Add WAF conditions validator

[premtsd-code]

Summary

• add Utopia\WAF\Validator\Conditions for validating WAF rule condition payloads at API boundaries
• accept both condition arrays from Condition::toArray() and encoded condition strings from Condition::encode()
• reject empty condition lists, invalid condition definitions, invalid encoded payloads, mixed non-condition entries, oversized payloads, and lists above the configured condition limit
• count nested logical conditions consistently for both array payloads and encoded string payloads
• add coverage for encoded strings, invalid strings, mixed entry types, payload limits, nested condition limits, and empty logical rules

Scope

This is a WAF-domain validator intended for request parameter validation before rules are persisted. Runtime rule evaluation remains outside this validator.

Validation

• composer test
• php vendor\bin\pint --test
• php vendor\bin\phpstan analyse -c phpstan.neon --memory-limit 512M

Note: composer lint and composer check use vendor/bin/... paths that did not resolve for Pint/PHPStan in this Windows shell, so the equivalent php vendor\bin\... commands were run directly.

[greptile-apps]

Greptile Summary

This PR introduces Utopia\WAF\Validator\Conditions, a validator that accepts a list of WAF rule conditions expressed as either plain arrays or Condition::encode()-produced JSON strings, rejecting empty lists, invalid definitions, oversized payloads, and condition counts above the configured maximum.

• New validator (src/Validator/Conditions.php): recursively counts all condition nodes (including nested and/or children) against maxConditions, checks JSON-encoded payload size for both array and string inputs, rejects empty logical values, and guards against non-array/non-string list elements before calling the typed helper — all edge cases previously identified in review.
• Test coverage (tests/Validator/ConditionsTest.php): covers encoded strings, invalid strings, mixed-type rejection, per-condition and nested condition limits, payload-length rejection for both input shapes, and empty logical conditions.
• Dependency (composer.json): adds utopia-php/validators 0.2.* as a production dependency to provide the Utopia\Validator base class.

Confidence Score: 5/5

The change is additive (new class + tests, no modifications to existing logic) and the validator correctly handles all the edge cases addressed in prior review rounds.

All previously identified edge cases — type errors on unexpected element types, empty logical condition values, missing payload-length checks on array inputs, and nested condition counting — are now handled in the implementation and exercised by the new test suite. No new defects were found in this pass.

No files require special attention.

Important Files Changed

Filename	Overview
src/Validator/Conditions.php	New WAF conditions validator with correct type guards, recursive condition counting, payload-length enforcement for both array and encoded-string inputs, and empty-logical-condition rejection.
tests/Validator/ConditionsTest.php	Comprehensive test coverage for array and encoded-string conditions, type guards, condition limits, nested logical limits, payload limits, and empty-logical-condition rejection.
composer.json	Adds utopia-php/validators 0.2.* as a production dependency to provide the Utopia\Validator base class for the new Conditions validator.
composer.lock	Lock file updated to include utopia-php/validators 0.2.6 and minor version bumps for several dev dependencies (phpunit, nikic/php-parser, etc.).

_{Reviews (4): Last reviewed commit: "Guard condition payload types" | Re-trigger Greptile}