All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Opt-in wrapper overwrite —
extra.code-review-guardian.auto_update_wrapperin the consuming project'scomposer.jsoncontrols whether an existingcode-review-guardian.shis overwritten on install/update (default:false). - Bundle standards alignment — Root
Makefiletargets (release-check,composer-sync, Rector, PHPStan,check-no-cursor-coauthor),composer.jsonarchive.exclude, canonical documentation index and badges,docs/INSTALLATION.md,docs/USAGE.md,docs/RELEASE.md,docs/ENGRAM.md,docs/SECURITY.md,CODE_OF_CONDUCT.md, coverage helper scripts,phpstan-baseline.neon, and issue/PR templates. - Git hygiene (REQ-GIT-001) — CI job and local hooks/scripts that reject Cursor
Co-authored-bytrailers in commit history.
- Wrapper script install behavior —
code-review-guardian.shis installed when missing; if a local copy differs from the package, the plugin warns and leaves it unchanged unlessauto_update_wrapperis enabled (or a force update path is used). Identical checksums are skipped silently. - CI matrix — Tests PHP 8.2–8.5 against Symfony 7.4 / 8.0 / 8.1 (with incompatible pairs excluded); coverage on PHP 8.2 + Symfony 7.4. Dependabot groups for
symfony/*andphpstan/*. - Development tooling — Makefile release pipeline,
setup-hooksinstallscommit-msg, Docker Compose project name and coverage volume (from earlier 1.x work).
- Composer lock vs Docker PHP 8.2 —
config.platform.phpset to8.1.0socomposer.lockresolves Symfony 6.4 / compatible dev tools (not Symfony 8, which requires PHP ≥8.4).
- README / INSTALLATION — Documented opt-in wrapper updates; clarified package removal (
docs/GGA.mdis kept); expanded documentation index (CI, Spec Kit, Code of Conduct). - UPGRADING — Notes for 1.1.0 wrapper behavior change.
- Fixed PHPUnit test failures by improving callback assertions to handle multiple message formats
- Fixed test
testUpdateGitignoreDoesNotUpdateIfEntriesExistto correctly handle framework detection messages - Fixed test
testUninstallRemovesGitignoreEntriesto accept all uninstall progress messages
- Xdebug configuration in Dockerfile for code coverage generation
- Improved Makefile consistency: all commands now use
docker-compose run --rminstead ofexec
- Improved test stability by using flexible callback assertions in PHPUnit tests
- Makefile commands now work without requiring a running container (using
run --rminstead ofexec)
- Stable Release: First stable version of Code Review Guardian
- Complete modular architecture: Refactored script structure for improved maintainability
- Minimal entry point script (
code-review-guardian.sh) in project root (~40 lines) - All logic executed from
vendor/nowo-tech/code-review-guardian/bin/ - Modular sub-scripts:
functions.sh,config.sh,review.sh,comments.sh - Better separation of concerns and easier updates
- Minimal entry point script (
- Script architecture: Major refactoring to modular design (from v0.0.7)
- Main script acts as lightweight wrapper
- All implementation code in vendor directory
- Improved maintainability and code organization
- Complete YAML configuration parsing and validation
- Framework detection (Symfony, Laravel, Generic)
- Comprehensive test suite (38 tests, 100% code coverage)
- Full documentation in English
- Composer plugin with automatic installation and updates
- Major refactoring: Script architecture restructured
- Main script (
code-review-guardian.sh) is now minimal (~40 lines) - The main script acts only as an entry point and delegates to the implementation in vendor
- All logic is executed from
vendor/nowo-tech/code-review-guardian/bin/main.sh - Modular structure with sub-scripts for better maintainability
- The script in the project root is now just a lightweight wrapper
- Main script (
- Main script automatically detects the vendor directory location
- Executes the main script from the package installed in vendor
- Improves separation of concerns and facilitates updates
- Package code is maintained in vendor, not copied to the project
- Fixed YAML parser to correctly remove comments from parsed values
- Values with inline comments (e.g.,
provider: codex # codex, claude) now parse correctly - Comments after
#are stripped before parsing the value
- Values with inline comments (e.g.,
- Fixed PHP version check to avoid warnings in output
- PHP warnings are now redirected to stderr
- Output is cleaned with
head -1andtr -d '\n'to prevent parsing errors - Resolves issues with PHP timezone warnings appearing in script output
- Added
--debugmode for verbose debugging- New
debug()function outputs debug messages to stderr - Debug messages show configuration loading, file filtering, and other internal operations
- Use
./code-review-guardian.sh --debugto enable debug output
- New
- Improved token handling in
.envfiles- Token is now automatically added to
.env.distif it exists - Informative message displayed when token is added to
.env.dist - Better guidance for users when tokens are missing
- Token is now automatically added to
- Complete implementation of all YAML configuration options
- All configuration values are now parsed, validated, displayed, and applied correctly
- Full support for nested configuration values (e.g.,
agents.behavior.*) - Configuration validation (types, ranges, valid values)
- All settings are shown in script output when relevant
- Updated all GitHub URLs to use correct repository name (
CodeReviewGuardianinstead ofcode-review-guardian)- README.md badges and links corrected
- composer.json homepage and support URLs corrected
- All documentation files updated (AGENTS_CONFIG.md, GGA.md, CONTRIBUTING.md)
- Improved README.md with "Current Status" section
- Clearly distinguishes between implemented features and features in development
- Updated usage descriptions to reflect actual functionality
- Enhanced script output to show all configuration values
- GGA settings: auto_review, post_comments, max_comments, strict_mode
- Agents settings: temperature, behavior.* (suggest_fixes, explain_issues, provide_examples, severity_threshold)
- Rules settings: block_on_critical_issues, block_on_security_issues
- Comments settings: enabled, post_review_summary, include_suggestions, format
- Improved configuration validation
- Validates max_comments is a number
- Validates severity_threshold (low/medium/high/critical)
- Validates temperature (0-2 range)
- Validates comments.format (markdown/text)
- Shows warnings for invalid values
- Fixed AGENTS_CONFIG.md not being included in Composer package
- Added
docs/AGENTS_CONFIG.mdtofilesarray in composer.json - File is now available in
vendor/nowo-tech/code-review-guardian/docs/AGENTS_CONFIG.md
- Added
- Fixed configuration parsing for nested values
agents.behavior.*values now parse correctly- All configuration options from YAML are now properly loaded
- Updated AUDIT_REPORT.md to reflect current state (100% operational)
- All documentation files reviewed and verified for accuracy
- GitHub repository URLs corrected throughout all documentation
- Improved warning message when AI Agents are disabled
- Changed from info to warning level for better visibility
- Added clear instructions on how to enable AI Agents in the configuration file
- Added link to detailed documentation: https://github.com/nowo-tech/CodeReviewGuardian/blob/main/docs/AGENTS_CONFIG.md
- Users now get actionable guidance instead of just an informational message
- Renamed configuration file from
.code-review-guardian.ymltocode-review-guardian.yaml- Removed leading dot so
code-review-guardian.shandcode-review-guardian.yamlappear together alphabetically - Changed extension from
.ymlto.yaml(standard YAML extension) - All configuration files in
config/*/have been renamed accordingly - Migration: If you have an existing
.code-review-guardian.ymlfile, you can safely rename it tocode-review-guardian.yaml. The content remains compatible.
- Removed leading dot so
- Fixed script file (
code-review-guardian.sh) not being copied or updated during installation and updates- The script now always updates on
composer installandcomposer updateto ensure users have the latest version with bug fixes and new features - Previously, the script would only be copied on first installation and never updated, even when updating to a newer package version
- Updated tests to verify script updates correctly on both install and update commands
- The script now always updates on
If you're upgrading from version 0.0.2 or earlier:
-
Rename your configuration file (if you have one):
# If you have .code-review-guardian.yml, rename it to code-review-guardian.yaml mv .code-review-guardian.yml code-review-guardian.yaml -
Update the package:
composer update nowo-tech/code-review-guardian
-
Update your
.gitignore(if you have manual entries):- Remove:
.code-review-guardian.yml - Ensure:
code-review-guardian.yamlis present (automatically added during installation)
- Remove:
-
Verify:
# The script should work with the new config file name ./code-review-guardian.sh
The configuration file format and content remain the same - only the filename changed.
- Comprehensive test suite with 100% code coverage
- 36 tests covering all code paths and edge cases
- FrameworkDetectorTest: 15 tests covering all framework detection scenarios
- PluginTest: 21 tests covering installation, update, uninstall, and edge cases
- Tests for all frameworks (Symfony, Laravel, Yii, CakePHP, Laminas, CodeIgniter, Slim, Generic)
- Tests for JSON parsing edge cases, file handling, gitignore management, and force updates
- Token setup guide (
docs/TOKEN_SETUP.md) with step-by-step instructions for GitHub, GitLab, and Bitbucket - Improved environment variable handling in
code-review-guardian.sh:- Support for
.envand.env.localfiles (following Symfony/Laravel convention) - Automatic creation of
.envfile with template if missing - Automatic addition of missing environment variables
- Proper handling of quoted values and comments in
.envfiles
- Support for
.gitattributesfile to ensure proper package distribution (excludes development files)- Explicit
filesfield incomposer.jsonto ensurebin/code-review-guardian.sh,config/, anddocs/GGA.mdare included in the package
- Improved code documentation: All PHP code now has complete PHPDoc comments in English
- Updated GitHub Actions CI/CD pipeline to require 100% code coverage (previously 90%)
- Enhanced environment file loading order:
.env(base) →.env.local(overrides, higher priority)
- Fixed package distribution:
bin/code-review-guardian.shis now explicitly included in the Composer package viacomposer.jsonfilesfield - Fixed
.gitattributesconfiguration to ensure all necessary files are included while excluding development-only files
- Initial release
- Provider-agnostic code review guardian for PHP projects
- Multi-framework support with automatic framework detection:
- Symfony: Optimized configuration for Symfony projects
- Laravel: Optimized configuration for Laravel projects
- Generic: Works with any PHP framework (Yii, CakePHP, CodeIgniter, Slim, Laminas, etc.)
- Automatic configuration: Installs framework-specific configuration files (
code-review-guardian.yaml) - Git Guardian Angel (GGA): Provider-agnostic code review system
- Automatic review of pull requests and merge requests
- Post review comments to PRs/MRs
- Works with GitHub, GitLab, Bitbucket, and any Git hosting service
- AI Agents support: Configuration for AI-powered code review agents
- Support for OpenAI, Anthropic, and GitHub Copilot
- Configurable review scope and behavior
- Severity thresholds and review settings
- Git provider integration:
- Automatic provider detection (GitHub, GitLab, Bitbucket)
- Token configuration via
.envfile (GIT_TOKEN) - Repository URL auto-detection
- Documentation files: Automatic installation of documentation
docs/AGENTS.md- Code review rules file (framework-specific, used by GGA)docs/GGA.md- Git Guardian Angel setup guide
- Configuration file (
code-review-guardian.yaml):- Git provider settings
- Git Guardian Angel (GGA) configuration
- AI Agents configuration
- Code review rules
- Comment settings for PRs/MRs
- Shell script (
code-review-guardian.sh) for running code review guardian - Framework detector that reads
composer.jsonto identify the framework - Automatic installation via Composer plugin
- Comprehensive documentation (README, CONTRIBUTING, BRANCHING, UPGRADING, CONFIGURATION)
- PHPUnit tests with comprehensive test coverage (36 tests covering all code paths)
- PHP-CS-Fixer configuration (PSR-12)
- Docker and Makefile setup for development
- GitHub Actions CI/CD pipeline with code coverage validation
.gitignoreautomatic updates
- ✅ Works with any PHP project (Symfony, Laravel, Yii, CodeIgniter, etc.)
- ✅ Works with any Git provider (GitHub, GitLab, Bitbucket, etc.)
- ✅ Automatic framework detection from
composer.json - ✅ Framework-specific configuration files
- ✅ Git Guardian Angel (GGA) for automated code reviews
- ✅ AI Agents configuration (OpenAI, Anthropic, GitHub Copilot)
- ✅ Token configuration via
.envfile - ✅ Provider-agnostic design
- ✅ Configurable via YAML
- ✅ Automatic documentation installation
- ✅ Comprehensive test suite with 100% code coverage