What's new in v0.9.4
v0.9.4 extends framework-aware suggested_fix to PHP. A finding on a Laravel/Eloquent or Symfony/Doctrine service instrumented with the native OpenTelemetry PHP libraries now carries an idiomatic remediation instead of an empty suggestion, and an obfuscated Eloquent or Doctrine N+1 is classified as n_plus_one_sql under the default auto mode, at parity with the JVM, Ruby, and Node stacks. The pipeline stages, the daemon HTTP routes, the OTLP wire protocol, and the configuration format are unchanged. The surface that moves is the framework detection for suggested_fix and the sanitizer-aware N+1 classification for PHP. The minimum supported Rust version stays 1.96.0.
Suggestions: PHP framework detection
suggested_fix now recognizes PHP. A finding is tagged php_laravel_eloquent, php_doctrine, or php_generic, resolved from the native OpenTelemetry PHP instrumentation scopes (io.opentelemetry.contrib.php.laravel, io.opentelemetry.contrib.php.doctrine, io.opentelemetry.contrib.php.pdo), from a \-separated code.namespace such as Illuminate\Database\Eloquent or Doctrine\ORM, or from a .php source path, in that order of confidence. Laravel/Eloquent findings carry with() / load() eager-loading guidance across every anti-pattern, Doctrine findings carry a DQL fetch-join for the SQL patterns, and the PHP generic fallback covers the rest. The framework matcher and the ingest-time namespace derivation learned the PHP \ separator, and a \-separated namespace resolves only to PHP, so it can never be mistaken for a Java repository class.
Detection: sanitizer-aware N+1 parity for PHP
The native OpenTelemetry PHP PDO instrumentation emits the obfuscated SQL template, so a real Eloquent or Doctrine N+1 arrives with empty parameters and, before this release, surfaced as redundant_sql under the default auto mode. The Laravel and Doctrine instrumentation scopes are now recognized as ORM markers, so such a group is classified as n_plus_one_sql under auto, matching the behavior on Hibernate, Active Record, GORM, and the other ORM stacks. dd-trace-php bridged through the Collector datadogreceiver carries no framework signal, a fixed Datadog scope and no code attributes, so those findings fall to the generic tag or stay unenriched, and recovering their N+1 still needs [detection] sanitizer_aware_classification = "strict".
Report: PHP-aware highlighting
The self-contained HTML dashboard highlights PHP $variables in the suggested_fix recommendation snippets, so a Laravel or Doctrine remediation renders cohesively rather than splitting the sigil from the name.
Operator-visible behavior change
On a PHP (Laravel or Doctrine) service under the default auto mode, a sanitized N+1 that previously surfaced as redundant_sql now surfaces as n_plus_one_sql. A consumer that pins finding-type counts for PHP services should re-baseline n_plus_one_sql and redundant_sql. No daemon HTTP route, OTLP wire shape, configuration key, or Prometheus metric is added, removed, or changed, and non-PHP stacks are unaffected.
Why this is a patch and not a minor
The release is additive and backward compatible. PHP framework detection is a new input to suggested_fix, and the PHP ORM markers only sharpen the classification of a group that was already reported. A service on any other language behaves exactly as before. There is no new CLI flag, no configuration change, and no change to any output format, daemon HTTP route, or OTLP wire protocol. The minimum supported Rust version stays 1.96.0.
Validation
The simulation-lab release-gate passed for v0.9.4 (lab commit 9417ce4, 2026-07-01), adding a Laravel/Eloquent service and a Symfony/Doctrine service instrumented with the native OpenTelemetry PHP libraries and asserting the php_laravel_eloquent and php_doctrine framework tags end to end through the daemon. CI covers the build, the full test suite (cargo test --workspace), clippy at -D warnings, cargo fmt, and both the default and --no-default-features builds.
Verifying this release
# Binary integrity via SLSA Build L3 attestation
gh attestation verify perf-sentinel-linux-amd64 \
--owner robintra --repo perf-sentinel
# A periodic disclosure produced by this binary
perf-sentinel verify-hash --report perf-sentinel-report.json \
--expected-identity "https://github.com/robintra/perf-sentinel/.github/workflows/release.yml@refs/tags/v0.9.4" \
--expected-issuer "https://token.actions.githubusercontent.com"gh CLI 2.49 or newer required for gh attestation verify.
Full Changelog: v0.9.3...v0.9.4