PHP 8.1+ and Cacti-aligned plugin standards (umbrella)

[somethingwithproof]

Goal

Single entry point for bringing plugin_mactrack in line with current PHP 8.1+ and Cacti-aligned plugin standards: strict typing, static analysis, modern syntax, and Cacti-aligned structure and tooling.

What this workstream covers

• PHP 8.1+ — Minimum supported version; use 8.1+ features where they simplify code.
• Strict types — declare(strict_types=1) in all PHP files; full parameter and return type hints.
• Modern syntax — match, str_starts_with/str_contains, nullsafe ?->, first-class callables, enums where useful.
• Static analysis — PHPStan level 6, then 8; zero errors in CI.
• Cacti-aligned tooling — Composer scripts and dev deps aligned with core (lint, phpstan, php-cs-fixer, test).
• Cacti-aligned structure — Split setup.php into includes/setup/*; move page scripts to pages/ or views/; __DIR__ includes; index.php in subdirs; PSR-4 when adding namespaced code.

Existing issues (workstream)

Area	Issue	Description
PHP 8+ modernization	#304	Grouped: strict_types, return/param types, match, enums, nullsafe; split setup.php; directory structure
PHP 8.1 refactor	#299 (closed)	strict_types, type hints added
PHPStan 6	#311	Type-check args; add missing type hints; add to CI
PHPStan 8	#312	Return types, property types, dead code; depends on #311
Security / prepared	#288, #287, #286, #294, #291, #296	Use prepared statements; sanitize_unserialize_selected_items

Suggested order

1. Add PHPStan to composer (if missing) and phpstan.neon at level 6.
2. PHPStan level 6 compliance #311 — PHPStan level 6 (fix all reported issues).
3. PHP 8+ modernization (grouped) #304 — Remaining PHP 8+ items (return/param types, match, enums, split setup.php, directory structure).
4. PHPStan level 8 compliance #312 — PHPStan level 8.
5. Security/prepared-statement issues (fix(security): use db_execute_prepared in device_remove and site_remove #288, fix(security): use prepared statements for filter in mactrack_view_sites #287, fix(security): use sanitize_unserialize_selected_items instead of unserialize #286, etc.) in parallel or as part of type/refactor work.

Acceptance criteria (umbrella)

• All linked issues (PHP 8+ modernization (grouped) #304, PHPStan level 6 compliance #311, PHPStan level 8 compliance #312, and security set) are done or closed.
• CI runs PHPStan and tests; zero PHPStan errors.
• No remaining "2026" wording in issue titles; standards described in neutral, current terms.

Out of scope

• Changing Cacti core.
• Net/DNS2 third-party copyright years.
• Non-PHP/JS audits (Non-PHP/JS files audit (grouped) #305–Feature requests (grouped) #310) — tracked separately.

References

• Cacti core: composer.json, syntax.yml
• PHPStan rule levels
• PHP 8.1

[somethingwithproof]

Merge/close recommendations:\n- Do not merge: #304, #311, #312 and security issues (#281–#296) stay separate (distinct deliverables).\n- Grouped issues #305–#310 remain separate audits; no merge into umbrella.\n- #313 (AJAX API + mactrack_disable bugs): keep separate; bug fixes may be done independently.