ci: align workflows to property-inspector pattern (3-file, parallel gates)

Author: walmir-silva

.github/workflows/ci.yml

@@ -26,6 +26,7 @@ jobs:
           php-version: '8.4'
           extensions: mbstring, xml
           coverage: pcov
+          tools: composer:v2
 
       # Pure dependency install — no scripts to avoid environment pollution
       - name: Install dependencies

.github/workflows/code-quality.yml

@@ -0,0 +1,212 @@
+name: Code Quality
+
+# ARFA 1.3 / KaririCode Spec V4.0 — Parallel Quality Gates
+# Runs 5 parallel jobs with a quality-summary gate job.
+# Triggers: main, develop, feature branches, PRs, and manual dispatch.
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - 'feature/**'
+  pull_request:
+    branches:
+      - main
+      - develop
+  workflow_dispatch:
+
+jobs:
+  # ============================================================================
+  # DEPENDENCY VALIDATION (Spec V4.0 — contract compliance)
+  # Validates that composer.json is valid and platform requirements are met.
+  # ============================================================================
+  dependencies:
+    name: Dependency Validation
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          tools: composer:v2
+          coverage: none
+
+      - name: Validate composer.json
+        run: composer validate --strict --no-check-lock
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Check platform requirements
+        run: composer check-platform-reqs
+
+  # ============================================================================
+  # SECURITY AUDIT (ARFA 1.3 — resilience pillar)
+  # Uses native composer audit — no deprecated security-checker.
+  # ============================================================================
+  security:
+    name: Security Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          tools: composer:v2
+          coverage: none
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Run composer audit
+        run: composer audit --format=plain
+
+  # ============================================================================
+  # STATIC ANALYSIS (Spec V4.0 S14 — Type Safety)
+  # kcode analyse runs PHPStan Level 9 + Psalm (100% type inference).
+  # Both tools must pass with zero errors — enforced by kcode exit code.
+  # ============================================================================
+  analyse:
+    name: Static Analysis — PHPStan L9 + Psalm
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml
+          coverage: none
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Install kcode
+        run: |
+          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
+          chmod +x kcode.phar
+          sudo mv kcode.phar /usr/local/bin/kcode
+
+      - name: Initialize devkit
+        run: kcode init
+
+      # src/Contract was removed in v4 — patch the generated phpstan.neon
+      - name: Patch phpstan.neon (remove stale excludePaths)
+        run: |
+          sed -i '/excludePaths:/,/- \.\.\/src\/Contract/d' .kcode/phpstan.neon
+
+      # Runs PHPStan Level 9 then Psalm sequentially — both must pass
+      - name: Run PHPStan + Psalm via kcode
+        run: kcode analyse
+
+  # ============================================================================
+  # CODE STYLE (ARFA 1.3 Naming / Formatting Standards)
+  # kcode cs:fix enforces PSR-12 + PHP 8.4 migrations + KaririCode rules.
+  # --check: dry-run only — fails if any violation exists.
+  # ============================================================================
+  cs-fixer:
+    name: Code Style — PHP CS Fixer
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml
+          coverage: none
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Install kcode
+        run: |
+          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
+          chmod +x kcode.phar
+          sudo mv kcode.phar /usr/local/bin/kcode
+
+      - name: Initialize devkit
+        run: kcode init
+
+      - name: Check code style (dry-run)
+        run: kcode cs:fix --check
+
+  # ============================================================================
+  # UNIT & INTEGRATION TESTS (ARFA 1.3 §Testing — Zero Tolerance)
+  # pcov is the mandatory driver (performance + accuracy over Xdebug).
+  # Requires: 0 failures, 0 errors, 0 warnings, 0 risky tests.
+  # Target: 128 tests / 234 assertions (processor-pipeline baseline).
+  # ============================================================================
+  tests:
+    name: PHPUnit — 128 Tests (pcov)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml
+          coverage: pcov
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Install kcode
+        run: |
+          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
+          chmod +x kcode.phar
+          sudo mv kcode.phar /usr/local/bin/kcode
+
+      - name: Initialize devkit
+        run: kcode init
+
+      - name: Run tests with coverage (pcov)
+        run: kcode test --coverage
+
+  # ============================================================================
+  # QUALITY SUMMARY — Gate job (if: always())
+  # Aggregates all job results and fails the workflow if any check failed.
+  # Posts a markdown summary to the GitHub Actions run.
+  # ============================================================================
+  quality-summary:
+    name: Quality Summary
+    runs-on: ubuntu-latest
+    needs: [dependencies, security, analyse, cs-fixer, tests]
+    if: always()
+
+    steps:
+      - name: Post quality summary
+        run: |
+          echo "## KaririCode ProcessorPipeline — Quality Report (ARFA 1.3)" >> "$GITHUB_STEP_SUMMARY"
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Check | Result |" >> "$GITHUB_STEP_SUMMARY"
+          echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Dependency Validation | ${{ needs.dependencies.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Security Audit | ${{ needs.security.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Static Analysis (PHPStan L9 + Psalm) | ${{ needs.analyse.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Code Style (CS Fixer) | ${{ needs.cs-fixer.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| PHPUnit Tests (128 / pcov) | ${{ needs.tests.result }} |" >> "$GITHUB_STEP_SUMMARY"
+
+          if [ "${{ needs.security.result }}" != "success" ] || \
+             [ "${{ needs.analyse.result }}" != "success" ] || \
+             [ "${{ needs.cs-fixer.result }}" != "success" ] || \
+             [ "${{ needs.tests.result }}" != "success" ]; then
+            echo "" >> "$GITHUB_STEP_SUMMARY"
+            echo "❌ One or more quality gates failed. Merge blocked." >> "$GITHUB_STEP_SUMMARY"
+            exit 1
+          fi
+
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "✅ All quality gates passed — ARFA 1.3 compliant." >> "$GITHUB_STEP_SUMMARY"

.github/workflows/release.yml

@@ -0,0 +1,107 @@
+name: Release
+
+# ARFA 1.3 / KaririCode Spec V4.0 — Release Pipeline
+# Triggers on semantic version tags (v*).
+# Full quality gate (kcode quality) must pass before release is published.
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Quality Gate + GitHub Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      # PHP 8.4 + pcov: releases MUST pass with coverage (ARFA 1.3 §Testing)
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml
+          coverage: pcov
+          tools: composer:v2
+
+      # --no-scripts prevents accidental environment pollution during release
+      - name: Install dependencies
+        run: composer install --no-interaction --prefer-dist --no-progress --no-scripts
+
+      - name: Install kcode (KaririCode Devkit)
+        run: |
+          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
+          chmod +x kcode.phar
+          sudo mv kcode.phar /usr/local/bin/kcode
+
+      - name: Initialize devkit
+        run: kcode init
+
+      # src/Contract was removed in v4 — patch the generated phpstan.neon
+      - name: Patch phpstan.neon (remove stale excludePaths)
+        run: |
+          sed -i '/excludePaths:/,/- \.\.\/src\/Contract/d' .kcode/phpstan.neon
+
+      # Full pipeline: cs-fixer → phpstan (L9) → psalm → phpunit (pcov)
+      # Exit code ≠ 0 aborts the release — zero tolerance (ARFA 1.3)
+      - name: Run full quality pipeline (release gate)
+        run: kcode quality
+
+      - name: Extract version from tag
+        id: version
+        run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.version.outputs.tag }}
+          name: KaririCode ProcessorPipeline ${{ steps.version.outputs.tag }}
+          draft: false
+          prerelease: false
+          body: |
+            ## KaririCode\ProcessorPipeline ${{ steps.version.outputs.tag }}
+
+            A robust, immutable processor pipeline component for the KaririCode Framework.
+            Enables modular, configurable processing chains for data transformation,
+            validation, and sanitization. **ARFA 1.3 compliant.**
+
+            ## Installation
+
+            ```bash
+            composer require kariricode/processor-pipeline
+            ```
+
+            ## Quick Start
+
+            ```php
+            use KaririCode\ProcessorPipeline\ProcessorRegistry;
+            use KaririCode\ProcessorPipeline\ProcessorBuilder;
+
+            $registry = new ProcessorRegistry();
+            $registry
+                ->register('sanitizer', 'trim', new TrimProcessor())
+                ->register('sanitizer', 'lowercase', new LowercaseProcessor());
+
+            $builder  = new ProcessorBuilder($registry);
+            $pipeline = $builder->buildPipeline('sanitizer', ['trim', 'lowercase']);
+
+            $result = $pipeline->process('  HELLO WORLD  ');
+            // Result: 'hello world'
+            ```
+
+            ## Quality Metrics
+
+            | Metric | Value |
+            |--------|-------|
+            | Tests | 128 passing |
+            | Assertions | 234 |
+            | PHPStan Level | 9 (0 errors) |
+            | Psalm | 100% (0 errors) |
+            | Coverage | 100% classes / methods / lines |
+            | PHP Version | 8.4+ |
+
+            See [CHANGELOG.md](CHANGELOG.md) for details.