Dev

[nicobleiler]

Summary by CodeRabbit

Release Notes

• Configuration & Error Handling

  • Improved validation with specific error messages for configuration issues.

• Performance

  • Optimized word list generation through caching mechanism.

• Code Quality

  • Enhanced static analysis standards; expanded test coverage for configuration validation scenarios.

[coderabbitai]

Walkthrough

This PR introduces a new ConfigException class for configuration validation, centralizes config validation from WordListException to the new exception class, adds stricter runtime type checks in the service provider, extends PHPStan analysis to level 10, expands Laravel 13 support, upgrades CI action versions, improves word list caching, and reorders development scripts.

Changes

Cohort / File(s)	Summary
CI/Workflow Updates .github/workflows/test.yml, .github/workflows/trivy.yml	Updated Ubuntu runner from 22.04 to 24.04, expanded test matrix to include Laravel 13 with adjusted exclusions; upgraded Trivy action from v0.34.1 to v0.36.0 and reformatted SARIF upload conditional.
Project Configuration .gitignore, composer.json, phpstan.dist.neon, rector.php, renovate.json	Extended .gitignore for phpstan.neon; added orchestra/testbench v11 support and reordered lint/test scripts; increased PHPStan level to 10; removed explicit php82 set from Rector config; enabled platform automerge in Renovate.
Exception Handling Refactor src/Exceptions/ConfigException.php, src/Exceptions/WordListException.php	Introduced new ConfigException with static factory methods (invalidNumWords, invalidWordSeparator, invalidCapitalize, invalidIncludeNumber, invalidWordList, invalidExcludedWords); removed corresponding methods from WordListException.
Service Provider & Word List src/PassphraseServiceProvider.php, src/WordList.php	Centralized config validation to use ConfigException; added explicit runtime type checks for num_words, word_separator, capitalize, include_number with local variables; moved EFF word list caching from method-local to class-level static property.
Test Updates tests/LaravelIntegrationTest.php	Updated integration tests to expect ConfigException for invalid config; added new tests verifying ConfigException is thrown for invalid num_words, word_separator, capitalize, and include_number types.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• Dev #13: Overlaps in WordList validation and exception handling refactoring, modifying the same error path consolidation logic.
• Full release #16: Modifies identical core files (PassphraseServiceProvider, WordList, exception classes) with overlapping config validation and service wiring changes.
• Promote beta to master #32: Shares code-level modifications to PassphraseServiceProvider and config validation error handling with exception class responsibilities.

Suggested labels

released on @alpha``

Poem

🐰 Config exceptions now align,
Type checks stricter, rules refine,
Laravel thirteen takes the stage,
Word lists cached, a speed-boost sage,
PHPStan's gaze grows ever keen!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.76% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Dev' is vague and generic, failing to convey any meaningful information about the extensive changes in this pull request, which include CI/workflow updates, dependency upgrades, configuration changes, new exception handling, and test updates.	Replace 'Dev' with a descriptive title that summarizes the main changes, such as 'Refactor config validation with new ConfigException and update CI/dependencies' or a similarly specific summary.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 PHPStan (2.1.51)

PHP Parse error: syntax error, unexpected token "->" in /vendor/phpunit/phpunit/src/Runner/Version.php on line 38
Parse error: syntax error, unexpected token "->" in /vendor/phpunit/phpunit/src/Runner/Version.php on line 38

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/PassphraseServiceProvider.php`:
- Around line 21-33: The provider currently only checks that $excludedWords and
$wordList are arrays, allowing non-string elements to slip through and later
raise WordListException; update the validation in PassphraseServiceProvider to
ensure every element is a string before calling WordList::fromArray — for
example, after confirming is_array($excludedWords) and is_array($wordList)
validate with array_filter/is_string (or a simple loop) and if any element is
not a string throw ConfigException::invalidExcludedWords() or
ConfigException::invalidWordList() respectively so the config-validation
exception contract is preserved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 865bab7b-94e6-4854-834a-f61cde03a26d

📥 Commits

Reviewing files that changed from the base of the PR and between 471a902 and 1ebb0eb.

📒 Files selected for processing (12)

• .github/workflows/test.yml
• .github/workflows/trivy.yml
• .gitignore
• composer.json
• phpstan.dist.neon
• rector.php
• renovate.json
• src/Exceptions/ConfigException.php
• src/Exceptions/WordListException.php
• src/PassphraseServiceProvider.php
• src/WordList.php
• tests/LaravelIntegrationTest.php

💤 Files with no reviewable changes (1)

• src/Exceptions/WordListException.php

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Validate word_list/excluded_words element types in provider.

Line 21 and Line 27 only validate that values are arrays. Arrays containing non-strings currently bypass this layer and fail later with WordListException, which breaks the new config-validation exception contract.

🔧 Proposed fix

         if (! is_array($excludedWords)) {
             throw ConfigException::invalidExcludedWords();
         }
+        foreach ($excludedWords as $excludedWord) {
+            if (! is_string($excludedWord)) {
+                throw ConfigException::invalidExcludedWords();
+            }
+        }

         /** `@var` array<string> $excludedWords */
         if ($wordList !== null) {
             if (! is_array($wordList)) {
                 throw ConfigException::invalidWordList();
             }
+            foreach ($wordList as $configuredWord) {
+                if (! is_string($configuredWord)) {
+                    throw ConfigException::invalidWordList();
+                }
+            }

             /** `@var` array<string> $wordList */

As per coding guidelines: "Keep error handling explicit with package exception types where appropriate".

🧰 Tools

🪛 PHPMD (2.15.0)

[error] 22-22: Avoid using static access to class '\NicoBleiler\Passphrase\Exceptions\ConfigException' in method 'register'. (undefined)

(StaticAccess)

---

[error] 28-28: Avoid using static access to class '\NicoBleiler\Passphrase\Exceptions\ConfigException' in method 'register'. (undefined)

(StaticAccess)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/PassphraseServiceProvider.php` around lines 21 - 33, The provider
currently only checks that $excludedWords and $wordList are arrays, allowing
non-string elements to slip through and later raise WordListException; update
the validation in PassphraseServiceProvider to ensure every element is a string
before calling WordList::fromArray — for example, after confirming
is_array($excludedWords) and is_array($wordList) validate with
array_filter/is_string (or a simple loop) and if any element is not a string
throw ConfigException::invalidExcludedWords() or
ConfigException::invalidWordList() respectively so the config-validation
exception contract is preserved.

[github-actions]

🎉 This PR is included in version 2.2.0-alpha.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 2.2.0-beta.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀