Improve safe Flickr SDK performance

[soulevilx]

Summary

Align the Flickr SDK with DTO package standards and add safe, practical performance improvements without changing package scope or adding framework-specific integrations.

Performance changes

• Added optional runtime caching for public cacheable GET REST calls when a cache adapter is passed.
• Added stable recursive cache-key normalization for parameter maps.
• Added lazy photos()->searchPages() pagination with PaginationOptionsData.
• Added upload/replace multipart stream cleanup after transport requests.
• Added signer/token-store guard tests for public vs authenticated request paths.

Cache safety policy

Caching is bypassed for auth/OAuth methods, auth-required methods, authenticated=true requests, POST/mutation/write/delete/permissioned calls, upload/replace, upload ticket checks, unknown methods, and Flickr stat=fail responses.

DTO / docs alignment

• Hardened cache metadata for sensitive methods.
• Aligned CI with composer check on master and develop.
• Expanded docs for Git flow, method registry maintenance, CI/CD, AI contributor workflow, secret handling, repository metadata, DTO-first roadmap, caching, pagination, and upload streaming behavior.
• Added lightweight ai/skills entry point.
• Included refreshed composer.lock dependency set.

Upload/replace audit result

Upload and replace already used a readable file stream via multipart fopen($path, 'rb'). This PR adds explicit file-handle cleanup after the transport request completes.

GitHub metadata

Updated the repository description and topics to include REST API, caching, framework-agnostic, and api-client.

Validation

• composer validate --strict passed
• composer install passed
• composer lint:all passed
• composer test passed: 37 tests, 2227 assertions, 2 skipped opt-in real Flickr tests
• composer check passed
• composer ci passed with PCOV coverage output
• php tools/verify-method-registry.php passed: 224 official Flickr REST method definitions
• Targeted tests passed: ClientAndParserTest|ServiceTest|OfficialMethodCoverageTest

Risks / rollback

Runtime caching is opt-in and limited to public cacheable GET calls. Pagination is limited to photos()->searchPages() to avoid a broad framework. Rollback is reverting this PR.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bf79b6db-812a-4598-971f-128c6ace2d8d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/dto-standard-alignment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Aligns the SDK’s method-registry metadata and repository workflow with the DTO package conventions, emphasizing conservative cache defaults and a single Composer-driven CI gate.

Changes:

• Marked legacy auth methods and flickr.photos.upload.checkTickets as non-cacheable; added a unit test to enforce conservative cache defaults (auth/authenticated/mutations).
• Simplified GitHub Actions to run composer check and scoped CI triggers to master/develop.
• Expanded developer/maintenance documentation, added an ai/skills entry point, and refreshed composer.lock.

Reviewed changes

Copilot reviewed 16 out of 17 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/Unit/OfficialMethodCoverageTest.php	Adds assertions preventing sensitive/authenticated/mutation methods from being cacheable by default.
src/Metadata/methods.php	Hardens cacheability flags for flickr.auth.* and upload-ticket polling.
docs/README.md	Extends docs index with new development/security pages.
docs/05-maintenance/02-docs-changelog.md	Records documentation expansion date and scope.
docs/05-maintenance/01-risks-legacy-and-gaps.md	Adds DTO-first roadmap guidance and priorities.
docs/04-development/09-secret-scanning.md	Adds secret-handling and scanning guidance for contributors.
docs/04-development/08-ai-contributor-workflow.md	Documents AI-assisted contribution workflow and boundaries (framework-agnostic).
docs/04-development/07-ci-cd.md	Documents CI gate and composer check as the PR validation contract.
docs/04-development/06-repository-metadata.md	Updates suggested GitHub About description/topics for repo identity.
docs/04-development/05-method-registry.md	Documents registry verification sources, local workflows, and cache-safety expectations.
docs/04-development/04-release.md	Clarifies Git flow and release steps around master/develop.
docs/04-development/02-testing.md	Expands local testing guidance and safety notes.
docs/04-development/01-code-style.md	Clarifies formatting authority and DTO/raw-fallback conventions.
composer.lock	Updates locked dependency set (includes at least one downgrade that should be confirmed).
ai/skills/README.md	Adds lightweight AI “skills” entry point consistent with repo docs.
AGENTS.md	Adds Git flow guidance for contributors/agents.
.github/workflows/ci.yml	Runs composer check and removes main from CI triggers.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.