| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Extract modules from the single `mozart` crate into 5 focused library
crates to improve compilation parallelism and architectural clarity:
- mozart-constraint: version constraint parser (independent)
- mozart-core: base types, console, validation, platform utilities
- mozart-archiver: archive creation (tar, zip, bzip2)
- mozart-registry: Packagist API, cache, resolver, downloader, lockfile
- mozart-autoload: autoloader generation and PHP scanner
Refactor Console::from_cli and build_cache_config to accept primitive
args instead of &Cli to break circular dependencies. Introduce
[workspace.dependencies] for centralized version management. Remove 9
unused direct dependencies from the CLI crate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
vulnerabilities
Query Packagist security advisories API for known vulnerabilities
affecting installed or locked packages, with version constraint
matching, severity filtering, abandoned package detection, and
multiple output formats (table, plain, json, summary).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Implement a cache module with CacheConfig and Cache structs supporting
read/write (string and binary), atomic writes via temp+rename, TTL-based
expiration, and size-limited garbage collection. Wire the repo cache into
packagist.rs and resolver.rs for API response caching, and the files
cache into downloader.rs for dist archive caching. Implement the
clear-cache command with full clear and --gc modes. All existing call
sites pass None for backward compatibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
updates
Implement Phase 5.5 of the require/remove commands:
- Interactive package search when no packages specified on CLI (require)
- --with-dependencies/--with-all-dependencies partial update for require
- --with-all-dependencies/--no-update-with-dependencies for remove
- --minimal-changes support for remove
- Extract search API types and logic from search.rs into packagist.rs
for reuse by both search and require commands
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Inline aliases ("1.0.x-dev as 1.0.0") now use the right side for
constraint matching via parse_for_constraint(), while parse() keeps
the left side for version identity.
Branch aliases from extra.branch-alias metadata create synthetic
dev-stability entries in the resolver, allowing constraints like
^2.0 to match dev-master aliased to 2.x-dev. Real releases take
precedence via entry().or_insert().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Add lock file generation pipeline that converts resolved packages into a
complete composer.lock structure. Extends PackagistVersion with 15
metadata fields (authors, license, autoload, etc.), implements BFS-based
dev package classification, platform requirements extraction, and
content-hash computation. Cleans up unused skip_serializing_if
attributes on the Deserialize-only PackagistVersion struct.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Add dependency resolution module using pubgrub v0.3.0 to convert
Composer-style constraints into range-based version solving. Includes
ComposerVersion type with stability ordering, MozartProvider
implementing DependencyProvider, platform package handling, stability
filtering, and conflict support via complement ranges.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Add the require command that updates composer.json with new package
dependencies. When no version constraint is specified, the best version
is resolved from the Packagist p2 API based on minimum-stability.
Includes packagist API client, version comparison/stability detection,
and RawPackageData deserialization support for roundtrip editing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
