[#2096] Updated to use cweagans/composer-patches v2.

[AlexSkrypnyk]

Closes #2096

Summary by CodeRabbit

• Documentation

  • Centralized fixture update workflow to a single unified command with step-by-step guidance, warnings against manual legacy usage, and an alternative manual-update section; expanded composer patching docs with explanation of patches.lock.json and new patch management commands.

• Chores

  • Upgraded patching tooling to v2 and aligned related tooling/dependency versions; removed legacy patch-failure flag.

• Misc

  • Added spellcheck vocabulary entry and new patches.lock.json lockfiles.

[coderabbitai]

Walkthrough

Upgrades composer-patches to v2, adds patches.lock.json files, removes the composer-exit-on-patch-failure flag, centralizes fixture updates under ahoy update-fixtures, and updates docs and composer manifests across .vortex, installer, and tests to reflect the v2 patching workflow.

Changes

Cohort / File(s)	Summary
Top-level composer composer.json	Bumped cweagans/composer-patches → ^2.0, removed extra.composer-exit-on-patch-failure.
Installer composer & lock ​.vortex/installer/composer.json, ​.vortex/installer/patches.lock.json	Bumped many deps (symfony, composer/composer, phpunit, etc.), switched composer-patches → ^2, removed old extra flag, added patches.lock.json (hash + empty patches).
Tests composer & lock ​.vortex/tests/composer.json, ​.vortex/tests/patches.lock.json	Added license, enabled cweagans/composer-patches v2, added config.allow-plugins entry, bumped dev deps, added patches.lock.json.
Patching docs & CLAUDE CLAUDE.md, ​.vortex/CLAUDE.md	Rewrote patching guidance for composer-patches v2 (git-based patches, patches.lock.json, patches-relock/patches-repatch) and replaced UPDATE_FIXTURES=1 instructions with ahoy update-fixtures.
Workflow & composer docs ​.vortex/docs/content/drupal/composer.mdx, ​.vortex/docs/content/workflows/development.mdx	Removed old asset-packagist refs, expanded v2 patching workflow, added patches.lock.json explanation and stepwise add/remove patch procedures.
Misc docs/config ​.vortex/docs/cspell.json	Added "drupalcode" to cspell words list.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Developer
  participant Ahoy as "ahoy CLI"
  participant Repo as "Repository"
  participant Fixtures as "tests/ & installer/fixtures"
  Note over Ahoy,Fixtures: Unified fixture update flow
  Developer->>Ahoy: run `ahoy update-fixtures`
  Ahoy->>Repo: ensure baseline fixtures committed
  Ahoy->>Fixtures: update baseline and scenario fixtures
  Fixtures-->>Ahoy: produce diffs
  Ahoy->>Fixtures: run validation tests
  alt diffs found
    Ahoy->>Developer: present diffs for review
  else no diffs
    Ahoy->>Developer: report no changes
  end

Loading

sequenceDiagram
  autonumber
  actor Maintainer
  participant Composer as "composer"
  participant Patches as "composer-patches v2"
  participant Repo as "Repository"
  Note over Patches,Repo: composer-patches v2 lifecycle
  Maintainer->>Composer: add patch to `extra.patches` & run `composer patches-relock`
  Composer->>Patches: generate `patches.lock.json` (hash + metadata)
  Patches->>Repo: write `patches/` and `patches.lock.json`
  Maintainer->>Composer: `composer install` / `composer patches-repatch`
  Composer->>Repo: apply patches and update `composer.lock`
  Maintainer->>Repo: commit `patches.lock.json`, `patches/`, and `composer.lock`

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify documentation commands/examples for composer-patches v2 and ahoy update-fixtures.
• Confirm dependency version alignment across composer.json, .vortex/installer/composer.json, and .vortex/tests/composer.json.
• Check patches.lock.json files for intended content/format and that empty patches arrays are intentional.
• Review all replaced occurrences of UPDATE_FIXTURES=1 to ensure no missed references.

Possibly related issues

• Dependency Dashboard #1376 — Migrates project to composer-patches v2 and adds patches.lock.json; objectives overlap with dependency and lockfile changes in this PR.

Possibly related PRs

• Added AI instructions to both work with Vortex in a consumer site and maintain Vortex. #1676 — Edits fixture-update workflow and .vortex/CLAUDE.md; strongly related to the ahoy update-fixtures documentation changes.
• Several updates to configs and AI instructions. #2038 — Related changes to patching workflow and composer-patches v2 guidance in docs and manifests.
• Updated AI instructions. #1978 — Overlaps on fixture/patching workflow edits and composer/lockfile updates.

Poem

🐰 I hopped through patches, neat and spry,

Locked the diffs and gave a cry.
Ahoy called once — all fixtures mend,
I chewed the docs and tied the end. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: updating the project to use cweagans/composer-patches v2, which is the primary objective of this PR.
Linked Issues check	✅ Passed	The PR fully implements the linked issue #2096 objectives: upgraded cweagans/composer-patches from v1.7.3 to v2.0 in root composer.json and .vortex/installer/composer.json, comprehensive documentation updates across multiple files, and added patches.lock.json files as required by v2.
Out of Scope Changes check	✅ Passed	All changes are in-scope: updates to cweagans/composer-patches v2, related documentation, dependency updates to compatible versions, and supporting infrastructure changes align with the #2096 objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/2096-composer-patches-v2

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c0a16a3 and 29adafa.

⛔ Files ignored due to path filters (19)

• .vortex/installer/composer.lock is excluded by !**/*.lock
• .vortex/installer/tests/Fixtures/install/_baseline/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/ai_instructions_claude/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/ciprovider_gha/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/db_download_source_container_registry/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_acquia/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_acquia/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_lagoon/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_project_name___acquia/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/provision_database_lagoon/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/provision_profile/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/services_no_clamav/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/services_no_redis/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/services_no_solr/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/starter_drupal_cms_profile/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/version_replacement/baseline/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/version_replacement/expected/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/tests/composer.lock is excluded by !**/*.lock

📒 Files selected for processing (10)

• .vortex/CLAUDE.md (6 hunks)
• .vortex/docs/content/drupal/composer.mdx (2 hunks)
• .vortex/docs/content/workflows/development.mdx (1 hunks)
• .vortex/docs/cspell.json (1 hunks)
• .vortex/installer/composer.json (1 hunks)
• .vortex/installer/patches.lock.json (1 hunks)
• .vortex/tests/composer.json (3 hunks)
• .vortex/tests/patches.lock.json (1 hunks)
• CLAUDE.md (2 hunks)
• composer.json (1 hunks)

🧰 Additional context used

🧠 Learnings (6)

📚 Learning: 2025-05-29T12:15:32.188Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 0
File: :0-0
Timestamp: 2025-05-29T12:15:32.188Z
Learning: Do not review files in `.vortex/installer/tests/Fixtures/install` directory as they are test fixtures.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-06-02T00:41:36.321Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1697
File: .vortex/installer/tests/Fixtures/install/provision_database_lagoon/docs/onboarding.md:16-17
Timestamp: 2025-06-02T00:41:36.321Z
Learning: DO NOT EVER REVIEW FILES IN .vortex/installer/tests/Fixtures/ directory - these are test fixtures and should not be reviewed under any circumstances.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-08-08T12:02:24.652Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1896
File: .vortex/tests/bats/unit/download-db-lagoon.bats:24-25
Timestamp: 2025-08-08T12:02:24.652Z
Learning: In .vortex/tests/bats/unit Bats tests using ../_helper.bash (run_steps), prefixing a STEPS entry with "- " denotes a negative assertion (the substring must NOT appear in output). Unprefixed entries are positive assertions. Example: "- Database dump refresh requested. Will create a new dump." asserts absence; "Database dump refresh requested. Will create a new dump." asserts presence.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-06-01T08:08:59.071Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1693
File: .vortex/installer/tests/Fixtures/install/deploy_type_none_gha/.github/workflows/build-test-deploy.yml:1-4
Timestamp: 2025-06-01T08:08:59.071Z
Learning: Test fixture files (typically located in directories containing "fixture" or "test") should not be reviewed for code quality issues as they may intentionally contain incomplete, invalid, or malformed data for testing purposes.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-09-13T04:14:41.765Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 2011
File: .vortex/tests/phpunit/Traits/Steps/StepAhoyTrait.php:20-23
Timestamp: 2025-09-13T04:14:41.765Z
Learning: In .vortex/tests/phpunit PHPUnit tests using cmd/cmdFail helpers, patterns in the expected output arrays support '*' markers for positive assertions (text must be present) and '!' markers for negative assertions (text must NOT be present). The '*' markers are NOT literal text matches but rather indicate expected presence.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-06-01T08:09:18.993Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1693
File: .vortex/installer/tests/Fixtures/install/hosting_acquia/docs/deployment.md:6-8
Timestamp: 2025-06-01T08:09:18.993Z
Learning: Do not review files in test fixture directories (e.g., files under paths containing `/tests/Fixtures/` or similar test fixture patterns). These files are used for testing purposes and should remain as-is.

Applied to files:

• .vortex/CLAUDE.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: build (0)
• GitHub Check: build (1)
• GitHub Check: vortex-test-installer (8.4)
• GitHub Check: vortex-test-workflow (1)
• GitHub Check: vortex-test-installer (8.3)
• GitHub Check: vortex-test-workflow (4)
• GitHub Check: vortex-test-workflow (0)
• GitHub Check: vortex-test-workflow (2)
• GitHub Check: vortex-test-workflow (3)
• GitHub Check: vortex-test-common
• GitHub Check: vortex-test-docs

🔇 Additional comments (14)

composer.json (1)

9-9: Version upgrade looks good.

The update from ^1.7.3 to ^2.0 is correct, and the cweagans/composer-patches plugin is already whitelisted in config.allow-plugins (line 77). Per the AI summary, removal of the legacy composer-exit-on-patch-failure flag aligns with v2 workflow changes.

.vortex/tests/composer.json (1)

4-4: Test composer manifest updates align with v2 migration.

Addition of license metadata, enablement of cweagans/composer-patches in both require and allow-plugins, and dependency version bumps are all appropriate. These changes position the test environment to work with v2 patches workflow.

Also applies to: 14-14, 40-40

.vortex/installer/composer.json (1)

24-24: Installer correctly configured for v2 patches workflow.

Update of cweagans/composer-patches to ^2 and whitelisting in allow-plugins are correct. Dependency version bumps across the board appear systematic and aligned with the broader upgrade strategy.

Also applies to: 74-74

.vortex/CLAUDE.md (2)

333-352: New unified fixture update command well-documented.

The documentation clearly establishes ahoy update-fixtures as the preferred method for updating test fixtures across both installer and tests directories. The distinction between recommended and advanced approaches is clear, with appropriate warnings against manual update patterns.

However, verify that this ahoy update-fixtures command is actually implemented and functional in the .vortex/ Ahoy configuration.

---

735-742: Fixture update guidance consistent across document.

Documentation at lines 421, 735-742, and 796-802 consistently reinforces the unified ahoy update-fixtures command pattern. This coherence helps prevent developer confusion about fixture maintenance workflows.

.vortex/docs/cspell.json (1)

31-31: Spellcheck dictionary update appropriate.

Addition of "drupalcode" to the words list is correctly placed alphabetically between "drevops" and "drush". This allows documentation using "drupalcode" terminology to pass spellcheck validation.

.vortex/docs/content/drupal/composer.mdx (2)

98-104: V2 patches documentation accurately updated.

Description of cweagans/composer-patches now correctly emphasizes git-based patching, SHA-256 checksums, and the patches.lock.json lock file as key v2 features. Reference to the "Patching" section for additional guidance provides good cross-linking.

Verify that the referenced "Patching" section in the development workflows documentation exists and comprehensively covers the v2 workflow.

---

263-267: Patches.lock.json documentation appropriately detailed.

The new section explains that patches.lock.json is automatically generated by v2, contains patch metadata and checksums, and must be committed like composer.lock. This accurately conveys the reproducibility and integrity benefits of the v2 approach.

.vortex/installer/patches.lock.json (1)

1-4: No issues found. Identical hashes are expected.

Both .vortex/installer/composer.json and .vortex/tests/composer.json have no patch definitions (no "extra.patches" key). Per the v2 format documentation, the "_hash" is a deterministic SHA-256 collection hash based on patch definitions. Identical patch definitions—in this case, no patches—correctly produce identical hashes. This is the expected behavior.

CLAUDE.md (3)

384-411: Clear and comprehensive v2 feature introduction. The explanation of patches.lock.json, its contents (metadata and SHA-256 checksums), and why it must be committed to version control is well-structured and accurate.

---

413-438: Clear prerequisites and storage guidance. The section properly emphasizes Git as a requirement for v2, and the JSON example clearly demonstrates both local and external patch patterns.

---

529-551: Well-structured v2 integration workflow. The sequence of commands (patches-relock → patches-repatch → composer update --lock) is correct, and the commit instruction properly includes all modified files including patches.lock.json.

Verify the exact command syntax for patches-relock and patches-repatch matches the official cweagans/composer-patches v2.x documentation to ensure commands are executable as written.

.vortex/docs/content/workflows/development.mdx (2)

218-243: Good documentation of v2 introduction and patches.lock.json benefits. The tip block with link to official Composer Patches documentation is a helpful addition, and the explanation of checksums and reproducible builds is clear.

---

280-306: Well-structured patch removal workflow. The step-by-step guide mirrors the add workflow and properly documents the manual deletion step for affected dependencies, making the process clear and reversible.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.16%. Comparing base (a34110d) to head (29adafa).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #2099   +/-   ##
========================================
  Coverage    68.16%   68.16%           
========================================
  Files           96       96           
  Lines         4749     4749           
  Branches        44       44           
========================================
  Hits          3237     3237           
  Misses        1512     1512           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6292f13 and 6c0dd32.

⛔ Files ignored due to path filters (19)

• .vortex/installer/composer.lock is excluded by !**/*.lock
• .vortex/installer/tests/Fixtures/install/_baseline/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/ai_instructions_claude/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/ciprovider_circleci/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/ciprovider_gha/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/db_download_source_container_registry/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_acquia/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_acquia/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_lagoon/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/hosting_project_name___acquia/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/provision_database_lagoon/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/provision_profile/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/services_no_clamav/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/services_no_redis/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/services_no_solr/CLAUDE.md is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/install/starter_drupal_cms_profile/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/version_replacement/baseline/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/version_replacement/expected/composer.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/tests/composer.lock is excluded by !**/*.lock

📒 Files selected for processing (10)

• .vortex/CLAUDE.md (6 hunks)
• .vortex/docs/content/drupal/composer.mdx (2 hunks)
• .vortex/docs/content/workflows/development.mdx (1 hunks)
• .vortex/docs/cspell.json (1 hunks)
• .vortex/installer/composer.json (1 hunks)
• .vortex/installer/patches.lock.json (1 hunks)
• .vortex/tests/composer.json (3 hunks)
• .vortex/tests/patches.lock.json (1 hunks)
• CLAUDE.md (2 hunks)
• composer.json (1 hunks)

🧰 Additional context used

🧠 Learnings (6)

📚 Learning: 2025-05-29T12:15:32.188Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 0
File: :0-0
Timestamp: 2025-05-29T12:15:32.188Z
Learning: Do not review files in `.vortex/installer/tests/Fixtures/install` directory as they are test fixtures.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-06-02T00:41:36.321Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1697
File: .vortex/installer/tests/Fixtures/install/provision_database_lagoon/docs/onboarding.md:16-17
Timestamp: 2025-06-02T00:41:36.321Z
Learning: DO NOT EVER REVIEW FILES IN .vortex/installer/tests/Fixtures/ directory - these are test fixtures and should not be reviewed under any circumstances.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-08-08T12:02:24.652Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1896
File: .vortex/tests/bats/unit/download-db-lagoon.bats:24-25
Timestamp: 2025-08-08T12:02:24.652Z
Learning: In .vortex/tests/bats/unit Bats tests using ../_helper.bash (run_steps), prefixing a STEPS entry with "- " denotes a negative assertion (the substring must NOT appear in output). Unprefixed entries are positive assertions. Example: "- Database dump refresh requested. Will create a new dump." asserts absence; "Database dump refresh requested. Will create a new dump." asserts presence.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-06-01T08:08:59.071Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1693
File: .vortex/installer/tests/Fixtures/install/deploy_type_none_gha/.github/workflows/build-test-deploy.yml:1-4
Timestamp: 2025-06-01T08:08:59.071Z
Learning: Test fixture files (typically located in directories containing "fixture" or "test") should not be reviewed for code quality issues as they may intentionally contain incomplete, invalid, or malformed data for testing purposes.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-09-13T04:14:41.765Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 2011
File: .vortex/tests/phpunit/Traits/Steps/StepAhoyTrait.php:20-23
Timestamp: 2025-09-13T04:14:41.765Z
Learning: In .vortex/tests/phpunit PHPUnit tests using cmd/cmdFail helpers, patterns in the expected output arrays support '*' markers for positive assertions (text must be present) and '!' markers for negative assertions (text must NOT be present). The '*' markers are NOT literal text matches but rather indicate expected presence.

Applied to files:

• .vortex/CLAUDE.md

📚 Learning: 2025-06-01T08:09:18.993Z

Learnt from: AlexSkrypnyk
Repo: drevops/vortex PR: 1693
File: .vortex/installer/tests/Fixtures/install/hosting_acquia/docs/deployment.md:6-8
Timestamp: 2025-06-01T08:09:18.993Z
Learning: Do not review files in test fixture directories (e.g., files under paths containing `/tests/Fixtures/` or similar test fixture patterns). These files are used for testing purposes and should remain as-is.

Applied to files:

• .vortex/CLAUDE.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: build (1)
• GitHub Check: build (0)
• GitHub Check: vortex-test-workflow (0)
• GitHub Check: vortex-test-workflow (4)
• GitHub Check: vortex-test-workflow (2)
• GitHub Check: vortex-test-workflow (1)
• GitHub Check: vortex-test-workflow (3)
• GitHub Check: vortex-test-common
• GitHub Check: vortex-test-installer (8.4)
• GitHub Check: vortex-test-installer (8.3)
• GitHub Check: vortex-test-docs

🔇 Additional comments (14)

.vortex/docs/cspell.json (1)

31-31: Minor spelling dictionary addition—approved.

Adding "drupalcode" to the spellcheck dictionary is appropriate for documentation of a Drupal project template. Word placement maintains alphabetical order.

composer.json (1)

9-9: Composer-patches version bump to v2.0—verified.

The new commands composer patches-relock and composer patches-repatch are confirmed as valid v2 commands. The patches.lock.json will be automatically created on first run and should be committed to version control alongside composer.json and composer.lock.

The removal of extra.composer-exit-on-patch-failure is appropriate since v2 automatically enforces patch application failures.

CLAUDE.md (1)

382-551: Comprehensive v2 patching documentation—verified accurate.

The documentation correctly states that patches.lock.json should be committed to version control alongside composer.json and composer.lock. The workflow in Step 7 (lines 531-551) aligns with official v2 recommended workflows: define patch → run composer patches-relock → run composer patches-repatch → update composer.lock → commit changes.

The emphasis on git-based patching, reproducible builds, and checksums reflects v2's core improvements over v1.

.vortex/tests/composer.json (1)

4-4: Test harness correctly updated for composer-patches v2.

The test harness now:

• Adds cweagans/composer-patches: ^2 to production requirements (line 14)
• Enables the plugin in allow-plugins (line 40)
• Updates supporting dev dependencies to compatible versions
• Adds GPL-2.0-or-later license metadata

These changes align with the root and installer composer.json updates and ensure the test environment supports v2 patching.

Also applies to: 14-14, 19-28, 40-40

.vortex/CLAUDE.md (1)

333-352: Fixture update workflow properly centralized.

The documentation correctly establishes ahoy update-fixtures as the standard, unified approach for updating all fixtures (template and installer), with appropriate guidance on what the command does and why manual UPDATE_FIXTURES=1 commands should be avoided. The alternative manual approach (lines 355–364) provides an escape hatch for advanced debugging scenarios.

.vortex/installer/composer.json (1)

20-31: Installer dependencies properly updated for v2.

Core update: cweagans/composer-patches bumped from ^1.7 to ^2, enabling the new patches-relock and patches-repatch commands. The removal of extra.composer-exit-on-patch-failure is appropriate since v2 enforces patch failures automatically.

Other dependency updates (Symfony components, git-php, etc.) appear to be routine maintenance, with most being patch or minor version increments. The addition of cweagans/composer-patches to allow-plugins (line 74) ensures the plugin can operate properly.

Also applies to: 35-45, 74-74

.vortex/installer/patches.lock.json (1)

1-4: New patches.lock.json follows v2 specification.

The patches.lock.json file is automatically created by composer-patches v2 and should be committed to version control alongside composer.json and composer.lock. The file structure correctly follows the v2 format with a _hash and patches array.

.vortex/tests/patches.lock.json (1)

1-4: Test harness patches.lock.json—approved.

Consistent with the installer's patches.lock.json, this file follows v2 specifications and should be committed to version control.

.vortex/docs/content/drupal/composer.mdx (3)

98-104: Accurate v2 composer-patches description.

The updated documentation correctly describes v2 features: git apply for consistency, SHA-256 checksums, and the patches.lock.json auto-generation. The cross-link to "Patching" in development.mdx aligns with the new workflow section.

---

263-267: Clear documentation of patches.lock.json auto-generation.

The new section properly explains the purpose of patches.lock.json, its auto-generation by v2.x, and its importance for reproducible builds and integrity verification. Placement in the extra configuration section is appropriate and reflects composer.json structure.

---

288-289: Cross-link reference updated appropriately.

The reference from "Working with packages" to "Patching" aligns with the new Patching section in the development workflow documentation and provides better contextual guidance for users.

.vortex/docs/content/workflows/development.mdx (3)

220-227: Strong intro to v2 patching workflow with official documentation link.

The section provides clear context (v2 uses git apply) and directs users to authoritative resources for detailed guidance. This approach balances local documentation with upstream expertise.

---

228-243: Excellent explanation of patches.lock.json purpose and benefits.

The subsection clearly articulates why patches.lock.json matters (reproducibility, checksums, explicit state tracking) and makes the value proposition compelling for teams. Formatting with bullet points enhances readability.

---

244-306: Commands verified as available and functioning as documented.

The composer-patches v2.x plugin provides composer patches-relock for regenerating the patches lock file and composer patches-repatch for re-applying patches and reinstalling patched packages. The documentation accurately reflects the available commands and their intended behaviors. No corrections needed.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Clarify the scope of "unsaved changes" in the patches-repatch warning.

The warning appropriately flags that composer patches-repatch removes and reinstalls dependencies, but "unsaved changes in those directories" could be misinterpreted. Consider adding a clarification that this refers to uncommitted modifications to vendored dependencies (a rare but important distinction).

Suggested clarification:

 :::warning
-`composer patches-repatch` removes patched dependencies from `vendor/` and reinstalls them. Ensure you have no unsaved changes in those directories.
+`composer patches-repatch` removes patched dependencies from `vendor/` and reinstalls them. Ensure you have no uncommitted local modifications to these vendored packages.
 :::

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	:::warning
	`composer patches-repatch` removes patched dependencies from `vendor/` and reinstalls them. Ensure you have no unsaved changes in those directories.
	:::
	:::warning
	`composer patches-repatch` removes patched dependencies from `vendor/` and reinstalls them. Ensure you have no uncommitted local modifications to these vendored packages.
	:::

🤖 Prompt for AI Agents

.vortex/docs/content/workflows/development.mdx around lines 270 to 272: the
warning "Ensure you have no unsaved changes in those directories" is ambiguous;
update the text to clarify it means uncommitted or locally modified files in
vendor/ (vendored dependencies), not unrelated unsaved editor buffers—replace or
append a brief clarification stating it refers specifically to uncommitted/local
modifications to files under vendor/ (or patches managed by composer) so users
understand to commit or stash those changes before running composer
patches-repatch.