These are my raw notes from PHP Tek/JS 2026 Day 1

The Trust Protocol: Securing Code, Culture, and Collaboration - Nia Luckey

• The Trust Protocol - "Trust is not a value. Trust is infrastructure"
• Need to be able to have trust but it's very easy to have trust failures
• The reality is that the "leader with the ear isn't the leader who can make the change"
• Start with trust - know who to go to with information
• "Trust is forged in rehearsal, not in crisis" img1
• "Under pressure, you don't rise to the occasion, you sink [or fall] to the level of your training"
• What builds trust
  • Authentication
  • Encryption
  • Resilience
• Cognitive Dissonance
• Pluralistic Ignorance

• Normalcy Bias img2

• Build the protocol

  • "Stop hoping your culture holds. Engineer it." - 💯
• Different levels of the organization communicate in different ways and need connection and trust
• "Culture change is hard"
• "Need to get better at the human component"
• "Make one impactful connection each day"

Strategies for Successful Code Review - Andy Snell

• "Review is your team's nervous system" img1
• "A reviewer can only review so much" img2
• Read every line at least once
• Keep PRs small enough to read in one setting
  • Stacked diffs
  • feature flags
  • Expand ....
• Push checks out of human review
  • CI/pre-commit
  • Human review:
  • Design
  • Correctness
  • Negative space
  • intent
• Push review "upstream" img3
• Faster is better
  • One business day or you lose context
  • Cost get's paid twice, once by the reviewer
  • Goal: first response - one business day
  • "Disagreement is cheaper before the commits exist"
• Synchronous pair review
  • Wins: Speed, reviewer self-selects, faster convergence
  • Cost: Handwave risk, less rigor, small defects missed,
• QA + engeering review and really help
• Velocity is a team metric before it's an individual one
• Find the issue by readying what's not there
• Google eng-practices github repo
• Read in passes not in scroll
  • Orientation
  • Correctness
  • Design
  • Adversarial
  • Negative Space
  • Nits
• Negative space - diff shows what changed not have it interacts with other code
• Read the tests first
• "Bad AI-generated code looks more like good human-written code than like bad human-written code"
  • Read for intent
• "Finding things is have the job. Determining what should be blocked."
• Settle on a written policy img
• Don't makt the author decode your tone to find out what they have to do. img
• or use conventional comments
• "Talk about the code not the developer"
• Explain the why not just the what img
• Ask questions to invite the dialog img
• AI agents are reviewees img
• Deterministic tooling is the floor
  • format, lint, dead code, SCA, coverage
• What AI reviewers are good at img
• Author and reviewer should be different populations
• "Use positive comments appropriately"

Equation to Animation: Crafting Dynamic Math Visuals on the Web - Courtney Yatteau

• Why Math Visuals work on the web
• Small rules become visible behaviour
• Practical promise
  • A reusable architecture
  • Inputs => Rules => state => render => explain
  • A library decision model
  • Choose the right level of abstraction
  • Six remixable demos
  • Turn each demo into a lab, tutorial, or
• GRAPH
  • G => Graph the rule
  • R => Respond to input
  • A => Animate change
  • P => Probe relationships
  • H => Highlight patterns
• Config first
  • Chart.js -> fast chart setup
  • Plot -> Quick statisctical views
• More direct control
  • SVG + WAAPI
  • D3.js -> Scales and transitions
  • Leaflet - > distance on a real map
  • Animation loop
  • requestAnimationFrame
• Demos
  • Functions
  • Transforms
  • Calculus
  • Probability
  • Chaos
  • Maps img
• Chart.js has segment styling -> show increasing, nearly flat, decreasing img

Building Resilient PHP Applications with an Event-Driven Mindset - Savio Resende

• Events are always past tense
• The event store - append only log
• Aggregates - Where business rules live
• Projections - read-optimized views, build from the views
• Reactors - side effects
• Snapshot - checkpoints to skip ahead

Bridge the Testing Gap: Mastering BDD with Codeception for Cross-Team Success - Alena Holligan

• Our Projects
  • Gherkins - structured, plain text language
  • Codeception - PHP Testing Framework
• Browser Tools
  • PhpBrowswer
  • Selenium
  • WebDriver
  • Chrome
  • Cloud Based Service
• What and why of BDD
  • BDD - software development methodology that focus on defining the behavior. It involves bering together business, development, and QA stackholders to agree on the user needs and the behavior of the application to ensure the right product
  • advantages
  • Enhanced Collaboration
  • Focus on Business Value
  • Clear and Testable
  • Limitations
  • Initial learning curve
  • Time-consuming setup
  • Overhead in mainteance
  • Requires collaboration
  • Not suitable for all projects
  • Best Practices
  • Write Scenarios Early
  • Focus on One Behavor Per Scenario
  • Resuse Step Definitaions
  • Use Tages
  • Write in a Declarative Way
  • Prioritze Readability and Maintainability
• Projects
  • Codeception
  • Stand alone project to test anything
  • First codeception acceptance test
  • First gherkins feature test
  • Use selenium with Docker
• Acceptables Tests - Page in browser
• Drives "browser" to access things and validate logic

$this->amOnPage('/en/login');
$this->see('Secure Sign in', 'legend');
$this->fillField('#username', $username);
$this->fillField('#password', 'kitten');
$this->click('Sign in');
$this->amOnPage('/en/blog');
$this->see($name, '.nav-link');

@failures
Feature: unauthenticated
  In order to maintain security
  As a casual browser
  I must be redirected to login before any modifications

  Scenario Outline: redirect not logged in
    Given I am not logged in
    When I try to view <page>
    Then I should be redirected to "login"
    Examples:
      | page |
      | "/en/admin/post/" |
      | "/en/admin/post/1/" |
      | "/en/admin/post/1/edit/" |

  Scenario Outline: user does not have access
    Given I am logged in as user
    When I try to view <page>
    Then I should receive error <error>
    Examples:
      | page | error |
      | "/en/admin/post/" | "Access Denied" |
      | "/en/admin/post/1/" | "Access Denied" |
      | "/en/admin/post/1/edit/" | "Access Denied" |
      | "/en/admin/" | "No route found" |
      | "/en/admin/post/1/delete" | "No route found" |

Feature: manageArticles
  In order to maintain our blog
  As an admin
  I need to manage articles

  Background:
    Given I am logged in as admin

  Scenario: admin can addArticles
    Then I should be able to add an article

  Scenario: admin can delete an article
    Then I should be able to delete an article

$id = $this->haveInDatabase('symfony_demo_post', [
    'author_id' => 1,
    'title' => 'test delete',
    'slug' => 'test-delete',
    'summary' => 'test delete summary',
    'content' => 'test delete content',
    'published_at' => date('Y-m-d H:i:s'),
]);
$this->seeInDatabase('symfony_demo_post', ['id' => $id]);
$this->amOnPage('/en/admin/post/' . $id);
$this->see('test delete', 'h1');
$this->submitForm('#delete-form', []);

$this->dontSeeInDatabase('symfony_demo_post', ['id' => $id]);

• https://codeception.com/docs/reference/Locator to understand search
• https://redocly.com/