From ed366bddbb9b23ae532800397da4a120e98c0b00 Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Tue, 10 Mar 2026 21:10:26 -0700 Subject: [PATCH] feat: add php rule pack --- .cursor/rules/php-coding-style.md | 25 ++++++++++++++++++++++ .cursor/rules/php-hooks.md | 21 +++++++++++++++++++ .cursor/rules/php-patterns.md | 23 ++++++++++++++++++++ .cursor/rules/php-security.md | 24 +++++++++++++++++++++ .cursor/rules/php-testing.md | 26 +++++++++++++++++++++++ README.md | 17 ++++++++------- rules/README.md | 8 +++---- rules/php/coding-style.md | 35 +++++++++++++++++++++++++++++++ rules/php/hooks.md | 24 +++++++++++++++++++++ rules/php/patterns.md | 32 ++++++++++++++++++++++++++++ rules/php/security.md | 33 +++++++++++++++++++++++++++++ rules/php/testing.md | 34 ++++++++++++++++++++++++++++++ 12 files changed, 290 insertions(+), 12 deletions(-) create mode 100644 .cursor/rules/php-coding-style.md create mode 100644 .cursor/rules/php-hooks.md create mode 100644 .cursor/rules/php-patterns.md create mode 100644 .cursor/rules/php-security.md create mode 100644 .cursor/rules/php-testing.md create mode 100644 rules/php/coding-style.md create mode 100644 rules/php/hooks.md create mode 100644 rules/php/patterns.md create mode 100644 rules/php/security.md create mode 100644 rules/php/testing.md diff --git a/.cursor/rules/php-coding-style.md b/.cursor/rules/php-coding-style.md new file mode 100644 index 00000000..f4372406 --- /dev/null +++ b/.cursor/rules/php-coding-style.md @@ -0,0 +1,25 @@ +--- +description: "PHP coding style extending common rules" +globs: ["**/*.php", "**/composer.json"] +alwaysApply: false +--- +# PHP Coding Style + +> This file extends the common coding style rule with PHP specific content. + +## Standards + +- Follow **PSR-12** formatting and naming conventions. +- Prefer `declare(strict_types=1);` in application code. +- Use scalar type hints, return types, and typed properties everywhere new code permits. + +## Immutability + +- Prefer immutable DTOs and value objects for data crossing service boundaries. +- Use `readonly` properties or immutable constructors for request/response payloads where possible. +- Keep arrays for simple maps; promote business-critical structures into explicit classes. + +## Formatting + +- Use **PHP-CS-Fixer** or **Laravel Pint** for formatting. +- Use **PHPStan** or **Psalm** for static analysis. diff --git a/.cursor/rules/php-hooks.md b/.cursor/rules/php-hooks.md new file mode 100644 index 00000000..2aa143bd --- /dev/null +++ b/.cursor/rules/php-hooks.md @@ -0,0 +1,21 @@ +--- +description: "PHP hooks extending common rules" +globs: ["**/*.php", "**/composer.json", "**/phpstan.neon", "**/phpstan.neon.dist", "**/psalm.xml"] +alwaysApply: false +--- +# PHP Hooks + +> This file extends the common hooks rule with PHP specific content. + +## PostToolUse Hooks + +Configure in `~/.claude/settings.json`: + +- **Pint / PHP-CS-Fixer**: Auto-format edited `.php` files. +- **PHPStan / Psalm**: Run static analysis after PHP edits in typed codebases. +- **PHPUnit / Pest**: Run targeted tests for touched files or modules when edits affect behavior. + +## Warnings + +- Warn on `var_dump`, `dd`, `dump`, or `die()` left in edited files. +- Warn when edited PHP files add raw SQL or disable CSRF/session protections. diff --git a/.cursor/rules/php-patterns.md b/.cursor/rules/php-patterns.md new file mode 100644 index 00000000..a53e9429 --- /dev/null +++ b/.cursor/rules/php-patterns.md @@ -0,0 +1,23 @@ +--- +description: "PHP patterns extending common rules" +globs: ["**/*.php", "**/composer.json"] +alwaysApply: false +--- +# PHP Patterns + +> This file extends the common patterns rule with PHP specific content. + +## Thin Controllers, Explicit Services + +- Keep controllers focused on transport: auth, validation, serialization, status codes. +- Move business rules into application/domain services that are easy to test without HTTP bootstrapping. + +## DTOs and Value Objects + +- Replace shape-heavy associative arrays with DTOs for requests, commands, and external API payloads. +- Use value objects for money, identifiers, and constrained concepts. + +## Dependency Injection + +- Depend on interfaces or narrow service contracts, not framework globals. +- Pass collaborators through constructors so services are testable without service-locator lookups. diff --git a/.cursor/rules/php-security.md b/.cursor/rules/php-security.md new file mode 100644 index 00000000..af9dfe89 --- /dev/null +++ b/.cursor/rules/php-security.md @@ -0,0 +1,24 @@ +--- +description: "PHP security extending common rules" +globs: ["**/*.php", "**/composer.lock", "**/composer.json"] +alwaysApply: false +--- +# PHP Security + +> This file extends the common security rule with PHP specific content. + +## Database Safety + +- Use prepared statements (`PDO`, Doctrine, Eloquent query builder) for all dynamic queries. +- Scope ORM mass-assignment carefully and whitelist writable fields. + +## Secrets and Dependencies + +- Load secrets from environment variables or a secret manager, never from committed config files. +- Run `composer audit` in CI and review package trust before adding dependencies. + +## Auth and Session Safety + +- Use `password_hash()` / `password_verify()` for password storage. +- Regenerate session identifiers after authentication and privilege changes. +- Enforce CSRF protection on state-changing web requests. diff --git a/.cursor/rules/php-testing.md b/.cursor/rules/php-testing.md new file mode 100644 index 00000000..553a3795 --- /dev/null +++ b/.cursor/rules/php-testing.md @@ -0,0 +1,26 @@ +--- +description: "PHP testing extending common rules" +globs: ["**/*.php", "**/phpunit.xml", "**/phpunit.xml.dist", "**/composer.json"] +alwaysApply: false +--- +# PHP Testing + +> This file extends the common testing rule with PHP specific content. + +## Framework + +Use **PHPUnit** as the default test framework. **Pest** is also acceptable when the project already uses it. + +## Coverage + +```bash +vendor/bin/phpunit --coverage-text +# or +vendor/bin/pest --coverage +``` + +## Test Organization + +- Separate fast unit tests from framework/database integration tests. +- Use factory/builders for fixtures instead of large hand-written arrays. +- Keep HTTP/controller tests focused on transport and validation; move business rules into service-level tests. diff --git a/README.md b/README.md index 20f5341b..92c106a3 100644 --- a/README.md +++ b/README.md @@ -156,9 +156,9 @@ git clone https://github.com/affaan-m/everything-claude-code.git cd everything-claude-code # Recommended: use the installer (handles common + language rules safely) -./install.sh typescript # or python or golang or perl +./install.sh typescript # or python or golang or swift or php # You can pass multiple languages: -# ./install.sh typescript python golang perl +# ./install.sh typescript python golang swift php # or target cursor: # ./install.sh --target cursor typescript # or target antigravity: @@ -365,8 +365,8 @@ everything-claude-code/ | |-- typescript/ # TypeScript/JavaScript specific | |-- python/ # Python specific | |-- golang/ # Go specific -| |-- perl/ # Perl specific (NEW) | |-- swift/ # Swift specific +| |-- php/ # PHP specific (NEW) | |-- hooks/ # Trigger-based automations | |-- README.md # Hook documentation, recipes, and customization guide @@ -569,7 +569,7 @@ This gives you instant access to all commands, agents, skills, and hooks. > cp -r everything-claude-code/rules/typescript/* ~/.claude/rules/ # pick your stack > cp -r everything-claude-code/rules/python/* ~/.claude/rules/ > cp -r everything-claude-code/rules/golang/* ~/.claude/rules/ -> cp -r everything-claude-code/rules/perl/* ~/.claude/rules/ +> cp -r everything-claude-code/rules/php/* ~/.claude/rules/ > > # Option B: Project-level rules (applies to current project only) > mkdir -p .claude/rules @@ -595,7 +595,7 @@ cp -r everything-claude-code/rules/common/* ~/.claude/rules/ cp -r everything-claude-code/rules/typescript/* ~/.claude/rules/ # pick your stack cp -r everything-claude-code/rules/python/* ~/.claude/rules/ cp -r everything-claude-code/rules/golang/* ~/.claude/rules/ -cp -r everything-claude-code/rules/perl/* ~/.claude/rules/ +cp -r everything-claude-code/rules/php/* ~/.claude/rules/ # Copy commands cp everything-claude-code/commands/*.md ~/.claude/commands/ @@ -678,7 +678,8 @@ rules/ typescript/ # TS/JS specific patterns and tools python/ # Python specific patterns and tools golang/ # Go specific patterns and tools - perl/ # Perl specific patterns and tools + swift/ # Swift specific patterns and tools + php/ # PHP specific patterns and tools ``` See [`rules/README.md`](rules/README.md) for installation and structure details. @@ -850,7 +851,7 @@ ECC provides **full Cursor IDE support** with hooks, rules, agents, skills, comm ```bash # Install for your language(s) ./install.sh --target cursor typescript -./install.sh --target cursor python golang swift perl +./install.sh --target cursor python golang swift php ``` ### What's Included @@ -859,7 +860,7 @@ ECC provides **full Cursor IDE support** with hooks, rules, agents, skills, comm |-----------|-------|---------| | Hook Events | 15 | sessionStart, beforeShellExecution, afterFileEdit, beforeMCPExecution, beforeSubmitPrompt, and 10 more | | Hook Scripts | 16 | Thin Node.js scripts delegating to `scripts/hooks/` via shared adapter | -| Rules | 34 | 9 common (alwaysApply) + 25 language-specific (TypeScript, Python, Go, Swift, Perl) | +| Rules | 34 | 9 common (alwaysApply) + 25 language-specific (TypeScript, Python, Go, Swift, PHP) | | Agents | Shared | Via AGENTS.md at root (read by Cursor natively) | | Skills | Shared + Bundled | Via AGENTS.md at root and `.cursor/skills/` for translated additions | | Commands | Shared | `.cursor/commands/` if installed | diff --git a/rules/README.md b/rules/README.md index a9c83776..8a4466c5 100644 --- a/rules/README.md +++ b/rules/README.md @@ -18,7 +18,7 @@ rules/ ├── python/ # Python specific ├── golang/ # Go specific ├── swift/ # Swift specific -└── perl/ # Perl specific +└── php/ # PHP specific ``` - **common/** contains universal principles — no language-specific code examples. @@ -34,7 +34,7 @@ rules/ ./install.sh python ./install.sh golang ./install.sh swift -./install.sh perl +./install.sh php # Install multiple languages at once ./install.sh typescript python @@ -57,7 +57,7 @@ cp -r rules/typescript ~/.claude/rules/typescript cp -r rules/python ~/.claude/rules/python cp -r rules/golang ~/.claude/rules/golang cp -r rules/swift ~/.claude/rules/swift -cp -r rules/perl ~/.claude/rules/perl +cp -r rules/php ~/.claude/rules/php # Attention ! ! ! Configure according to your actual project requirements; the configuration here is for reference only. ``` @@ -91,7 +91,7 @@ To add support for a new language (e.g., `rust/`): When language-specific rules and common rules conflict, **language-specific rules take precedence** (specific overrides general). This follows the standard layered configuration pattern (similar to CSS specificity or `.gitignore` precedence). - `rules/common/` defines universal defaults applicable to all projects. -- `rules/golang/`, `rules/python/`, `rules/perl/`, `rules/typescript/`, etc. override those defaults where language idioms differ. +- `rules/golang/`, `rules/python/`, `rules/swift/`, `rules/php/`, `rules/typescript/`, etc. override those defaults where language idioms differ. ### Example diff --git a/rules/php/coding-style.md b/rules/php/coding-style.md new file mode 100644 index 00000000..44d5f907 --- /dev/null +++ b/rules/php/coding-style.md @@ -0,0 +1,35 @@ +--- +paths: + - "**/*.php" + - "**/composer.json" +--- +# PHP Coding Style + +> This file extends [common/coding-style.md](../common/coding-style.md) with PHP specific content. + +## Standards + +- Follow **PSR-12** formatting and naming conventions. +- Prefer `declare(strict_types=1);` in application code. +- Use scalar type hints, return types, and typed properties everywhere new code permits. + +## Immutability + +- Prefer immutable DTOs and value objects for data crossing service boundaries. +- Use `readonly` properties or immutable constructors for request/response payloads where possible. +- Keep arrays for simple maps; promote business-critical structures into explicit classes. + +## Formatting + +- Use **PHP-CS-Fixer** or **Laravel Pint** for formatting. +- Use **PHPStan** or **Psalm** for static analysis. +- Keep Composer scripts checked in so the same commands run locally and in CI. + +## Error Handling + +- Throw exceptions for exceptional states; avoid returning `false`/`null` as hidden error channels in new code. +- Convert framework/request input into validated DTOs before it reaches domain logic. + +## Reference + +See skill: `backend-patterns` for broader service/repository layering guidance. diff --git a/rules/php/hooks.md b/rules/php/hooks.md new file mode 100644 index 00000000..10dd3c98 --- /dev/null +++ b/rules/php/hooks.md @@ -0,0 +1,24 @@ +--- +paths: + - "**/*.php" + - "**/composer.json" + - "**/phpstan.neon" + - "**/phpstan.neon.dist" + - "**/psalm.xml" +--- +# PHP Hooks + +> This file extends [common/hooks.md](../common/hooks.md) with PHP specific content. + +## PostToolUse Hooks + +Configure in `~/.claude/settings.json`: + +- **Pint / PHP-CS-Fixer**: Auto-format edited `.php` files. +- **PHPStan / Psalm**: Run static analysis after PHP edits in typed codebases. +- **PHPUnit / Pest**: Run targeted tests for touched files or modules when edits affect behavior. + +## Warnings + +- Warn on `var_dump`, `dd`, `dump`, or `die()` left in edited files. +- Warn when edited PHP files add raw SQL or disable CSRF/session protections. diff --git a/rules/php/patterns.md b/rules/php/patterns.md new file mode 100644 index 00000000..6af81105 --- /dev/null +++ b/rules/php/patterns.md @@ -0,0 +1,32 @@ +--- +paths: + - "**/*.php" + - "**/composer.json" +--- +# PHP Patterns + +> This file extends [common/patterns.md](../common/patterns.md) with PHP specific content. + +## Thin Controllers, Explicit Services + +- Keep controllers focused on transport: auth, validation, serialization, status codes. +- Move business rules into application/domain services that are easy to test without HTTP bootstrapping. + +## DTOs and Value Objects + +- Replace shape-heavy associative arrays with DTOs for requests, commands, and external API payloads. +- Use value objects for money, identifiers, date ranges, and other constrained concepts. + +## Dependency Injection + +- Depend on interfaces or narrow service contracts, not framework globals. +- Pass collaborators through constructors so services are testable without service-locator lookups. + +## Boundaries + +- Isolate ORM models from domain decisions when the model layer is doing more than persistence. +- Wrap third-party SDKs behind small adapters so the rest of the codebase depends on your contract, not theirs. + +## Reference + +See skill: `api-design` for endpoint conventions and response-shape guidance. diff --git a/rules/php/security.md b/rules/php/security.md new file mode 100644 index 00000000..b745fa17 --- /dev/null +++ b/rules/php/security.md @@ -0,0 +1,33 @@ +--- +paths: + - "**/*.php" + - "**/composer.lock" + - "**/composer.json" +--- +# PHP Security + +> This file extends [common/security.md](../common/security.md) with PHP specific content. + +## Input and Output + +- Validate request input at the framework boundary (`FormRequest`, Symfony Validator, or explicit DTO validation). +- Escape output in templates by default; treat raw HTML rendering as an exception that must be justified. +- Never trust query params, cookies, headers, or uploaded file metadata without validation. + +## Database Safety + +- Use prepared statements (`PDO`, Doctrine, Eloquent query builder) for all dynamic queries. +- Avoid string-building SQL in controllers/views. +- Scope ORM mass-assignment carefully and whitelist writable fields. + +## Secrets and Dependencies + +- Load secrets from environment variables or a secret manager, never from committed config files. +- Run `composer audit` in CI and review new package maintainer trust before adding dependencies. +- Pin major versions deliberately and remove abandoned packages quickly. + +## Auth and Session Safety + +- Use `password_hash()` / `password_verify()` for password storage. +- Regenerate session identifiers after authentication and privilege changes. +- Enforce CSRF protection on state-changing web requests. diff --git a/rules/php/testing.md b/rules/php/testing.md new file mode 100644 index 00000000..0adf9d6f --- /dev/null +++ b/rules/php/testing.md @@ -0,0 +1,34 @@ +--- +paths: + - "**/*.php" + - "**/phpunit.xml" + - "**/phpunit.xml.dist" + - "**/composer.json" +--- +# PHP Testing + +> This file extends [common/testing.md](../common/testing.md) with PHP specific content. + +## Framework + +Use **PHPUnit** as the default test framework. **Pest** is also acceptable when the project already uses it. + +## Coverage + +```bash +vendor/bin/phpunit --coverage-text +# or +vendor/bin/pest --coverage +``` + +Prefer **pcov** or **Xdebug** in CI, and keep coverage thresholds in CI rather than as tribal knowledge. + +## Test Organization + +- Separate fast unit tests from framework/database integration tests. +- Use factory/builders for fixtures instead of large hand-written arrays. +- Keep HTTP/controller tests focused on transport and validation; move business rules into service-level tests. + +## Reference + +See skill: `tdd-workflow` for the repo-wide RED -> GREEN -> REFACTOR loop.