phpresilience / ci-guard
Detect resilience anti-patterns in your PHP code before they cause production incidents.
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/phpresilience/ci-guard
Requires
- php: >=8.2
- nikic/php-parser: ^5.6
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.89
- phpstan/phpstan: ^2.1
- phpstan/phpstan-phpunit: ^2.0
- phpunit/phpunit: ^11.5
This package is not auto-updated.
Last update: 2025-10-21 08:16:35 UTC
README
Prevent production incidents before they happen
Static analysis and resilience checks for PHP applications
CI-Guard is a comprehensive static analysis tool designed to identify resilience anti-patterns in your PHP codebase. By catching potential production issues during development and CI/CD, it helps you build more reliable applications and avoid costly incidents.
π― Vision
Every production incident has a signature - a pattern in the code that makes it predictable. CI-Guard's mission is to detect these patterns before code reaches production, transforming reactive incident response into proactive prevention.
Inspired by Reversed Chaos Engineering (RCE) principles, CI-Guard learns from known failure patterns to protect your applications.
π Why CI-Guard?
The Problem:
Production incidents are expensive - in terms of revenue, user trust, and engineering time. Many incidents share common root causes:
- HTTP calls without timeouts β hanging requests, worker pool exhaustion
- Missing circuit breakers β cascading failures
- N+1 queries β database overload under load
- Memory leaks β OOM kills and service crashes
The Solution:
CI-Guard detects these patterns through static analysis, giving you instant feedback in your development workflow and CI pipeline.
Think of it as:
- π‘οΈ A safety net for your deployment pipeline
- π A resilience linter for PHP
- π A learning tool that educates your team on reliability patterns
- π An automated code reviewer focused on production stability
β¨ Current Features
π TimeoutGuard - HTTP Timeout Detection
Detects HTTP calls without proper timeout configuration that can cause:
- Worker pool exhaustion
- Cascading failures
- Application-wide unresponsiveness
Supported HTTP Clients:
- β Guzzle HTTP Client
- β Symfony HttpClient
- π§ cURL (coming soon)
- π§ WordPress HTTP API (coming soon)
Example:
$ vendor/bin/ci-guard ./src
β Found 3 issue(s):
π ./src/Service/PaymentService.php
β οΈ Line 42: Guzzle HTTP request without timeout configuration (Guzzle post)
// Add timeout configuration:
$response = $client->request('POST', $url, [
'timeout' => 10, // Total request timeout
'connect_timeout' => 3, // Connection timeout
]);
π Read full documentation on HTTP Timeouts
πΊοΈ Roadmap
CI-Guard is evolving into a comprehensive resilience analysis platform:
β Phase 1: TimeoutGuard (Current)
- Guzzle detection
- Symfony HttpClient detection
- CLI reporter
- cURL detection
- JSON reporter
- Configurable rules
π Phase 2: CircuitBreakerGuard (Q2 2025)
- Detect missing circuit breaker patterns
- Retry strategy validation
- Fallback behavior checks
- External dependency mapping
π Phase 3: QueryGuard (Q3 2025)
- N+1 query detection (Doctrine)
- N+1 query detection (Eloquent)
- Slow query patterns
- Missing database indexes
π§ Phase 4: MemoryGuard (Q4 2025)
- Memory leak patterns
- Resource exhaustion risks
- Large dataset handling
π― Phase 5: Full Resilience Platform (2026)
- Custom detector plugins
- Baseline comparisons
- Performance regression detection
- GitHub App integration
- ML-powered pattern recognition
π¦ Installation
composer require --dev phpresilience/ci-guard
π Quick Start
Command Line
# Analyze your source directory vendor/bin/ci-guard ./src # Analyze specific files vendor/bin/ci-guard ./src/Service/PaymentService.php
CI Integration
GitHub Actions
name: Resilience Check on: [pull_request] jobs: ci-guard: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.3' - name: Install dependencies run: composer install - name: Run CI-Guard run: vendor/bin/ci-guard ./src
GitLab CI
ci-guard: stage: test script: - composer install - vendor/bin/ci-guard ./src only: - merge_requests
π Documentation
- HTTP Timeout Detection - Comprehensive guide on TimeoutGuard
- Architecture - How CI-Guard works under the hood
- Contributing - How to contribute to the project
π Understanding Resilience Patterns
What are timeout configurations?
Timeouts are critical safeguards that prevent your application from hanging indefinitely when external services are slow or unresponsive.
Without timeout:
// β Dangerous - can hang for minutes $response = $client->post('https://payment-api.com/charge', [ 'json' => ['amount' => 100], ]);
What happens:
- Payment API is experiencing issues (30s response time)
- PHP-FPM worker waits indefinitely
- More requests arrive, more workers get blocked
- Worker pool exhausts (all 50 workers blocked)
- New requests start queueing β Application appears down
- Users see timeouts, revenue is lost
With timeout:
// β Safe - fails fast after 10 seconds $response = $client->post('https://payment-api.com/charge', [ 'json' => ['amount' => 100], 'timeout' => 10, 'connect_timeout' => 3, ]);
What happens:
- Payment API is slow (30s response time)
- Request times out after 10s (configured)
- Worker is released immediately
- Application shows error but stays responsive
- Circuit breaker can kick in (if implemented)
- Users see error message, can retry
Learn more about resilience patterns β
π Real-World Impact
Before CI-Guard:
ββ Incident: Payment API slowdown
ββ Impact: 15 minutes downtime
ββ Lost Revenue: $50,000
ββ Engineering Time: 4 hours debugging + postmortem
After CI-Guard:
ββ Detection: During code review (PR comment)
ββ Impact: None (caught before production)
ββ Lost Revenue: $0
ββ Engineering Time: 5 minutes to add timeout
π€ Contributing
We welcome contributions! Whether you want to:
- π Report bugs
- π‘ Suggest new detectors
- π Improve documentation
- π§ Submit code
Please check our Contributing Guide.
π License
MIT License - see LICENSE file for details.
π Acknowledgments
Built with:
- nikic/php-parser - PHP parsing and analysis
Inspired by:
- Reversed Chaos Engineering (RCE) - Systematic incident analysis
- The PHP reliability and SRE communities
π¬ Stay Updated
- β Star this repo to follow development
- π¦ Follow updates on Twitter @phpresilience (WIP)
- π¬ Join our Discord community (WIP)
Made with β€οΈ for the PHP community
Building more resilient PHP applications, one check at a time.