Contract bearbeiten

Aktuelle Version: 2.1

Neue Version * Muss sich von der aktuellen Version unterscheiden.

Änderungsbeschreibung

YAML-Inhalt *

contract:
  name: code-quality-standards
  version: "2.1"
  status: active
  description: |
    Automatisch validierbare Code-Qualitätsstandards für das Campus-Projekt.
    Erstellt im Rahmen des Code-Refactoring vom 22.12.2025.
    Migriert auf Meta-Schema v1.0 am 22.12.2025.
    v2.1: DI-Prinzip hinzugefügt (25.12.2025)

created: "2025-12-22"
  author: claude

scope:
    paths:
      - "/src/**/*.php"
    excludes:
      - "/src/View/**"

rules:
    - id: no-god-class
      check_type: line_count
      pattern: "Controller/*.php"
      max_lines: 500
      severity: major
      description: "Controller dürfen max 500 LOC haben"

- id: no-sql-in-controller
      check_type: forbidden_pattern
      patterns:
        - "->query("
        - "->prepare("
        - "new PDO"
        - "$this->db"
      in_files: "Controller/*.php"
      exclude_files:
        - "Framework/"
      severity: critical
      description: "Controller dürfen keine direkten SQL-Queries enthalten"

- id: no-html-in-controller
      check_type: forbidden_pattern
      patterns:
        - "echo '<"
        - 'echo "<'
      in_files: "Controller/*.php"
      severity: minor
      description: "Controller dürfen kein HTML direkt ausgeben"

- id: use-notfound-method
      check_type: forbidden_pattern
      patterns:
        - "http_response_code(404)"
      in_files: "Controller/*.php"
      severity: major
      description: "Controller müssen notFound() statt http_response_code(404) nutzen"

- id: use-view-method
      check_type: required_pattern
      patterns:
        - "$this->view("
      in_files: "Controller/*.php"
      severity: info
      description: "Controller sollten $this->view() für Rendering nutzen"

- id: typed-properties
      check_type: forbidden_pattern
      patterns:
        - "private $"
        - "protected $"
        - "public $"
      in_files: "**/*.php"
      exclude_files:
        - "View/"
      severity: minor
      description: "Klassen-Properties sollten PHP 8+ Typen haben"

- id: no-static-facades
      check_type: forbidden_pattern
      patterns:
        - "ModelConfig::"
        - "::getInstance()"
      in_files: "Controller/*.php"
      severity: critical
      description: "Controller müssen DI nutzen, keine Static Facades oder Singletons"

- id: di-constructor-injection
      check_type: required_pattern
      patterns:
        - "public function __construct("
      in_files: "Controller/*.php"
      severity: major
      description: "Controller müssen Dependencies per Constructor Injection erhalten"

principles:
    - id: DI-001
      name: "Dependency Injection statt Static Facades"
      description: |
        Alle Dependencies müssen per Constructor Injection bereitgestellt werden.
        Verboten sind:
        - Static Facades (z.B. ModelConfig::getAll())
        - Singleton-Pattern (::getInstance())
        - Service Locator Pattern
        Grund: Testbarkeit, explizite Dependencies, Container-kontrollierter Lifecycle.

enforcement:
    on_violation: block
    hook: "/var/www/tools/ki-protokoll/claude-hook/architecture_guard.py"

pass_threshold:
    critical_max: 0
    major_max: 2
    minor_max: 5

metrics:
    target_phpstan_level: 7
    max_controller_loc: 500
    max_method_loc: 50

Abbrechen