framework/skeleton/symfony/.env

APP_ENV=dev
APP_DEBUG=1
APP_SECRET=dev-secret-not-for-production-use

# Mercure hub (FrankenPHP-built-in). Both URLs are typically the same in
# dev mode where the hub and the app are colocated.
MERCURE_URL=http://127.0.0.1:8765/.well-known/mercure
MERCURE_PUBLIC_URL=http://127.0.0.1:8765/.well-known/mercure
# Used by mercure-bundle to mint publisher JWTs. Must match the
# publisher_jwt secret in ../Caddyfile. lcobucci/jwt requires HMAC
# secrets to be at least 256 bits, so the dev value here is 64 chars.
MERCURE_JWT_SECRET=dev_php_qml_bridge_jwt_secret_at_least_256_bits_long_for_lcobucci
MERCURE_PUBLISHER_JWT_KEY=dev_php_qml_bridge_jwt_secret_at_least_256_bits_long_for_lcobucci
MERCURE_SUBSCRIBER_JWT_KEY=dev_php_qml_bridge_jwt_secret_at_least_256_bits_long_for_lcobucci

# Bearer token the Qt host sends on /api/* requests.
BRIDGE_TOKEN=devtoken

# SQLite database for dev. Apps move to Postgres / MySQL by overriding
# DATABASE_URL in .env.local once they outgrow it.
DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.sqlite"
Phase 1 sub-commit 6: skeleton wiring — make dev runs end-to-end Symfony app under framework/skeleton/symfony/: minimal bin/console, public/index.php, MicroKernel-based src/Kernel.php, services.yaml, framework/security/mercure config, and a demo App\Controller\PingController that GETs /api/ping (returning JSON pong) and republishes the same payload to the Mercure topic app://ping. composer.json uses a path repository to symlink the bundle from ../../php so local edits are picked up live. QML app under framework/skeleton/qml/: top-level CMake that add_subdirectory's framework/qml, a main.cpp that creates the Qt process, runs SingleInstance.acquireOrForward before any QML loads, exposes SingleInstance via context property, and loadFromModule's Skeleton.Main. Main.qml uses BackendConnection / RestClient / MercureClient from PhpQml.Bridge and renders status dots, a Ping button, and an event log. Caddyfile binds 127.0.0.1:8765, enables in-memory Mercure with a 256-bit dev JWT (matches symfony/.env, lcobucci/jwt requires this). Makefile wraps build / dev / doctor / clean; scripts/dev.sh starts FrankenPHP --watch and the Qt host together with explicit PID-based teardown (process-group `kill 0` proved unreliable when frankenphp's watch fork reparented). Bug fixes uncovered in this sub-commit: - SingleInstance.acquireOrForward: probe-first, then removeServer + retry-listen. The original loop-with-removeServer-after-failed-bind silently exited on stale sockets from prior runs. - Main.qml: MercureClient does NOT inherit BackendConnection.token — Mercure subscribes anonymously in dev (Caddyfile), and forwarding the bridge bearer made it 401-loop. - /api/ping was 500ing because the dev MERCURE_JWT_SECRET was 144 bits; bumped to 64-char (>=256 bit) to satisfy lcobucci/jwt. - Linked the framework lib (php_qml_bridge) explicitly in addition to the QML plugin so SingleInstance.h resolves. - Auto-generated config/reference.php gitignored. Smoke verified offscreen: /healthz 200, /api/ping 200, 1 publish, 1 subscriber, zero 401s, clean shutdown with no zombies. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 01:50:16 +02:00			`APP_ENV=dev`
			`APP_DEBUG=1`
			`APP_SECRET=dev-secret-not-for-production-use`

			`# Mercure hub (FrankenPHP-built-in). Both URLs are typically the same in`
			`# dev mode where the hub and the app are colocated.`
			`MERCURE_URL=http://127.0.0.1:8765/.well-known/mercure`
			`MERCURE_PUBLIC_URL=http://127.0.0.1:8765/.well-known/mercure`
			`# Used by mercure-bundle to mint publisher JWTs. Must match the`
			`# publisher_jwt secret in ../Caddyfile. lcobucci/jwt requires HMAC`
			`# secrets to be at least 256 bits, so the dev value here is 64 chars.`
			`MERCURE_JWT_SECRET=dev_php_qml_bridge_jwt_secret_at_least_256_bits_long_for_lcobucci`
			`MERCURE_PUBLISHER_JWT_KEY=dev_php_qml_bridge_jwt_secret_at_least_256_bits_long_for_lcobucci`
			`MERCURE_SUBSCRIBER_JWT_KEY=dev_php_qml_bridge_jwt_secret_at_least_256_bits_long_for_lcobucci`

			`# Bearer token the Qt host sends on /api/* requests.`
			`BRIDGE_TOKEN=devtoken`
Phase 2 sub-commit 1: Doctrine ORM 3 + Migrations + SQLite Skeleton gains Doctrine ORM 3.6 (with DoctrineBundle 3.x and Migrations 4.x), pointed at a SQLite file under var/data.sqlite. Apps move to Postgres/MySQL by overriding DATABASE_URL in .env.local. config/packages/doctrine.yaml registers the symfony/uid UuidType so Phase 2 sub-commit 4's UUIDv7 default works without per-app config, and pre-wires the App\Entity attribute mapping under src/Entity/ for the maker to drop entities into. Bundle gains an optional doctrine/dbal Connection via Autowire; when present, bridge:doctor adds a "Database reachable" SELECT-1 probe. The bundle still installs cleanly without doctrine/dbal — apps that opt out get a doctor table without the database row. Verified: `bin/console bridge:doctor` is all green against a fresh SQLite. composer quality (PHPStan + cs-fixer + PHPUnit) stays green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 02:25:48 +02:00
			`# SQLite database for dev. Apps move to Postgres / MySQL by overriding`
			`# DATABASE_URL in .env.local once they outgrow it.`
			`DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.sqlite"`