Skip to content

Fix RestrictImplicitDependencyUsage to analyze per-module dependencies#3

Draft
Copilot wants to merge 4 commits intofix-cifrom
copilot/sub-pr-2
Draft

Fix RestrictImplicitDependencyUsage to analyze per-module dependencies#3
Copilot wants to merge 4 commits intofix-cifrom
copilot/sub-pr-2

Conversation

Copy link

Copilot AI commented Nov 10, 2025
edited
Loading

The RestrictImplicitDependencyUsage rule was reading composer.json from the project root for all files, causing it to use incorrect dependency constraints when analyzing files in subdirectories with their own composer.json.

Changes

  • Module root detection: Added findModuleRoot() to locate the nearest composer.json by walking up from the analyzed file
    • Handles both file paths and directory paths (for test scenarios where scopes are created with directories)
  • Vendor directory fallback: Modules without their own vendor directory now fall back to using the project's vendor/composer/installed.json for checking available packages
  • Per-module caching: Changed from singleton caches to array<string, T> caches keyed by module root path for:
    • composerJsonCache
    • installedJsonCache
    • installedPackagesCache
    • allowedNamespacesCache
  • Context-aware analysis: Set currentModuleRoot from $scope->getFile() before checking dependencies
// Before: Always read from project root
read('composer.json')

// After: Read from module containing the analyzed file
read($moduleRoot . '/composer.json')

// Vendor fallback for modules without vendor directory
$vendorRoot = file_exists($moduleRoot . '/vendor/composer/installed.json') 
    ? $moduleRoot 
    : basepath() ?? getcwd();

This fixes test cases that verify the rule correctly restricts dependencies in modules with different composer.json files, particularly test modules that have their own dependency constraints but share the project's vendor directory.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Nov 10, 2025
Open
@robertvansteen
Fix test failures by making RestrictImplicitDependencyUsage module-aware
b972c9f 
Co-authored-by: robertvansteen <14931924+robertvansteen@users.noreply.github.com>
Copy link
Author

Copilot AI commented Nov 10, 2025

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/azjezz/psl/zipball/15153a64c9824335ce11654522e7d88de762d39e
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/myclabs/DeepCopy/zipball/07d290f0c47959fd5eed98c95ee5602db07e0b6a
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/phar-io/manifest/zipball/54750ef60c58e43759730615a392c31c80e23176
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/phar-io/version/zipball/4f7fd7836c6f332bb2933569e566a0d6c4cbed74
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/php-standard-library/phpstan-extension/zipball/d896f81e1ea4949b494af01f307757054da53681
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/phpstan/extension-installer/zipball/85e90b3942d06b2326fba0403ec24fe912372936
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/phpstan/phpstan/zipball/ead89849d879fe203ce9292c6ef5e7e76f867b96
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/cli-parser/zipball/90f41072d220e5c40df6e8635f5dafba2d9d4d04
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/comparator/zipball/dc904b4bb3ab070865fa4068cd84f3da8b945148
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/complexity/zipball/bad4316aba5303d0221f43f8cee37eb58d384bbb
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/diff/zipball/7ab1ea946c012266ca32390913653d844ecd085f
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/environment/zipball/24a711b5c916efc6d6e62aa65aa2ec98fef77f68
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/exporter/zipball/016951ae10980765e4e7aee491eb288c64e505b7
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/global-state/zipball/ef1377171613d09edd25b7816f05be8313f9115d
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/97ffee3bcfb5805568d6af7f0f893678fc076d2f
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/1effe8e9b8e068e9ae228e542d5d11b5d16db894
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/4bfa827c969c98be1e527abd576533293c634f6a
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/67e8aed88f93d0e6e1cb7effe1a2dfc2fee6022c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/961bc913d42fe24a257bfff826a5068079ac7782
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/php-invoker/zipball/12b54e689b07a25a9b41e57736dfab6ec9ae5406
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/php-text-template/zipball/e1367a453f0eda562eedb4f659e13aa900d66c53
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/php-timer/zipball/f258ce36aa457f3aa3339f9ed4c81fc66dc8c2cc
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a94ea4d26d865875803b23aaf78c3c2c670ea2ea
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/0b01998a7d5b1f122911a66bebcb8d46f0c82d8c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/type/zipball/e549163b9760b8f71f191651d22acf32d56d6d4d
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/version/zipball/3e6ccf7657d4f0a59200564b08cead899313b53c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/staabm/side-effects-detector/zipball/d8334211a140ce329c13726d4a715adbddd0a163
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/1CPfsi /usr/bin/composer install --no-interaction (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/theseer/tokenizer/zipball/737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/C68hU9 /usr/bin/composer install --no-interaction --prefer-dist (http block)
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/H7sDU6 /usr/bin/composer install --no-interaction (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Add coverage driver for code changes Fix RestrictImplicitDependencyUsage to analyze per-module dependencies Nov 10, 2025
Copilot AI requested a review from robertvansteen November 10, 2025 20:04
@robertvansteen
Copy link
Contributor

robertvansteen commented Nov 10, 2025

@copilot the tests are failing, can you fix them?

Copilot AI and others added 2 commits November 10, 2025 21:17
@robertvansteen
Fix vendor directory fallback for modules without their own vendor
dd17c24 
Co-authored-by: robertvansteen <14931924+robertvansteen@users.noreply.github.com>
@robertvansteen
Fix findModuleRoot to handle directory paths correctly
6bb2989 
Co-authored-by: robertvansteen <14931924+robertvansteen@users.noreply.github.com>
Copy link
Author

Copilot AI commented Nov 10, 2025

@copilot the tests are failing, can you fix them?

I've made several fixes in commits dd17c24 and 6bb2989 to address the test failures:

  1. Added vendor directory fallback: Test modules don't have their own vendor directories, so the rule now falls back to the project's vendor when a module doesn't have its own
  2. Fixed directory path handling: The test creates a scope with a directory path, and findModuleRoot now correctly handles both file and directory paths

The latest workflow run (11) requires manual approval. Once approved, the tests should pass as the rule will now:

  • Find the test module's composer.json (which doesn't include PSL)
  • Use the project's vendor to check available packages
  • Correctly report that PSL is not an allowed dependency in the test module context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robertvansteen robertvansteen Awaiting requested review from robertvansteen

Assignees

@robertvansteen robertvansteen

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robertvansteen