clawdforge

Author SHA1 Message Date

Author	SHA1	Message	Date
Kayos	7745c5eb5c	clients/php: apply audit findings — token redaction + uploadStream + tests (`1cff9b8` → next) HIGH: - H1: __debugInfo() redacts token on Client + AppToken; #[\SensitiveParameter] on Client constructor's $token param so PHP scrubs it from stack traces. MEDIUM: - M1: uploadStream(StreamInterface, filename, ttl) overload so callers handling form uploads have a non-path entry point. README warning above the API table on uploadFile path-trust. - M2: RunRequest now rejects empty-string model/system in the constructor (callers should pass null/omit rather than '' to use defaults). - M3: new MalformedResponseException extends ForgeException for "transport succeeded, body unparseable as expected JSON object". Decoupled from ApiException so callers can distinguish "server told me no" from "server replied 200 with garbage". README + ApiException docstring updated. - M4: non-UTF-8 / malformed JSON now flows through M3's new exception. - M5: ApiException error-message extraction falls back to json_encode (capped at 200 chars) when the error field is an object/array, so callers don't get empty messages on {"error":{"code":...,"msg":...}}. LOW: - L2: revokeToken now requires server response ok === true, raises MalformedResponseException on missing/false ok rather than silently returning true. - L5: README WordPress snippet uses bare Client (matches the use line above). - L7: 29 new tests — token redaction (3), uploadStream (2), empty model/system (2), MalformedResponseException across 7 scenarios incl. non-UTF-8, ApiException object-error formatting + 200-char cap, revoke ok=true requirement + ok=false + empty-name, RunRequest timeout bounds (3) + non-string/empty files entries (2), uploadFile unreadable-path + 4xx + 5xx, healthz 500, Authorization header asserted on every endpoint. README polish: TLS verify=false caveat under "Custom HTTP client". Audit memo: memory/clawdforge-audits/php-1cff9b8.md	2026-04-28 23:12:34 -07:00
Kayos	1cff9b89d2	clients/php: initial PHP SDK for clawdforge PHP 8.2+ Guzzle-based client mirroring the Python SDK surface: - Client::healthz / run / uploadFile / createToken / listTokens / revokeToken - Readonly value objects: RunRequest, RunResult, FileToken, AppToken - Exception hierarchy: ForgeException (abstract) -> ApiException -> AuthException, plus TransportException - camelCase PHP <-> snake_case wire conversion at the boundary - Streamed multipart uploads via fopen($path, 'r') - Injectable GuzzleHttp\ClientInterface (MockHandler-friendly) - HTTP timeout = subprocess timeout + 30s margin - 15 PHPUnit tests, 61 assertions, no live network - README with Laravel + WordPress integration snippets - MIT license, no Sulkta-specific assumptions	2026-04-28 22:41:02 -07:00

Kayos

7745c5eb5c

clients/php: apply audit findings — token redaction + uploadStream + tests (1cff9b8 → next)

HIGH:
- H1: __debugInfo() redacts token on Client + AppToken; #[\SensitiveParameter]
  on Client constructor's $token param so PHP scrubs it from stack traces.

MEDIUM:
- M1: uploadStream(StreamInterface, filename, ttl) overload so callers
  handling form uploads have a non-path entry point. README warning above
  the API table on uploadFile path-trust.
- M2: RunRequest now rejects empty-string model/system in the constructor
  (callers should pass null/omit rather than '' to use defaults).
- M3: new MalformedResponseException extends ForgeException for
  "transport succeeded, body unparseable as expected JSON object". Decoupled
  from ApiException so callers can distinguish "server told me no" from
  "server replied 200 with garbage". README + ApiException docstring updated.
- M4: non-UTF-8 / malformed JSON now flows through M3's new exception.
- M5: ApiException error-message extraction falls back to json_encode
  (capped at 200 chars) when the error field is an object/array, so
  callers don't get empty messages on {"error":{"code":...,"msg":...}}.

LOW:
- L2: revokeToken now requires server response ok === true, raises
  MalformedResponseException on missing/false ok rather than silently
  returning true.
- L5: README WordPress snippet uses bare Client (matches the use line above).
- L7: 29 new tests — token redaction (3), uploadStream (2), empty
  model/system (2), MalformedResponseException across 7 scenarios incl.
  non-UTF-8, ApiException object-error formatting + 200-char cap, revoke
  ok=true requirement + ok=false + empty-name, RunRequest timeout bounds
  (3) + non-string/empty files entries (2), uploadFile unreadable-path
  + 4xx + 5xx, healthz 500, Authorization header asserted on every
  endpoint.

README polish: TLS verify=false caveat under "Custom HTTP client".

Audit memo: memory/clawdforge-audits/php-1cff9b8.md

2026-04-28 23:12:34 -07:00

Kayos

1cff9b89d2

clients/php: initial PHP SDK for clawdforge

PHP 8.2+ Guzzle-based client mirroring the Python SDK surface:

- Client::healthz / run / uploadFile / createToken / listTokens / revokeToken
- Readonly value objects: RunRequest, RunResult, FileToken, AppToken
- Exception hierarchy: ForgeException (abstract) -> ApiException ->
  AuthException, plus TransportException
- camelCase PHP <-> snake_case wire conversion at the boundary
- Streamed multipart uploads via fopen($path, 'r')
- Injectable GuzzleHttp\ClientInterface (MockHandler-friendly)
- HTTP timeout = subprocess timeout + 30s margin
- 15 PHPUnit tests, 61 assertions, no live network
- README with Laravel + WordPress integration snippets
- MIT license, no Sulkta-specific assumptions

2026-04-28 22:41:02 -07:00

2 commits