feat: add composer support

chore: wip

chore: wip

chore: wip

Author: chrisbbreuer

.github/workflows/buddy-update.yml

@@ -56,12 +56,39 @@ jobs:
         with:
           bun-version: latest
 
+      - name: Setup PHP and Composer
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          tools: composer
+          coverage: none
+
       - name: Install dependencies
         run: bun install
 
+      - name: Install Composer dependencies
+        run: composer install --no-dev --prefer-dist --optimize-autoloader
+
       - name: Build buddy-bot
         run: bun run build
 
+      - name: Verify Composer setup
+        run: |
+          echo "🔍 Verifying Composer and PHP setup..."
+          php --version
+          composer --version
+          echo ""
+          echo "📦 Checking composer.json..."
+          if [ -f "composer.json" ]; then
+            echo "✅ composer.json found"
+            composer validate --no-check-all --strict
+            echo ""
+            echo "📋 Composer packages in composer.json:"
+            cat composer.json | jq -r '.require, ."require-dev" | to_entries[] | "\(.key): \(.value)"' 2>/dev/null || echo "Unable to parse with jq, showing raw content:"
+          else
+            echo "❌ composer.json not found"
+          fi
+
       - name: Display test configuration
         run: |
           echo "🧪 **Buddy Bot Testing Mode**"

README.md

@@ -18,7 +18,7 @@ A modern, fast alternative to Dependabot and Renovate built for the JavaScript a
 
 - 🚀 **Lightning Fast**: Built with Bun & performance in mind
 - 🎯 **Smart Updates**: Configurable update strategies _(major, minor, patch, all)_
-- 📦 **Multi-Package Manager**: Supports Bun, npm, yarn, pnpm, pkgx, and Launchpad dependency files
+- 📦 **Multi-Package Manager**: Supports Bun, npm, yarn, pnpm, Composer, pkgx, and Launchpad dependency files
 - ⚡ **GitHub Actions**: Automatically updates workflow dependencies (`actions/checkout@v4`, etc.)
 - 📊 **Dependency Dashboard**: Single GitHub issue with overview of all dependencies and open PRs
 - 🔄 **Rebase Functionality**: Interactive checkbox to update PRs with latest dependency versions
@@ -561,6 +561,8 @@ Buddy automatically detects and updates the following dependency file formats:
 
 #### Package Dependencies
 - **package.json** - Traditional npm dependencies
+- **composer.json** - PHP dependencies from Packagist
+- **composer.lock** - PHP lock file with exact versions
 - **deps.yaml** / **deps.yml** - Launchpad/pkgx dependency declarations
 - **dependencies.yaml** / **dependencies.yml** - Alternative dependency file format
 - **pkgx.yaml** / **pkgx.yml** - pkgx-specific dependency files
@@ -584,15 +586,24 @@ Full table with confidence badges, age, adoption metrics, and weekly download st
 | lodash  | ^4.17.20 → ^4.17.21 | 📅 | 📈 | ✅ | 🔒 |
 ```
 
-#### 2. Launchpad/pkgx Dependencies
+#### 2. PHP/Composer Dependencies
+Focused table for PHP packages from Packagist:
+```
+| Package | Change | File | Status |
+|---------|--------|------|--------|
+| laravel/framework | ^10.0.0 → ^10.16.0 | composer.json | ✅ Available |
+| phpunit/phpunit | ^10.0.0 → ^10.3.0 | composer.json | ✅ Available |
+```
+
+#### 3. Launchpad/pkgx Dependencies
 Simplified table focusing on package updates and file locations:
 ```
 | Package | Change | File | Status |
 |---------|--------|------|--------|
 | bun.com | ^1.2.16 → ^1.2.19 | deps.yaml | ✅ Available |
 ```
 
-#### 3. GitHub Actions
+#### 4. GitHub Actions
 Workflow automation updates with direct links to repositories:
 ```
 | Action | Change | File | Status |
@@ -749,7 +760,7 @@ This PR was generated by [Buddy](https://github.com/stacksjs/buddy-bot).
 | Feature | Buddy | Dependabot | Renovate |
 |---------|-------|------------|----------|
 | **Speed** | ⚡ Bun-native | 🐌 Slower | 🐌 Slower |
-| **Package Managers** | Bun, npm, yarn, pnpm, pkgx, Launchpad | Limited | Limited |
+| **Package Managers** | Bun, npm, yarn, pnpm, Composer, pkgx, Launchpad | Limited | Limited |
 | **Configuration** | TypeScript, YAML, JSON/JS, package.json | YAML | JSON/JS |
 | **Grouping** | ✅ Flexible | ✅ Basic | ✅ Advanced |
 | **Zero Config** | ✅ Yes | ✅ Yes | ❌ Complex |

bin/cli.ts

@@ -37,6 +37,8 @@ cli.usage(`[command] [options]
 
 🤖 Buddy Bot - Your companion dependency manager
 
+Supports npm, Bun, yarn, pnpm, Composer, pkgx, Launchpad, and GitHub Actions
+
 DEPENDENCY MANAGEMENT:
   setup         🚀 Interactive setup for automated updates (recommended)
   scan          🔍 Scan for dependency updates
@@ -61,11 +63,12 @@ CONFIGURATION & SETUP:
 
 Examples:
   buddy-bot setup                      # Interactive setup
-  buddy-bot scan --verbose             # Scan for updates
+  buddy-bot scan --verbose             # Scan for updates (npm + Composer)
   buddy-bot dashboard --pin            # Create pinned dashboard
   buddy-bot rebase 17                  # Rebase PR #17
   buddy-bot update-check               # Auto-rebase checked PRs
-  buddy-bot info react                 # Get package info
+  buddy-bot info laravel/framework     # Get Composer package info
+  buddy-bot info react                 # Get npm package info
   buddy-bot versions react --latest 5  # Show recent versions
   buddy-bot search "test framework"    # Search packages
   buddy-bot open-settings              # Open GitHub settings`)
@@ -430,7 +433,7 @@ cli
   .option('--ignore <names>', 'Comma-separated list of packages to ignore')
   .example('buddy-bot scan')
   .example('buddy-bot scan --verbose')
-  .example('buddy-bot scan --packages "react,typescript"')
+  .example('buddy-bot scan --packages "react,typescript,laravel/framework"')
   .example('buddy-bot scan --pattern "@types/*"')
   .example('buddy-bot scan --strategy minor')
   .action(async (options: CLIOptions) => {

composer.json

@@ -0,0 +1,53 @@
+{
+  "name": "buddy-bot/demo",
+  "description": "Demo PHP project for testing Buddy Bot Composer support",
+  "type": "project",
+  "license": "MIT",
+  "authors": [
+    {
+      "name": "Buddy Bot",
+      "email": "[email protected]"
+    }
+  ],
+  "require": {
+    "php": "^8.1",
+    "laravel/framework": "^10.0",
+    "guzzlehttp/guzzle": "^7.0",
+    "symfony/console": "^6.0",
+    "monolog/monolog": "^3.0",
+    "doctrine/dbal": "^3.0"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "^10.0",
+    "mockery/mockery": "^1.5",
+    "fakerphp/faker": "^1.20",
+    "laravel/pint": "^1.0",
+    "nunomaduro/collision": "^7.0"
+  },
+  "autoload": {
+    "psr-4": {
+      "App\\": "src/"
+    }
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "Tests\\": "tests/"
+    }
+  },
+  "scripts": {
+    "test": "phpunit",
+    "test-coverage": "phpunit --coverage-html coverage",
+    "pint": "pint",
+    "pint-test": "pint --test"
+  },
+  "config": {
+    "optimize-autoloader": true,
+    "preferred-install": "dist",
+    "sort-packages": true,
+    "allow-plugins": {
+      "pestphp/pest-plugin": true
+    }
+  },
+  "minimum-stability": "stable",
+  "prefer-stable": true
+}

docs/config.md

@@ -329,14 +329,19 @@ buddy-bot update
 
 ## Supported Dependency Types
 
-Buddy provides comprehensive dependency management across three categories:
+Buddy provides comprehensive dependency management across four categories:
 
 ### Package Dependencies
 
 #### npm Ecosystem
 - **package.json** - Traditional npm, Bun, yarn, pnpm dependencies
 - Managed via `bun outdated` for accurate version detection
 
+#### PHP/Composer Ecosystem
+- **composer.json** - PHP dependencies from Packagist
+- **composer.lock** - Lock file with exact versions
+- Managed via `composer outdated` and Packagist API integration
+
 #### pkgx/Launchpad Ecosystem
 - **deps.yaml** / **deps.yml** - Launchpad/pkgx dependency declarations
 - **dependencies.yaml** / **dependencies.yml** - Alternative format
@@ -370,11 +375,20 @@ steps:
 
 ### Configuration Examples
 
-#### Ignore Specific Actions
+#### Ignore Specific Packages
 ```typescript
 const config: BuddyBotConfig = {
   packages: {
     ignore: [
+      // npm packages
+      'react', // Keep React version stable
+      '@types/node', // Manual Node.js type updates
+
+      // Composer packages
+      'laravel/framework', // Skip Laravel updates
+      'php', // Platform requirement (auto-skipped)
+
+      // GitHub Actions
       'actions/checkout', // Skip action updates
       'oven-sh/setup-bun', // Keep specific version
     ],

docs/features/package-management.md

@@ -14,6 +14,7 @@ Buddy works with multiple package managers and dependency file formats:
 - **npm** - Full compatibility with npm ecosystem
 - **yarn** - Classic and Berry versions
 - **pnpm** - Efficient disk usage and fast installs
+- **Composer** - PHP dependency manager with Packagist registry
 - **pkgx** - Cross-platform package manager with YAML dependency files
 - **Launchpad** - Fast package manager using pkgx registry format
 - **GitHub Actions** - Workflow dependency automation
@@ -23,6 +24,40 @@ Buddy works with multiple package managers and dependency file formats:
 Buddy automatically detects and updates various dependency file formats:
 
 #### Package Dependencies
+
+##### npm Ecosystem
+```json
+# package.json - Traditional npm, Bun, yarn, pnpm dependencies
+{
+  "dependencies": {
+    "react": "^18.0.0",
+    "typescript": "^5.0.0"
+  },
+  "devDependencies": {
+    "eslint": "^8.0.0",
+    "@types/node": "^20.0.0"
+  }
+}
+```
+
+##### PHP/Composer Ecosystem
+```json
+# composer.json - PHP dependencies from Packagist
+{
+  "name": "vendor/project",
+  "require": {
+    "php": "^8.1",
+    "laravel/framework": "^10.0",
+    "guzzlehttp/guzzle": "^7.0"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "^10.0",
+    "mockery/mockery": "^1.5"
+  }
+}
+```
+
+##### pkgx/Launchpad Ecosystem
 ```yaml
 # deps.yaml / deps.yml - pkgx and Launchpad
 dependencies:
@@ -162,6 +197,97 @@ const registryIntegration = {
 }
 ```
 
+## PHP/Composer Support
+
+Buddy provides comprehensive support for PHP projects using Composer, integrating with Packagist to manage PHP dependencies.
+
+### Automatic Detection
+
+Buddy automatically detects Composer projects by scanning for:
+
+- **composer.json** - Main dependency configuration
+- **composer.lock** - Lock file with exact versions
+
+```bash
+# Buddy automatically scans for PHP dependencies
+my-project/
+├── composer.json          # ✅ PHP dependencies
+├── composer.lock          # ✅ Lock file versions
+├── vendor/                # Generated by Composer
+├── app/
+│   └── composer.json      # ✅ Sub-project dependencies
+└── packages/
+    ├── core/
+    │   └── composer.json  # ✅ Package dependencies
+    └── api/
+        └── composer.json  # ✅ API dependencies
+```
+
+### Packagist Integration
+
+All Composer packages are resolved through Packagist, providing access to:
+
+- **PHP packages** - Framework, libraries, and tools
+- **Version management** - Semantic versioning with constraint resolution
+- **Package metadata** - Descriptions, licenses, and repository links
+- **Release information** - Changelogs and release notes from GitHub
+
+### Composer Commands
+
+Buddy uses native Composer commands for maximum compatibility:
+
+```bash
+# Check for outdated packages
+composer outdated --format=json --direct
+
+# Validate package existence
+composer info laravel/framework
+
+# Update constraints (handled by Buddy)
+composer require laravel/framework:^10.16
+```
+
+### Version Constraints
+
+Buddy preserves and respects Composer version constraints:
+
+```json
+{
+  "require": {
+    "laravel/framework": "^10.0",     // Caret constraint
+    "symfony/console": "~6.0",        // Tilde constraint
+    "doctrine/orm": "2.*",            // Wildcard constraint
+    "monolog/monolog": ">=2.0,<3.0"   // Range constraint
+  }
+}
+```
+
+When updating packages, Buddy maintains the original constraint format while updating to the latest compatible version.
+
+### Dependency Types
+
+Buddy handles all Composer dependency types:
+
+- **require** - Production dependencies
+- **require-dev** - Development dependencies
+- **suggest** - Suggested packages (informational only)
+- **conflict** - Conflicting packages (validation)
+- **replace** - Replaced packages (validation)
+
+### PHP Platform Requirements
+
+Platform requirements are automatically excluded from updates:
+
+```json
+{
+  "require": {
+    "php": "^8.1",              // ❌ Skipped (platform)
+    "ext-json": "*",             // ❌ Skipped (extension)
+    "laravel/framework": "^10.0" // ✅ Updated
+  }
+}
+```
+
 ## Package Filtering
 
 Control which packages are managed by buddy.

docs/usage.md

@@ -106,10 +106,12 @@ buddy-bot --version
 
 ## Supported File Types
 
-Buddy automatically detects and updates dependencies across three categories:
+Buddy automatically detects and updates dependencies across four categories:
 
 ### Package Dependencies
 - **package.json** - npm, Bun, yarn, pnpm dependencies
+- **composer.json** - PHP dependencies from Packagist
+- **composer.lock** - PHP lock file with exact versions
 - **deps.yaml** / **deps.yml** - Launchpad/pkgx dependency declarations
 - **dependencies.yaml** / **dependencies.yml** - Alternative dependency format
 - **pkgx.yaml** / **pkgx.yml** - pkgx-specific dependency files
@@ -131,6 +133,7 @@ steps:
 
 ### Update Sources
 - **npm packages**: Uses `bun outdated` for accurate detection
+- **Composer packages**: Uses `composer outdated` and Packagist API
 - **pkgx/Launchpad packages**: Uses `ts-pkgx` library integration
 - **GitHub Actions**: Fetches latest releases via GitHub API