Harden support and request security boundaries#439
Conversation
Replace truncate-and-write updates with checked atomic replacement so readers never observe partial Composer or environment files. Preserve existing permissions, validate JSON and native I/O results, and invalidate the opcode cache only after publication succeeds. Cover successful replacement, malformed input, write failures, permission preservation, and service-provider manifest publication with focused regressions.
Resolve constructor metadata without recursing into terminal built-in values, and handle untyped, union, nullable, defaulted, and custom dependency parameters at the owning reflection boundary. Cache empty dependency maps as valid results and preserve already-resolved nested data objects. Expand the public guide and regressions to cover nested conversion, custom resolvers, defaults, nullability, collection inputs, and unsupported constructor shapes.
Treat the configured Timebox as a reusable prototype and clone it for each authentication or password-broker operation. This keeps early returns, exceptions, and overlapping coroutines from sharing mutable timing state while preserving custom Timebox subclasses and configured duration behavior. Add concurrent and sequential regressions for session authentication and password validation paths, including short-circuit and exception exits.
Restore Lottery result factories through finally blocks so callbacks cannot strand test state, and make the test subscriber's non-coroutine fallback reset framework state without depending on a live request context. Remove redundant Once cleanup after the authoritative context teardown. Add regressions for exceptional Lottery sequences and non-coroutine subscriber cleanup while preserving the existing ownership split between static reset and resource teardown.
Normalize closure binding at construction so static and instance callbacks follow one predictable execution path. Preserve valid callback scope while avoiding late binding failures when encoded HTML is rendered. Cover static closures, object-bound closures, invokable callables, arguments, and repeated rendering through the public stringable contract.
Mark date factories, dotenv adapters, and facade application swaps with their real boot or test lifetime. The warnings identify the concrete cross-request risk of changing process-global or worker-shared configuration during request handling without altering the Laravel-facing APIs.
Reject invalid Base62 input without silently coercing it, preserve Number exponent keys across integer and string forms, escape JavaScript data safely, and make XML conversion handle invalid or unsupported values through explicit framework contracts. Add focused regressions for boundary values, malformed input, escaping behavior, exponent lookup, and XML conversion failures.
Treat the native Fileinfo read as the authoritative boundary instead of trusting earlier path metadata. Convert disappeared or unreadable files into the documented guesser result and isolate the temporary error handler so coroutine-local warning handling cannot leak. Exercise normal, missing, raced, warning, and non-coroutine paths with deterministic filesystem seams.
Add the current trans and counted helpers to Str and Stringable, and restore temporary random, UUID, and ULID factories through finally blocks when sequence callbacks fail. The public behavior follows current Laravel while keeping worker-lifetime test hooks from leaking after exceptional exits. Document the new helpers and cover translation, pluralization, forwarding, and exceptional sequence cleanup.
Complete the current validated-input surface with file and hasFile accessors that resolve the active request at call time. This preserves coroutine isolation and gives validated input the same file lookup behavior applications expect from request data. Document the API and cover single files, nested files, missing paths, invalid uploads, and request replacement.
Bring bus, mail, queue, pending-batch, and exception-handler fakes to the current public behavior, including sendNow routing, batch job inspection, pluralized count failures, strict fake matching, and clearer diagnostics. Keep fake callbacks and facade annotations aligned with their concrete APIs. Expand the mail and queue guides and add regressions for pending operations, chain and batch inspection, job counts, serialization, exception restoration, and callback matching.
Document the upstream-deprecated auth facade aliases and Laravel's deferred-provider machinery as intentional omissions. Hypervel keeps the supported current APIs while avoiding compatibility-only surfaces and bootstrap optimizations that do not fit a long-lived Swoole worker. Place the decisions where future upstream ports will see them without adding runtime compatibility shims.
Record the verified Support and authentication findings, rejected concerns, implementation results, validation, API impact, and final complexity assessment. Mark Support complete and route the next audit work to Encryption while preserving the auth revalidation dependency.
Validate every configured CBC key MAC before decrypting with the first valid key, eliminating key-position timing leakage during active rotation while retaining the existing GCM fallback flow. Normalize missing and empty AEAD tags to the documented decryption exception, mark the concrete secret-bearing inputs as sensitive, and add focused regressions for complete MAC work and strict tag failures.
Apply SensitiveParameter metadata through the encryption contracts, atomic filesystem replacement, and the global encrypt helper so plaintext, keys, and environment contents do not remain in exception argument traces. Keep the policy narrow by mirroring dynamic dispatch only in the Crypt facade rather than redacting every facade globally. Regression coverage pins both trace metadata and the inherited forwarding and missing-root behavior.
Publish generated application keys through checked, mode-preserving atomic filesystem replacement, match only the exact current quoted or unquoted key, preserve CRLF line endings, and update runtime configuration only after publication succeeds. Add current command-prohibition behavior, make Encryption boot set or clear the SerializableClosure signer, and reset the signer, Queue callbacks, and command flag during authoritative test cleanup. Failure-injection and lifecycle regressions pin every commit and rollback boundary.
Cast application previous-key and Sanctum stateful-domain environment values at their configuration boundaries so explicit null values cannot escape into explode under strict typing. Preserve each configuration's established filtered or unfiltered output shape and add isolated environment regressions with complete process-global restoration.
Record the verified encryption, filesystem, Foundation, Support, Testing, Queue, and Sanctum findings together with their final owning boundaries, rejected complexity, validation evidence, compatibility result, and approved CBC rotation cost. Mark Encryption complete, preserve the outstanding owning-package revalidation routes, and advance the framework audit to Hashing with the enum-identifier dependency explicitly routed.
Normalize environment-shaped Bcrypt and Argon configuration before assigning strict properties, and translate native password_hash errors into the framework's stable exceptions. Delegate hash detection to the configured driver and route algorithm checks through the existing protected extension seam. Add regressions for invalid configuration, custom drivers, numeric-string options, default cost, and algorithm overrides while preserving nullable and length-limit behavior.
Mark plaintext-bearing hashing parameters as sensitive across the contract, abstract implementation, helper, manager-facing facade path, and concrete call stack so exception traces cannot retain passwords. Mirror the established Crypt facade dispatcher locally to redact packed arguments without weakening diagnostics for unrelated facades. Correct nullable facade metadata and add reflection plus forwarding regressions that pin the complete boundary and preserve base facade behavior.
Document the verified hashing defects, accepted boundaries, approved performance tradeoffs, rejected overengineering, implementation details, regression coverage, validation, and independent review outcome. Mark Hashing complete, close its enum-manager revalidation, and route the framework audit to the Cookie package while keeping the package checklist synchronized with the source tree.
Allow the Cookie facade to resolve unit, backed, and integer-backed enum names at the request boundary while preserving all-cookie reads and mixed defaults. Make CookieJar and QueueingFactory accurately describe nested cookie arrays, array defaults, mixed queued fallbacks, and queued Cookie element types. Correct the forever-cookie duration text to match the 400-day implementation. Add focused regressions for enum zero identifiers, mixed default precedence, nested arrays, queued sentinels, and unchanged facade behavior.
Explain how applications can opt into encryption for only a named set of cookies through the existing middleware configuration API. Call out that unlisted cookies remain plaintext and that a non-empty only list takes precedence over the except list, making the security consequences and runtime behavior explicit.
Capture the verified Cookie findings, rejected speculative changes, implementation boundary, regression coverage, validation, performance assessment, and owner approval in the audit ledger. Mark Cookie complete and route the framework-wide audit to Engine with no pending cross-package revalidation.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (8)
🚧 Files skipped from review as they are similar to previous changes (6)
📝 WalkthroughWalkthroughThis PR updates authentication isolation, encryption and hashing safeguards, cookie contracts, support utilities, testing fakes, lifecycle cleanup, audit metadata, documentation, and PHPUnit coverage for state restoration, typing, redaction, filesystem replacement, and edge cases. ChangesFramework lifecycle and security audit
Estimated code review effort: 4 (Complex) | ~60 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR hardens a broad set of security and correctness boundaries across Support, encryption, hashing, auth timing, cookies, and the test lifecycle. The changes address concrete failures identified in a detailed audit of Hypervel's long-lived worker model: atomic file publication, exception-safe static-state restoration, per-operation Timebox isolation, CBC key-rotation timing, GCM tag validation, secret-parameter redaction, and custom-driver delegation in the hash manager.
Confidence Score: 5/5Safe to merge. All core logic changes are correct and well-justified; the cipher, hashing, auth timing, and state-lifecycle fixes behave as described. The CBC key-rotation fix is logically sound — all MACs are validated before a single decryption call, removing key-position timing leakage. The GCM null-tag fix, Timebox cloning, try/finally state restoration, isHashed() delegation, and atomic file writes are all correct. No logic errors, data-loss paths, or contract breaks were found. The GCM decryption path in src/encryption/src/Encrypter.php (lines 146-168) retains sequential key-tryout timing that was eliminated for CBC — worth a follow-up if key rotation with multiple previous GCM keys is expected in production. Important Files Changed
Reviews (2): Last reviewed commit: "Address support and security review find..." | Re-trigger Greptile |
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
tests/Support/SupportServiceProviderTest.php (1)
437-465: 🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy liftMove these file-writing cases to Testbench-managed temporary storage.
Both tests use a process-global temporary filename. Use a Testbench-based test with its disposable application skeleton or
ParallelTesting::tempDir()to prevent collisions and unmanaged artifacts.As per coding guidelines, “Use Testbench for container integration or file-writing tests” and use Testbench’s disposable skeleton or
ParallelTesting::tempDir().Also applies to: 468-497
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/Support/SupportServiceProviderTest.php` around lines 437 - 465, Update the file-writing tests around removeProviderFromBootstrapFile to use Testbench-managed temporary storage, such as the disposable application skeleton or ParallelTesting::tempDir(), instead of a process-global temporary filename. Apply the same change to the additional cases around the referenced neighboring test range, while preserving their existing assertions and cleanup behavior.Source: Coding guidelines
src/support/src/Js.php (1)
88-102: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winPass
JSON_INVALID_UTF8_SUBSTITUTEintoJsonable::toJson()src/support/src/Js.php:95still bypasses the substitution flag on theJsonablepath, so malformed UTF-8 can throw forJsonableimplementations likeModelandJsonResourceinstead of being replaced.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/support/src/Js.php` around lines 88 - 102, Update the Jsonable branch in Js::encode to pass JSON_INVALID_UTF8_SUBSTITUTE along with the existing required flags to Jsonable::toJson(), ensuring malformed UTF-8 is replaced consistently with the direct json_encode path.
🧹 Nitpick comments (2)
tests/Hashing/HasherTest.php (1)
267-272: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRemove unused local variable.
The
$configvariable assignment is unused and triggers a static analysis warning. You can pass the newly instantiatedConfigRepositorydirectly.♻️ Proposed refactor
$container = m::mock(Container::class); $container->shouldReceive('make') ->with('config') - ->andReturn($config = new ConfigRepository([ + ->andReturn(new ConfigRepository([ 'hashing' => $hashing, ]));🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/Hashing/HasherTest.php` around lines 267 - 272, Remove the unused $config assignment in the container mock setup, while keeping the ConfigRepository instance passed directly to andReturn() for the make('config') expectation.Source: Linters/SAST tools
src/support/src/Facades/Hash.php (1)
10-17: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueDocument the
isHashedmethod on the facade.Consider adding
@method static bool isHashed(string $value)to the docblock to reflect the public API exposed byHashManager, providing improved IDE auto-completion.💡 Proposed change
* `@method` static string make(string $value, array $options = []) * `@method` static bool check(string $value, string|null $hashedValue, array $options = []) * `@method` static bool needsRehash(string|null $hashedValue, array $options = []) + * `@method` static bool isHashed(string $value)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/support/src/Facades/Hash.php` around lines 10 - 17, Add the missing `@method static bool isHashed(string $value)` annotation to the `Hash` facade docblock alongside the existing hashing methods, matching the public API exposed by `HashManager`.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/encryption/src/EncryptionServiceProvider.php`:
- Line 38: Type the $key parameter in the previous-key callback passed to
parseKey as string, preserving the existing SensitiveParameter attribute and
callback behavior.
In `@src/support/src/DataObject.php`:
- Around line 225-237: Update getDependencyFromUnionType to skip any union
member that is not a ReflectionNamedType before calling getName(), while
preserving the existing DataObject and DateTimeInterface matching behavior for
named members.
In `@tests/Support/SupportStringableTest.php`:
- Around line 128-136: Add the #[RequiresPhpExtension('intl')] attribute to the
testCounted() method in SupportStringableTest, matching the existing intl guard
used by related SupportStrTest coverage.
---
Outside diff comments:
In `@src/support/src/Js.php`:
- Around line 88-102: Update the Jsonable branch in Js::encode to pass
JSON_INVALID_UTF8_SUBSTITUTE along with the existing required flags to
Jsonable::toJson(), ensuring malformed UTF-8 is replaced consistently with the
direct json_encode path.
In `@tests/Support/SupportServiceProviderTest.php`:
- Around line 437-465: Update the file-writing tests around
removeProviderFromBootstrapFile to use Testbench-managed temporary storage, such
as the disposable application skeleton or ParallelTesting::tempDir(), instead of
a process-global temporary filename. Apply the same change to the additional
cases around the referenced neighboring test range, while preserving their
existing assertions and cleanup behavior.
---
Nitpick comments:
In `@src/support/src/Facades/Hash.php`:
- Around line 10-17: Add the missing `@method static bool isHashed(string
$value)` annotation to the `Hash` facade docblock alongside the existing hashing
methods, matching the public API exposed by `HashManager`.
In `@tests/Hashing/HasherTest.php`:
- Around line 267-272: Remove the unused $config assignment in the container
mock setup, while keeping the ConfigRepository instance passed directly to
andReturn() for the make('config') expectation.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 94c77835-3304-408d-af42-f732555187a9
📒 Files selected for processing (99)
docs/plans/2026-07-12-framework-coroutine-state-lifecycle-audit-ledger.mddocs/plans/2026-07-12-framework-coroutine-state-lifecycle-audit.mdsrc/auth/README.mdsrc/auth/src/Passwords/PasswordBroker.phpsrc/auth/src/SessionGuard.phpsrc/boost/docs/data-objects.mdsrc/boost/docs/mail.mdsrc/boost/docs/queues.mdsrc/boost/docs/responses.mdsrc/boost/docs/strings.mdsrc/boost/docs/validation.mdsrc/contracts/src/Cookie/Factory.phpsrc/contracts/src/Cookie/QueueingFactory.phpsrc/contracts/src/Encryption/Encrypter.phpsrc/contracts/src/Encryption/StringEncrypter.phpsrc/contracts/src/Hashing/Hasher.phpsrc/cookie/src/CookieJar.phpsrc/encryption/composer.jsonsrc/encryption/src/Commands/KeyGenerateCommand.phpsrc/encryption/src/Encrypter.phpsrc/encryption/src/EncryptionServiceProvider.phpsrc/filesystem/src/Filesystem.phpsrc/foundation/config/app.phpsrc/foundation/src/helpers.phpsrc/hashing/src/AbstractHasher.phpsrc/hashing/src/Argon2IdHasher.phpsrc/hashing/src/ArgonHasher.phpsrc/hashing/src/BcryptHasher.phpsrc/hashing/src/HashManager.phpsrc/sanctum/config/sanctum.phpsrc/support/README.mdsrc/support/src/Base62.phpsrc/support/src/Composer.phpsrc/support/src/DataObject.phpsrc/support/src/DateFactory.phpsrc/support/src/DotenvManager.phpsrc/support/src/EncodedHtmlString.phpsrc/support/src/Env.phpsrc/support/src/Facades/Auth.phpsrc/support/src/Facades/Bus.phpsrc/support/src/Facades/Cookie.phpsrc/support/src/Facades/Crypt.phpsrc/support/src/Facades/Facade.phpsrc/support/src/Facades/Hash.phpsrc/support/src/Facades/Mail.phpsrc/support/src/Facades/Queue.phpsrc/support/src/FileinfoMimeTypeGuesser.phpsrc/support/src/Js.phpsrc/support/src/Lottery.phpsrc/support/src/Number.phpsrc/support/src/Once.phpsrc/support/src/ServiceProvider.phpsrc/support/src/Str.phpsrc/support/src/Stringable.phpsrc/support/src/Testing/Fakes/BusFake.phpsrc/support/src/Testing/Fakes/ExceptionHandlerFake.phpsrc/support/src/Testing/Fakes/MailFake.phpsrc/support/src/Testing/Fakes/PendingBatchFake.phpsrc/support/src/Testing/Fakes/PendingMailFake.phpsrc/support/src/Testing/Fakes/QueueFake.phpsrc/support/src/ValidatedInput.phpsrc/support/src/Xml.phpsrc/testbench/src/Foundation/Application.phpsrc/testing/src/PHPUnit/AfterEachTestSubscriber.phptests/Auth/TimeboxIsolationTest.phptests/Cookie/CookieFacadeTest.phptests/Cookie/CookieJarTest.phptests/Encryption/CryptFacadeTest.phptests/Encryption/EncrypterTest.phptests/Encryption/SensitiveParameterTest.phptests/Foundation/FoundationConfigTest.phptests/Foundation/Testing/Concerns/InteractsWithExceptionHandlingTest.phptests/Hashing/HashFacadeTest.phptests/Hashing/HasherTest.phptests/Hashing/SensitiveParameterTest.phptests/Integration/Encryption/EncryptionTest.phptests/Integration/Encryption/KeyGenerateCommandTest.phptests/Integration/Queue/QueueFakeTest.phptests/Sanctum/SanctumConfigTest.phptests/Support/Base62Test.phptests/Support/ComposerFileTest.phptests/Support/DataObjectTest.phptests/Support/EnvFileTest.phptests/Support/FileinfoMimeTypeGuesserNonCoroutineTest.phptests/Support/FileinfoMimeTypeGuesserTest.phptests/Support/LotteryTest.phptests/Support/NumberTest.phptests/Support/PendingBatchFakeTest.phptests/Support/SupportEncodedHtmlStringTest.phptests/Support/SupportJsTest.phptests/Support/SupportServiceProviderTest.phptests/Support/SupportStrTest.phptests/Support/SupportStringableTest.phptests/Support/SupportTestingBusFakeTest.phptests/Support/SupportTestingMailFakeTest.phptests/Support/ValidatedInputTest.phptests/Support/XmlTest.phptests/Testing/PHPUnit/AfterEachTestSubscriberNonCoroutineTest.phptests/Testing/PHPUnit/AfterEachTestSubscriberTest.php
💤 Files with no reviewable changes (2)
- src/support/src/Once.php
- src/testbench/src/Foundation/Application.php
Complete invalid UTF-8 substitution for Jsonable values and make DataObject dependency reflection tolerate DNF intersection members without weakening supported dependency resolution. Type previous encryption keys at their configuration boundary, move provider-file tests onto parallel-safe scratch directories, and remove a dead hashing test assignment. Add focused regressions for both runtime defects and update the audit ledger to describe the complete corrected boundaries.
|
@greptileai @coderabbitai Thanks for the review. I checked every inline and main-thread item against the implementation, tests, and upstream behavior. Addressed in
The remaining suggestions were intentionally left unchanged:
The focused regressions and the complete |
|
Tip For best results, initiate chat on the files or code changes.
The rationale for leaving the remaining items unchanged is sound: preserving negative-step compatibility in 🐇 ✅ ✏️ Learnings added
|
|
Thanks for the detailed follow-up. The
The rationales for the items left unchanged are all sound:
Everything looks good to me. The PR is in solid shape. |
Summary
This change hardens a set of foundational Support and request-security boundaries for Hypervel's long-lived worker model. It fixes concrete correctness, state-lifetime, secret-handling, and strict-typing failures across Support, authentication timing, encryption, hashing, and cookies while preserving Laravel-facing APIs and existing worker-level performance characteristics.
The main changes are:
For more details, see:
docs/plans/2026-07-12-framework-coroutine-state-lifecycle-audit-ledger.mdMotivation
Several of these paths were inherited from request-per-process assumptions or had only been partially adapted to Hypervel's stricter types and long-lived Swoole workers. In that environment, temporary global mutation can survive failures, singleton-held mutable state can cross operation boundaries, and partial file writes can become the published application configuration.
The security packages also had narrower contract failures: rotated CBC keys were validated with observable short-circuit timing, invalid GCM tags could escape as native type errors, plaintext and application keys could remain in exception argument traces, custom hash drivers were bypassed by
isHashed(), and Cookie APIs declared less than they could actually return.This PR fixes those problems at their owning boundaries. It does not add a new lifecycle framework, registry, lock layer, request-wide cloning model, or compatibility shim.
Support and lifecycle correctness
Support file writers now use checked reads and mode-preserving atomic replacement. Generated provider files invalidate opcache only around successful publication, malformed Composer JSON fails explicitly, and interrupted writes cannot expose truncated configuration.
Temporary framework state is restored through exception-safe boundaries. This includes Lottery outcomes, Str random/UUID/ULID factories, facade and Dotenv lifecycle guidance, and authoritative test cleanup. Redundant cleanup that recreated non-coroutine context after it had been flushed is removed.
The Support utility corrections also cover:
Session guards and password brokers now clone their configured
Timeboxprototype for each timed operation. This keeps mutable early-return timing state isolated without changing ordinary authentication APIs or introducing request-scoped infrastructure.Encryption and key lifecycle
CBC decryption validates every configured key MAC before selecting the first valid key, avoiding key-position timing disclosure during rotation. GCM payloads now reject missing or invalid tags through the framework's documented decryption exception.
Secret-bearing parameters are marked sensitive across contracts, implementations, helpers, providers, the Crypt facade boundary, and filesystem replacement. This prevents plaintext, application keys, and complete environment contents from being retained in exception traces while keeping unrelated facade diagnostics intact.
key:generatenow uses checked filesystem reads and atomic replacement, matches exact quoted or unquoted key lines, preserves CRLF files, supports command prohibition, and updates runtime configuration only after publication succeeds.Encryption boot now owns both setting and clearing the SerializableClosure signer. Test cleanup resets the signer and queue callback globals so stale keys and captured application graphs cannot survive between application lifecycles.
Hashing correctness
Bcrypt and Argon constructors normalize environment-shaped numeric and boolean configuration into their strict property types. Native
password_hash()errors are translated into stable framework exceptions, and secret parameters are redacted through the complete hashing stack.HashManager::isHashed()delegates to the configured cached driver instead of bypassing custom drivers. Verify-mode checks use the existing protected algorithm extension point, and facade metadata matches Hypervel's nullable passwordless contract.Cookie retrieval and encryption guidance
Cookie facade reads now accept unit, string-backed, integer-backed, and zero-backed enum names. Mixed defaults are applied at the facade boundary without passing them into Request's narrower API, and existing cookie values still take precedence over supplied defaults.
CookieJar and QueueingFactory now truthfully expose nested cookie arrays and array defaults. Queued lookups truthfully support mixed sentinels, while conditional PHPStan types preserve precise no-default results. Queued-cookie collections advertise their Symfony
Cookieelement type end to end.The response documentation now explains
encryptCookies(only: [...]), that unlisted cookies remain plaintext, and that a non-emptyonlylist takes precedence overexcept.Compatibility and performance
Laravel-facing methods, configuration keys, and conventional extension points remain compatible. Additive APIs and behavioral corrections follow current Laravel where applicable; Hypervel-specific changes are limited to demonstrated Swoole, strict-typing, security, or existing-surface correctness needs.
The ordinary request path gains no new locks, registries, retries, service resolution, or retained worker state. Additional work is confined to the relevant operations:
Timeboxclone when an authentication or password-reset operation is timed;Testing
The changes include focused regressions for atomic publication failures, temporary-state restoration, DTO and utility edge cases, authentication timing isolation, encryption rotation and trace redaction, hashing custom-driver behavior, Cookie enum and nested-value handling, and selective-encryption precedence.
The full formatting, static-analysis, parallel test, Testbench contract, and Testbench dogfood gates pass.
Summary by CodeRabbit
New Features
Str::trans()/Str::counted()plusStringable::counted()for count-aware pluralized strings.ValidatedInput::file()for convenient uploaded-file retrieval.Bug Fixes
Documentation