Add WAF rule factory

[premtsd-code]

Summary

• Add RuleFactory::fromArray() for building typed WAF rule objects from plain array payloads.
• Add RuleFactory::create() for callers that already have action, conditions, and config as separate values.
• Support bypass, deny, challenge, rateLimit, and redirect actions from one shared action-to-class mapping.
• Apply rule defaults only when optional config keys are missing.
• Reject malformed rule payloads, including invalid actions, invalid conditions/config containers, malformed condition items, and present config values with the wrong type.

Scope

This factory is framework-agnostic. It does not know about Appwrite documents, databases, projects, edge caches, or request routing. Consumers should adapt persisted or API data into plain arrays before calling the factory.

Why

Consumers need a consistent way to turn stored WAF rule definitions into executable rule objects. Keeping rule construction in this package avoids duplicating action-to-class mapping and default config handling in each consumer.

Tests

• php -l src/RuleFactory.php
• php vendor/bin/phpunit --configuration phpunit.xml
• php vendor/bin/pint --test
• php vendor/bin/phpstan analyse -c phpstan.neon --memory-limit 512M

[greptile-apps]

Greptile Summary

• Adds RuleFactory::fromArray() to build typed WAF rule objects from plain array payloads.
• Adds RuleFactory::create() for callers that already have separate action, conditions, and config values.
• Supports bypass, deny, challenge, rate-limit, and redirect actions through a shared action-to-class mapping.
• Adds tests for supported actions, defaults, malformed payloads, null containers, and wrong config value types.

Confidence Score: 5/5

The changes are contained to a framework-agnostic factory and its unit tests, with no outstanding code issues identified.

The implementation scope is narrow, validates malformed inputs, preserves default handling behavior, and is covered by focused tests described for supported actions and invalid payloads.

T-Rex Logs

What T-Rex did

• Captured the baseline run for the RuleFactory contract, recording the before state with exit code 1.
• Captured the final head run for the RuleFactory contract, recording the after state with exit code 0 and all contract checks passing.
• Generated artifacts documenting both the before and after runs to support reviewer verification.

_{Ran code and verified through T-Rex}

_{Reviews (6): Last reviewed commit: "Add WAF rule factory" | Re-trigger Greptile}