Cleared & Cleaned

Added

• CliWriter service for centralized CLI output formatting:
  • Colored output methods: success(), error(), warning(), info()
  • Inline color helpers: green(), blue(), bold()
  • Progress bar with credits display
  • Menu item rendering for interactive selection
  • Result line with severity icons
• New exceptions for better error handling:
  • CliException with exit code support
  • CouldNotPreparePayloadException for payload preparation failures
  • CurlResponseException for API response errors
  • RuleNotAppliedException for rule selection errors
  • NoChildrenException for class hierarchy queries
• AbstractPreparer base class for payload preparers with shared logic
• Rule mapping via MAPPED_RULES constant for proxy configuration rules
• phpcs.xml configuration for PSR-12 code style enforcement
• Required PHP extensions declared in composer.json: ext-curl, ext-libxml, ext-simplexml
• Codecov token authentication in GitHub Actions workflow

Changed

• FixApply command completely refactored:
  • Extracted into smaller focused methods
  • Uses CliWriter for all output
  • Proper exception handling instead of exit codes
  • Better separation of concerns
• UseOfObjectManager processor improved detection:
  • Now correctly identifies useless imports vs actual usage
  • Won't false-positive on unrelated ->get() or ->create() calls
  • Uses class constants for ObjectManager patterns
  • Leverages Classes utility for constructor analysis
• SpecificClassInjection processor simplified:
  • Consolidated 7 result arrays into resultsByCategory with RULE_CONFIGS
  • Single addViolation() method replaces multiple add methods
  • Uses CliWriter::resultLine() for output
• Payload preparers now extend AbstractPreparer:
  • GeneralPreparer and DiPreparer share common logic
  • Throws typed exceptions instead of RuntimeException
• UnusedModules processor improved config.php detection:
  • Now traverses up from scan path until config.php is found
  • Removed hardcoded relative path guessing
• Auth command simplified option parsing using Args utility
• Args utility refactored with parseLongOption() and parseShortFlags() methods
• Exit code now respects exception code via $e->getCode() ?: 1
• All processors updated for PSR-12 compliance (line length ≤150)

Removed

• credits command (unused, stub only)
• fix-plan command (unused, stub only)
• Redundant checks like hasChildren() and getChildren() in SpecificClassInjection (uses Classes::getChildren())
• Removed implicit EnvAuthException throw when credentials are empty

Fixed

• ObjectManager useless import detection no longer triggers API fix attempts
• PSR-12 violations across all source files
• Missing newlines at end of files

Full Changelog: v0.1.2...v0.2.0

v0.1.2

Added

• Version compatibility system for CLI-Middleware communication:
  • New Version class with VERSION and HASH constants
  • --version / -v CLI flag to display version information
  • X-CLI-Version and X-CLI-Hash headers sent with all API requests
  • UpgradeRequiredException for handling HTTP 426 (Upgrade Required) responses
• Automated release workflow:
  • GitHub Actions builds PHAR with embedded version and SHA-512 hash
  • Webhook notification to middleware for version registration
  • Automatic GitHub Release creation with PHAR artifact
  • Docker image tagging with version numbers

Changed

• Dockerfile simplified: Now uses PHAR distribution instead of copying source files
• Removed unused imports and variables across multiple files
• FixApply refactored to use instance property for error tracking

Removed

• Deleted src/Core/Scan/Util/Fixable.php (unused)
• Removed metadata section from box.json

Full Changelog: v0.1.1...v0.1.2

Better CI/CD

Added

• Version compatibility system for CLI-Middleware communication:
  • New Version class with VERSION and HASH constants
  • --version / -v CLI flag to display version information
  • X-CLI-Version and X-CLI-Hash headers sent with all API requests
  • UpgradeRequiredException for handling HTTP 426 (Upgrade Required) responses
• Automated release workflow:
  • GitHub Actions builds PHAR with embedded version and SHA-512 hash
  • Webhook notification to middleware for version registration
  • Automatic GitHub Release creation with PHAR artifact
  • Docker image tagging with version numbers

Changed

• Dockerfile simplified: Now uses PHAR distribution instead of copying source files
• Removed unused imports and variables across multiple files
• FixApply refactored to use instance property for error tracking

Removed

• Deleted src/Core/Scan/Util/Fixable.php (unused)
• Removed metadata section from box.json

Full Changelog: v0.1.0...v0.1.1

Full Changelog: v0.1.0...v0.1.1

Full Changelog: v0.1.0...v0.1.1

Full Changelog: v0.1.0...v0.1.1

The Integration Release

Added

• GitHub repository templates:
  • Bug report and feature request issue templates (YAML forms)
  • Pull request template
  • Issue template chooser with contact links
  • Dependabot configuration for Composer and GitHub Actions
• Code coverage with Codecov integration in CI workflow
• CI/CD documentation for multiple platforms:
  • GitHub Actions, GitLab CI, Azure DevOps
  • Jenkins, CircleCI, Travis CI, Bitbucket Pipelines
• MIT License file
• CI/CD environment detection for API requests:
  • New CiEnvironmentDetector service detects 7 CI providers
  • X-CI-Provider and X-CI-Identity headers sent with API requests
  • Supports GitHub Actions, GitLab CI, Azure DevOps, CircleCI, Jenkins, Travis CI, Bitbucket Pipelines
• Interactive --fix-by-rule mode for fix-apply command:
  • Select which rule to fix via interactive menu
  • Patches organized into rule-specific subdirectories (patches/{ruleId}/...)
  • Sequenced filenames for multiple patches per file (File-2.patch, File-3.patch)
  • Relative path preservation in patch output structure
• ClassToProxy service with 220+ heavy Magento classes:
  • Shared detection between ProxyForHeavyClasses and SpecificClassInjection processors
  • Includes repositories, resource connections, config readers, session handlers, etc.
• New ignored patterns in SpecificClassInjection:
  • Classes ending with Provider or Resolver
  • All Magento\Framework classes
  • Catalog visibility/status classes, sales order config, store manager, etc.
• New Filenames::getRelativePath() and Filenames::getSequencedPath() utility methods
• Integration test suite in phpunit.xml
• Tests for ClassToProxy integration in SpecificClassInjectionTest

Changed

• SpecificClassInjection now skips CLI commands (Symfony Console) entirely
• ProxyForHeavyClasses uses ClassToProxy service instead of hardcoded list
• PreparerInterface::prepareFiles() now accepts optional $selectedRule parameter
• Removed Collection and ResourceModel from pattern-based heavy class detection (now uses explicit list)

Fixed

• Reduced false positives in SpecificClassInjection for legitimate Magento patterns
• Removed redundant isRegistry() and isFileSystem() checks (covered by ClassToProxy)

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

What's Changed

• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #1

New Contributors

• @dependabot[bot] made their first contribution in #1

Full Changelog: V0.1.0...v0.1.0

Progress & Polish

Added

• Colorful scan output with severity indicators (red for errors, yellow for warnings, blue for info)
• Visual header with processor names in cyan for better readability
• Class hierarchy detection in SpecificClassInjection processor
• New rules for classes with children requiring manual fix:
  • collectionWithChildrenMustUseFactory
  • repositoryWithChildrenMustUseInterface
• ExternalToolMapping for issues fixable by external tools (php-cs-fixer suggestions)
• Progress bar in FixApply command
• Echo output for all processor rules showing issue counts
• New PreparerInterface with GeneralPreparer and DiPreparer for payload preparation
• Dedicated Logger service for error and debug logging
• Filenames utility class for path sanitization
• Multi-file fix support via Api::requestMultiFilefix() for cross-file issues

Changed

• Scanner output now displays processor names instead of identifiers
• Improved FixApply command with file-by-file processing
• Refactored FixApply to use class properties for better state management
• Extracted payload preparation logic into dedicated preparer classes
• Simplified progress bar rendering using class properties

Fixed

• Helpers processor echo statements moved from getReport() to process() for consistency

Processors Update

Added

New Processors (12)

Dependency Injection & Architecture:

• Preferences - Multiple preferences detection
• ProxyForHeavyClasses - Heavy class proxy validation

Code Quality:

• HardWrittenSQL - Raw SQL detection
• SpecificClassInjection - Concrete class injection detection
• UseOfRegistry - Deprecated Registry usage
• UseOfObjectManager - Direct ObjectManager usage
• PaymentInterfaceUseAudit - Deprecated payment method detection

Template & View Layer:

• Cacheable - Non-cacheable block detection
• AdvancedBlockVsViewModel - Template anti-patterns
• Helpers - Deprecated Helper patterns

Architecture:

• BlockViewModelRatio - Block vs ViewModel analysis
• UnusedModules - Disabled modules detection

Documentation

• Complete processor documentation in tests/fixtures/README.md
• Updated README with full processor list
• Release notes and changelog
• Migration documentation

Testing

• 50+ test fixtures covering all processors
• Good and bad examples for each processor
• Ready-to-run test suite

Changed

• README now lists all 16 available processors with descriptions
• box.json now includes all new processor files
• Updated project documentation to reflect completion status

Technical Details

• All processors use static analysis only (no runtime required)
• SARIF-compatible output for GitHub Code Scanning
• Zero breaking changes from 1.x
• 42 files total in PHAR (165KB)

Improve verbosity, add git to container and patch name

v0.0.6

add patch name as option

API Connector

Full Changelog: v0.0.4...v0.0.5

Update SARIF reporter

v0.0.4

consolidate sarif results

add severity on sarif reports

v0.0.3

update sarif severity