アノテーションを PHP 8 Attributes に移行し依存関係を更新

[apple-x-co]

Summary by Sourcery

Migrate annotation-based validation and error handling to PHP 8 attributes while updating dependencies and tests for PHP 8 and modern PHPUnit.

New Features:

• Introduce PHP 8 attribute-based annotations for form validation, input validation, and VndError metadata.

Bug Fixes:

• Adjust validation error handling to throw domain-specific ValidationException where previously a generic reflection error was expected.

Enhancements:

• Refactor existing annotation classes and DI hooks to use PHP 8 attributes across the codebase, including controllers, traits, and module configuration.
• Replace Doctrine AnnotationReader with Koriym AttributeReader for reading metadata.
• Modernize test suite to use PHPUnit 9 APIs and namespaced TestCase, updating expectation methods accordingly.
• Align VndError-related tests and fixtures with the new attribute-based configuration and expected JSON payload shape.

Build:

• Raise PHP minimum version to 8.0 and bump ray/di and ray/aop dependencies, along with updating phpunit to ^9.5.
• Add Composer config to allow aura/installer-default plugin.
• Simplify test bootstrap by removing Doctrine annotations autoload setup.

CI:

• Relax static analysis tools in Scrutinizer config by removing php_mess_detector.

Summary by CodeRabbit

• Chores

  • Require PHP 8.0, update core dependencies and project config; adjust CI/config analysis settings.
  • Ignore temporary test files and test cache.
  • Migrate internal metadata from docblock annotations to PHP 8 attribute style.

• Tests

  • Modernize PHPUnit usage and APIs; add void signatures and replace deprecated assertions.
  • Expand coverage and test reporting configuration; simplify test bootstrap/autoload.

• Documentation

  • Update README examples to use PHP 8 attribute syntax.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[sourcery-ai]

Reviewer's Guide

Migrates from Doctrine/Ray.Di docblock annotations to PHP 8 attributes, updates DI wiring to use attribute-based metadata, and modernizes the test and build setup for PHP 8 and PHPUnit 9.5.

Class diagram for migrated PHP 8 attribute annotations

classDiagram

class AbstractValidation {
  +string form
  +__construct(form string = "form")
}

class FormValidation {
  +bool antiCsrf
  +string onFailure
  +__construct(form string = "form", antiCsrf bool = false, onFailure string)
}

class InputValidation {
}

class VndError {
  +string message
  +array href
  +string logref
  +string path
  +__construct(message string, href array, logref string, path string)
}

AbstractValidation <|-- FormValidation
AbstractValidation <|-- InputValidation

class InjectAttribute {
}

class PostConstructAttribute {
}

class AbstractForm {
  +setBaseDependencies(builder BuilderInterface, filterFactory FilterFactory, helperFactory HelperLocatorFactory) void
  +postConstruct() void
}

class SetAntiCsrfTrait {
  +setAntiCsrf(antiCsrf AntiCsrfInterface) void
}

AbstractForm ..> InjectAttribute : uses
AbstractForm ..> PostConstructAttribute : uses
SetAntiCsrfTrait ..> InjectAttribute : uses
FormValidation ..> AbstractValidation : calls_parent_constructor

Loading

File-Level Changes

Change	Details	Files
Convert custom validation and error annotations to PHP 8 attributes with constructor-based configuration.	Replace @Annotation/@target docblock metadata with PHP 8 #[Attribute] declarations on validation-related classes. Refactor AbstractValidation, FormValidation, InputValidation, and VndError to use typed constructor parameters and promoted properties instead of public untyped fields. Adjust VndError semantics so attribute arguments are passed via the constructor and update JSON expectations in tests to match.	src/Annotation/AbstractValidation.php src/Annotation/FormValidation.php src/Annotation/InputValidation.php src/Annotation/VndError.php tests/AuraInputInterceptorTest.php tests/AbstractFormTest.php tests/VndErrorHandlerTest.php tests/Fake/FakeControllerVndError.php
Replace Ray.Di docblock annotations in code and documentation with PHP 8 attributes.	Add #[Inject], #[Named], and Ray.Di lifecycle attributes on form-related setters and postConstruct hooks. Update example usage in README.md and README.JA.md from docblock annotations to attribute syntax reflecting new constructor signatures. Apply attributes in fake controller classes used in tests to drive interception and validation logic.	src/AbstractForm.php src/SetAntiCsrfTrait.php tests/Fake/FakeController.php tests/Fake/FakeInputValidationController.php tests/Fake/FakeControllerVndError.php tests/Fake/FakeInvalidController1.php tests/Fake/FakeInvalidController2.php tests/Fake/FakeInvalidController3.php tests/Fake/FakeInvalidInstanceController.php README.md README.JA.md
Switch metadata reading from Doctrine annotations to Koriym attribute reader and simplify bootstrap.	Bind Doctrine\Common\Annotations\Reader to Koriym\Attributes\AttributeReader in the AuraInputModule DI configuration. Update AbstractFormTest to construct interceptors with AttributeReader and pass method name instead of ReflectionMethod to ReflectiveMethodInvocation. Remove Doctrine AnnotationRegistry setup from tests/bootstrap.php.	src/AuraInputModule.php tests/AbstractFormTest.php tests/bootstrap.php
Upgrade the project to PHP 8 and PHPUnit 9, updating tests to new APIs and expectations.	Raise minimum PHP version to 8.0 and bump ray/di plus add ray/aop dependency in composer.json; update phpunit/phpunit to ^9.5 and configure composer allow-plugins for aura/installer-default. Migrate all tests from \PHPUnit_Framework_TestCase to PHPUnit\Framework\TestCase and add return types to setUp methods. Replace deprecated setExpectedException() calls with expectException() and adjust one AbstractFormTest expectation from ReflectionException to ValidationException.	composer.json tests/AuraInputInterceptorTest.php tests/AbstractFormTest.php tests/VndErrorHandlerTest.php tests/AbstractAuraFormTest.php tests/FormFactoryTest.php tests/AntiCsrfTest.php tests/AuraInputModuleTest.php
Minor build/config cleanup.	Disable php_mess_detector in .scrutinizer.yml to streamline static analysis. Introduce/update .gitignore and refresh phpunit.xml.dist configuration (diff content not shown).	.scrutinizer.yml .gitignore phpunit.xml.dist

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaces Doctrine-style docblock annotations with PHP 8 attributes across source, tests, and README; swaps AnnotationReader for AttributeReader; updates composer/phpunit requirements and CI config; modernizes tests and simplifies test bootstrap; adds .gitignore entries.

Changes

Cohort / File(s)	Summary
VCS ignores /.gitignore	Add tests/tmp/*, unignore !tests/tmp/.placefolder, ignore .phpunit.result.cache.
CI / static analysis /.scrutinizer.yml	Remove legacy tools block; add build section running php-scrutinizer-run and set PHP env to 8.2; keep filter.paths: "src/*".
Composer /composer.json	Require PHP >=8.0.0; update ray/di → ^2.16; add ray/aop ^2.14; bump phpunit/phpunit → ^9.5; add config.allow-plugins.
PHPUnit config /phpunit.xml.dist	Rename testsuite, add coverage include for src, enable HTML/Clover reports, consolidate logging to junit, remove prior whitelist/filter.
Annotation → Attribute core src/Annotation/... src/Annotation/AbstractValidation.php, src/Annotation/FormValidation.php, src/Annotation/InputValidation.php, src/Annotation/VndError.php	Replace @Annotation/@Target docblocks with use Attribute and #[Attribute(Attribute::TARGET_METHOD)]; convert public properties to constructor-promoted params and add constructors; remove old property declarations. (High attention)
Source attribute usage & DI reader src/AbstractForm.php, src/SetAntiCsrfTrait.php, src/AuraInputModule.php	Add PHP 8 attributes (inject/post-construct) and switch import/binding from AnnotationReader → AttributeReader in module. (High attention)
Tests modernization tests/* tests/AbstractFormTest.php, tests/AbstractAuraFormTest.php, tests/AntiCsrfTest.php, tests/AuraInputInterceptorTest.php, tests/AuraInputModuleTest.php, tests/FormFactoryTest.php, tests/VndErrorHandlerTest.php, ...	Migrate tests to PHPUnit\Framework\TestCase, add : void to setUp(), replace setExpectedException() with expectException(), switch test setups to AttributeReader, update imports and some expected exceptions/assertions.
Test fixtures / Fake controllers tests/Fake/* tests/Fake/FakeController.php, tests/Fake/FakeControllerVndError.php, tests/Fake/FakeInputValidationController.php, tests/Fake/FakeInvalidController*.php, tests/Fake/FakeInvalidInstanceController.php	Replace PHPDoc annotations (@Inject, @Named, @FormValidation, @InputValidation, @VndError) with equivalent PHP 8 attribute syntax on methods.
Bootstrap tests/bootstrap.php	Remove Doctrine AnnotationRegistry registration; require Composer autoloader directly.
Documentation examples README.md, README.JA.md	Update README examples to use PHP 8 attribute syntax (Inject, Named, FormValidation, InputValidation, VndError).

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I hopped through docs and code so light,
Docblocks swapped for attributes bright,
Readers changed and tests aligned,
Composer bumped — no traces left behind,
Tiny paws applaud the night.

Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 15.79% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: migrating annotations to PHP 8 attributes and updating dependencies, which is the primary focus of this comprehensive PR.

_{✏️ Tip: You can configure your own custom Pre-merge Checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 47c4b50 and 280117b.

📒 Files selected for processing (1)

• tests/AuraInputInterceptorTest.php

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/AuraInputInterceptorTest.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• In AuraInputInterceptorTest::testInvalidFormPropertyByInvalidInstance you call expectException(InvalidFormPropertyException::class) twice, which is redundant and can be reduced to a single call for clarity.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `AuraInputInterceptorTest::testInvalidFormPropertyByInvalidInstance` you call `expectException(InvalidFormPropertyException::class)` twice, which is redundant and can be reduced to a single call for clarity.

## Individual Comments

### Comment 1
<location> `README.JA.md:187` </location>
<code_context>
 `@VndError`アノテーションで`vnd.error+json`に必要な情報を加えることができます。

 ```php
</code_context>

<issue_to_address>
**suggestion (typo):** Update the inline `@VndError` reference to match the new attribute-style usage shown in the example.

This sentence still refers to the old `@VndError` annotation, while the example now uses PHP 8 attributes (`#[VndError(...)]`). Please update the inline code to match the attribute style, e.g. ``#[VndError]`` or just `VndError`, to keep the documentation consistent.

```suggestion
`#[VndError]`属性で`vnd.error+json`に必要な情報を加えることができます。
```
</issue_to_address>

### Comment 2
<location> `README.md:116` </location>
<code_context>
 More detail for `vnd.error+json`can be add with `@VndError` annotation. 

 ```php
</code_context>

<issue_to_address>
**issue (typo):** Fix grammar/spacing and update `@VndError` to align with the new attribute-style example.

Update the sentence to: "More detail for `vnd.error+json` can be added with..." (add a space and use "added"). Also, align the inline `@VndError` reference with the new attribute-style example below, e.g. ``#[VndError]`` or `VndError` instead of the annotation form.

```suggestion
        // validation success
More detail for `vnd.error+json` can be added with `#[VndError]`. 
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (typo): Fix grammar/spacing and update @VndError to align with the new attribute-style example.

Update the sentence to: "More detail for vnd.error+json can be added with..." (add a space and use "added"). Also, align the inline @VndError reference with the new attribute-style example below, e.g. #[VndError] or VndError instead of the annotation form.

Suggested change

	// validation success
	// validation success
	More detail for `vnd.error+json` can be added with `#[VndError]`.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/AbstractAuraFormTest.php (1)

60-64: assertContains deprecated for string haystacks in PHPUnit 9.x.

The assertContains() method no longer supports string haystacks in PHPUnit 9.x. This test will fail at runtime.

🔎 Proposed fix

     public function tesetInputDataReamainedOnValidationFailure($html)
     {
         $expected = '<input id="name" type="text" name="name" value="@invalid@" />';
-        $this->assertContains($expected, $html);
+        $this->assertStringContainsString($expected, $html);
     }

🤖 Fix all issues with AI Agents

In @src/Annotation/VndError.php:
- Around line 22-28: The constructor for VndError requires an $href parameter
that is unused by VndErrorHandler::optionalAttribute(); change the constructor
signature in class VndError (the __construct method) to make $href optional by
giving it a default empty array (e.g., public array $href = []) so callers need
not pass it and existing behavior remains unchanged.

In @src/AuraInputModule.php:
- Line 17: The project now references Koriym\Attributes\AttributeReader (bound
to Reader::class) but composer.json lacks an explicit dependency; open
composer.json and add "koriym/attributes": "*" (or a specific version) to the
"require" section so AttributeReader is installed, or alternatively verify that
the installed ray/di ^2.16 transitively requires koriym/attributes and update
composer.json accordingly to ensure AttributeReader::class can be autoloaded at
runtime.

In @tests/AuraInputInterceptorTest.php:
- Around line 128-129: Remove the duplicate expectException call: keep a single
$this->expectException(InvalidFormPropertyException::class) in the test and
delete the redundant second invocation so the test only declares the expected
exception once.

🧹 Nitpick comments (4)

src/SetAntiCsrfTrait.php (1)

13-15: LGTM! Attribute injection properly applied.

The migration from @Inject annotation to #[\Ray\Di\Di\Inject] attribute is correct and consistent with the pattern used in src/AbstractForm.php.

The @param PHPDoc on line 13 is redundant given the typed parameter AntiCsrfInterface $antiCsrf. Consider removing it:

🔎 Optional cleanup

-    /** @param AntiCsrfInterface $antiCsrf */
     #[\Ray\Di\Di\Inject]
     public function setAntiCsrf(AntiCsrfInterface $antiCsrf)

README.JA.md (2)

98-105: Fix indentation in code examples.

The attributes have an extra leading space before # (e.g., #[Inject] instead of #[Inject]). This inconsistent indentation may look odd in the documentation and doesn't match standard PHP formatting conventions.

🔎 Proposed fix

-     #[Inject]
-     #[Named("contact_form")]
+    #[Inject]
+    #[Named("contact_form")]
     public function setForm(FormInterface $form)
     {
         $this->contactForm = $form;
     }

-     #[FormValidation(form: "contactForm", onFailure: "badRequestAction")]
+    #[FormValidation(form: "contactForm", onFailure: "badRequestAction")]
     public function createAction()

---

150-151: Same indentation issue here.

The #[InputValidation] attribute has an extra leading space.

🔎 Proposed fix

-     #[InputValidation(form: "form1")]
+    #[InputValidation(form: "form1")]
     public function createAction($name)

README.md (1)

106-113: Fix indentation in code examples.

Same issue as in README.JA.md - the attributes have an extra leading space before #. This should be consistent with standard PHP formatting.

🔎 Proposed fix

-     #[Inject]
-     #[Named("contact_form")]
+    #[Inject]
+    #[Named("contact_form")]
     public function setForm(FormInterface $form)
     {
         $this->contactForm = $form;
     }

-     #[FormValidation(form: "contactForm", onFailure: "badRequestAction")]
+    #[FormValidation(form: "contactForm", onFailure: "badRequestAction")]
     public function createAction()

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4b6d33a and d6e5bba.

📒 Files selected for processing (28)

• .gitignore
• .scrutinizer.yml
• README.JA.md
• README.md
• composer.json
• phpunit.xml.dist
• src/AbstractForm.php
• src/Annotation/AbstractValidation.php
• src/Annotation/FormValidation.php
• src/Annotation/InputValidation.php
• src/Annotation/VndError.php
• src/AuraInputModule.php
• src/SetAntiCsrfTrait.php
• tests/AbstractAuraFormTest.php
• tests/AbstractFormTest.php
• tests/AntiCsrfTest.php
• tests/AuraInputInterceptorTest.php
• tests/AuraInputModuleTest.php
• tests/Fake/FakeController.php
• tests/Fake/FakeControllerVndError.php
• tests/Fake/FakeInputValidationController.php
• tests/Fake/FakeInvalidController1.php
• tests/Fake/FakeInvalidController2.php
• tests/Fake/FakeInvalidController3.php
• tests/Fake/FakeInvalidInstanceController.php
• tests/FormFactoryTest.php
• tests/VndErrorHandlerTest.php
• tests/bootstrap.php

💤 Files with no reviewable changes (1)

• .scrutinizer.yml

🧰 Additional context used

🧬 Code graph analysis (17)

src/SetAntiCsrfTrait.php (2)

src/AbstractForm.php (2)

• Ray (76-85)
• Ray (92-99)

tests/Fake/FakeController.php (1)

• Inject (16-21)

tests/Fake/FakeInvalidController2.php (4)

tests/Fake/FakeController.php (1)

• FormValidation (23-27)

tests/Fake/FakeInvalidController1.php (1)

• FormValidation (9-12)

tests/Fake/FakeInvalidController3.php (1)

• FormValidation (16-19)

tests/Fake/FakeInvalidInstanceController.php (1)

• FormValidation (11-14)

src/Annotation/InputValidation.php (3)

src/Annotation/AbstractValidation.php (1)

• Attribute (12-18)

src/Annotation/FormValidation.php (1)

• Attribute (12-22)

src/Annotation/VndError.php (1)

• Attribute (12-29)

tests/Fake/FakeController.php (6)

tests/Fake/FakeControllerVndError.php (1)

• Inject (17-22)

tests/Fake/FakeInputValidationController.php (1)

• Inject (16-21)

tests/Fake/FakeInvalidController3.php (2)

• setForm (11-14)
• FormValidation (16-19)

src/AbstractForm.php (1)

• form (136-144)

tests/Fake/FakeInvalidController1.php (1)

• FormValidation (9-12)

tests/Fake/FakeInvalidController2.php (1)

• FormValidation (11-14)

tests/VndErrorHandlerTest.php (2)

src/Exception/ValidationException.php (1)

• ValidationException (11-20)

tests/FormFactoryTest.php (1)

• setUp (18-22)

tests/Fake/FakeInputValidationController.php (2)

tests/Fake/FakeController.php (1)

• Inject (16-21)

tests/Fake/FakeControllerVndError.php (2)

• Inject (17-22)
• InputValidation (24-28)

tests/AntiCsrfTest.php (5)

tests/AbstractAuraFormTest.php (1)

• setUp (18-22)

tests/AbstractFormTest.php (1)

• setUp (27-31)

tests/AuraInputInterceptorTest.php (1)

• setUp (28-38)

tests/FormFactoryTest.php (1)

• setUp (18-22)

tests/VndErrorHandlerTest.php (1)

• setUp (20-24)

tests/Fake/FakeInvalidController3.php (4)

tests/Fake/FakeController.php (1)

• FormValidation (23-27)

tests/Fake/FakeInvalidController1.php (1)

• FormValidation (9-12)

tests/Fake/FakeInvalidController2.php (1)

• FormValidation (11-14)

tests/Fake/FakeInvalidInstanceController.php (1)

• FormValidation (11-14)

src/Annotation/AbstractValidation.php (2)

src/Annotation/FormValidation.php (2)

• Attribute (12-22)
• __construct (15-21)

src/Annotation/InputValidation.php (1)

• Attribute (11-14)

src/Annotation/VndError.php (3)

src/Annotation/AbstractValidation.php (2)

• Attribute (12-18)
• __construct (15-17)

src/Annotation/FormValidation.php (2)

• Attribute (12-22)
• __construct (15-21)

src/Annotation/InputValidation.php (1)

• Attribute (11-14)

tests/AbstractAuraFormTest.php (4)

tests/AbstractFormTest.php (1)

• setUp (27-31)

tests/AuraInputInterceptorTest.php (1)

• setUp (28-38)

tests/FormFactoryTest.php (1)

• setUp (18-22)

tests/VndErrorHandlerTest.php (1)

• setUp (20-24)

tests/AuraInputInterceptorTest.php (8)

src/Exception/InvalidFormPropertyException.php (1)

• InvalidFormPropertyException (9-11)

src/Exception/ValidationException.php (1)

• ValidationException (11-20)

tests/Fake/FakeInvalidController1.php (1)

• FakeInvalidController1 (7-13)

tests/Fake/FakeInvalidController2.php (1)

• FakeInvalidController2 (7-15)

tests/Fake/FakeInvalidController3.php (1)

• FakeInvalidController3 (7-20)

tests/Fake/FakeControllerVndError.php (1)

• FakeControllerVndError (10-29)

src/FormValidationError.php (1)

• FormValidationError (9-25)

src/FormInterface.php (1)

• error (29-29)

tests/AbstractFormTest.php (3)

src/Exception/CsrfViolationException.php (1)

• CsrfViolationException (11-13)

src/Exception/ValidationException.php (1)

• ValidationException (11-20)

src/AuraInputInterceptor.php (1)

• AuraInputInterceptor (17-122)

tests/Fake/FakeControllerVndError.php (2)

tests/Fake/FakeController.php (1)

• Inject (16-21)

tests/Fake/FakeInputValidationController.php (2)

• Inject (16-21)
• InputValidation (23-26)

tests/Fake/FakeInvalidInstanceController.php (4)

tests/Fake/FakeController.php (1)

• FormValidation (23-27)

tests/Fake/FakeInvalidController1.php (1)

• FormValidation (9-12)

tests/Fake/FakeInvalidController2.php (1)

• FormValidation (11-14)

tests/Fake/FakeInvalidController3.php (1)

• FormValidation (16-19)

src/AbstractForm.php (2)

src/SetAntiCsrfTrait.php (1)

• Ray (14-18)

tests/Fake/FakeInputValidationController.php (1)

• Inject (16-21)

src/Annotation/FormValidation.php (2)

src/Annotation/AbstractValidation.php (2)

• Attribute (12-18)
• __construct (15-17)

src/Annotation/InputValidation.php (1)

• Attribute (11-14)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Sourcery review
• GitHub Check: Sourcery review

🔇 Additional comments (37)

tests/AntiCsrfTest.php (1)

17-17: LGTM! PHPUnit modernization is correct.

The changes successfully update the test to PHPUnit 9 style: importing PHPUnit\Framework\TestCase, extending TestCase, and adding the void return type to setUp().

Also applies to: 19-19, 33-33

.gitignore (1)

14-16: LGTM! Appropriate ignore rules for test artifacts.

The additions correctly ignore temporary test files and PHPUnit cache while preserving the directory structure via the placeholder exception.

tests/Fake/FakeInvalidInstanceController.php (1)

11-11: LGTM! Correct attribute syntax.

The migration from docblock annotation to PHP 8 attribute is correctly implemented.

tests/Fake/FakeInvalidController1.php (1)

9-9: LGTM! Correct attribute with named parameter.

The PHP 8 attribute syntax with the named parameter is correctly implemented.

tests/AuraInputInterceptorTest.php (3)

9-9: LGTM! PHPUnit modernization is correct.

The test class has been successfully updated to PHPUnit 9 style with the correct import, base class, and void return type on setUp().

Also applies to: 16-16, 28-28

---

106-106: LGTM! Correct migration to modern PHPUnit exception API.

The replacement of setExpectedException with expectException is the correct PHPUnit 9+ API.

Also applies to: 113-113, 120-120

---

136-154: LGTM! VndError test correctly updated.

The test now uses FakeControllerVndError, includes an explicit failure assertion, and validates the updated JSON structure with the logref field.

tests/AuraInputModuleTest.php (1)

9-14: LGTM! PHPUnit 9.x migration is correct.

The test class properly extends TestCase and uses expectException() before the code that triggers the exception, which is the correct pattern for PHPUnit 9.x.

Also applies to: 23-30

src/Annotation/AbstractValidation.php (1)

10-17: LGTM! Clean migration to PHP 8 attribute with constructor promotion.

The conversion to a PHP 8 attribute with constructor property promotion is well-implemented. Note that both this base class and its subclasses (FormValidation, InputValidation) declare #[Attribute], which allows each to be used independently as method attributes.

src/Annotation/FormValidation.php (1)

10-21: LGTM! Well-structured constructor with selective property promotion.

Good pattern: $form is correctly not promoted (no visibility modifier) since it's passed to the parent constructor, while $antiCsrf and $onFailure are promoted as class-specific properties. The string|null union type is appropriate for PHP 8+.

tests/AbstractAuraFormTest.php (1)

9-11: LGTM! PHPUnit 9.x base class and setUp signature updated correctly.

Also applies to: 18-18

tests/Fake/FakeController.php (1)

16-17: LGTM! Clean migration to PHP 8 attributes for DI and validation.

The dependency injection (#[Inject], #[Named]) and validation (#[FormValidation]) attributes are correctly applied and consistent with the patterns used across other test fixtures in this PR.

Also applies to: 23-23

src/AbstractForm.php (1)

76-76: LGTM! Clean migration to PHP 8 attributes.

The dependency injection and post-construction attributes are correctly applied using fully-qualified class names. The method signatures remain unchanged, ensuring backward compatibility at the API level.

Also applies to: 92-92

composer.json (3)

37-41: Configuration for Composer plugin looks correct.

The allow-plugins configuration for aura/installer-default is required by Composer 2.2+ for security. This prevents the installer from running without explicit permission.

---

18-18: PHPUnit 9.5 compatibility is already ensured in the test suite.

The test suite is fully compatible with PHPUnit 9.5. All tests correctly use PHPUnit\Framework\TestCase namespace, employ expectException() instead of deprecated setExpectedException(), and no deprecated PHPUnit patterns are present. While test methods lack explicit void return type declarations, this is optional and not required for PHPUnit 9.5 compatibility.

Likely an incorrect or invalid review comment.

---

9-11: Dependency versions verified for PHP 8 attribute support.

The versions ray/di ^2.16 and ray/aop ^2.14 are available and fully support PHP 8 attributes:

• Ray.Di 2.16.0+ removed doctrine/annotation dependency and uses PHP 8 attributes read via reflection through Ray.Aop
• Ray.Aop 2.17.0+ explicitly supports method parameter attributes
• Both support PHP 8.3+ and maintain active development with attribute-focused features

tests/bootstrap.php (1)

7-7: LGTM! Correctly removed Doctrine annotation registry.

With PHP 8 native attributes, the Doctrine AnnotationRegistry is no longer needed. The simplified bootstrap now only requires the Composer autoloader, which is sufficient for attribute-based metadata.

tests/Fake/FakeInvalidController2.php (1)

11-11: Flag inconsistency between code and AI summary.

The AI summary indicates this file should have #[FormValidation(form: "contactForm", onFailure: "badRequestAction")], but the actual code shows bare #[FormValidation] without parameters. Given that this is FakeInvalidController2 (a test fixture for invalid configurations) and $form is null, this appears intentional. However, the discrepancy should be clarified.

src/Annotation/InputValidation.php (1)

9-11: LGTM! Correct PHP 8 attribute declaration.

The attribute is properly declared with Attribute::TARGET_METHOD, allowing it to be applied to methods. The class correctly extends AbstractValidation to inherit base validation functionality while serving as a marker attribute for input validation.

phpunit.xml.dist (1)

1-21: LGTM! PHPUnit configuration modernized correctly.

The configuration has been properly updated to PHPUnit 9.5+ standards: testsuite naming, coverage configuration migrated from deprecated whitelist to include/report structure, and logging consolidated. All changes align with modern PHPUnit conventions.

tests/FormFactoryTest.php (1)

9-18: LGTM! Test class properly modernized for PHPUnit 9.5.

The test class has been correctly updated with the namespaced TestCase import, modern class extension, and void-typed setUp() method, consistent with PHPUnit 9.5+ requirements and other migrated tests in the codebase.

tests/Fake/FakeInputValidationController.php (2)

23-26: LGTM! InputValidation attribute correctly applied.

The #[InputValidation] attribute has been properly migrated from the docblock annotation, consistent with other test controllers in the codebase.

---

16-21: Ray.Di 2.16.0 fully supports PHP 8 attributes for dependency injection.

The #[Inject] and #[Named('contact_form')] attributes are correctly implemented and consistent with other migrated controllers in the codebase (e.g., FakeController.php). No further action needed.

tests/AbstractFormTest.php (5)

14-20: LGTM! Imports and class signature properly updated.

The imports have been correctly updated to include AttributeReader for PHP 8 attribute support, the namespaced TestCase for PHPUnit 9.5+, and ValidationException for explicit exception handling. The class signature modernization is consistent with other test files.

---

27-31: LGTM! setUp method signature modernized.

The setUp() method now has the void return type required by PHPUnit 8+, consistent with other modernized test files.

---

66-69: LGTM! Exception handling modernized.

The test correctly uses expectException() instead of the deprecated setExpectedException(), following PHPUnit 8+ conventions.

---

94-103: LGTM! Exception expectation properly updated.

The CSRF violation test has been correctly updated to use the modern expectException() API.

---

44-55: ReflectiveMethodInvocation constructor accepts the parameters correctly.

The constructor signature in ray/aop 2.14.0 expects:

1. object $object — the controller
2. string $method — the method name as a string
3. array $arguments — the method arguments
4. array $interceptors — optional array of interceptors

The code correctly passes 'createAction' as a string for the method name, along with the proper argument order. The switch to AttributeReader and this constructor usage are both correct for the attribute migration to PHP 8.

tests/Fake/FakeInvalidController3.php (1)

16-19: LGTM! FormValidation attribute correctly migrated.

The #[FormValidation(onFailure: "missing_method")] attribute has been properly migrated from the docblock annotation with correct named parameter syntax. The intentionally invalid method reference is appropriate for this test fixture.

tests/Fake/FakeControllerVndError.php (2)

17-18: LGTM!

The migration to PHP 8 attributes for #[Inject] and #[Named('contact_form')] is correct and consistent with other test controllers like FakeController.php and FakeInputValidationController.php.

---

24-25: LGTM!

The #[InputValidation] and #[VndError] attributes are correctly applied with proper named parameters. The href array syntax within the attribute is valid PHP 8 syntax and matches the VndError class constructor signature.

README.JA.md (1)

190-191: LGTM!

The #[FormValidation] and #[VndError] attribute examples are correctly formatted and demonstrate the proper PHP 8 attribute syntax with the href associative array.

tests/VndErrorHandlerTest.php (3)

9-9: LGTM!

Correct import of the namespaced PHPUnit TestCase class for PHPUnit 9.x compatibility.

---

13-13: LGTM!

The class correctly extends PHPUnit\Framework\TestCase and the setUp() method has the required void return type for PHPUnit 8+/9.x.

Also applies to: 20-20

---

28-28: LGTM!

Correctly updated from the deprecated setExpectedException() to expectException(), which is the modern PHPUnit 9.x API.

README.md (1)

185-186: LGTM!

The #[FormValidation] and #[VndError] examples correctly demonstrate PHP 8 attribute syntax with all the named parameters including the href associative array.

src/Annotation/VndError.php (1)

10-12: LGTM!

The #[Attribute(Attribute::TARGET_METHOD)] declaration is correct for targeting method-level attributes, consistent with the other annotation classes in this module (AbstractValidation, FormValidation, InputValidation).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for VndError usages
rg -n "VndError" --type php -B 2 -A 2

Repository: ray-di/Ray.WebFormModule

Length of output: 6306

---

🏁 Script executed:

#!/bin/bash
# Read the VndError class definition
cat -n src/Annotation/VndError.php

Repository: ray-di/Ray.WebFormModule

Length of output: 938

---

🏁 Script executed:

#!/bin/bash
# Read the VndErrorHandler methods that work with VndError
cat -n src/VndErrorHandler.php

Repository: ray-di/Ray.WebFormModule

Length of output: 2350

---

🏁 Script executed:

#!/bin/bash
# Search for direct VndError instantiations
rg "new VndError" --type php

Repository: ray-di/Ray.WebFormModule

Length of output: 182

---

🏁 Script executed:

#!/bin/bash
# Check git history for VndError changes
git log --oneline -- src/Annotation/VndError.php | head -20

Repository: ray-di/Ray.WebFormModule

Length of output: 139

---

The $href parameter should have a default value since it's not used in the handler.

The $href parameter is required but completely unused: VndErrorHandler::optionalAttribute() only processes message, path, and logref, and never returns href in the response body. Since the parameter provides no functional value, making it optional with an empty array default would reduce unnecessary coupling:

Add default for $href

     public function __construct(
         public string $message,
-        public array $href,
+        public array $href = [],
         public string|null $logref = null,
         public string|null $path = null
     ) {
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	public function __construct(
	public string $message,
	public array $href,
	public string|null $logref = null,
	public string|null $path = null
	) {
	}
	public function __construct(
	public string $message,
	public array $href = [],
	public string|null $logref = null,
	public string|null $path = null
	) {
	}

🤖 Prompt for AI Agents

In @src/Annotation/VndError.php around lines 22-28, The constructor for VndError
requires an $href parameter that is unused by
VndErrorHandler::optionalAttribute(); change the constructor signature in class
VndError (the __construct method) to make $href optional by giving it a default
empty array (e.g., public array $href = []) so callers need not pass it and
existing behavior remains unchanged.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's check the file structure
git ls-files | grep -E "(AuraInputModule|composer)" | head -20

Repository: ray-di/Ray.WebFormModule

Length of output: 135

---

🏁 Script executed:

#!/bin/bash
# Examine the AuraInputModule.php file
cat -n src/AuraInputModule.php

Repository: ray-di/Ray.WebFormModule

Length of output: 2236

---

🏁 Script executed:

#!/bin/bash
# Check composer.json for dependencies
cat composer.json | jq '.require, ."require-dev"' 2>/dev/null || cat composer.json

Repository: ray-di/Ray.WebFormModule

Length of output: 282

---

🏁 Script executed:

#!/bin/bash
# Check if composer.lock exists and search for koriym/attributes
if [ -f composer.lock ]; then
  jq '.packages[] | select(.name == "koriym/attributes") | {name, version}' composer.lock 2>/dev/null || grep -A5 "koriym/attributes" composer.lock
fi

Repository: ray-di/Ray.WebFormModule

Length of output: 50

---

🏁 Script executed:

#!/bin/bash
# Check the actual ray/di package to see if it depends on koriym/attributes
# First, let's see if composer.lock exists and check ray/di entry
if [ -f composer.lock ]; then
  echo "=== ray/di package info from composer.lock ==="
  jq '.packages[] | select(.name == "ray/di") | {name, version, require}' composer.lock 2>/dev/null
  
  echo ""
  echo "=== All packages in lock file ==="
  jq '.packages[].name' composer.lock 2>/dev/null | grep -i koriym
else
  echo "composer.lock not found"
fi

Repository: ray-di/Ray.WebFormModule

Length of output: 91

---

🏁 Script executed:

#!/bin/bash
# Search for any reference to koriym/attributes in the entire repo
rg "koriym/attributes" --type php 2>/dev/null || echo "No references found"

Repository: ray-di/Ray.WebFormModule

Length of output: 87

---

Add koriym/attributes as an explicit dependency in composer.json.

While the code changes correctly implement the PHP 8 attribute migration by binding Reader::class to AttributeReader::class, the koriym/attributes package is not declared as a direct or dev dependency in composer.json. Without this explicit dependency, the code will fail at runtime when attempting to load the AttributeReader class.

Add the following to the require section of composer.json:

"koriym/attributes": "*"

Or verify that ray/di ^2.16 explicitly includes koriym/attributes as a transitive dependency by checking its composer.json.

🤖 Prompt for AI Agents

In @src/AuraInputModule.php around line 17, The project now references
Koriym\Attributes\AttributeReader (bound to Reader::class) but composer.json
lacks an explicit dependency; open composer.json and add "koriym/attributes":
"*" (or a specific version) to the "require" section so AttributeReader is
installed, or alternatively verify that the installed ray/di ^2.16 transitively
requires koriym/attributes and update composer.json accordingly to ensure
AttributeReader::class can be autoloaded at runtime.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

README.JA.md (1)

187-191: Minor: Simplify redundant Japanese expression.

The phrase "加えることができます" on line 187 is somewhat verbose. In Japanese documentation, "加えます" is more direct and concise.

🔎 Proposed simplification

-`#[VndError]`属性で`vnd.error+json`に必要な情報を加えることができます。
+`#[VndError]`属性で`vnd.error+json`に必要な情報を加えます。

This change maintains the same meaning while improving readability of the documentation.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d6e5bba and f4e605a.

📒 Files selected for processing (2)

• README.JA.md
• README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• README.md

🧰 Additional context used

🪛 LanguageTool

README.JA.md

[uncategorized] ~187-~187: 「ことができる」という表現は冗長な可能性があります。
Context: ...[VndError]属性でvnd.error+json`に必要な情報を加えることができます。 ```php #[FormValidation(form: "...

(DOUSI_KOTOGADEKIRU)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

🔇 Additional comments (2)

README.JA.md (2)

98-105: ✓ Controller example correctly migrated to PHP 8 attributes.

The setForm() and createAction() methods now correctly use the #[Inject], #[Named("contact_form")], and #[FormValidation(...)] attributes, properly reflecting the migration from docblock annotations to PHP 8 attributes.

---

150-150: ✓ InputValidation example correctly shows attribute syntax.

The #[InputValidation(form: "form1")] attribute is correctly displayed in the example.

[koriym]

@apple-x-co Aura.Htmlがおそらくすぐにメジャーバージョンでリリースされると思います。それに対応してからにしましょうか？

[apple-x-co]

@koriym 承知いたしました。
今回は最低限の修正のみ進めました。
ですが、phpcs でマークされそうな箇所が多々ありましたので、その当たりも一緒に対応した方が良いかもしれません。
一旦、クローズでよろしいでしょうか??

[koriym]

いえいえ、これでいきましょう！

phpcs でマークされそうな箇所が多々ありましたので、その当たりも一緒に対応
これもやりますか？

Scrutinizer　のエラーですが、他のレポジトリのをそのままコピーしてペーストしてもらえばOKです。

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.scrutinizer.yml (1)

1-12: Consider retaining at least basic code quality tools.

While the PR objectives mention relaxing static analysis settings, the complete removal of all tools (php_mess_detector, php_code_sniffer, php_analyzer, php_cpd, etc.) eliminates automated code quality checks entirely.

As noted in the PR comments, koriym suggested copying Scrutinizer configuration from other repositories to address errors. Consider retaining at least a minimal set of tools (e.g., php_code_sniffer, php_analyzer) to maintain basic quality gates while the migration is finalized.

Is this the intended final configuration, or will additional tools be re-added based on other repository configurations?

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4e605a and 7bcb17d.

📒 Files selected for processing (1)

• .scrutinizer.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

🔇 Additional comments (1)

.scrutinizer.yml (1)

1-9: Build configuration aligns with PHP 8.0 migration.

The new build block correctly specifies PHP 8.0 and the default-jammy image, which aligns well with the repository's migration to PHP 8 attributes.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

tests/AuraInputInterceptorTest.php (2)

40-82: Consider removing commented code.

This 40+ line block of commented methods adds noise without providing value. If these methods are obsolete after the attribute migration, remove them. If they serve as reference, version control history is more appropriate.

🔎 Proposed cleanup

-//    /**
-//     * @param $method
-//     */
-//    public function getMethodInvocation(string $method, array $submit, FailureHandlerInterface $handler = null)
-//    {
-//        $handler = $handler ?: new OnFailureMethodHandler;
-//        $object = $this->getController($submit);
-//
-//        $invocation =  new ReflectiveMethodInvocation(
-//            $object,
-//            $method,
-//            $submit,
-//            [
-//                new AuraInputInterceptor(new AnnotationReader, $handler)
-//            ]
-//        );
-//
-//        return $invocation;
-//    }
-//
-//    public function getController(array $submit)
-//    {
-//        $controller = new FakeController;
-//        /** @var $fakeForm FakeForm */
-//        $fakeForm = (new FormFactory)->newInstance(FakeForm::class);
-//        $fakeForm->setSubmit($submit);
-//        $controller->setForm($fakeForm);
-//
-//        return $controller;
-//    }
-//
-//    public function proceed($controller)
-//    {
-//        $invocation = new ReflectiveMethodInvocation(
-//            $controller,
-//            new \ReflectionMethod($controller, 'createAction'),
-//            [],
-//            [
-//                new AuraInputInterceptor(new AnnotationReader, new OnFailureMethodHandler)
-//            ]
-//        );
-//        $invocation->proceed();
-//    }
-

---

96-102: Remove unused invalidControllerProvider method.

This method is not referenced by any test (no @dataProvider annotation) and appears to be dead code, possibly leftover from refactoring.

🔎 Proposed cleanup

-    public function invalidControllerProvider()
-    {
-        return [
-            [$this->injector->getInstance(FakeInvalidController1::class)],
-            [$this->injector->getInstance(FakeInvalidController2::class)]
-        ];
-    }
-

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7bcb17d and 47c4b50.

📒 Files selected for processing (2)

• .scrutinizer.yml
• tests/AuraInputInterceptorTest.php

🧰 Additional context used

🧬 Code graph analysis (1)

tests/AuraInputInterceptorTest.php (5)

src/Exception/InvalidFormPropertyException.php (1)

• InvalidFormPropertyException (9-11)

src/Exception/ValidationException.php (1)

• ValidationException (11-20)

tests/Fake/FakeControllerVndError.php (1)

• FakeControllerVndError (10-29)

src/FormValidationError.php (1)

• FormValidationError (9-25)

src/FormInterface.php (1)

• error (29-29)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

🔇 Additional comments (5)

.scrutinizer.yml (2)

1-9: LGTM! PHP 8.2 configuration is appropriate.

The build configuration correctly sets up PHP 8.2 for Scrutinizer analysis, which aligns well with the PR's migration to PHP 8.0+ and attributes. The php-scrutinizer-run command is the standard approach for running Scrutinizer's analysis tools.

---

1-12: Verify that removing all static analysis tools is intentional.

The configuration has been simplified by removing all explicit tool configurations (php_mess_detector, php_code_sniffer, php_analyzer, etc.). While this aligns with the commit message "設定構造を最適化", the PR comments discuss potentially addressing phpcs issues in the future.

Please confirm whether:

1. These tools are intentionally removed in favor of php-scrutinizer-run's default behavior
2. Code style checks (phpcs) will be re-added later, or handled through a different mechanism

Based on the PR discussion, koriym mentioned copying configuration from other repositories to resolve Scrutinizer errors, which might include some of these tools.

tests/AuraInputInterceptorTest.php (3)

9-9: LGTM: PHPUnit 9 modernization correctly applied.

The migration to namespaced PHPUnit\Framework\TestCase and the addition of a void return type on setUp() correctly align with PHPUnit 9 requirements.

Also applies to: 16-16, 28-28

---

106-106: LGTM: Exception expectations correctly updated.

All expectException() calls use the modern PHPUnit 9 API correctly. The duplicate issue flagged in previous reviews has been resolved.

Also applies to: 113-113, 120-120, 128-128

---

133-153: LGTM: VndError test correctly updated for attribute-based metadata.

The test properly validates the new #[VndError] attribute behavior:

• Correctly instantiates FakeControllerVndError with attribute-based configuration
• Explicit fail() assertion improves test robustness
• Expected JSON payload matches the attribute parameters (message, path, logref) defined in FakeControllerVndError