refactor: core architecture hardening and type-safe implementation

Author: Fahl-Design

.github/workflows/ci.yml

@@ -3,6 +3,8 @@ on:
     branches:
       - "main"
   pull_request:
+#  schedule:
+#    - cron: '24 10 * * 4'
 
 name: "CI"
 
@@ -13,37 +15,43 @@ env:
   PHP_VERSION: "8.3"
 
 jobs:
-  configuration:
-    name: "Configuration"
-    runs-on: "ubuntu-latest"
-    outputs:
-      php-version: ${{ steps.determine-php-version.outputs.php-version }}
-    steps:
-      - name: "Determine PHP version"
-        id: "determine-php-version"
-        run: "echo \"php-version=${{ env.PHP_VERSION }}\" >> $GITHUB_OUTPUT"
-
   qa:
     name: "QA (lint + static analysis)"
     if: "!startsWith(github.event.head_commit.message, 'chore(release)')"
     runs-on: "ubuntu-latest"
     steps:
       -   name: "Checkout"
-          uses: "actions/checkout@v4"
+          uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
 
       -   name: "Install PHP"
-          uses: "shivammathur/setup-php@v2"
+          uses: "shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1" # 2.36.0
           with:
             coverage: "none"
             php-version: "${{ env.PHP_VERSION }}"
 
       -   name: "Validate composer.json and composer.lock"
+          if: "github.actor != 'renovate[bot]' || contains(github.head_ref, 'lock-file-maintenance')"
           run: "composer validate --ansi --strict"
 
-      -   name: "Install dependencies with composer"
-          run: "composer install --no-interaction --no-progress"
+      -   name: "Determine composer cache directory"
+          uses: "ergebnis/.github/actions/composer/determine-cache-directory@4103ff7c010d2c18dc84f72d6704227868412482" # 1.10.0
+
+      -   name: "Cache dependencies installed with composer"
+          uses: "actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306" # v5.0.3
+          with:
+            path: "${{ env.COMPOSER_CACHE_DIR }}"
+            key: "php-${{ env.PHP_VERSION }}-composer-locked-${{ hashFiles('composer.lock') }}"
+            restore-keys: |
+              php-${{ env.PHP_VERSION }}-composer-locked-${{ github.ref_name }}
+              php-${{ env.PHP_VERSION }}-composer-locked-
+              php-${{ env.PHP_VERSION }}-composer-main
+
+      -   name: "Install locked dependencies with composer"
+          uses: "ergebnis/.github/actions/composer/install@4103ff7c010d2c18dc84f72d6704227868412482" # 1.10.0
+          with:
+            dependencies: "${{ (github.actor == 'renovate[bot]' && !contains(github.head_ref, 'lock-file-maintenance')) && 'highest' || 'locked' }}"
 
-      -   name: "Build Codeception"
+      -   name: "Check coding style"
           run: "vendor/bin/codecept build"
 
       -   name: "Check coding style"
@@ -52,30 +60,162 @@ jobs:
       -   name: "Run static analysis"
           run: "composer stan"
 
+#  codacy:
+#    name: "Codacy Security Scan"
+#    if: "!startsWith(github.event.head_commit.message, 'chore(release)')"
+#    runs-on: "ubuntu-latest"
+#    permissions:
+#      contents: read
+#      security-events: write
+#      actions: read
+#    steps:
+#      - name: Checkout code
+#        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+#
+#      - name: Run Codacy Analysis CLI
+#        uses: codacy/codacy-analysis-cli-action@30783d03e758713bb5ed7b79292cfb14b9dd9a4a
+#        with:
+#          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+#          verbose: false
+#          output: results.sarif
+#          format: sarif
+#          upload: true
+#          skip-uncommitted-files-check: true
+#          gh-code-scanning-compat: true
+#          max-allowed-issues: 2147483647
+
   tests:
     name: "Run codeception tests"
-    needs: [ configuration, qa ]
+    needs: [ qa ]
     runs-on: "ubuntu-latest"
     strategy:
       matrix:
         include:
-          - { php-version: "8.3", dependencies: locked, with_coverage: false }
-          - { php-version: "8.4", dependencies: highest, with_coverage: false }
+          - { php-version: 8.3, dependencies: locked, coverage: pcov, with_coverage: true, allow-fail: false }
+
+          - { php-version: 8.4, dependencies: highest, coverage: pcov, with_coverage: false, allow-fail: true }
+          - { php-version: 8.5, dependencies: highest, coverage: pcov, with_coverage: false, allow-fail: true }
     steps:
       -   name: "Checkout"
-          uses: "actions/checkout@v4"
+          uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
 
       -   name: "Install PHP"
-          uses: "shivammathur/setup-php@v2"
+          uses: "shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1" # 2.36.0
           with:
-            coverage: "none"
+            coverage: "${{ matrix.coverage }}"
             ini-values: display_errors=On, display_startup_errors=On, error_reporting=32767
             php-version: "${{ matrix.php-version }}"
 
-      -   name: "Install dependencies with composer"
-          run: "composer update --no-interaction --no-progress"
+      -   name: "Set up problem matchers for PHP"
+          run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
+
+      -   name: "Set up problem matchers for phpunit/phpunit"
+          run: "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\""
+
+      -   name: "Validate composer.json and composer.lock"
+          if: "github.actor != 'renovate[bot]' || contains(github.head_ref, 'lock-file-maintenance')"
+          run: "composer validate --ansi --strict"
+
+      -   name: "Determine composer cache directory"
+          uses: "ergebnis/.github/actions/composer/determine-cache-directory@4103ff7c010d2c18dc84f72d6704227868412482" # 1.10.0
+
+      -   name: "Cache dependencies installed with composer"
+          uses: "actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306" # v5.0.3
+          with:
+            path: "${{ env.COMPOSER_CACHE_DIR }}"
+            key: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}"
+            restore-keys: |
+              php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ github.ref_name }}
+              php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-
+              php-${{ matrix.php-version }}-composer-main
+
+      -   name: "Install ${{ matrix.dependencies }} dependencies with composer"
+          uses: "ergebnis/.github/actions/composer/install@4103ff7c010d2c18dc84f72d6704227868412482" # 1.10.0
+          with:
+            dependencies: "${{ (github.actor == 'renovate[bot]' && !contains(github.head_ref, 'lock-file-maintenance') && matrix.dependencies == 'locked') && 'highest' || matrix.dependencies }}"
+
+      -   name: "Run Tests (coverage)"
+          if: matrix.with_coverage == true
+          run: |
+            vendor/bin/codecept build
+            vendor/bin/codecept run --coverage --coverage-xml=coverage.xml --xml  --report
 
       -   name: "Run Tests"
+          if: matrix.with_coverage != true
           run: |
             vendor/bin/codecept build
-            vendor/bin/codecept run --report
+            vendor/bin/codecept run --xml --report
+
+      -   name: "Upload coverage artifact"
+          if: matrix.with_coverage == true
+          uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+          with:
+            name: code-coverage-results
+            path: tests/_output/
+            retention-days: 5
+
+#      -   name: "Upload Coverage coverage"
+#          if: matrix.with_coverage == true
+#          run: |
+#            export CODACY_PROJECT_TOKEN=${{ secrets.CODACY_PROJECT_TOKEN }}
+#            bash <(curl -Ls https://coverage.codacy.com/get.sh) report -r ./build/logs/coverage.xml
+#
+#      -   name: Upload test results to Codecov
+#          if: ${{ !cancelled() && matrix.with_coverage == true }}
+#          uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5
+#          with:
+#            token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+#            files: ./build/logs/report.xml
+#            flags: unittests # optional
+#            report_type: test_results
+#            fail_ci_if_error: "${{ matrix.with_coverage }}" # optional (default = false)
+#            verbose: false # optional (default = false)
+#      -   name: Upload coverage to Codecov
+#          if: ${{ !cancelled() && matrix.with_coverage == true }}
+#          uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5
+#          with:
+#            token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+#            files: ./build/logs/coverage.xml
+#            flags: unittests # optional
+#            fail_ci_if_error: "${{ matrix.with_coverage }}" # optional (default = false)
+#            verbose: false # optional (default = false)
+
+  release:
+    name: "Release"
+    needs:
+    - tests
+#    - codacy
+    if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && !startsWith(github.event.head_commit.message, 'chore(release)')"
+    runs-on: "ubuntu-latest"
+    permissions:
+      actions: read
+      contents: read
+    steps:
+      - name: Generate Token
+        id: generate_token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          token: ${{ steps.generate_token.outputs.token }}
+
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v6.0.0
+        with:
+          tag_format: ${version}
+          branches: |
+            ['main']
+          extra_plugins: |
+            @semantic-release/commit-analyzer
+            @semantic-release/release-notes-generator
+            @semantic-release/github
+            @semantic-release/changelog
+            @semantic-release/git
+            conventional-changelog-conventionalcommits
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}

.php-version

@@ -0,0 +1 @@
+8.3

GEMINI.md

@@ -0,0 +1,76 @@
+# Gemini CLI Instructional Context: PHP OpenAPI Mock Server
+
+This document provides foundational context and instructions for AI agents interacting with the `php-openapi-mock-server` codebase.
+
+## Project Overview
+**PHP OpenAPI Mock Server** is a high-performance, lightweight, zero-Docker mock server built with the Mezzio framework. It serves mock data based on OpenAPI 3.x specifications (JSON or YAML) and is designed for rapid prototyping and CI environments.
+
+- **Type:** PHP Web Application (PSR-15 Middleware Stack)
+- **Framework:** [Mezzio](https://docs.mezzio.dev/)
+- **Core Libraries:** 
+  - `league/openapi-psr7-validator`: For request and response validation against OpenAPI specs.
+  - `devizzent/cebe-php-openapi`: For parsing OpenAPI specifications.
+  - `laminas/laminas-diactoros`: PSR-7 implementation.
+  - `webmozart/assert`: For strict runtime type verification.
+- **Language:** PHP 8.3+ (Strict Types enabled)
+
+## Architecture & Logic
+The application operates primarily through a series of PSR-15 middlewares and a stateless service registry:
+1. **`ForceMockActiveMiddleware`**: Ensures the mock server is active by default by setting the `X-OpenApi-Mock-Active` header.
+2. **`OpenApiMockMiddleware`**: The core logic that intercepts requests, validates them, and returns faked responses. It handles all documentation routes (`/`, `/openapi.yaml`) by passing them to the standard routing stack.
+3. **`FakerRegistry`**: A central, stateless registry for all mock generation services.
+4. **Type-Safe Enums**: Extensive use of PHP 8.3 Enums for `FakerType`, `FakerContext`, `HttpMethod`, and `RequestErrorType` to eliminate magic strings and harden type safety.
+5. **Factories:** Found in `src/Factory/` and use **PSR-17 interfaces** (`ResponseFactoryInterface`, `StreamFactoryInterface`) for dependency injection.
+
+## Building and Running
+
+### Development Server
+Run the built-in PHP server:
+```bash
+php -S localhost:8080 -t public
+```
+
+### Docker (FrankenPHP)
+Optimized [FrankenPHP](https://frankenphp.dev/) environment with **Hot-Reload** support:
+```bash
+docker compose up -d
+```
+
+### Environment Variables
+- `OPENAPI_SPEC`: Path or URL to the OpenAPI specification file (Default: `data/openapi.yaml`).
+
+### Key Composer Scripts
+- `composer test`: Runs the full Codeception test suite (**95 tests passing**).
+- `composer test:coverage`: Generates code coverage reports (**~82% coverage**).
+- `composer bench`: Runs the PHPBench performance suite.
+- `composer stan`: Runs PHPStan static analysis (**Level 8 clean**).
+- `composer rector:fix`: Applies automated refactorings via Rector.
+- `composer cs:fix`: Fixes coding standards via PHP-CS-Fixer.
+
+## Development Conventions
+
+### Coding Style
+- **Standard:** PSR-12 / PER standard via PHP-CS-Fixer.
+- **Strict Typing:** All PHP files MUST start with `declare(strict_types=1);`.
+- **Modern PHP:** Leverage PHP 8.3 features like Enums, readonly properties, and constructor property promotion.
+
+### PHPStan & Type Safety
+- **Stricteness:** Maintain a zero-error baseline at **PHPStan Level 8**.
+- **Assertions:** Use `Webmozart\Assert\Assert` for runtime type narrowing. This is foundational for the project's type safety.
+
+### Testing Practices
+- **Framework:** [Codeception](https://codeception.com/).
+- **Suites:** `Acceptance`, `Unit`, `JsonAcceptance`, `RemoteAcceptance`.
+- **Base Class:** Unit tests MUST extend `\Codeception\Test\Unit`.
+- **Reproducing Bugs:** ALWAYS add a new regression test (unit or acceptance) before fixing a bug.
+
+## Performance & Benchmarking
+- **PSR-6 Caching:** Caches parsed OpenAPI specifications.
+- **Schema Memoization:** Static caching in `SchemaFaker` avoids redundant recursive resolution.
+- **Metrics:** Middleware creation is **~21μs**, and full mock request processing averages **~4.2ms**.
+
+## Mocking Logic
+- **`FakerRegistry`**: Manages stateless instances of `StringFaker`, `NumberFaker`, `ArrayFaker`, `ObjectFaker`, etc.
+- **OpenAPI 3.1 Support:** Full support for numeric `exclusiveMinimum` and `exclusiveMaximum`.
+- **Composition:** Robust handling of `anyOf`, `oneOf`, and `allOf`.
+- **Swagger UI:** Automatically available at the root (`/`) path.

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Benjamin Fahl (WebProject.xyz)  and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.