Redis stringifies scalars on save, so on a cache hit the `total` field
was served as a string. Flutter SDK (and any strictly-typed client) then
failed with `TypeError: "37": type 'String' is not a subtype of type 'int'`.
The cache-miss path returned an int from `count()`, which is why only
repeat requests with `ttl > 0` tripped the bug.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Raises `phpstan.neon` level from 3 to 4 and fixes the 549 new errors
that level 4 surfaces across 157 files. Fixes are root-cause — no
`@phpstan-ignore`, no `@var` casts, no baseline entries, no widened
types. A handful of latent bugs were fixed along the way:
- `app/controllers/general.php`: path-traversal guard was negating
`\substr(...)` before the strict comparison (`!\substr(...) === $base`
was always `false === $base`). Rewritten as `\substr(...) !== $base`.
- `src/Appwrite/Platform/Modules/Databases/Http/Databases/Logs/XList.php`
and `.../TablesDB/Logs/XList.php`: were importing the raw Matomo
`DeviceDetector` (whose `getDevice()` returns `?int`) but treating the
result as an array with `deviceName/deviceBrand/deviceModel` keys.
Swapped to `Appwrite\Detector\Detector`, matching the wrapper already
used a few lines below for `$os`/`$client`.
- `src/Appwrite/Platform/Modules/Functions/Workers/Builds.php`: a match
key was checking `$resourceKey === 'functions'` when `$resourceKey`
is `'functionId'|'siteId'` — always false. Switched to the intended
`$resource->getCollection() === 'functions'` check.
- `src/Appwrite/OpenSSL/OpenSSL.php`: `encrypt()` return type tightened
to `string|false` to match `openssl_encrypt`; this lets callers'
`=== false` error handling remain meaningful.
- `app/controllers/api/messaging.php`: removed a dead
`array_key_exists('from', [])` branch in the Msg91 provider (empty
array literal; branch was unreachable).
Large cleanup categories across the 549 fixes:
- Removed redundant `?? default` on array offsets and expressions that
PHPStan now knows are non-nullable.
- Removed unreachable statements (mostly `return;` after `throw` or
`markTestSkipped()`).
- Removed redundant `is_array`/`is_string`/`is_bool`/`instanceof` checks
on already-narrowed types.
- Added `default =>` arms (or throwing arms) to non-exhaustive matches
on `string`/`mixed` input.
- Removed dead `$document === false` branches where method return types
were tightened to non-nullable `Document`.
- Removed unused properties (`$version` on Etsy/Zoom OAuth2, `$paths` on
Installer State, `$source` on MigrationsWorker, `$account2` on two
GraphQL auth tests), unused traits (`ApiVectorsDB`, `DatabaseFixture`),
and an unused `cleanupStaleExecutions` task method.
- Replaced `assertTrue(true)` and redundant `assertIsArray`/`assertIsString`/
`assertNotNull` assertions with `addToAssertionCount(1)` or
`assertNotEmpty` where the runtime type was already known.
Revert the is_int preservation — SDKs declare $sequence as string,
so the API must always return a string. Updated tests to match.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move all TablesDB* test files from tests/e2e/Services/Databases/ to a
new tests/e2e/Services/TablesDB/ directory, updating namespaces and
adding explicit imports for shared base traits. Add TablesDB as a
separate service in the CI matrix so /v1/databases and /v1/tables tests
run as independent parallel jobs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove specific index length number from testPatchAttribute assertion
since the value differs between shared/non-shared table modes (767 vs
768) and the console API returns the console project's value, not the
user project's
- Use getLastEmailByAddress in testPasswordRecoveryUrlParams to avoid
retrieving emails from parallel test classes sharing the same maildev
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The testListDocumentsWithCache and testListDocumentsCacheBustedByAttributeChange
tests were failing because testCreateDocument (which runs earlier) adds 3 more
documents to the same movies collection, resulting in 6 docs instead of expected 3.
Additionally, the cache bust test was getting a cache 'hit' instead of 'miss' on
its first request due to sharing the same cache key as the previous test.
Fix by filtering all cache test queries to the 3 known setup document IDs, and
using distinct select/order queries in each test to avoid cache key collisions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix indentation alignment in cache hit detection condition
- Add total count assertions for cached and non-cached responses in test
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Same cache-before-wait pattern as DatabasesBase to prevent
cascading 409 failures when attribute polling times out.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When setupAttributes() or setupIndexes() timed out during
waitForAllAttributes/waitForAllIndexes, the cache was never populated.
Subsequent test methods calling setup again would find empty cache,
reuse the same collection IDs (from collection cache), and attempt to
re-create existing attributes/indexes, resulting in 409 Conflict errors.
Fix: populate the static cache immediately after successful creation
(202 assertions), before the wait calls. This ensures retries skip
creation and go straight to waiting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ArnabChatterjee20k
Chirag Aggarwal
Jake Barnby
ArnabChatterjee20k
loks0n