Mago 1.6.0

This release brings new analyzer checks for class design enforcement, new linter rules for file organization, path-scoped ignore/exclusion support, formatter fixes, and numerous bug fixes across the board.

✨ Features

Analyzer

• class-must-be-final check: New opt-in enforce-class-finality setting that reports classes not declared final, abstract, or annotated with @api/@psalm-api when they have no children (#1054)

  [analyzer]
  enforce-class-finality = true

• missing-api-or-internal check: New opt-in require-api-or-internal setting that requires abstract classes, interfaces, and traits to have @api or @internal annotations, forcing projects to declare extensibility intent (#1055)

  [analyzer]
  require-api-or-internal = true

• Path-scoped ignore entries: The ignore option now supports scoping ignored codes to specific paths (#1037, #1043)

  [analyzer]
  ignore = [
    "mixed-argument",
    { code = "missing-return-type", in = "tests/" },
    { code = "unused-parameter", in = ["tests/", "src/Generated/"] },
  ]

• Literal types for enum properties: Enum name and value properties now return literal types instead of generic string/int, enabling more precise type inference (#1035, #952) by @veewee

• Severity level in code-count format: The code-count reporting format now includes the severity level for each issue code (#987)

Linter

• file-name rule: New rule that enforces file names match the class/interface/enum/trait they contain (#1049)

• single-class-per-file rule: New rule that enforces each file contains at most one class-like declaration

• Per-rule path exclusions: Linter rules now support path-based exclusions, allowing you to disable specific rules for specific directories (#1037)

  [linter.rules]
  no-isset = { excludes = ["src/Legacy/"] }

• no-isset and readable-literal enabled by default: These rules are now enabled out of the box

• Removed deprecated rules: The deprecated constant-type, no-boolean-literal-comparison, parameter-type, property-type, and return-type linter rules have been removed — their functionality has been moved to the analyzer

Formatter

• PER-CS compatibility: inline-empty-function-braces and inline-empty-method-braces now default to true, matching the PER Coding Style specification (#1053)

CLI

• Multiple --only rules: The --only flag now accepts multiple comma-separated rules (#1046)

⚡ Performance

• foldhash replaces ahash: Switched to foldhash for faster hashing across the codebase
• Arc<T> replaces Box<T> in codex: Improves cloning performance for shared metadata

🐛 Bug Fixes

Analyzer

• Switch statement type narrowing: Non-exhaustive switch statements no longer incorrectly narrow variable types, preventing false redundant null-check warnings (#1038)
• Type alias resolution in @var docblocks: Imported type aliases are now correctly expanded in @var docblock annotations (#1029, #1030)
• Type alias resolution in template extends: Imported type aliases are now resolved before being used as template arguments in extends/implements (#1040)
• Template inference for non-generic objects: Non-generic named objects are no longer incorrectly included in template inference, preventing false positives (#1036)
• FORCE_COLOR support: The FORCE_COLOR environment variable is now respected in reporting output (#1042)
• CLI argument parser: Disabled enum variants are no longer shown in CLI argument parser output

Linter

• readable-literal false positive on floats: Fixed the rule triggering on float literals like 123.45 where neither side of the decimal benefits from separators, producing a no-op suggestion

Formatter

• Empty array line break: Fixed incorrect line break added at the end of empty arrays (#1047, #978) by @Zuruuh
• Laravel Pint preset parity: Updated the Pint preset to match actual Laravel Pint formatting behavior (#1052) by @nikspyratos

Prelude (Type Stubs)

• array_walk generics: Added generic templates to array_walk for proper type inference (#1045)
• curl_multi_exec signature: Corrected the signature of curl_multi_exec (#1033)
• setcookie duplicate: Removed duplicate definition for setcookie that only accepted the old syntax (#1032)

Documentation

• Fixed typo on homepage (#1028)

🔒 Security & CI

• GitHub artifact attestations: Build artifacts now include provenance attestations for supply chain security (#948)
• Explicit permissions: GitHub Actions workflows now use explicit permissions
• CD caching: Improved CI/CD pipeline with build caching
• Removed deprecated atty dependency

🏗️ Internal

• Bump time from 0.3.46 to 0.3.47 (#1039) by @dependabot
• Disable incremental build and add memory-debug profile
• Update sponsors list

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @veewee
• @nikspyratos
• @Zuruuh

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

• @bendavies — #1040
• @ddanielou — #1045
• @JnsCas — #1049
• @KorvinSzanto — #1053, #1054, #1055
• @llaville — #987, #1028, #1042, #1043
• @mytskine — #1032, #1033
• @nikspyratos — #1037, #1046
• @scop — #948
• @veewee — #952
• @WalterWoshid — #1029, #1030, #1036, #1038

Full Changelog: 1.5.0...1.6.0