Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
b3623e1
Add AGENTS.md and testbench.yaml for development environment setup
cursoragent Feb 27, 2026
9fdb503
Add orchestra/testbench dev dependency for running tests
cursoragent Feb 27, 2026
e8426a3
Fix 4 critical bugs in WardenAuditCommand and AuditCacheService
cursoragent Feb 27, 2026
2c09a16
Fix UX issues in audit output and schedule command
cursoragent Feb 27, 2026
09f0281
Code quality: extract CustomAuditWrapper, remove dead code, clean config
cursoragent Feb 27, 2026
67b3c09
Fix tests, add phpunit.xml, CI workflow, and DI improvements
cursoragent Feb 27, 2026
59855e4
Rename ParallelAuditExecutor to AuditExecutor, extract severity trait
cursoragent Feb 27, 2026
59d1172
Update AGENTS.md with current project state
cursoragent Feb 27, 2026
ad0be2c
Keep --silent backward compatible alongside --no-notify
cursoragent Feb 27, 2026
9f5b4c0
Replace spinner with per-audit progress reporting
cursoragent Feb 27, 2026
bdd9793
Fix PHPStan analysis issues
cursoragent Feb 27, 2026
7400f62
Merge branch 'cursor/development-environment-setup-8bf3' into cursor/…
dgtlss Feb 27, 2026
8eeea1f
Merge pull request #21 from dgtlss/cursor/phpstan-analysis-issues-f0b8
dgtlss Feb 27, 2026
17d353e
fix: resolve PHPStan analysis issues
cursoragent Feb 27, 2026
b479bb7
Merge pull request #22 from dgtlss/cursor/phpstan-analysis-issues-6efe
dgtlss Feb 27, 2026
3ef29cc
Update tests.yml
dgtlss Feb 27, 2026
8dd0680
docs(AGENTS): hyphenate Cloud-specific, add comma, document Laravel 1…
cursoragent Feb 27, 2026
7d755ac
style: add blank line after trait use (NewlineBetweenClassLikeStmtsRe…
cursoragent Feb 27, 2026
78d60c0
fix: populate AuditExecutor results, add AuditServiceInterface, fix C…
cursoragent Feb 27, 2026
f5d25cb
refactor(AuditCacheService): move AUDIT_NAMES to class top with sync …
cursoragent Feb 27, 2026
2bd3746
fix(WardenAuditCommand): handleAbandonedPackages only on human output…
cursoragent Feb 27, 2026
dc1bb6c
fix(WardenServiceProvider): use --no-notify, remove unused binding param
cursoragent Feb 27, 2026
496e314
ci: add Composer cache step to speed dependency install
cursoragent Feb 27, 2026
e7e5d69
style: apply Rector (SimplifyIfReturnBool, NewlineAfterStatement, Ren…
cursoragent Feb 27, 2026
7befb1c
Merge pull request #23 from dgtlss/cursor/warden-code-refinements-b113
dgtlss Feb 27, 2026
268251b
docs(readme): update structure, add command reference, document --no-…
cursoragent Feb 27, 2026
0065fd8
Merge pull request #24 from dgtlss/cursor/readme-documentation-struct…
dgtlss Feb 27, 2026
a9d7042
Add Snyk rules and improve audit command
nlangerdevtbg Feb 27, 2026
fa625c3
Do not suppress notifications on old Console
nlangerdevtbg Feb 27, 2026
4c24d3c
PHPStan issue resolutions
nlangerdevtbg Feb 27, 2026
23852e8
bump version to 1.5.0
nlangerdevtbg Feb 27, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .cursor/rules/snyk_rules.mdc
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
alwaysApply: true
always_on: true
trigger: always_on
applyTo: "**"
description: Snyk Security At Inception
---

# Project security best practices

- Always run snyk_code_scan tool for new first party code that is generated in a Snyk-supported language.
- If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from Snyk.
- Rescan the code after fixing the issues to ensure that the issues were fixed and that there are no newly introduced issues.
- Repeat this process until no new issues are found.
37 changes: 0 additions & 37 deletions .github/workflows/phpstan.yml

This file was deleted.

44 changes: 44 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Tests

on:
push:
branches: [ main, master ]
pull_request:
branches: [ main, master ]

jobs:
tests:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
php: ['8.4']

name: PHP ${{ matrix.php }}

steps:
- name: Checkout code
uses: actions/checkout@v4
Comment thread
dgtlss marked this conversation as resolved.

- name: Set up PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
tools: composer
coverage: none

- name: Cache Composer dependencies
uses: actions/cache@v4
with:
path: ~/.composer/cache
key: composer-${{ matrix.php }}-${{ hashFiles('composer.lock') }}
restore-keys: composer-${{ matrix.php }}-

- name: Install dependencies
run: composer install --no-interaction --no-progress

- name: Run PHPStan
run: vendor/bin/phpstan analyse --memory-limit=2G

- name: Run tests
run: vendor/bin/phpunit tests/
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
.phpunit.cache
/vendor
.idea
.idea
# Snyk Security Extension - AI Rules (auto-generated)
.windsurf/rules/snyk_rules.md
/coverage-html
3 changes: 3 additions & 0 deletions .vscode/settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"snyk.advanced.autoSelectOrganization": true
}
29 changes: 29 additions & 0 deletions AGENTS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# AGENTS.md

## Cursor Cloud-specific instructions

### Project overview

Warden is a Laravel security audit **package** (library), not a standalone application. It is tested using Orchestra Testbench, which bootstraps a minimal Laravel environment in-memory.

### Prerequisites (installed in VM snapshot)

- PHP 8.4 (from `ppa:ondrej/php`; extensions: cli, mbstring, xml, curl, zip, sqlite3)
- Composer 2.x (installed to `/usr/local/bin/composer`)

### Key commands

| Task | Command |
|---|---|
| Install dependencies | `composer install --no-interaction` |
| Static analysis (lint) | `composer phpstan` or `vendor/bin/phpstan analyse --memory-limit=2G` |
| Run tests | `vendor/bin/phpunit tests/` |
| Code quality (dry-run) | `vendor/bin/rector process --dry-run` |
| Run package commands | `vendor/bin/testbench warden:audit` / `vendor/bin/testbench warden:syntax` |

### Gotchas

- **Tests target Laravel 12+**: The package supports Laravel 7–12, but `orchestra/testbench ^10.9` pins the test suite to Laravel 12+; CI runs against the latest supported Laravel.
- **PHPStan with full framework**: When `orchestra/testbench` is installed (which brings in `laravel/framework`), PHPStan may report additional errors due to full type information replacing stubs. The CI workflow installs testbench, so check PHPStan passes with `composer phpstan`.
- **testbench.yaml**: Registers `WardenServiceProvider` so `vendor/bin/testbench` can run the package's artisan commands (e.g., `warden:audit`).
- **Test app**: To test the package inside a real Laravel app, create one in `/tmp`: `cd /tmp && composer create-project laravel/laravel warden-test-app` then `cd warden-test-app && composer config repositories.warden path /workspace && composer require dgtlss/warden:* --dev`.
5 changes: 3 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "dgtlss/warden",
"description": "A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email",
"keywords": ["laravel", "composer", "security", "vulnerabilities", "audits", "notifications", "CVE"],
"version": "1.4.1",
"version": "1.5.0",
"license": "MIT",
"autoload": {
"psr-4": {
Expand Down Expand Up @@ -34,7 +34,8 @@
"require-dev": {
"phpstan/phpstan": "^2.1",
"rector/rector": "^2.2",
"larastan/larastan": "^3.0"
"larastan/larastan": "^3.0",
"orchestra/testbench": "^10.9"
Comment thread
dgtlss marked this conversation as resolved.
},
"scripts": {
"phpstan": "vendor/bin/phpstan analyse --memory-limit=2G"
Expand Down
Loading