[codex] Add PHP track defaults

[munezaclovis]

Summary

• Seed mutable PHP defaults per supported track under ~/.pv/resources/php/<track>/etc.
• Point PHP, Composer-through-PHP, and FrankenPHP workers at track defaults via process-level PHPRC and PHP_INI_SCAN_DIR.
• Keep Gateway PHP-neutral, strip inherited PHP ini env at daemon process boundaries, and avoid Caddyfile php_ini/env ini discovery.
• Move StaticPHP fallback ini paths away from /usr/local/etc/php and add smoke coverage.

Validation

• cargo nextest run -p resources -E 'test(php_track_defaults_) | test(managed_resource_commands_install_php_pair_seeds_track_defaults) | test(managed_resource_commands_update_php_pairs_preserves_existing_php_ini)'\n- cargo nextest run -p cli -E 'test(php_shim_sets_only_php_ini_env_overlay) | test(composer_shim_execs_installed_phar_through_php_shim) | test(composer_shim_sets_pv_owned_env_overlay)'\n- cargo nextest run -p daemon -E 'test(frankenphp_command_and_process_specs_are_stable) | test(frankenphp_config_validation_receives_xdg_environment) | test(worker_config_renderer_outputs_track_caddyfile) | test(gateway_config_validation_strips_parent_php_ini_env_when_private_env_omits_it) | test(worker_config_validation_keeps_private_php_ini_env_after_parent_removal) | test(supervisor_start_strips_parent_php_ini_env_when_private_env_omits_it)'\n- cargo nextest run -p pv-release -E 'test(php_build_recipe_smoke)'\n- cargo fmt --all -- --check\n- git diff --check\n- sh -n release/artifacts/recipes/php/build.sh\n- sh -n release/artifacts/recipes/php/smoke.sh\n- shellcheck release/artifacts/recipes/php/build.sh release/artifacts/recipes/php/smoke.sh\n- cargo clippy --workspace --all-targets --all-features --locked -- -D warnings

Summary by CodeRabbit

Release Notes

• New Features

  • Added track-level PHP defaults and per-track environment wiring (PHPRC / PHP_INI_SCAN_DIR) for consistent php.ini behavior.
  • Introduced new agent skills for app releases, resource artifact releases, upstream version updates, revocations, and checksum updates.

• Bug Fixes

  • Prevented unsafe /usr/local/etc/php ini fallback by enforcing deterministic safe ini paths during PHP/FrankenPHP operations.

• Documentation

  • Updated design and added detailed release-operation and implementation-plan guidance.

• Tests

  • Expanded coverage around ini environment handling, default seeding, and fallback prevention.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ab908e08-681f-4f1f-a3ce-d05d7041086c

📥 Commits

Reviewing files that changed from the base of the PR and between 84d0a22 and d057824.

⛔ Files ignored due to path filters (1)

• crates/pv-release/tests/snapshots/recipe_fixtures__recipe_fixture_generation_validates_archives_records_and_manifest.snap is excluded by !**/*.snap

📒 Files selected for processing (5)

• .agents/skills/release-resource-upstream-version/SKILL.md
• .agents/skills/revoke-resource-artifact/SKILL.md
• crates/pv-release/tests/recipe_fixtures.rs
• crates/pv-release/tests/recipe_metadata.rs
• release/artifacts/recipes/php/tracks.toml

✅ Files skipped from review due to trivial changes (3)

• crates/pv-release/tests/recipe_metadata.rs
• release/artifacts/recipes/php/tracks.toml
• .agents/skills/revoke-resource-artifact/SKILL.md

---

📝 Walkthrough

Walkthrough

This PR implements PHP track-level default configuration seeding under ~/.pv/resources/php/<track>/etc/ with embedded php-defaults.ini, adds a resources::php_defaults module with path computation and environment wiring helpers, seeds defaults during PHP pair installs, wires PHPRC/PHP_INI_SCAN_DIR into CLI/Composer shims and FrankenPHP worker process specs (while stripping them from gateway), and rejects unsafe /usr/local/etc/php fallback at PHP artifact build/smoke time. Five agent skill documents and a comprehensive IDEAS.md product planning file are also added.

Changes

PHP Track Defaults Implementation

Layer / File(s)	Summary
php_defaults module: INI content, types, path/env helpers, seeding logic crates/resources/src/php-defaults.ini, crates/resources/src/php_defaults.rs, crates/resources/src/lib.rs, crates/resources/tests/php_defaults.rs	Adds the embedded php-defaults.ini with core PHP configuration (error reporting, memory/time limits, session/database/mail defaults), PhpTrackDefaults struct with accessors, path-computation helpers (php_track_defaults, ensure_php_track_defaults), environment-construction helpers (php_track_environment, php_track_exec_environment), internal directory/file/symlink validation, supported-track enforcement (8.3/8.4/8.5 only), public module declaration and re-exports, plus comprehensive unit/integration tests covering seeding idempotency, path validation, symlink rejection, and environment-helper correctness.
Seed defaults during managed PHP pair install/update crates/resources/src/command.rs, crates/resources/tests/managed_resource_commands.rs	Adds ensure_php_pair_defaults helper; both record_php_pair_install and record_composer_with_php_pair_install invoke it before database writes. Integration tests verify first-install seeding writes php.ini matching PHP_TRACK_DEFAULT_INI, Composer installs also seed correctly, and user edits to php.ini are preserved across PHP pair updates.
CLI PHP and Composer shim environment wiring crates/cli/src/commands/php.rs, crates/cli/tests/php.rs, crates/cli/tests/composer.rs	Removes precomputed executable field from InstalledPhp and local php_env_overlay helper; shim_with_args_and_env now calls ensure_php_track_defaults and builds env via php_track_exec_environment. Test helpers php_exec_env/composer_exec_env updated to derive PHPRC/PHP_INI_SCAN_DIR from php_track_defaults; all affected shim tests updated with new environment expectations.
Daemon gateway/worker PHP env routing and supervisor stripping crates/daemon/src/gateway.rs, crates/daemon/src/supervisor.rs, crates/daemon/tests/gateway_config.rs, crates/daemon/tests/gateway_reconciliation.rs, crates/daemon/tests/real_artifact_gateway_e2e.rs, crates/daemon/tests/supervisor_foundation.rs	worker_process_spec becomes fallible, using worker_config_private_environment (ensure defaults + worker XDG+PHP env). Validation subprocess strips PHPRC/PHP_INI_SCAN_DIR before applying private env. RuntimeConfigTreePromotion struct threads private_environment through config promotion. Supervisor strips these keys from inherited env. Tests verify gateway lacks PHP ini keys, worker has them set to track-specific paths, and nested-process tests confirm bidirectional env isolation.
PHP artifact build flags and smoke safety checks release/artifacts/recipes/php/build.sh, release/artifacts/recipes/php/smoke.sh, crates/pv-release/tests/smoke.rs, crates/pv-release/tests/recipe_fixtures.rs, crates/pv-release/tests/recipe_metadata.rs, release/artifacts/recipes/php/tracks.toml	build.sh adds --with-config-file-path and --with-config-file-scan-dir pointing to /var/empty/com.prvious.pv/php. smoke.sh exits with code 46 on /usr/local/etc/php detection in FrankenPHP response or php --ini output. Smoke tests add two new negative tests, update fixtures to return safe paths, and add assertion that spc_log contains no unsafe paths. Recipe pv_build_revision updated from pv2 to pv3.
Design docs, implementation plan, and terminology updates docs/2026-06-20-php-track-defaults-design.md, docs/superpowers/plans/2026-06-21-php-track-defaults.md, CONTEXT.md, DESIGN.md	New design document defines filesystem layout, seed-only creation rules, runtime env contract, error handling, and test expectations. Six-task implementation plan documents each code change target. CONTEXT.md adds PHP track defaults term definition, relationships, and example dialogue. DESIGN.md adds multi-version PHP track ini seeding and PHPRC/PHP_INI_SCAN_DIR routing requirement.

Agent Skills Docs and Ideas

Layer / File(s)	Summary
Agent skill documents and OpenAI interface configurations .agents/skills/release-app-version/*, .agents/skills/release-resource-artifacts/*, .agents/skills/release-resource-upstream-version/*, .agents/skills/revoke-resource-artifact/*, .agents/skills/update-resource-checksums/*	Five new skill directories each containing a SKILL.md workflow document (250–270 lines) and an agents/openai.yaml interface definition. Skill workflows document: release-app-version (pre-dispatch checks, version bumping, local verification, workflow dispatch/monitoring, artifact verification, failure meanings, final report); release-resource-artifacts (build-only, publish-existing, new-revision, full-release modes; dispatch/verify patterns); release-resource-upstream-version (upstream vs PV-only packaging rules, recipe updates, PHP/FrankenPHP pairing constraint, upstream checksum verification); revoke-resource-artifact (append-only revocation records, client verification, failure meanings); update-resource-checksums (checksum repair without upstream version change, source verification, bump decision).
IDEAS.md product parking-lot and planning IDEAS.md	Adds 1832 lines spanning: Maybes/Parking Lot (doctor commands, sandboxed runner, git worktree, localhost hostname, targeted restart), Guided Project Init (detection signals, Herd migration mode, non-goals), Project Hooks/Command Runner (lifecycle contract with prepare/setup, shell execution constraints), Curated Global Tools (interactive picker, Composer-based registry, update boundaries), Resource Shell Commands (mysql:shell, postgres:shell with boundaries), Resource Data Commands (export/import/snapshot/restore, resource cloning concept with architecture questions), Post-v1 Resource Candidates (one-at-a-time growth model, namespacing guidance), UI/UX Ideas (TUI/dashboard roadmap, log viewer, CLI presentation, ZDOTDIR zsh integration), Agent-Friendly CLI (reliable --json, machine-readable output), Project TLS Placeholders (stable env paths, CA-only cert safeguards), PHP Extension Profiles (optional modules activation models), Auto-Reconcile Action Commands (reconcile-on-demand with guardrails, project:status gap), Gateway Unknown Hostname Page, LAN Project Access (per-project listener, PHY privacy boundaries), Resource-Only Projects (serve: false, stored slugs, naming stability).

Sequence Diagram(s)

sequenceDiagram
  participant CLI as PHP/Composer Shim
  participant ensure as ensure_php_track_defaults
  participant fs as ~/.pv/resources/php/<track>/
  participant env_build as php_track_exec_environment
  participant Gateway as Daemon Gateway
  participant Worker as FrankenPHP Worker

  Note over CLI,fs: Install/CLI Flow
  CLI->>ensure: (paths, "8.4")
  ensure->>fs: mkdir etc/, conf.d/
  ensure->>fs: write php.ini if missing
  ensure-->>CLI: PhpTrackDefaults
  CLI->>env_build: (paths, "8.4")
  env_build-->>CLI: [(PHPRC, etc_dir), (PHP_INI_SCAN_DIR, conf_dir)]
  CLI->>CLI: exec php with env overlay

  Note over Gateway,Worker: Gateway/Worker Flow
  Gateway->>ensure: (paths, "8.4")
  ensure-->>Gateway: PhpTrackDefaults (already seeded)
  Gateway->>Gateway: strip parent PHPRC/PHP_INI_SCAN_DIR
  Gateway->>Gateway: apply private [PHPRC, PHP_INI_SCAN_DIR, XDG]
  Gateway->>Worker: spawn with private env
  Worker->>Worker: read ini from PHPRC path

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• prvious/pv#256: Both PRs modify FrankenPHP gateway runtime reconciliation in crates/daemon/src/gateway.rs, including the worker_process_spec logic and gateway/worker runtime setup.
• prvious/pv#257: This PR updates release/artifacts/recipes/php/smoke.sh and build.sh to reject /usr/local/etc/php fallback, directly extending the PHP/FrankenPHP artifact recipe system introduced there.
• prvious/pv#258: Both PRs touch PHP shim PHPRC/PHP_INI_SCAN_DIR wiring; the earlier PR introduced the shims, while this one refactors the environment-building to use seeded resources::php_track_defaults.

Poem

🐇 Hop, hop! The rabbit plants ini seeds in track-deep burrows,
PHPRC blooms under ~/.pv/resources/php/<track>/etc,
No fallback to risky /usr/local/etc/php—the smoke guards it well,
Five skills guide the release dance, IDEAS fill the warren,
PV grows wiser, one track default at a time. 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 55.32% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title '[codex] Add PHP track defaults' clearly summarizes the main change: introducing PHP track defaults functionality. It is concise, specific, and directly reflects the primary focus of the PR across all modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/php-track-defaults

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 7 untouched benchmarks

---

_{Comparing feat/php-track-defaults (d057824) with main (88b3a1a)}

[pullfrog]

✅ No new issues found.

Reviewed changes — This PR adds track-level PHP defaults and routes PHP execution paths through them while keeping fallback artifact config paths isolated from host PHP config.

• Add shared PHP defaults — resources::php_defaults seeds mutable php.ini and conf.d paths under ~/.pv/resources/php/<track>/etc for supported PHP tracks.
• Use track defaults in CLI shims — shim:php and Composer-through-PHP execution now set PHPRC and PHP_INI_SCAN_DIR to the track-level defaults instead of artifact release directories.
• Use track defaults for FrankenPHP workers — worker process specs and config validation receive the same PHP ini environment while Gateway remains PHP-neutral.
• Strip inherited PHP ini environment — daemon validation and supervised child startup remove parent PHPRC and PHP_INI_SCAN_DIR before applying each process spec's private environment.
• Move artifact fallback paths — the PHP recipe passes StaticPHP fallback ini paths under /var/empty/com.prvious.pv/php, with smoke coverage rejecting /usr/local/etc/php leaks.
• Add coverage and documentation — integration tests, snapshots, release smoke tests, design docs, and release-agent skills were updated for the new PHP track defaults behavior.

  ^{｜ View workflow run ｜ Using GPT ｜ 𝕏}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

crates/resources/src/command.rs (1)

435-435: 🧹 Nitpick | 🔵 Trivial

Use a top-level import instead of the fully-qualified call.

Line 435 uses crate::php_defaults::ensure_php_track_defaults(...) with a fully-qualified path. Per coding guidelines, prefer top-level imports over fully-qualified names. Add an import at the module level and use the simple function name instead.

♻️ Proposed refactor

+use crate::php_defaults::ensure_php_track_defaults;
...
-        crate::php_defaults::ensure_php_track_defaults(&self.paths, install.php.track.as_str())?;
+        ensure_php_track_defaults(&self.paths, install.php.track.as_str())?;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/resources/src/command.rs` at line 435, Replace the fully-qualified
function call to crate::php_defaults::ensure_php_track_defaults with a top-level
import. Add a use statement at the module level to import
ensure_php_track_defaults from crate::php_defaults, then update line 435 to use
only the function name ensure_php_track_defaults instead of the fully-qualified
path.

Source: Coding guidelines

crates/cli/tests/composer.rs (1)

77-77: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Apply the same top-level import style in composer tests.

Import php_track_defaults at the module level and reference it directly in changed helpers/assertions.

As per coding guidelines, "PREFER top-level imports over local imports or fully qualified names in Rust".

Also applies to: 500-500

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/cli/tests/composer.rs` at line 77, The `php_track_defaults` function
is being called using the fully qualified name `resources::php_track_defaults`
instead of being imported at the module level. Add `php_track_defaults` to the
top-level imports from the resources module at the beginning of the composer.rs
file, then replace the fully qualified references to
`resources::php_track_defaults` with just `php_track_defaults` in both locations
where it appears (line 77 and line 500).

Source: Coding guidelines

crates/cli/tests/php.rs (1)

79-79: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Prefer importing resources symbols at module scope in tests, too.

Use top-level imports for php_track_defaults / PHP_TRACK_DEFAULT_INI rather than fully qualified calls in changed assertions/helpers.

As per coding guidelines, "PREFER top-level imports over local imports or fully qualified names in Rust".

Also applies to: 235-239

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/cli/tests/php.rs` at line 79, The code uses fully qualified calls like
resources::php_track_defaults instead of importing these symbols at the module
scope. Add top-level imports for php_track_defaults and PHP_TRACK_DEFAULT_INI
from the resources module at the beginning of the file in the use statements,
then replace all fully qualified calls to resources::php_track_defaults and
references to resources::PHP_TRACK_DEFAULT_INI with their direct names
throughout the test file (including the instances around line 79 and lines
235-239).

Source: Coding guidelines

crates/cli/src/commands/php.rs (1)

264-265: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Use top-level imports instead of fully qualified resources::... calls.

Please import these symbols and call them directly for consistency with repository Rust style.

Suggested refactor

 use camino::Utf8PathBuf;
+use resources::{ensure_php_track_defaults, php_adapter, php_track_exec_environment};

 ...
-    resources::ensure_php_track_defaults(&paths, &track)?;
-    env.extend(resources::php_track_exec_environment(&paths, &track)?);
+    ensure_php_track_defaults(&paths, &track)?;
+    env.extend(php_track_exec_environment(&paths, &track)?);

 ...
-        let adapter = resources::php_adapter()?;
+        let adapter = php_adapter()?;

As per coding guidelines, "PREFER top-level imports over local imports or fully qualified names in Rust".

Also applies to: 321-323

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/cli/src/commands/php.rs` around lines 264 - 265, Replace the fully
qualified `resources::` calls with top-level imports to follow repository Rust
style guidelines. Add imports at the top of the file for the functions
`ensure_php_track_defaults` and `php_track_exec_environment` from the resources
module, then update all occurrences throughout the file (including lines around
321-323 as noted) to call these functions directly without the `resources::`
prefix instead of using the fully qualified names.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agents/skills/release-resource-upstream-version/SKILL.md:
- Around line 44-150: The skill currently collects user confirmation for all
inputs upfront (lines 44-54) but then dispatches both the build workflow (lines
145-150) and publication workflow autonomously without re-confirming. Add two
explicit re-confirmation sections: first, insert a "Confirm Build Dispatch"
section immediately after the "Commit And Push" section and before "Build
Artifacts" that lists the finalized inputs and asks the user to confirm before
dispatching the artifact-recipes.yml workflow. Second, insert a "Confirm
Publication Dispatch" section at the end of "Build Artifacts" section that
re-confirms with the user before dispatching the publication workflow,
emphasizing that published artifacts become available to all clients. Both
sections should present the inputs in a clear format and require explicit user
confirmation before proceeding with each autonomous workflow dispatch.

In @.agents/skills/revoke-resource-artifact/SKILL.md:
- Around line 149-173: The emergency manual publication guidance in the
"Publication Options" section lists a "safe order" of 5 sequential steps (lines
165–170) for mutating R2 directly, but these steps are presented as an ordered
batch without explicit re-confirmation gates between each mutation. This creates
ambiguity about whether an agent should execute all steps autonomously after
receiving initial approval on line 155, rather than requiring explicit per-step
human approval. Restructure the numbered list to add explicit re-confirmation
checkpoints before each R2 mutation step: before uploading the revocation JSON,
before generating and uploading the versioned manifest, and before updating the
stable manifest. Ensure each checkpoint requires user confirmation with a clear
prompt before proceeding to the next mutation operation.

---

Nitpick comments:
In `@crates/cli/src/commands/php.rs`:
- Around line 264-265: Replace the fully qualified `resources::` calls with
top-level imports to follow repository Rust style guidelines. Add imports at the
top of the file for the functions `ensure_php_track_defaults` and
`php_track_exec_environment` from the resources module, then update all
occurrences throughout the file (including lines around 321-323 as noted) to
call these functions directly without the `resources::` prefix instead of using
the fully qualified names.

In `@crates/cli/tests/composer.rs`:
- Line 77: The `php_track_defaults` function is being called using the fully
qualified name `resources::php_track_defaults` instead of being imported at the
module level. Add `php_track_defaults` to the top-level imports from the
resources module at the beginning of the composer.rs file, then replace the
fully qualified references to `resources::php_track_defaults` with just
`php_track_defaults` in both locations where it appears (line 77 and line 500).

In `@crates/cli/tests/php.rs`:
- Line 79: The code uses fully qualified calls like
resources::php_track_defaults instead of importing these symbols at the module
scope. Add top-level imports for php_track_defaults and PHP_TRACK_DEFAULT_INI
from the resources module at the beginning of the file in the use statements,
then replace all fully qualified calls to resources::php_track_defaults and
references to resources::PHP_TRACK_DEFAULT_INI with their direct names
throughout the test file (including the instances around line 79 and lines
235-239).

In `@crates/resources/src/command.rs`:
- Line 435: Replace the fully-qualified function call to
crate::php_defaults::ensure_php_track_defaults with a top-level import. Add a
use statement at the module level to import ensure_php_track_defaults from
crate::php_defaults, then update line 435 to use only the function name
ensure_php_track_defaults instead of the fully-qualified path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 5da23d39-4c2a-41cb-848f-a4b38eef7a1e

📥 Commits

Reviewing files that changed from the base of the PR and between 88b3a1a and 84d0a22.

⛔ Files ignored due to path filters (11)

• crates/cli/tests/snapshots/composer__composer_shim_execs_installed_phar_through_php_shim.snap is excluded by !**/*.snap
• crates/cli/tests/snapshots/composer__composer_shim_forwards_help_and_version_flags.snap is excluded by !**/*.snap
• crates/cli/tests/snapshots/composer__composer_shim_uses_cached_manifest_default_without_network.snap is excluded by !**/*.snap
• crates/cli/tests/snapshots/php__php_shim_execs_global_default_track_outside_project.snap is excluded by !**/*.snap
• crates/cli/tests/snapshots/php__php_shim_execs_resolved_project_track.snap is excluded by !**/*.snap
• crates/cli/tests/snapshots/php__php_shim_forwards_help_and_version_flags.snap is excluded by !**/*.snap
• crates/cli/tests/snapshots/php__php_shim_uses_cached_manifest_default_without_network.snap is excluded by !**/*.snap
• crates/daemon/tests/snapshots/gateway_reconciliation__frankenphp_command_and_process_specs_are_stable.snap is excluded by !**/*.snap
• crates/resources/tests/snapshots/managed_resource_commands__managed_resource_commands_install_composer_with_php_pair_seeds_track_defaults.snap is excluded by !**/*.snap
• crates/resources/tests/snapshots/managed_resource_commands__managed_resource_commands_install_php_pair_seeds_track_defaults.snap is excluded by !**/*.snap
• crates/resources/tests/snapshots/managed_resource_commands__managed_resource_commands_update_php_pairs_preserves_existing_php_ini.snap is excluded by !**/*.snap

📒 Files selected for processing (33)

• .agents/skills/release-app-version/SKILL.md
• .agents/skills/release-app-version/agents/openai.yaml
• .agents/skills/release-resource-artifacts/SKILL.md
• .agents/skills/release-resource-artifacts/agents/openai.yaml
• .agents/skills/release-resource-upstream-version/SKILL.md
• .agents/skills/release-resource-upstream-version/agents/openai.yaml
• .agents/skills/revoke-resource-artifact/SKILL.md
• .agents/skills/revoke-resource-artifact/agents/openai.yaml
• .agents/skills/update-resource-checksums/SKILL.md
• .agents/skills/update-resource-checksums/agents/openai.yaml
• CONTEXT.md
• DESIGN.md
• IDEAS.md
• crates/cli/src/commands/php.rs
• crates/cli/tests/composer.rs
• crates/cli/tests/php.rs
• crates/daemon/src/gateway.rs
• crates/daemon/src/supervisor.rs
• crates/daemon/tests/gateway_config.rs
• crates/daemon/tests/gateway_reconciliation.rs
• crates/daemon/tests/real_artifact_gateway_e2e.rs
• crates/daemon/tests/supervisor_foundation.rs
• crates/pv-release/tests/smoke.rs
• crates/resources/src/command.rs
• crates/resources/src/lib.rs
• crates/resources/src/php-defaults.ini
• crates/resources/src/php_defaults.rs
• crates/resources/tests/managed_resource_commands.rs
• crates/resources/tests/php_defaults.rs
• docs/2026-06-20-php-track-defaults-design.md
• docs/superpowers/plans/2026-06-21-php-track-defaults.md
• release/artifacts/recipes/php/build.sh
• release/artifacts/recipes/php/smoke.sh

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 84d0a22506

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep environment variables in the seeded PHP defaults

When this file is seeded, the new shim and worker code force every PV PHP process to load it via PHPRC. With variables_order = "GPCS", PHP does not create $_ENV for inherited environment variables because the E component is omitted (see https://www.php.net/manual/en/ini.core.php#ini.variables-order), so a normal shell invocation like FOO=bar pv php -r 'var_dump($_ENV["FOO"] ?? null);' regresses from PHP's built-in default whenever the user has not customized php.ini. Please keep E in this default or omit the directive so external env remains visible.

Useful? React with 👍 / 👎.

[pullfrog]

✅ No new issues found.

Reviewed changes — This incremental review covered the release metadata bump after the prior Pullfrog review.

• Bumped PHP artifact build revision — release/artifacts/recipes/php/tracks.toml now publishes the PHP and FrankenPHP artifact set as pv3.
• Updated release fixture expectations — crates/pv-release fixture tests and generated manifest snapshots now expect pv3 artifact identities, URLs, checksums, and sizes for all supported PHP tracks and Darwin platforms.

  ^{｜ View workflow run ｜ Using GPT ｜ 𝕏}

[pullfrog]

✅ No new issues found.

Reviewed changes — This incremental review covered the new release-safety confirmation gates added after the prior Pullfrog review.

• Added artifact-recipes.yml dispatch confirmation — release-resource-upstream-version now requires a fresh user confirmation of finalized build inputs immediately before dispatching the build workflow.
• Added publication dispatch confirmation — release-resource-upstream-version now requires a separate confirmation of publication inputs and client-visible publication impact before dispatching artifact-publication.yml.
• Gated emergency revocation mutations — revoke-resource-artifact now separates manual R2 revocation publication into per-mutation approval checkpoints instead of allowing one approval to cover the full sequence.

  ^{｜ View workflow run ｜ Using GPT ｜ 𝕏}