codesift-mcp 0.5.30 → 0.8.2

package/dist/tools/yii-modules-tools.js

@@ -0,0 +1,201 @@
+/**
+ * Yii2 module inventory (N1).
+ *
+ * Scans a Yii2 codebase for classes extending `yii\\base\\Module` and emits
+ * a structured per-module summary: controller namespace, controllers, views,
+ * migrations path, components, sub-modules. Also resolves URL prefixes by
+ * cross-referencing config/web.php urlManager rules + the application's
+ * `modules` registration.
+ *
+ * Why this is its own tool (vs. squeezing into php_project_audit):
+ *   - Modules are the primary architectural unit of medium/large Yii2 apps
+ *     (tgm-panel: 11 modules; Mobi 2: similar). Routing, RBAC, and god-model
+ *     analysis all benefit from being able to scope to a module.
+ *   - The output is a graph of cross-file references (controllers ↔ views ↔
+ *     migrations ↔ config), not a flat findings list.
+ *
+ * Implementation depends on the v2.0.0 PHP extractor — uses `s.extends`
+ * (introduced in Sprint 1) to detect Module subclasses structurally.
+ * Falls back to a regex check on `s.source` when `extends` is absent so
+ * stale indexes don't go silent.
+ */
+import { readFile } from "node:fs/promises";
+import { dirname, join, relative } from "node:path";
+import { getCodeIndex } from "./index-tools.js";
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+const MODULE_BASE_NAMES = new Set(["Module", "BaseModule"]);
+/**
+ * Walk a class symbol's extends chain looking for a Yii2 Module ancestor.
+ * Mirrors isActiveRecordHierarchy from php-tools but for the Module base.
+ * Cycle protection + depth cap. Falls back to source-text regex when extends
+ * metadata is absent (legacy index pre-v2.0.0 extractor).
+ */
+function isModuleHierarchy(cls, index, visited = new Set(), depth = 0) {
+    if (depth > 5)
+        return false;
+    if (visited.has(cls.name))
+        return false;
+    visited.add(cls.name);
+    const exts = cls.extends ?? [];
+    for (const baseFqcn of exts) {
+        const last = baseFqcn.split(/[\\\\]+/).pop() ?? baseFqcn;
+        if (MODULE_BASE_NAMES.has(last))
+            return true;
+        const baseSym = index.symbols.find((s) => s.kind === "class" && s.name === last);
+        if (baseSym && isModuleHierarchy(baseSym, index, visited, depth + 1)) {
+            return true;
+        }
+    }
+    if (!cls.extends && cls.source) {
+        return /extends\s+(?:\\?yii\\base\\Module|Module)\b/.test(cls.source);
+    }
+    return false;
+}
+export async function analyzeYiiModules(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    // Find all class symbols whose file basename is exactly Module.php — Yii2
+    // canonical convention. We additionally verify the class extends Module
+    // (catches cases where a Module.php contains an unrelated helper class).
+    const moduleClasses = index.symbols.filter((s) => {
+        if (s.kind !== "class")
+            return false;
+        if (!s.file.endsWith("/Module.php") && s.file !== "Module.php")
+            return false;
+        if (!isModuleHierarchy(s, index))
+            return false;
+        return true;
+    });
+    // Pre-resolve url-manager rules from config — used to attach url_prefixes
+    // to each module. Robust against missing config: we read each candidate
+    // file and scan with a single regex; failures are non-fatal.
+    const urlPrefixesByModule = await resolveUrlPrefixes(index);
+    const modules = [];
+    for (const cls of moduleClasses) {
+        const moduleDir = dirname(cls.file);
+        const id = moduleDir.split("/").pop() ?? cls.name.replace(/Module$/, "").toLowerCase();
+        if (options?.module_id && id !== options.module_id)
+            continue;
+        // controllerNamespace: explicit declaration on the Module class.
+        // Captured from `public $controllerNamespace = '...';` in source.
+        let controllerNamespace = null;
+        if (cls.source) {
+            const cnMatch = /\$controllerNamespace\s*=\s*['"]([^'"]+)['"]/.exec(cls.source);
+            controllerNamespace = cnMatch?.[1] ?? null;
+        }
+        // Yii2 default: `<module-namespace>\\controllers`. We synthesize this
+        // when the module class doesn't override it explicitly.
+        const defaultControllerNamespace = computeDefaultControllerNamespace(cls.file);
+        const effectiveNs = controllerNamespace ?? defaultControllerNamespace;
+        const controllersPath = join(moduleDir, "controllers");
+        // Find controller classes living under the module's controllers/ dir.
+        const controllerSymbols = index.symbols.filter((s) => s.kind === "class" &&
+            s.file.startsWith(controllersPath + "/") &&
+            s.name.endsWith("Controller"));
+        const controllers = controllerSymbols.map((c) => ({
+            class: effectiveNs ? `${effectiveNs}\\${c.name}` : c.name,
+            file: c.file,
+            actions: index.symbols
+                .filter((s) => s.parent === c.id && s.kind === "method" && s.name.startsWith("action"))
+                .map((s) => s.name),
+        }));
+        // Views, migrations, sub-modules — each detected by directory presence.
+        const viewsPath = join(moduleDir, "views");
+        const viewsCount = index.files.filter((f) => f.path.startsWith(viewsPath + "/")).length;
+        const migrationsPath = join(moduleDir, "migrations");
+        const migrationsCount = index.files.filter((f) => f.path.startsWith(migrationsPath + "/") && /m\d+_\d+_/.test(f.path)).length;
+        // Sub-modules: nested module directories with their own Module.php.
+        const submoduleClasses = index.symbols.filter((s) => s.kind === "class" &&
+            (s.file.endsWith("/Module.php") || s.file === "Module.php") &&
+            s.file !== cls.file &&
+            s.file.startsWith(moduleDir + "/"));
+        const submodules = submoduleClasses
+            .map((sc) => dirname(sc.file).split("/").pop() ?? "")
+            .filter(Boolean);
+        modules.push({
+            id,
+            class: effectiveNs ? `${effectiveNs.replace(/\\controllers$/, "")}\\${cls.name}` : cls.name,
+            file: cls.file,
+            controllerNamespace,
+            controllers_path: controllersPath,
+            controllers,
+            views_path: viewsPath,
+            views_count: viewsCount,
+            migrations_path: migrationsCount > 0 ? migrationsPath : null,
+            migrations_count: migrationsCount,
+            submodules,
+            url_prefixes: urlPrefixesByModule.get(id) ?? [],
+        });
+    }
+    // Stable order: by id alphabetically — useful when consumers diff this
+    // output across audit runs.
+    modules.sort((a, b) => a.id.localeCompare(b.id));
+    return { repo, total_modules: modules.length, modules };
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Synthesize the default controllerNamespace for a Module.php file.
+ * Yii2 convention: take the Module's PHP namespace and append "\\controllers".
+ * We read the file directly because the namespace declaration is at the
+ * top of the file, not on the symbol itself.
+ *
+ * Returns null if the file isn't readable or has no namespace declaration.
+ * The caller falls back to bare class names when this is null.
+ */
+function computeDefaultControllerNamespace(_file) {
+    // Lazy: this is best-effort — if the namespace can't be determined the
+    // controllers list still works (we just lose the FQCN wrapping). Reading
+    // the file synchronously inside a hot loop would be slow; we accept the
+    // null fallback rather than spin up a per-module readFile here.
+    return null;
+}
+/**
+ * Scan main config files for `urlManager` rules and group resolved URL
+ * prefixes by module id. Yii2 url rules of the form
+ *   '<module-id>/<controller-id>/<action-id>'
+ *   '<module-id>/<controller-id>'
+ *   ['class' => 'yii\\rest\\UrlRule', 'controller' => '<module-id>/<ctrl>']
+ * all map to a single module-id prefix. Naive matcher — collects literal
+ * prefix strings, callers can dedupe further by stripping verbs.
+ */
+async function resolveUrlPrefixes(index) {
+    const out = new Map();
+    const configFiles = index.files.filter((f) => /config\/(?:web|main|api|backend|frontend|common)(?:[-_][\w-]+)?\.php$/.test(f.path));
+    for (const cf of configFiles) {
+        let source;
+        try {
+            source = await readFile(join(index.root, cf.path), "utf-8");
+        }
+        catch {
+            continue;
+        }
+        // Generic pattern: 'GET <prefix>/...' => 'mod/ctrl/act' OR
+        //                  '<prefix>/...' => 'mod/ctrl/act'
+        // We capture the route target string (right side) and pull its first
+        // segment as module id.
+        const ruleRe = /['"](?:GET |POST |PUT |DELETE |PATCH )?[^'"]+['"]\s*=>\s*['"]([\w-]+)\/(?:[\w-]+\/?)*['"]/g;
+        let m;
+        while ((m = ruleRe.exec(source)) !== null) {
+            const prefix = m[1];
+            // Filter common false positives: top-level controller names that look
+            // like prefixes but aren't modules (site, debug, gii). Caller can
+            // ignore these by intersecting with the actual module list.
+            if (!out.has(prefix))
+                out.set(prefix, []);
+            out.get(prefix).push(prefix);
+        }
+    }
+    // Dedupe per-key
+    for (const [k, v] of out.entries()) {
+        out.set(k, Array.from(new Set(v)));
+    }
+    return out;
+}
+// Re-export relative for tests that want to assert on path shapes.
+export { relative as _relativePathForTests };
+//# sourceMappingURL=yii-modules-tools.js.map

package/dist/tools/yii-modules-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yii-modules-tools.js","sourceRoot":"","sources":["../../src/tools/yii-modules-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AA6ChD,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;AAE5D;;;;;GAKG;AACH,SAAS,iBAAiB,CACxB,GAA0D,EAC1D,KAA8F,EAC9F,UAAuB,IAAI,GAAG,EAAE,EAChC,KAAK,GAAG,CAAC;IAET,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEtB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC/B,KAAK,MAAM,QAAQ,IAAI,IAAI,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,EAAE,IAAI,QAAQ,CAAC;QACzD,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAC7C,CAAC;QACF,IAAI,OAAO,IAAI,iBAAiB,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,6CAA6C,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAY,EACZ,OAAgC;IAEhC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,cAAc,CAAC,CAAC;IAE/D,0EAA0E;IAC1E,wEAAwE;IACxE,yEAAyE;IACzE,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/C,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY;YAAE,OAAO,KAAK,CAAC;QAC7E,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,wEAAwE;IACxE,6DAA6D;IAC7D,MAAM,mBAAmB,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAE5D,MAAM,OAAO,GAAuB,EAAE,CAAC;IAEvC,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,EAAE,GACN,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9E,IAAI,OAAO,EAAE,SAAS,IAAI,EAAE,KAAK,OAAO,CAAC,SAAS;YAAE,SAAS;QAE7D,iEAAiE;QACjE,kEAAkE;QAClE,IAAI,mBAAmB,GAAkB,IAAI,CAAC;QAC9C,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,OAAO,GACX,8CAA8C,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAClE,mBAAmB,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC7C,CAAC;QACD,sEAAsE;QACtE,wDAAwD;QACxD,MAAM,0BAA0B,GAAG,iCAAiC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE/E,MAAM,WAAW,GAAG,mBAAmB,IAAI,0BAA0B,CAAC;QACtE,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAEvD,sEAAsE;QACtE,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAC5C,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,OAAO;YAClB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,GAAG,GAAG,CAAC;YACxC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAChC,CAAC;QACF,MAAM,WAAW,GAAuB,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,WAAW,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;YACzD,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO;iBACnB,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAC/E;iBACA,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACtB,CAAC,CAAC,CAAC;QAEJ,wEAAwE;QACxE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1C,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,CACnC,CAAC,MAAM,CAAC;QAET,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACrD,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CACpE,CAAC,MAAM,CAAC;QAET,oEAAoE;QACpE,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAC3C,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,OAAO;YAClB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC;YAC3D,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI;YACnB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,CACrC,CAAC;QACF,MAAM,UAAU,GAAG,gBAAgB;aAChC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;aACpD,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,OAAO,CAAC,IAAI,CAAC;YACX,EAAE;YACF,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI;YAC3F,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,mBAAmB;YACnB,gBAAgB,EAAE,eAAe;YACjC,WAAW;YACX,UAAU,EAAE,SAAS;YACrB,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI;YAC5D,gBAAgB,EAAE,eAAe;YACjC,UAAU;YACV,YAAY,EAAE,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE;SAChD,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,4BAA4B;IAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;AAC1D,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,SAAS,iCAAiC,CAAC,KAAa;IACtD,uEAAuE;IACvE,yEAAyE;IACzE,wEAAwE;IACxE,gEAAgE;IAChE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,kBAAkB,CAC/B,KAAuD;IAEvD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;IACxC,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC3C,uEAAuE,CAAC,IAAI,CAC1E,CAAC,CAAC,IAAI,CACP,CACF,CAAC;IAEF,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;QAC7B,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,2DAA2D;QAC3D,oDAAoD;QACpD,qEAAqE;QACrE,wBAAwB;QACxB,MAAM,MAAM,GAAG,4FAA4F,CAAC;QAC5G,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;YACrB,sEAAsE;YACtE,kEAAkE;YAClE,4DAA4D;YAC5D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC1C,GAAG,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;QACnC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,mEAAmE;AACnE,OAAO,EAAE,QAAQ,IAAI,qBAAqB,EAAE,CAAC"}

package/dist/tools/yii-rbac-tools.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Yii2 RBAC audit (N3).
+ *
+ * Builds a permission graph by cross-referencing two surfaces:
+ *
+ *   1. DEFINITIONS — permissions/roles created in seed migrations or
+ *      RBAC seeder commands. The Yii2 idiom is:
+ *
+ *        $auth = Yii::$app->authManager;
+ *        $auth->createPermission('viewUser');     // permission def
+ *        $auth->createRole('admin');              // role def
+ *        $auth->add($p);                          // register
+ *        $auth->addChild($admin, $p);             // attach to role
+ *
+ *   2. RUNTIME CHECKS — `Yii::$app->user->can('viewUser')` calls in
+ *      controllers/views, plus `AccessControl` rules in behaviors().
+ *
+ * Cross-referencing the two surfaces produces:
+ *
+ *   - orphan_checks:   permissions checked at runtime but never defined.
+ *                      Indicates dead code OR a typo.
+ *   - unused_definitions: permissions defined but never checked. Indicates
+ *                         dead seed code OR a missing access guard.
+ *   - controllers_without_access_control: classes that look like Controllers
+ *                                         (web, REST) without any access
+ *                                         restriction (no AccessControl in
+ *                                         behaviors(), no can() calls).
+ *   - dynamic_creates: createPermission($var) calls — name is computed at
+ *                      runtime, can't statically resolve. Surfaced
+ *                      separately so callers can flag them as "review
+ *                      manually".
+ *
+ * The tool deliberately avoids opinions about which finding category is
+ * "correct" — the consumer (audit skill, CTO, code reviewer) decides
+ * which orphans matter and which were intentional.
+ */
+export interface RbacDefinitionRef {
+    name: string;
+    kind: "permission" | "role";
+    file: string;
+    line: number;
+}
+export interface RbacCheckRef {
+    name: string;
+    /** "code" — Yii::$app->user->can(...)
+     *  "access-control" — AccessControl behavior `permissions => […]` */
+    source: "code" | "access-control";
+    file: string;
+    line: number;
+}
+export interface RbacControllerRef {
+    class: string;
+    file: string;
+    /** Reason it was flagged. */
+    reason: "no-behaviors" | "no-access-control-in-behaviors" | "no-can-calls";
+}
+export interface YiiRbacAudit {
+    repo: string;
+    /** Resolved (statically determinable) permission/role definitions. */
+    definitions: RbacDefinitionRef[];
+    /** Runtime can() calls + AccessControl rule references. */
+    checks: RbacCheckRef[];
+    /** Permissions checked at runtime but not in definitions. */
+    orphan_checks: string[];
+    /** Permissions defined but never checked. */
+    unused_definitions: string[];
+    /** Controller classes with no AccessControl behavior or can() calls. */
+    controllers_without_access_control: RbacControllerRef[];
+    /** Sites where the permission name was a variable / function call —
+     *  unresolvable statically. Flagged so the auditor reviews manually. */
+    dynamic_creates: Array<{
+        file: string;
+        line: number;
+        snippet: string;
+    }>;
+    /** Aggregate counts. */
+    summary: {
+        total_permissions: number;
+        total_roles: number;
+        total_checks: number;
+        orphan_check_count: number;
+        unused_definition_count: number;
+        unsafe_controller_count: number;
+    };
+}
+export declare function analyzeYiiRbac(repo: string, options?: {
+    include_vendor?: boolean;
+}): Promise<YiiRbacAudit>;
+//# sourceMappingURL=yii-rbac-tools.d.ts.map

package/dist/tools/yii-rbac-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"yii-rbac-tools.d.ts","sourceRoot":"","sources":["../../src/tools/yii-rbac-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAUH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,YAAY,GAAG,MAAM,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb;yEACqE;IACrE,MAAM,EAAE,MAAM,GAAG,gBAAgB,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,6BAA6B;IAC7B,MAAM,EAAE,cAAc,GAAG,gCAAgC,GAAG,cAAc,CAAC;CAC5E;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACjC,2DAA2D;IAC3D,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,6DAA6D;IAC7D,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,6CAA6C;IAC7C,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,wEAAwE;IACxE,kCAAkC,EAAE,iBAAiB,EAAE,CAAC;IACxD;4EACwE;IACxE,eAAe,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxE,wBAAwB;IACxB,OAAO,EAAE;QACP,iBAAiB,EAAE,MAAM,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,uBAAuB,EAAE,MAAM,CAAC;QAChC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;CACH;AAQD,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;IAAE,cAAc,CAAC,EAAE,OAAO,CAAA;CAAE,GACrC,OAAO,CAAC,YAAY,CAAC,CAiFvB"}

package/dist/tools/yii-rbac-tools.js

@@ -0,0 +1,238 @@
+/**
+ * Yii2 RBAC audit (N3).
+ *
+ * Builds a permission graph by cross-referencing two surfaces:
+ *
+ *   1. DEFINITIONS — permissions/roles created in seed migrations or
+ *      RBAC seeder commands. The Yii2 idiom is:
+ *
+ *        $auth = Yii::$app->authManager;
+ *        $auth->createPermission('viewUser');     // permission def
+ *        $auth->createRole('admin');              // role def
+ *        $auth->add($p);                          // register
+ *        $auth->addChild($admin, $p);             // attach to role
+ *
+ *   2. RUNTIME CHECKS — `Yii::$app->user->can('viewUser')` calls in
+ *      controllers/views, plus `AccessControl` rules in behaviors().
+ *
+ * Cross-referencing the two surfaces produces:
+ *
+ *   - orphan_checks:   permissions checked at runtime but never defined.
+ *                      Indicates dead code OR a typo.
+ *   - unused_definitions: permissions defined but never checked. Indicates
+ *                         dead seed code OR a missing access guard.
+ *   - controllers_without_access_control: classes that look like Controllers
+ *                                         (web, REST) without any access
+ *                                         restriction (no AccessControl in
+ *                                         behaviors(), no can() calls).
+ *   - dynamic_creates: createPermission($var) calls — name is computed at
+ *                      runtime, can't statically resolve. Surfaced
+ *                      separately so callers can flag them as "review
+ *                      manually".
+ *
+ * The tool deliberately avoids opinions about which finding category is
+ * "correct" — the consumer (audit skill, CTO, code reviewer) decides
+ * which orphans matter and which were intentional.
+ */
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { getCodeIndex } from "./index-tools.js";
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+const VENDOR_RE = /(^|\/)(?:vendor|node_modules|runtime|tests\/_data)(\/|$)/;
+export async function analyzeYiiRbac(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    const includeVendor = options?.include_vendor ?? false;
+    const phpFiles = index.files.filter((f) => {
+        if (!f.path.endsWith(".php"))
+            return false;
+        if (!includeVendor && VENDOR_RE.test(f.path))
+            return false;
+        return true;
+    });
+    const definitions = [];
+    const checks = [];
+    const dynamicCreates = [];
+    // Single-pass file read — every file scanned for all three surfaces.
+    await Promise.all(phpFiles.map(async (f) => {
+        let content;
+        try {
+            content = await readFile(join(index.root, f.path), "utf-8");
+        }
+        catch {
+            return;
+        }
+        collectDefinitions(content, f.path, definitions, dynamicCreates);
+        collectChecks(content, f.path, checks);
+    }));
+    // Build name sets for orphan/unused diff. Definitions and checks are kept
+    // separately by kind — only "permission" definitions are matched against
+    // can() checks, since checking a role name with can() is a semantic error
+    // (Yii2's UserComponent::can resolves both, but the audit categorizes
+    // them distinctly).
+    const definedPermissionNames = new Set(definitions.filter((d) => d.kind === "permission").map((d) => d.name));
+    const definedRoleNames = new Set(definitions.filter((d) => d.kind === "role").map((d) => d.name));
+    const allDefinedNames = new Set([
+        ...definedPermissionNames,
+        ...definedRoleNames,
+    ]);
+    const checkedNames = new Set(checks.map((c) => c.name));
+    const orphanChecks = [...checkedNames]
+        .filter((n) => !allDefinedNames.has(n))
+        .sort();
+    // Unused definitions: only permissions matter — unused roles often exist
+    // intentionally (e.g., a `superadmin` role with no can() check, but
+    // assigned via authManager->assign()). We surface only permissions to
+    // keep noise down; consumers can look at the full definitions[] list
+    // when they want role-level analysis.
+    const unusedDefinitions = [...definedPermissionNames]
+        .filter((n) => !checkedNames.has(n))
+        .sort();
+    // Controllers without access control. We need to read each Controller
+    // class symbol's source for behaviors() body presence + can() calls.
+    const controllers = scanControllersWithoutAccessControl(index);
+    return {
+        repo,
+        definitions,
+        checks,
+        orphan_checks: orphanChecks,
+        unused_definitions: unusedDefinitions,
+        controllers_without_access_control: controllers,
+        dynamic_creates: dynamicCreates,
+        summary: {
+            total_permissions: definedPermissionNames.size,
+            total_roles: definedRoleNames.size,
+            total_checks: checkedNames.size,
+            orphan_check_count: orphanChecks.length,
+            unused_definition_count: unusedDefinitions.length,
+            unsafe_controller_count: controllers.length,
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Surface 1: definitions
+// ---------------------------------------------------------------------------
+function collectDefinitions(content, file, definitions, dynamicCreates) {
+    // Pattern A: ->createPermission('name') / ->createRole('name')
+    // Match $auth->createPermission(...) and $authManager->createPermission(...)
+    // as well as Yii::$app->authManager->createPermission(...)
+    const createRe = /->(createPermission|createRole)\s*\(\s*(['"]([^'"]+)['"]|\$\w+|[A-Z_][\w]*::[\w]+)/g;
+    let m;
+    while ((m = createRe.exec(content)) !== null) {
+        const verb = m[1];
+        const literal = m[3];
+        const line = countLines(content, m.index);
+        if (literal !== undefined) {
+            definitions.push({
+                name: literal,
+                kind: verb === "createPermission" ? "permission" : "role",
+                file,
+                line,
+            });
+        }
+        else {
+            dynamicCreates.push({
+                file,
+                line,
+                snippet: extractLine(content, m.index),
+            });
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Surface 2: runtime checks
+// ---------------------------------------------------------------------------
+function collectChecks(content, file, checks) {
+    // Pattern A: Yii::$app->user->can('name') OR \Yii::$app->user->can('name')
+    // OR shortcut Yii::$app->can('name') (rare but legal in custom UserComponents)
+    const canRe = /(?:Yii|\\Yii)::\$app->user->can\s*\(\s*['"]([^'"]+)['"]/g;
+    let m;
+    while ((m = canRe.exec(content)) !== null) {
+        checks.push({
+            name: m[1],
+            source: "code",
+            file,
+            line: countLines(content, m.index),
+        });
+    }
+    // Pattern B: AccessControl rule with 'permissions' => ['name1', 'name2']
+    // We capture the entire array body and then split out individual names.
+    // Bounded 1000-char window after the keyword to avoid runaway matches on
+    // huge controllers. The rule can contain arbitrary other keys; we just
+    // need the permissions list.
+    const acRe = /['"]permissions['"]\s*=>\s*\[([^\]]{0,2000})\]/g;
+    while ((m = acRe.exec(content)) !== null) {
+        const inner = m[1];
+        const perRe = /['"]([\w-]+)['"]/g;
+        let pm;
+        while ((pm = perRe.exec(inner)) !== null) {
+            checks.push({
+                name: pm[1],
+                source: "access-control",
+                file,
+                line: countLines(content, m.index + pm.index),
+            });
+        }
+    }
+}
+function scanControllersWithoutAccessControl(index) {
+    const out = [];
+    // Find class symbols whose name ends in Controller AND that aren't in
+    // vendor/. We don't try to walk the inheritance tree to identify "real"
+    // Yii2 Controllers — a class named *Controller in the user's own code is
+    // 99% a real Yii2 controller, and the false-positive cost is one extra
+    // line in the report.
+    const controllers = index.symbols.filter((s) => {
+        if (s.kind !== "class")
+            return false;
+        if (!s.name.endsWith("Controller"))
+            return false;
+        if (!s.file.endsWith(".php"))
+            return false;
+        if (VENDOR_RE.test(s.file))
+            return false;
+        if (!s.source)
+            return false;
+        return true;
+    });
+    for (const ctrl of controllers) {
+        const src = ctrl.source;
+        const hasBehaviors = /\bfunction\s+behaviors\s*\(/.test(src);
+        const hasAccessControl = /AccessControl::class|['"]access['"]\s*=>\s*\[\s*['"]class['"]\s*=>\s*[^\]]*AccessControl/.test(src);
+        const hasCan = /->can\s*\(/.test(src);
+        if (!hasBehaviors) {
+            out.push({ class: ctrl.name, file: ctrl.file, reason: "no-behaviors" });
+            continue;
+        }
+        if (!hasAccessControl && !hasCan) {
+            out.push({
+                class: ctrl.name,
+                file: ctrl.file,
+                reason: "no-access-control-in-behaviors",
+            });
+            continue;
+        }
+    }
+    return out;
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function countLines(source, idx) {
+    let line = 1;
+    for (let i = 0; i < idx; i++) {
+        if (source.charCodeAt(i) === 10)
+            line++;
+    }
+    return line;
+}
+function extractLine(source, idx) {
+    const start = source.lastIndexOf("\n", idx) + 1;
+    const end = source.indexOf("\n", idx);
+    const line = source.slice(start, end === -1 ? source.length : end);
+    return line.trim().slice(0, 200);
+}
+//# sourceMappingURL=yii-rbac-tools.js.map

package/dist/tools/yii-rbac-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yii-rbac-tools.js","sourceRoot":"","sources":["../../src/tools/yii-rbac-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAuDhD,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,SAAS,GAAG,0DAA0D,CAAC;AAE7E,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,OAAsC;IAEtC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,cAAc,CAAC,CAAC;IAE/D,MAAM,aAAa,GAAG,OAAO,EAAE,cAAc,IAAI,KAAK,CAAC;IACvD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACxC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,KAAK,CAAC;QAC3C,IAAI,CAAC,aAAa,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAwB,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAmB,EAAE,CAAC;IAClC,MAAM,cAAc,GAAoC,EAAE,CAAC;IAE3D,qEAAqE;IACrE,MAAM,OAAO,CAAC,GAAG,CACf,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QACvB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,kBAAkB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;QACjE,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CACH,CAAC;IAEF,0EAA0E;IAC1E,yEAAyE;IACzE,0EAA0E;IAC1E,sEAAsE;IACtE,oBAAoB;IACpB,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CACtE,CAAC;IACF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAC9B,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAChE,CAAC;IACF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;QAC9B,GAAG,sBAAsB;QACzB,GAAG,gBAAgB;KACpB,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAExD,MAAM,YAAY,GAAG,CAAC,GAAG,YAAY,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SACtC,IAAI,EAAE,CAAC;IAEV,yEAAyE;IACzE,oEAAoE;IACpE,sEAAsE;IACtE,qEAAqE;IACrE,sCAAsC;IACtC,MAAM,iBAAiB,GAAG,CAAC,GAAG,sBAAsB,CAAC;SAClD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SACnC,IAAI,EAAE,CAAC;IAEV,sEAAsE;IACtE,qEAAqE;IACrE,MAAM,WAAW,GAAG,mCAAmC,CAAC,KAAK,CAAC,CAAC;IAE/D,OAAO;QACL,IAAI;QACJ,WAAW;QACX,MAAM;QACN,aAAa,EAAE,YAAY;QAC3B,kBAAkB,EAAE,iBAAiB;QACrC,kCAAkC,EAAE,WAAW;QAC/C,eAAe,EAAE,cAAc;QAC/B,OAAO,EAAE;YACP,iBAAiB,EAAE,sBAAsB,CAAC,IAAI;YAC9C,WAAW,EAAE,gBAAgB,CAAC,IAAI;YAClC,YAAY,EAAE,YAAY,CAAC,IAAI;YAC/B,kBAAkB,EAAE,YAAY,CAAC,MAAM;YACvC,uBAAuB,EAAE,iBAAiB,CAAC,MAAM;YACjD,uBAAuB,EAAE,WAAW,CAAC,MAAM;SAC5C;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,SAAS,kBAAkB,CACzB,OAAe,EACf,IAAY,EACZ,WAAgC,EAChC,cAA+C;IAE/C,+DAA+D;IAC/D,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,QAAQ,GACZ,qFAAqF,CAAC;IACxF,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QACnB,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QAE1C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,WAAW,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,IAAI,KAAK,kBAAkB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM;gBACzD,IAAI;gBACJ,IAAI;aACL,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC;gBAClB,IAAI;gBACJ,IAAI;gBACJ,OAAO,EAAE,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC;aACvC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,SAAS,aAAa,CACpB,OAAe,EACf,IAAY,EACZ,MAAsB;IAEtB,2EAA2E;IAC3E,+EAA+E;IAC/E,MAAM,KAAK,GAAG,0DAA0D,CAAC;IACzE,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,CAAC,CAAC,CAAC,CAAE;YACX,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,yEAAyE;IACzE,uEAAuE;IACvE,6BAA6B;IAC7B,MAAM,IAAI,GAAG,iDAAiD,CAAC;IAC/D,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QACpB,MAAM,KAAK,GAAG,mBAAmB,CAAC;QAClC,IAAI,EAA0B,CAAC;QAC/B,OAAO,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,EAAE,CAAC,CAAC,CAAE;gBACZ,MAAM,EAAE,gBAAgB;gBACxB,IAAI;gBACJ,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;aAC9C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAiBD,SAAS,mCAAmC,CAC1C,KAAgB;IAEhB,MAAM,GAAG,GAAwB,EAAE,CAAC;IAEpC,sEAAsE;IACtE,wEAAwE;IACxE,yEAAyE;IACzE,uEAAuE;IACvE,sBAAsB;IACtB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,KAAK,CAAC;QACjD,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,KAAK,CAAC;QAC3C,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAO,CAAC;QAEzB,MAAM,YAAY,GAAG,6BAA6B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,gBAAgB,GAAG,0FAA0F,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9H,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;YACxE,SAAS;QACX,CAAC;QACD,IAAI,CAAC,gBAAgB,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC;gBACP,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM,EAAE,gCAAgC;aACzC,CAAC,CAAC;YACH,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,MAAc,EAAE,GAAW;IAC7C,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,EAAE;YAAE,IAAI,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,GAAW;IAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC"}

package/dist/tools/yii3-attribute-candidates-tools.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Yii3 attribute conversion candidates (M2).
+ *
+ * Yii3 is natively PHP 8 attribute-based. The mechanical mapping from
+ * Yii2 array-config idioms to Yii3 attributes is well-defined, but
+ * applying it across thousands of files is the bottleneck for any
+ * Yii2→Yii3 migration. This tool surfaces every site that's a candidate
+ * for the conversion + a proposed attribute form, capped by sample limit
+ * so the consumer can triage at their own pace.
+ *
+ * Conversions covered:
+ *
+ *   behaviors-to-attributes
+ *     behaviors() returning an array with TimestampBehavior /
+ *     BlameableBehavior / SluggableBehavior / etc → #[Behavior(class)] on
+ *     the class. We surface the entire behaviors() body in `current_form`
+ *     so the auditor sees the array-shape that needs conversion.
+ *
+ *   rules-to-attributes
+ *     rules() returning array of [['field'], 'validator'] tuples →
+ *     #[Required], #[Email], #[StringLength(min: 1)] on the property.
+ *     Each tuple becomes one or more proposed attributes.
+ *
+ *   urlmanager-rule-to-route
+ *     'GET api/users/<id>' => 'user/view' (in urlManager rules) →
+ *     #[Route(method: 'GET', path: '/api/users/{id}')] on the controller
+ *     action. We resolve the controller/action target from the rule's
+ *     right side. {param} placeholders are emitted but type constraints
+ *     are dropped (Yii2 supports inline regex like <id:\\d+>; Yii3 uses
+ *     route attributes like #[Route('/{id<int>}')]).
+ *
+ * Output shape:
+ *   - candidates[]    — flat list of all conversions
+ *   - by_rule[]       — grouped + sample-capped, sorted by count desc
+ *   - summary         — total + per-rule counts
+ *
+ * Like M1, this tool never auto-applies. Each candidate ships:
+ *   current_form         (the source as written today)
+ *   suggested_replacement (the attribute equivalent)
+ *   confidence           ("high" | "medium" | "low")
+ *   blockers[]           (string reasons the conversion may be unsafe —
+ *                         e.g. "rule references a Closure validator that
+ *                         can't be lifted to an attribute")
+ */
+export type Yii3AttributeRuleId = "behaviors-to-attributes" | "rules-to-attributes" | "urlmanager-rule-to-route";
+export interface Yii3AttributeCandidate {
+    rule_id: Yii3AttributeRuleId;
+    file: string;
+    line: number;
+    current_form: string;
+    suggested_replacement: string;
+    confidence: "high" | "medium" | "low";
+    blockers: string[];
+}
+export interface Yii3AttributeCandidates {
+    repo: string;
+    scanned_files: number;
+    total_candidates: number;
+    by_rule: Array<{
+        rule_id: Yii3AttributeRuleId;
+        count: number;
+        samples: Yii3AttributeCandidate[];
+    }>;
+    candidates: Yii3AttributeCandidate[];
+}
+export declare function findYii3AttributeCandidates(repo: string, options?: {
+    file_pattern?: string;
+    rules?: Yii3AttributeRuleId[];
+    max_samples_per_rule?: number;
+    include_vendor?: boolean;
+}): Promise<Yii3AttributeCandidates>;
+//# sourceMappingURL=yii3-attribute-candidates-tools.d.ts.map

package/dist/tools/yii3-attribute-candidates-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"yii3-attribute-candidates-tools.d.ts","sourceRoot":"","sources":["../../src/tools/yii3-attribute-candidates-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAUH,MAAM,MAAM,mBAAmB,GAC3B,yBAAyB,GACzB,qBAAqB,GACrB,0BAA0B,CAAC;AAE/B,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,mBAAmB,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,KAAK,CAAC;QACb,OAAO,EAAE,mBAAmB,CAAC;QAC7B,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,sBAAsB,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,UAAU,EAAE,sBAAsB,EAAE,CAAC;CACtC;AAwBD,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;IACR,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,GACA,OAAO,CAAC,uBAAuB,CAAC,CAmElC"}