Added

• Transpiler API (Regex::transpile) with JavaScript and Python targets plus CLI/Symfony commands.
• CLI graph command to export NFA diagrams (DOT/Mermaid).
• Unicode-aware automata mode for /u patterns with code point literals, dot, and character class handling.
• Effective alphabet optimization in DFA construction plus a new benchmark script for Unicode-heavy ranges.
• RegexLanguageSolver facade factory plus DFA cache interfaces for reuse across automata comparisons.
• Work-budget limits for automata processing via SolverOptions maxTransitionsProcessed.
• Facade precompile hook for warm DFA caching in high-volume analyzers.

Changed

• Automata-based analyzers now generate Unicode-aware examples when working with /u patterns.
• CLI compare and Symfony route/security analyzers now use the facade and shared DFA caching.
• Optimizer can optionally verify language equivalence with automata via verifyWithAutomata.

Fixed

• Sort Symfony routes by specificity before conflict analysis to reduce false-positive overlaps.
• Symfony access_control analysis now uses search semantics to match preg_match behavior and catch prefix shadowing.
• Redundant character class detection now accounts for escaped literals (e.g. octal sequences).
• Runtime /r modifier probing now avoids static modifier validation failures on PHP 8.2/8.4.

Full Changelog: v1.2.0...v1.3.0

Added

• Symfony regex:routes command to analyze routing conflicts and overlaps with ordering-aware suggestions.
• Automata-based route conflict analyzer for Symfony routing collections.
• Symfony regex:security command to analyze access_control shadowing and firewall ReDoS risks.
• Access-control security analyzer with critical shadowing detection.
• Firewall regex ReDoS checks for Symfony security firewalls.
• Symfony regex:analyze command to run bridge analyzers with JSON output and fail-on controls.
• Bridge analyzer registry with shared console/JSON formatting for Symfony diagnostics.
• Equivalence and redundancy detection notes for route and access_control conflicts.

Full Changelog: v1.1.0...v1.2.0

This release implements the Automata-based Logic Solver pipeline (AST -> NFA -> DFA). This enables logical operations on regex patterns beyond standard matching.

Automata Logic Solver

The engine can now mathematically compare two patterns:

• Intersection: Checks if two regexes share a common matching string (useful for routing collision detection).
• Subset: Validates if a pattern is strictly included within another.
• Counter-examples: Generates the shortest string that causes a conflict when a comparison fails.

Added bin/regex compare command.

Security & ReDoS

• Added benchmarking tools to measure ReDoS vulnerabilities.
• Added interactive redos command to validate fixes.

Linting

Ported rules from eslint-plugin-regexp to PHP, focusing on legacy code cleanup:

• Detection of duplicate character class elements.
• Removal of useless quantifiers and ranges.
• Detection of empty alternatives and duplicate disjunctions.

As 2025 comes to a close, I am pleased to announce the first major release of RegexParser.

This library aims to solve a common challenge in PHP development: treating Regular Expressions as safer, typed structures rather than just strings. By parsing PCRE patterns into an Abstract Syntax Tree (AST), this tool enables static analysis, validation, and security checks before code reaches production.

Focus: Stability, ReDoS detection, and PHPStan integration.

📦 Installation

composer require --dev yoeunes/regex-parser

Main Features

• Typed AST: A full recursive descent parser for PCRE2 implemented in native PHP 8.2+.
• ReDoS Analysis: Detects "Catastrophic Backtracking" vulnerabilities with severity scoring (Critical, High, Medium, Low).
• Linter: Identifies redundant flags, overlapping branches, and syntax errors with precise location.
• Integrations: Includes a Symfony Bundle and a PHPStan extension for automated CI checks.
• CLI Tool: A comprehensive command-line interface for linting, analyzing, and explaining patterns.

📝 Changelog

Added

• Parser & Lexer: Full PCRE2-compliant parser producing a well-typed AST.

• AST Nodes: Support for groups, alternations, quantifiers, lookarounds, character classes, subroutines, conditionals, and verbs.

• Regex Facade: High-level API (Regex::create()) for parsing, validation, and analysis.

• ReDoS Analyzer: Static analysis engine for detecting Denial of Service risks.

• CLI Commands:

  • lint: Scan codebases for issues.
  • debug: Analyze ReDoS complexity.
  • explain: Generate human-readable explanations.
  • highlight: Syntax highlighting for the console.

• Ecosystem:

  • RegexParserBundle for Symfony.
  • PHPStan extension for static analysis.

• Documentation: Complete guides for installation, CLI usage, and architecture.

Acknowledgements

Thank you to everyone who tested the release candidates and provided feedback.

Full Changelog: https://github.com/yoeunes/regex-parser/commits/v1.0.0

🚀 v1.0.0-RC1

This is the Release Candidate for the upcoming v1.0.0 launch.

The library is feature-complete and stable. We are releasing this version to verify the packaging and distribution channels.

Installation

composer require --dev yoeunes/regex-parser:1.0.0-RC1

Usage

php vendor/bin/regex lint