chore: update documentation and workflows for improved clarity and organization; enhance testing coverage and security validation

Author: Thavarshan

.github/CONTRIBUTING.md

@@ -98,7 +98,7 @@ We appreciate contributions to our documentation. If you’ve added a new featur
 1. **Docs Location**: Most of the documentation is located in the `README.md` or within the `docs/` folder if it exists.
 2. **Changes**: Make your changes and submit a pull request following the same process as contributing code.
 
-## 🌟 Thank You
+## Thank You
 
 Your contributions make Comet better for everyone. Thank you for taking the time to improve the project. We’re thrilled to have you as part of our community, and we’re excited to see what you’ll contribute.
 

.github/workflows/release.yml

@@ -29,9 +29,9 @@ jobs:
           echo "Version output: $VERSION_OUTPUT"
 
           if echo "$VERSION_OUTPUT" | grep -q "phpvm version"; then
-            echo "✅ Version output format is correct"
+            echo "Version output format is correct"
           else
-            echo "❌ Version output format is incorrect"
+            echo "Version output format is incorrect"
             exit 1
           fi
 
@@ -44,7 +44,7 @@ jobs:
           ./phpvm.sh list
           ./phpvm.sh test
 
-          echo "✅ All core commands work"
+          echo "All core commands work"
 
       - name: Performance Check
         run: |
@@ -53,7 +53,7 @@ jobs:
           time ./phpvm.sh version >/dev/null
           time ./phpvm.sh help >/dev/null
 
-          echo "✅ Performance check completed"
+          echo "Performance check completed"
 
       - name: Documentation Check
         if: runner.os == 'Linux'
@@ -62,24 +62,24 @@ jobs:
 
           # Check that README contains key commands
           if grep -q "phpvm version" README.MD; then
-            echo "✅ README contains version command documentation"
+            echo "README contains version command documentation"
           else
-            echo "⚠️  README might be missing version command documentation"
+            echo "README might be missing version command documentation"
           fi
 
           if grep -q "phpvm install" README.MD; then
-            echo "✅ README contains install command documentation"
+            echo "README contains install command documentation"
           else
-            echo "❌ README missing install command documentation"
+            echo "README missing install command documentation"
             exit 1
           fi
 
           # Check changelog exists
           if [ -f CHANGELOG.md ]; then
-            echo "✅ Changelog file exists"
+            echo "Changelog file exists"
           else
-            echo "❌ Changelog file missing"
+            echo "Changelog file missing"
             exit 1
           fi
 
-          echo "✅ Documentation check completed"
+          echo "Documentation check completed"

.github/workflows/security-test.yml

@@ -35,17 +35,17 @@ jobs:
 
           # Check for unsafe eval usage
           if grep -n "eval" phpvm.sh; then
-            echo "⚠️  Found eval usage - review for security"
+            echo "Found eval usage - review for security"
           fi
 
           # Check for unsafe rm operations
           if grep -n "rm -rf \$" phpvm.sh; then
-            echo "⚠️  Found variable-based rm -rf - review for safety"
+            echo "Found variable-based rm -rf - review for safety"
           fi
 
           # Check for direct sudo usage without validation
           if grep -n "sudo.*\$" phpvm.sh | grep -v "run_with_sudo"; then
-            echo "⚠️  Found direct sudo with variables - review for safety"
+            echo "Found direct sudo with variables - review for safety"
           fi
 
       - name: Input Validation Security Test
@@ -70,10 +70,10 @@ jobs:
           for input in "${malicious_inputs[@]}"; do
             echo "Testing malicious input: $input"
             if ./phpvm.sh install "$input" 2>/dev/null; then
-              echo "❌ SECURITY ISSUE: Accepted malicious input: $input"
+              echo "SECURITY ISSUE: Accepted malicious input: $input"
               exit 1
             else
-              echo "✅ Correctly rejected: $input"
+              echo "Correctly rejected: $input"
             fi
           done
 
@@ -97,10 +97,10 @@ jobs:
             echo "$input" > security_test/.phpvmrc
             cd security_test
             if ../phpvm.sh auto 2>/dev/null; then
-              echo "❌ SECURITY ISSUE: Accepted path traversal: $input"
+              echo "SECURITY ISSUE: Accepted path traversal: $input"
               exit 1
             else
-              echo "✅ Correctly rejected path traversal: $input"
+              echo "Correctly rejected path traversal: $input"
             fi
             cd ..
           done
@@ -123,10 +123,10 @@ jobs:
           chmod 000 perm_test/.phpvmrc
           cd perm_test
           if ../phpvm.sh auto 2>/dev/null; then
-            echo "❌ Should have failed with unreadable .phpvmrc"
+            echo "Should have failed with unreadable .phpvmrc"
             exit 1
           else
-            echo "✅ Correctly handled unreadable .phpvmrc"
+            echo "Correctly handled unreadable .phpvmrc"
           fi
           cd ..
 
@@ -137,9 +137,9 @@ jobs:
           # Test with malicious environment variables
           export PHPVM_DIR="/tmp/malicious; rm -rf /"
           if ./phpvm.sh version 2>/dev/null; then
-            echo "⚠️  Script executed with malicious PHPVM_DIR"
+            echo "Script executed with malicious PHPVM_DIR"
           else
-            echo "✅ Handled malicious PHPVM_DIR safely"
+            echo "Handled malicious PHPVM_DIR safely"
           fi
 
           # Reset environment
@@ -158,9 +158,9 @@ jobs:
 
           cd symlink_test
           if ../phpvm.sh auto 2>/dev/null; then
-            echo "⚠️  Script followed symlink to /etc/passwd"
+            echo "Script followed symlink to /etc/passwd"
           else
-            echo "✅ Safely handled symlink attack"
+            echo "Safely handled symlink attack"
           fi
           cd ..
 
@@ -185,16 +185,16 @@ jobs:
 
           # Test sudo usage validation
           if grep -n "sudo" phpvm.sh | grep -v "run_with_sudo"; then
-            echo "⚠️  Found sudo usage outside of run_with_sudo helper"
+            echo "Found sudo usage outside of run_with_sudo helper"
           fi
 
           # Ensure run_with_sudo function exists and is used properly
           if ! grep -q "run_with_sudo()" phpvm.sh; then
-            echo "❌ run_with_sudo function not found"
+            echo "run_with_sudo function not found"
             exit 1
           fi
 
-          echo "✅ Privilege escalation tests passed"
+          echo "Privilege escalation tests passed"
 
       - name: Test Sudo Command Validation
         run: |
@@ -204,10 +204,10 @@ jobs:
           # Look for any direct variable expansion in sudo calls
 
           if grep -n "sudo.*\$[^{]" phpvm.sh | grep -v "run_with_sudo"; then
-            echo "⚠️  Found potentially unsafe sudo variable expansion"
+            echo "Found potentially unsafe sudo variable expansion"
           fi
 
-          echo "✅ Sudo validation tests completed"
+          echo "Sudo validation tests completed"
 
   code-quality-security:
     name: Code Quality and Security Standards
@@ -232,46 +232,46 @@ jobs:
 
           for pattern in "${secret_patterns[@]}"; do
             if grep -i "$pattern" phpvm.sh; then
-              echo "⚠️  Found potential secret pattern: $pattern"
+              echo "Found potential secret pattern: $pattern"
             fi
           done
 
-          echo "✅ Secret scanning completed"
+          echo "Secret scanning completed"
 
       - name: Check Error Handling Security
         run: |
           echo "=== Checking Error Handling Security ==="
 
           # Ensure errors don't leak sensitive information
           if grep -n "echo.*\$" phpvm.sh | grep -i "error"; then
-            echo "⚠️  Found error messages that might leak information"
+            echo "Found error messages that might leak information"
           fi
 
           # Check for proper error code usage
           if ! grep -q "return 1" phpvm.sh; then
-            echo "❌ No proper error returns found"
+            echo "No proper error returns found"
             exit 1
           fi
 
-          echo "✅ Error handling security check completed"
+          echo "Error handling security check completed"
 
       - name: Validate Safe Defaults
         run: |
           echo "=== Validating Safe Defaults ==="
 
           # Check that DEBUG defaults to false
           if ! grep -q "DEBUG=false" phpvm.sh; then
-            echo "❌ DEBUG should default to false"
+            echo "DEBUG should default to false"
             exit 1
           fi
 
           # Check for safe directory defaults
           if ! grep -q "PHPVM_DIR.*HOME" phpvm.sh; then
-            echo "❌ PHPVM_DIR should default to user's home directory"
+            echo "PHPVM_DIR should default to user's home directory"
             exit 1
           fi
 
-          echo "✅ Safe defaults validation completed"
+          echo "Safe defaults validation completed"
 
   penetration-test:
     name: Security Testing
@@ -289,15 +289,15 @@ jobs:
           # Test with extremely long inputs
           very_long_input=$(printf 'A%.0s' {1..1000})
           if ./phpvm.sh install "$very_long_input" 2>/dev/null; then
-            echo "❌ SECURITY ISSUE: Accepted extremely long input"
+            echo "SECURITY ISSUE: Accepted extremely long input"
             exit 1
           else
-            echo "✅ Correctly rejected extremely long input"
+            echo "Correctly rejected extremely long input"
           fi
 
           # Test concurrent operations and state validation
           mkdir -p ~/.phpvm
           echo "corrupted_state" > ~/.phpvm/active_version
-          ./phpvm.sh list || echo "✅ Handled corrupted state gracefully"
+          ./phpvm.sh list || echo "Handled corrupted state gracefully"
 
-          echo "✅ Security tests completed"
+          echo "Security tests completed"