Add checksum to diagnostics

[ildyria]

So it is easier to diagnose if we are EXACTLY on the same file versions...
We could consider later making it a proper merkle tree.

Summary by CodeRabbit

• New Features
  • Added a file integrity check to diagnostics that computes and records deterministic signatures for application and vendor files.
  • Integrated the new check into the diagnostics pipeline so reports now include combined file signatures and file-count summaries.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new diagnostic pipe HashCheck was added and integrated into the diagnostics pipeline. It collects project and vendor files, computes deterministic xxh3-based hashes (including path in the input), and appends the results to diagnostic data. The pipe is registered in Errors.php.

Changes

Cohort / File(s)	Summary
Pipeline Integration app/Actions/Diagnostics/Errors.php	Added use App\Actions\Diagnostics\Pipes\Checks\HashCheck; and inserted HashCheck::class into the private $pipes array to include the new check in the diagnostics pipeline.
New Diagnostic Pipe app/Actions/Diagnostics/Pipes/Checks/HashCheck.php	Added HashCheck class implementing DiagnosticPipe with handle(array &$data, \Closure $next): array. Collects files from configured project paths and vendor directory, normalizes paths, sorts entries, handles unreadable files with an UNREADABLE marker, and computes separate deterministic xxh3 hashes for core and vendor sets via private helpers (collectFiles(), computeHash(), normalizePath()). Appends combined hash and file counts to diagnostic output.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Review file collection paths and any hardcoded/include patterns in HashCheck.
• Verify deterministic ordering and inclusion of file paths in hash input.
• Confirm handling of unreadable files and edge cases (empty sets, binary files).
• Check import placement and pipeline ordering in Errors.php.

Poem

🐰 I hop the paths both near and far,
I nibble bytes and mark each scar,
xxh3 hums a steady song,
Core and vendor hashes strong,
Diagnostics now can sing along. 🐇

Pre-merge checks

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5b6b253 and 3aec82a.

📒 Files selected for processing (1)

• app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.php

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.php: New PHP files must include the project license header and have a single blank line after the opening <?php tag
Use snake_case for PHP variable names
Always call in_array() with true as the third parameter for strict checking
Only booleans should be used as conditions in if statements (avoid integers/strings)
Use strict comparisons (===, !==) instead of loose comparisons (==, !=)
Avoid duplicating logic in both if and else branches; refactor common code
Do not use empty(); use explicit checks instead
Do not use float/double for money; store amounts as integers in the smallest currency unit (e.g., cents)

Files:

• app/Actions/Diagnostics/Pipes/Checks/HashCheck.php

{composer.json,**/*.php}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Apply PSR-4: configure autoload in composer.json and ensure PHP namespaces align with directory structure

Files:

• app/Actions/Diagnostics/Pipes/Checks/HashCheck.php

🧬 Code graph analysis (1)

app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (1)

app/DTO/DiagnosticData.php (1)

• DiagnosticData (13-72)

🔇 Additional comments (5)

app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (5)

1-14: LGTM! Proper license header and imports.

The license header is correctly formatted, and the imports are appropriate. The use of Safe\hash_update_file from the thecodingmachine/safe library ensures proper exception handling.

---

15-50: LGTM! Well-structured handle method with clear separation of concerns.

The implementation correctly:

• Defines comprehensive paths to scan (app, config, database, vendor, etc.)
• Separates project files from vendor files for distinct hashes
• Provides useful diagnostic output with file counts
• Follows the diagnostic pipe pattern

---

52-88: LGTM! Robust file collection with deterministic sorting.

The file collection logic is well-implemented:

• Handles both individual files and directories correctly
• Uses RecursiveDirectoryIterator for efficient traversal
• Deterministic sorting (line 85) ensures stable hash results across runs
• Defensive type checking prevents issues with invalid input

---

100-122: LGTM! Excellent implementation addressing previous concerns.

This implementation successfully resolves the previously flagged issues:

• Algorithm fallback (line 102): Falls back to sha256 if xxh3 is unavailable
• Cross-host determinism (line 107): Normalized relative paths prevent different hashes across installations
• Path inclusion: Including normalized paths in the hash stream prevents collisions from identical file contents

The error handling appropriately marks unreadable files without breaking the diagnostic.

---

124-139: LGTM! Proper path normalization for cross-platform determinism.

The normalization logic correctly:

• Converts absolute paths to base-relative paths using strncmp for efficient prefix matching
• Normalizes directory separators to forward slashes for cross-platform consistency
• Ensures consistent relative path format with leading slash trimming

This addresses the cross-host determinism requirement from the PR objectives.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (2)

25-37: Stability: exclude ephemeral cache artifacts from the scan (bootstrap/cache).

Including bootstrap/cache makes the digest vary with compiled/config caches, reducing utility across environments. Recommend skipping that subdirectory.

-        $paths_to_scan = [
+        $paths_to_scan = [
             app_path(),
-            base_path('bootstrap'),
+            // Note: exclude bootstrap/cache to avoid environment‑specific cache artifacts
+            base_path('bootstrap'),
             config_path(),
             base_path('database/migrations'),
             lang_path(),
             resource_path(),
             public_path('build'),
             base_path('routes'),
             base_path('version.md'),
             base_path('composer.json'),
             base_path('composer.lock'),
         ];

And filter inside collection:

-                foreach ($iterator as $file_info) {
+                foreach ($iterator as $file_info) {
                     if ($file_info instanceof \SplFileInfo && $file_info->isFile()) {
-                        $file_list[] = $file_info->getPathname();
+                        $path = $file_info->getPathname();
+                        $rel  = $this->normalizePath($path);
+                        if (str_starts_with($rel, 'bootstrap/cache/')) {
+                            continue;
+                        }
+                        $file_list[] = $path;
                     }
                 }

---

39-47: Nice separation of core vs vendor hashes.

Good UX to display “files—vendor” and include counts. Consider appending the algo used in details for clarity when fallbacks occur.

app/Actions/Diagnostics/Errors.php (1)

50-50: Pipeline order: consider running HashCheck later to keep diagnostics responsive.

Hashing the entire tree (incl. vendor) can be I/O heavy. Suggest moving HashCheck towards the end or making it opt-in via a feature flag/param to avoid slowing routine diagnostics. The skip-by-shortname mechanism helps, but default order still affects first-run UX.

If you’d like, I can propose a small change to accept a “skip heavy checks” flag and default HashCheck to run only when explicitly requested.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 90cee90 and 5b6b253.

📒 Files selected for processing (2)

• app/Actions/Diagnostics/Errors.php (2 hunks)
• app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.php

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.php: New PHP files must include the project license header and have a single blank line after the opening <?php tag
Use snake_case for PHP variable names
Always call in_array() with true as the third parameter for strict checking
Only booleans should be used as conditions in if statements (avoid integers/strings)
Use strict comparisons (===, !==) instead of loose comparisons (==, !=)
Avoid duplicating logic in both if and else branches; refactor common code
Do not use empty(); use explicit checks instead
Do not use float/double for money; store amounts as integers in the smallest currency unit (e.g., cents)

Files:

• app/Actions/Diagnostics/Pipes/Checks/HashCheck.php
• app/Actions/Diagnostics/Errors.php

{composer.json,**/*.php}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Apply PSR-4: configure autoload in composer.json and ensure PHP namespaces align with directory structure

Files:

• app/Actions/Diagnostics/Pipes/Checks/HashCheck.php
• app/Actions/Diagnostics/Errors.php

🧬 Code graph analysis (2)

app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (1)

app/DTO/DiagnosticData.php (1)

• DiagnosticData (13-72)

app/Actions/Diagnostics/Errors.php (1)

app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (1)

• HashCheck (18-121)

⏰ Context from checks skipped due to timeout of 180000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: 3️⃣ PHP dist / 8.3 - mariadb
• GitHub Check: 3️⃣ PHP dist / 8.3 - postgresql
• GitHub Check: 2️⃣ PHP tests / 8.4 - postgresql -- Install
• GitHub Check: 2️⃣ PHP tests / 8.3 - postgresql -- Feature_v2
• GitHub Check: 2️⃣ PHP tests / 8.3 - postgresql -- Unit
• GitHub Check: 2️⃣ PHP tests / 8.3 - mariadb -- Unit

🔇 Additional comments (2)

app/Actions/Diagnostics/Pipes/Checks/HashCheck.php (1)

1-8: License header and file preamble look good.

Header present and single blank line after opening tag. Naming and namespace align with PSR-4.

app/Actions/Diagnostics/Errors.php (1)

23-23: Import is correct and aligned with namespace.

No issues.

[codecov]

Codecov Report

❌ Patch coverage is 91.22807% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.24%. Comparing base (1811536) to head (3aec82a).
⚠️ Report is 2 commits behind head on master.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.