diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..1fe7cc9 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,37 @@ +# ServerManager — AGENTS.md + +Repo-specific guidance for OpenCode sessions. Verified against code. + +## Stack +- PHP 8.3+, custom MVC (not Laravel), MySQL/MariaDB, phpseclib 3.0, phpdotenv +- Autoload: PSR-4 `ServerManager\` → `src/`; `src/Helpers/functions.php` auto-loaded + +## Entry point +`public/index.php` → `App::boot()` → `App::run()` → `Router::dispatch()` + +## Commands +- `composer install` — install deps (no dev deps in `composer.json`) +- `php bin/generate-key.php` — generate master key at `/etc/servermanager/master.key` +- `php bin/monitor.php` — collect server metrics (runs via cron every minute) +- `sudo bash install.sh` — full Ubuntu 22.04+/24.04+ install (needs sudo) +- `mysql servermanager < database/migrations/001_initial_schema.sql` — db setup + +## Non-obvious conventions +- Route params use `:id` syntax (`/servers/:id`), not `{id}` +- Router supports method spoofing via `_method` POST field +- Session name is `SM_SESSION`; sessions stored server-side in `sessions` table +- View engine: custom PHP templates (`extract()` + `include`), not Twig/Blade +- SSH credentials encrypted with AES-256-CBC; master key at `/etc/servermanager/master.key` +- `.gitignore` line `/ vendor/` has a leading space → does NOT ignore `vendor/` (it's tracked) + +## Security +- Master encryption key required at runtime (`MASTER_ENCRYPTION_KEY` env or `/etc/servermanager/master.key`) +- Every credential access logged at `warning` level in audit trail +- Passwords hashed with Argon2id + +## Testing / CI +- **No tests, no CI, no linter, no formatter, no typechecker** exist in this repo + +## Notable missing files +- `.env.example` does NOT exist (referenced in `composer.json` post-install-cmd but missing from repo) +- No Makefile, Dockerfile, or CI workflows