All call sites now use $user->isApp() and $user->isPrivileged() instance
syntax instead of static User::isApp() / $user::isPrivileged() calls.
Added setUser() to Request class for consistency with Response.
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
- Document/Row model filters now preserve int type for $sequence instead of always casting to string
- V21 response filter recursively casts $sequence on nested relationship documents
- Added unit tests for nested document/row $sequence casting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
phpbench pulled in doctrine/annotations which has a security advisory.
The bench script and its only benchmark file are unused in CI.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Initialize $isUpgrade=false in Install.php action() to prevent undefined variable
- Assign $this->lockedDatabase in Upgrade.php before calling parent::action()
- Remove stack trace exposure from buildErrorDetails() in Http Install action
- Suppress raw exception messages for 500+ errors in Error handler
- Remove sessionSecret from progress details to prevent credential leak
- Hash name/email in analytics payload to avoid sending raw PII
- Validate and default dbService in compose.phtml to prevent invalid output
- Fix host normalization in progress.js redirect URL builder
- Release global lock on early return for existing installation conflict
- Consolidate duplicate database host/port assignment blocks
- Add @runInSeparateProcess to testRouteRegistration to prevent global state leak
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: sanitize branch names for valid domain generation
Branch names containing invalid domain characters (like '/') were being
used directly when creating VCS preview domains, resulting in invalid
domains like 'branch-abc/test.appwrite.network'. This adds a Domain
helper class that sanitizes branch names by replacing invalid characters
with hyphens before generating domains.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: use Text constants for branch name sanitization
Replace regex with explicit character validation using Utopia Text
constants for better readability and maintainability.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Move to transformation adapter
* lint
* tiny
* fix test
* ut
* use Filter
* lint
* more lint
* simplify
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Move type check before assignment to prevent TypeError when non-string
value (like array) is passed to Origin::isValid(). The property
\$this->origin is typed as string, so assigning an array before
the is_string() check caused the error.
- Upgrade utopia-php/cli from 0.15 to 0.22
- Upgrade utopia-php/analytics from 0.10 to 0.15
- Upgrade utopia-php/orchestration from 0.9 to 0.19
- Use dev branches for utopia-php/framework and utopia-php/platform
- Remove utopia-php/swoole dependency (merged into framework)
- Migrate Utopia\CLI\Console to Utopia\Console across all files
- Migrate Utopia\Http to Utopia\Http\Http namespace
- Migrate Utopia\Swoole\Files to Utopia\Http\Files (now instance-based)
- Convert static CLI::setResource() calls to instance-based Dependency API
- Fix StatsResources task named parameter mismatch
Chirag Aggarwal
Jake Barnby
Claude
ArnabChatterjee20k
Matej Bačo
Matej Bačo
eldadfux
copilot-swe-agent[bot]
ArnabChatterjee20k
loks0n
Hemachandar