# ServerManager — AGENTS.md Repo-specific guidance for OpenCode sessions. Verified against code. ## Stack - PHP 8.3+, custom MVC (not Laravel), MySQL/MariaDB, phpseclib 3.0, phpdotenv - Autoload: PSR-4 `ServerManager\` → `src/`; `src/Helpers/functions.php` auto-loaded ## Entry point `public/index.php` → `App::boot()` → `App::run()` → `Router::dispatch()` ## Commands - `composer install` — install deps (no dev deps in `composer.json`) - `php bin/generate-key.php` — generate master key at `/etc/servermanager/master.key` - `php bin/monitor.php` — collect server metrics (runs via cron every minute) - `sudo bash install.sh` — full Ubuntu 22.04+/24.04+ install (needs sudo) - `mysql servermanager < database/migrations/001_initial_schema.sql` — db setup ## Non-obvious conventions - Route params use `:id` syntax (`/servers/:id`), not `{id}` - Router supports method spoofing via `_method` POST field - Session name is `SM_SESSION`; sessions stored server-side in `sessions` table - View engine: custom PHP templates (`extract()` + `include`), not Twig/Blade - SSH credentials encrypted with AES-256-CBC; master key at `/etc/servermanager/master.key` - `.gitignore` line `/ vendor/` has a leading space → does NOT ignore `vendor/` (it's tracked) ## Security - Master encryption key required at runtime (`MASTER_ENCRYPTION_KEY` env or `/etc/servermanager/master.key`) - Every credential access logged at `warning` level in audit trail - Passwords hashed with Argon2id ## Testing / CI - **No tests, no CI, no linter, no formatter, no typechecker** exist in this repo ## Notable missing files - `.env.example` does NOT exist (referenced in `composer.json` post-install-cmd but missing from repo) - No Makefile, Dockerfile, or CI workflows