in SpecificClassInjection for legitimate Magento patterns
• Removed redundant isRegistry() and isFileSystem() checks (covered by ClassToProxy)

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0