app/Config/App.php

 <?php
 
+declare(strict_types=1);
+
 namespace Config;
 
 use CodeIgniter\Config\BaseConfig;
+use Override;
 
 class App extends BaseConfig
 {
-    /*
-	|--------------------------------------------------------------------------
-	| Base Site URL
-	|--------------------------------------------------------------------------
-	|
-	| URL to your CodeIgniter root. Typically this will be your base URL,
-	| WITH a trailing slash:
-	|
-	|	http://example.com/
-	|
-	| If this is not set then CodeIgniter will try guess the protocol, domain
-	| and path to your installation. However, you should always configure this
-	| explicitly and never rely on auto-guessing, especially in production
-	| environments.
-	|
-	*/
-    public $baseURL = 'http://localhost:8080/';
+    /**
+     * --------------------------------------------------------------------------
+     * Base Site URL
+     * --------------------------------------------------------------------------
+     *
+     * URL to your CodeIgniter root. Typically, this will be your base URL,
+     * WITH a trailing slash:
+     *
+     * E.g., http://example.com/
+     */
+    public string $baseURL = 'http://localhost:8080/';
 
-    /*
-	|--------------------------------------------------------------------------
-	| Index File
-	|--------------------------------------------------------------------------
-	|
-	| Typically this will be your index.php file, unless you've renamed it to
-	| something else. If you are using mod_rewrite to remove the page set this
-	| variable so that it is blank.
-	|
-	*/
-    public $indexPage = 'index.php';
+    /**
+     * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
+     * If you want to accept multiple Hostnames, set this.
+     *
+     * E.g.,
+     * When your site URL ($baseURL) is 'http://example.com/', and your site
+     * also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
+     *     ['media.example.com', 'accounts.example.com']
+     *
+     * @var list<string>
+     */
+    public array $allowedHostnames = [];
 
-    /*
-	|--------------------------------------------------------------------------
-	| URI PROTOCOL
-	|--------------------------------------------------------------------------
-	|
-	| This item determines which getServer global should be used to retrieve the
-	| URI string.  The default setting of 'REQUEST_URI' works for most servers.
-	| If your links do not seem to work, try one of the other delicious flavors:
-	|
-	| 'REQUEST_URI'    Uses $_SERVER['REQUEST_URI']
-	| 'QUERY_STRING'   Uses $_SERVER['QUERY_STRING']
-	| 'PATH_INFO'      Uses $_SERVER['PATH_INFO']
-	|
-	| WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
-	*/
-    public $uriProtocol = 'REQUEST_URI';
+    /**
+     * --------------------------------------------------------------------------
+     * Index File
+     * --------------------------------------------------------------------------
+     *
+     * Typically, this will be your `index.php` file, unless you've renamed it to
+     * something else. If you have configured your web server to remove this file
+     * from your site URIs, set this variable to an empty string.
+     */
+    public string $indexPage = '';
 
-    /*
-	|--------------------------------------------------------------------------
-	| Default Locale
-	|--------------------------------------------------------------------------
-	|
-	| The Locale roughly represents the language and location that your visitor
-	| is viewing the site from. It affects the language strings and other
-	| strings (like currency markers, numbers, etc), that your program
-	| should run under for this request.
-	|
-	*/
-    public $defaultLocale = 'en';
+    /**
+     * --------------------------------------------------------------------------
+     * URI PROTOCOL
+     * --------------------------------------------------------------------------
+     *
+     * This item determines which server global should be used to retrieve the
+     * URI string. The default setting of 'REQUEST_URI' works for most servers.
+     * If your links do not seem to work, try one of the other delicious flavors:
+     *
+     *  'REQUEST_URI': Uses $_SERVER['REQUEST_URI']
+     * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING']
+     *    'PATH_INFO': Uses $_SERVER['PATH_INFO']
+     *
+     * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
+     */
+    public string $uriProtocol = 'REQUEST_URI';
 
     /*
-	|--------------------------------------------------------------------------
-	| Negotiate Locale
-	|--------------------------------------------------------------------------
-	|
-	| If true, the current Request object will automatically determine the
-	| language to use based on the value of the Accept-Language header.
-	|
-	| If false, no automatic detection will be performed.
-	|
-	*/
-    public $negotiateLocale = true;
+    *--------------------------------------------------------------------------
+    * Allowed URL Characters
+    *--------------------------------------------------------------------------
+    *
+    * This lets you specify which characters are permitted within your URLs.
+    * When someone tries to submit a URL with disallowed characters they will
+    * get a warning message.
+    *
+    * As a security measure you are STRONGLY encouraged to restrict URLs to
+    * as few characters as possible.
+    *
+    * By default, only these are allowed: `a-z 0-9~%.:_-`
+    *
+    * Set an empty string to allow all characters -- but only if you are insane.
+    *
+    * The configured value is actually a regular expression character group
+    * and it will be used as: '/\A[<permittedURIChars>]+\z/iu'
+    *
+    * DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
+    *
+    */
+    public string $permittedURIChars = 'a-z 0-9~%.:_\-@';
 
-    /*
-	|--------------------------------------------------------------------------
-	| Supported Locales
-	|--------------------------------------------------------------------------
-	|
-	| If $negotiateLocale is true, this array lists the locales supported
-	| by the application in descending order of priority. If no match is
-	| found, the first locale will be used.
-	|
-	*/
-    public $supportedLocales = ['en'];
+    /**
+     * --------------------------------------------------------------------------
+     * Default Locale
+     * --------------------------------------------------------------------------
+     *
+     * The Locale roughly represents the language and location that your visitor
+     * is viewing the site from. It affects the language strings and other
+     * strings (like currency markers, numbers, etc), that your program
+     * should run under for this request.
+     */
+    public string $defaultLocale = 'en';
 
-    /*
-	|--------------------------------------------------------------------------
-	| Application Timezone
-	|--------------------------------------------------------------------------
-	|
-	| The default timezone that will be used in your application to display
-	| dates with the date helper, and can be retrieved through app_timezone()
-	|
-	*/
-    public $appTimezone = 'America/Chicago';
+    /**
+     * --------------------------------------------------------------------------
+     * Negotiate Locale
+     * --------------------------------------------------------------------------
+     *
+     * If true, the current Request object will automatically determine the
+     * language to use based on the value of the Accept-Language header.
+     *
+     * If false, no automatic detection will be performed.
+     */
+    public bool $negotiateLocale = true;
 
-    /*
-	|--------------------------------------------------------------------------
-	| Default Character Set
-	|--------------------------------------------------------------------------
-	|
-	| This determines which character set is used by default in various methods
-	| that require a character set to be provided.
-	|
-	| See http://php.net/htmlspecialchars for a list of supported charsets.
-	|
-	*/
-    public $charset = 'UTF-8';
+    /**
+     * --------------------------------------------------------------------------
+     * Supported Locales
+     * --------------------------------------------------------------------------
+     *
+     * If $negotiateLocale is true, this array lists the locales supported
+     * by the application in descending order of priority. If no match is
+     * found, the first locale will be used.
+     *
+     * IncomingRequest::setLocale() also uses this list.
+     *
+     * @var list<string>
+     */
+    public array $supportedLocales = [
+        'en',
+        'fr',
+        'pl',
+        'de',
+        'pt-br',
+        'nn-no',
+        'es',
+        'zh-hans',
+        'ca',
+        'br',
+        'sr-latn',
+    ];
 
-    /*
-	|--------------------------------------------------------------------------
-	| URI PROTOCOL
-	|--------------------------------------------------------------------------
-	|
-	| If true, this will force every request made to this application to be
-	| made via a secure connection (HTTPS). If the incoming request is not
-	| secure, the user will be redirected to a secure version of the page
-	| and the HTTP Strict Transport Security header will be set.
-	*/
-    public $forceGlobalSecureRequests = false;
+    /**
+     * --------------------------------------------------------------------------
+     * Application Timezone
+     * --------------------------------------------------------------------------
+     *
+     * The default timezone that will be used in your application to display
+     * dates with the date helper, and can be retrieved through app_timezone()
+     *
+     * @see https://www.php.net/manual/en/timezones.php for list of timezones
+     *      supported by PHP.
+     */
+    public string $appTimezone = 'UTC';
 
-    /*
-	|--------------------------------------------------------------------------
-	| Session Variables
-	|--------------------------------------------------------------------------
-	|
-	| 'sessionDriver'
-	|
-	|	The storage driver to use: files, database, redis, memcached
-	|       - CodeIgniter\Session\Handlers\FileHandler
-	|       - CodeIgniter\Session\Handlers\DatabaseHandler
-	|       - CodeIgniter\Session\Handlers\MemcachedHandler
-	|       - CodeIgniter\Session\Handlers\RedisHandler
-	|
-	| 'sessionCookieName'
-	|
-	|	The session cookie name, must contain only [0-9a-z_-] characters
-	|
-	| 'sessionExpiration'
-	|
-	|	The number of SECONDS you want the session to last.
-	|	Setting to 0 (zero) means expire when the browser is closed.
-	|
-	| 'sessionSavePath'
-	|
-	|	The location to save sessions to, driver dependent.
-	|
-	|	For the 'files' driver, it's a path to a writable directory.
-	|	WARNING: Only absolute paths are supported!
-	|
-	|	For the 'database' driver, it's a table name.
-	|	Please read up the manual for the format with other session drivers.
-	|
-	|	IMPORTANT: You are REQUIRED to set a valid save path!
-	|
-	| 'sessionMatchIP'
-	|
-	|	Whether to match the user's IP address when reading the session data.
-	|
-	|	WARNING: If you're using the database driver, don't forget to update
-	|	         your session table's PRIMARY KEY when changing this setting.
-	|
-	| 'sessionTimeToUpdate'
-	|
-	|	How many seconds between CI regenerating the session ID.
-	|
-	| 'sessionRegenerateDestroy'
-	|
-	|	Whether to destroy session data associated with the old session ID
-	|	when auto-regenerating the session ID. When set to FALSE, the data
-	|	will be later deleted by the garbage collector.
-	|
-	| Other session cookie settings are shared with the rest of the application,
-	| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
-	|
-	*/
-    public $sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler';
-    public $sessionCookieName = 'ci_session';
-    public $sessionExpiration = 7200;
-    public $sessionSavePath = WRITEPATH . 'session';
-    public $sessionMatchIP = false;
-    public $sessionTimeToUpdate = 300;
-    public $sessionRegenerateDestroy = false;
+    /**
+     * --------------------------------------------------------------------------
+     * Default Character Set
+     * --------------------------------------------------------------------------
+     *
+     * This determines which character set is used by default in various methods
+     * that require a character set to be provided.
+     *
+     * @see http://php.net/htmlspecialchars for a list of supported charsets.
+     */
+    public string $charset = 'UTF-8';
 
-    /*
-	|--------------------------------------------------------------------------
-	| Cookie Related Variables
-	|--------------------------------------------------------------------------
-	|
-	| 'cookiePrefix'   = Set a cookie name prefix if you need to avoid collisions
-	| 'cookieDomain'   = Set to .your-domain.com for site-wide cookies
-	| 'cookiePath'     = Typically will be a forward slash
-	| 'cookieSecure'   = Cookie will only be set if a secure HTTPS connection exists.
-	| 'cookieHTTPOnly' = Cookie will only be accessible via HTTP(S) (no javascript)
-	|
-	| Note: These settings (with the exception of 'cookie_prefix' and
-	|       'cookie_httponly') will also affect sessions.
-	|
-	*/
-    public $cookiePrefix = '';
-    public $cookieDomain = '';
-    public $cookiePath = '/';
-    public $cookieSecure = false;
-    public $cookieHTTPOnly = false;
+    /**
+     * --------------------------------------------------------------------------
+     * URI PROTOCOL
+     * --------------------------------------------------------------------------
+     *
+     * If true, this will force every request made to this application to be
+     * made via a secure connection (HTTPS). If the incoming request is not
+     * secure, the user will be redirected to a secure version of the page
+     * and the HTTP Strict Transport Security (HSTS) header will be set.
+     */
+    public bool $forceGlobalSecureRequests = true;
 
-    /*
-	|--------------------------------------------------------------------------
-	| Reverse Proxy IPs
-	|--------------------------------------------------------------------------
-	|
-	| If your server is behind a reverse proxy, you must whitelist the proxy
-	| IP addresses from which CodeIgniter should trust headers such as
-	| HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify
-	| the visitor's IP address.
-	|
-	| You can use both an array or a comma-separated list of proxy addresses,
-	| as well as specifying whole subnets. Here are a few examples:
-	|
-	| Comma-separated:	'10.0.1.200,192.168.5.0/24'
-	| Array:		array('10.0.1.200', '192.168.5.0/24')
-	*/
-    public $proxyIPs = '';
+    /**
+     * --------------------------------------------------------------------------
+     * Reverse Proxy IPs
+     * --------------------------------------------------------------------------
+     *
+     * If your server is behind a reverse proxy, you must whitelist the proxy
+     * IP addresses from which CodeIgniter should trust headers such as
+     * X-Forwarded-For or Client-IP in order to properly identify
+     * the visitor's IP address.
+     *
+     * You need to set a proxy IP address or IP address with subnets and
+     * the HTTP header for the client IP address.
+     *
+     * Here are some examples:
+     *     [
+     *         '10.0.1.200'     => 'X-Forwarded-For',
+     *         '192.168.5.0/24' => 'X-Real-IP',
+     *     ]
+     *
+     * @var array<string, string>|string
+     */
+    public $proxyIPs = [];
 
-    /*
-	|--------------------------------------------------------------------------
-	| Cross Site Request Forgery
-	|--------------------------------------------------------------------------
-	| Enables a CSRF cookie token to be set. When set to TRUE, token will be
-	| checked on a submitted form. If you are accepting user data, it is strongly
-	| recommended CSRF protection be enabled.
-	|
-	| CSRFTokenName   = The token name
-	| CSRFHeaderName  = The header name
-	| CSRFCookieName  = The cookie name
-	| CSRFExpire      = The number in seconds the token should expire.
-	| CSRFRegenerate  = Regenerate token on every submission
-	| CSRFRedirect    = Redirect to previous page with error on failure
-	*/
-    public $CSRFTokenName = 'csrf_test_name';
-    public $CSRFHeaderName = 'X-CSRF-TOKEN';
-    public $CSRFCookieName = 'csrf_cookie_name';
-    public $CSRFExpire = 7200;
-    public $CSRFRegenerate = true;
-    public $CSRFRedirect = true;
+    /**
+     * --------------------------------------------------------------------------
+     * Content Security Policy
+     * --------------------------------------------------------------------------
+     *
+     * Enables the Response's Content Secure Policy to restrict the sources that
+     * can be used for images, scripts, CSS files, audio, video, etc. If enabled,
+     * the Response object will populate default values for the policy from the
+     * `ContentSecurityPolicy.php` file. Controllers can always add to those
+     * restrictions at run time.
+     *
+     * For a better understanding of CSP, see these documents:
+     *
+     * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+     * @see http://www.w3.org/TR/CSP/
+     */
+    public bool $CSPEnabled = false;
 
-    /*
-	|--------------------------------------------------------------------------
-	| Content Security Policy
-	|--------------------------------------------------------------------------
-	| Enables the Response's Content Secure Policy to restrict the sources that
-	| can be used for images, scripts, CSS files, audio, video, etc. If enabled,
-	| the Response object will populate default values for the policy from the
-	| ContentSecurityPolicy.php file. Controllers can always add to those
-	| restrictions at run time.
-	|
-	| For a better understanding of CSP, see these documents:
-	|   - http://www.html5rocks.com/en/tutorials/security/content-security-policy/
-	|   - http://www.w3.org/TR/CSP/
-	*/
-    public $CSPEnabled = false;
+    /**
+     * --------------------------------------------------------------------------
+     * Instance / Site Config
+     * --------------------------------------------------------------------------
+     */
+    public string $siteName = 'Castopod';
+
+    public string $siteTitleSeparator = ' | ';
+
+    public string $siteDescription = 'Castopod is an open-source hosting platform made for podcasters who want engage and interact with their audience.';
+
+    /**
+     * @var array<int|string, string>
+     */
+    public array $siteIcon = [
+        'ico' => '/favicon.ico',
+        '64'  => '/icon-64.png',
+        '180' => '/icon-180.png',
+        '192' => '/icon-192.png',
+        '512' => '/icon-512.png',
+    ];
+
+    public string $theme = 'pine';
+
+    /**
+     * Storage limit in Gigabytes
+     */
+    public ?int $storageLimit = null;
+
+    /**
+     * Bandwidth limit (per month) in Gigabytes
+     */
+    public ?int $bandwidthLimit = null;
+
+    public ?string $legalNoticeURL = null;
+
+    /**
+     * AuthToken Config Constructor
+     */
+    public function __construct()
+    {
+        parent::__construct();
+
+        if (is_string($this->proxyIPs)) {
+            $array = json_decode($this->proxyIPs, true);
+            if (is_array($array)) {
+                $this->proxyIPs = $array;
+            }
+        }
+    }
+
+    /**
+     * Override parent initEnvValue() to allow for direct setting to array properties values from ENV
+     *
+     * In order to set array properties via ENV vars we need to set the property to a string value first.
+     *
+     * @param mixed $property
+     */
+    #[Override]
+    protected function initEnvValue(&$property, string $name, string $prefix, string $shortPrefix): void
+    {
+        // if attempting to set property from ENV, first set to empty string
+        if ($name === 'proxyIPs' && $this->getEnvValue($name, $prefix, $shortPrefix) !== null) {
+            $property = '';
+        }
+
+        parent::initEnvValue($property, $name, $prefix, $shortPrefix);
+    }
 }

app/Config/Autoload.php

 <?php
 
+declare(strict_types=1);
+
 namespace Config;
 
-require_once SYSTEMPATH . 'Config/AutoloadConfig.php';
+use CodeIgniter\Config\AutoloadConfig;
 
 /**
  * -------------------------------------------------------------------
  * AUTO-LOADER
  * -------------------------------------------------------------------
+ *
  * This file defines the namespaces and class maps so the Autoloader
  * can find the files as needed.
+ *
+ * NOTE: If you use an identical key in $psr4 or $classmap, then
+ * the values in this file will overwrite the framework's values.
+ *
+ * @immutable
  */
-class Autoload extends \CodeIgniter\Config\AutoloadConfig
+class Autoload extends AutoloadConfig
 {
+    /**
+     * -------------------------------------------------------------------
+     * Namespaces
+     * -------------------------------------------------------------------
+     * This maps the locations of any namespaces in your application to
+     * their location on the file system. These are used by the autoloader
+     * to locate files the first time they have been instantiated.
+     *
+     * The 'Config' (APPPATH . 'Config') and 'CodeIgniter' (SYSTEMPATH) are
+     * already mapped for you.
+     *
+     * You may change the name of the 'App' namespace if you wish,
+     * but this should be done prior to creating any namespaced classes,
+     * else you will need to modify all of those classes for this to work.
+     *
+     * @var array<string, list<string>|string>
+     */
     public $psr4 = [
-        'App' => APPPATH,
+        APP_NAMESPACE             => APPPATH,
+        'Modules'                 => ROOTPATH . 'modules/',
+        'Modules\Admin'           => ROOTPATH . 'modules/Admin/',
+        'Modules\Analytics'       => ROOTPATH . 'modules/Analytics/',
+        'Modules\Api\Rest\V1'     => ROOTPATH . 'modules/Api/Rest/V1',
+        'Modules\Auth'            => ROOTPATH . 'modules/Auth/',
+        'Modules\Fediverse'       => ROOTPATH . 'modules/Fediverse/',
+        'Modules\Install'         => ROOTPATH . 'modules/Install/',
+        'Modules\Media'           => ROOTPATH . 'modules/Media/',
+        'Modules\MediaClipper'    => ROOTPATH . 'modules/MediaClipper/',
+        'Modules\Platforms'       => ROOTPATH . 'modules/Platforms/',
+        'Modules\Plugins'         => ROOTPATH . 'modules/Plugins/',
+        'Modules\PodcastImport'   => ROOTPATH . 'modules/PodcastImport/',
+        'Modules\PremiumPodcasts' => ROOTPATH . 'modules/PremiumPodcasts/',
+        'Modules\Update'          => ROOTPATH . 'modules/Update/',
+        'Modules\WebSub'          => ROOTPATH . 'modules/WebSub/',
+        'Themes'                  => ROOTPATH . 'themes',
+        'ViewComponents'          => APPPATH . 'Libraries/ViewComponents/',
+        'ViewThemes'              => APPPATH . 'Libraries/ViewThemes/',
     ];
 
+    /**
+     * -------------------------------------------------------------------
+     * -------------------------------------------------------------------
+     * The class map provides a map of class names and their exact
+     * location on the drive. Classes loaded in this manner will have
+     * slightly faster performance because they will not have to be
+     * searched for within one or more directories as they would if they
+     * were being autoloaded through a namespace.
+     *
+     * Prototype:
+     *
+     *   $classmap = [
+     *       'MyClass'   => '/path/to/class/file.php'
+     *   ];
+     *
+     * @var array<string, string>
+     */
     public $classmap = [];
 
-    //--------------------------------------------------------------------
-
     /**
-     * Collects the application-specific autoload settings and merges
-     * them with the framework's required settings.
+     * -------------------------------------------------------------------
+     * Files
+     * -------------------------------------------------------------------
+     * The files array provides a list of paths to __non-class__ files
+     * that will be autoloaded. This can be useful for bootstrap operations
+     * or for loading functions.
+     *
+     * Prototype:
+     *
+     *	  $files = [
+     *	 	   '/path/to/my/file.php',
+     *    ];
      *
-     * NOTE: If you use an identical key in $psr4 or $classmap, then
-     * the values in this file will overwrite the framework's values.
+     * @var list<string>
      */
-    public function __construct()
-    {
-        parent::__construct();
-
-        /**
-         * -------------------------------------------------------------------
-         * Namespaces
-         * -------------------------------------------------------------------
-         * This maps the locations of any namespaces in your application
-         * to their location on the file system. These are used by the
-         * Autoloader to locate files the first time they have been instantiated.
-         *
-         * The '/app' and '/system' directories are already mapped for
-         * you. You may change the name of the 'App' namespace if you wish,
-         * but this should be done prior to creating any namespaced classes,
-         * else you will need to modify all of those classes for this to work.
-         *
-         * DO NOT change the name of the CodeIgniter namespace or your application
-         * WILL break. *
-         * Prototype:
-         *
-         *   $Config['psr4'] = [
-         *       'CodeIgniter' => SYSPATH
-         *   `];
-         */
-        $psr4 = [
-            'App' => APPPATH, // To ensure filters, etc still found,
-            APP_NAMESPACE => APPPATH, // For custom namespace
-            'Config' => APPPATH . 'Config',
-        ];
-
-        /**
-         * -------------------------------------------------------------------
-         * Class Map
-         * -------------------------------------------------------------------
-         * The class map provides a map of class names and their exact
-         * location on the drive. Classes loaded in this manner will have
-         * slightly faster performance because they will not have to be
-         * searched for within one or more directories as they would if they
-         * were being autoloaded through a namespace.
-         *
-         * Prototype:
-         *
-         *   $Config['classmap'] = [
-         *       'MyClass'   => '/path/to/class/file.php'
-         *   ];
-         */
-        $classmap = [];
-
-        //--------------------------------------------------------------------
-        // Do Not Edit Below This Line
-        //--------------------------------------------------------------------
+    public $files = [];
 
-        $this->psr4 = array_merge($this->psr4, $psr4);
-        $this->classmap = array_merge($this->classmap, $classmap);
-
-        unset($psr4, $classmap);
-    }
-
-    //--------------------------------------------------------------------
+    /**
+     * -------------------------------------------------------------------
+     * Helpers
+     * -------------------------------------------------------------------
+     * Prototype:
+     *   $helpers = [
+     *       'form',
+     *   ];
+     *
+     * @var list<string>
+     */
+    public $helpers = ['auth', 'setting', 'plugins'];
 }

app/Config/Boot/development.php

 <?php
-/*
-  |--------------------------------------------------------------------------
-  | ERROR DISPLAY
-  |--------------------------------------------------------------------------
-  | In development, we want to show as many errors as possible to help
-  | make sure they don't make it to production. And save us hours of
-  | painful debugging.
+
+declare(strict_types=1);
+
+/**
+ * --------------------------------------------------------------------------
+ * ERROR DISPLAY
+ * --------------------------------------------------------------------------
+ * In development, we want to show as many errors as possible to help
+ * make sure they don't make it to production. And save us hours of
+ * painful debugging.
+ *
+ * If you set 'display_errors' to '1', CI4's detailed error report will show.
  */
-error_reporting(-1);
+error_reporting(E_ALL);
 ini_set('display_errors', '1');
 
-/*
-  |--------------------------------------------------------------------------
-  | DEBUG BACKTRACES
-  |--------------------------------------------------------------------------
-  | If true, this constant will tell the error screens to display debug
-  | backtraces along with the other error information. If you would
-  | prefer to not see this, set this value to false.
+/**
+ * --------------------------------------------------------------------------
+ * DEBUG BACKTRACES
+ * --------------------------------------------------------------------------
+ * If true, this constant will tell the error screens to display debug
+ * backtraces along with the other error information. If you would
+ * prefer to not see this, set this value to false.
  */
 defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
 
-/*
-  |--------------------------------------------------------------------------
-  | DEBUG MODE
-  |--------------------------------------------------------------------------
-  | Debug mode is an experimental flag that can allow changes throughout
-  | the system. This will control whether Kint is loaded, and a few other
-  | items. It can always be used within your own application too.
+/**
+ * --------------------------------------------------------------------------
+ * DEBUG MODE
+ * --------------------------------------------------------------------------
+ * Debug mode is an experimental flag that can allow changes throughout
+ * the system. This will control whether Kint is loaded, and a few other
+ * items. It can always be used within your own application too.
  */
-
-defined('CI_DEBUG') || define('CI_DEBUG', 1);
+defined('CI_DEBUG') || define('CI_DEBUG', true);

app/Config/Boot/production.php

 <?php
 
-/*
-  |--------------------------------------------------------------------------
-  | ERROR DISPLAY
-  |--------------------------------------------------------------------------
-  | Don't show ANY in production environments. Instead, let the system catch
-  | it and display a generic error message.
+declare(strict_types=1);
+
+/**
+ * --------------------------------------------------------------------------
+ * ERROR DISPLAY
+ * --------------------------------------------------------------------------
+ * Don't show ANY in production environments. Instead, let the system catch
+ * it and display a generic error message.
+ *
+ * If you set 'display_errors' to '1', CI4's detailed error report will show.
  */
+error_reporting(E_ALL & ~E_DEPRECATED);
+// If you want to suppress more types of errors.
+// error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
 ini_set('display_errors', '0');
-error_reporting(
-    E_ALL &
-        ~E_NOTICE &
-        ~E_DEPRECATED &
-        ~E_STRICT &
-        ~E_USER_NOTICE &
-        ~E_USER_DEPRECATED
-);
 
-/*
-  |--------------------------------------------------------------------------
-  | DEBUG MODE
-  |--------------------------------------------------------------------------
-  | Debug mode is an experimental flag that can allow changes throughout
-  | the system. It's not widely used currently, and may not survive
-  | release of the framework.
+/**
+ * --------------------------------------------------------------------------
+ * DEBUG MODE
+ * --------------------------------------------------------------------------
+ * Debug mode is an experimental flag that can allow changes throughout
+ * the system. It's not widely used currently, and may not survive
+ * release of the framework.
  */
-
-defined('CI_DEBUG') || define('CI_DEBUG', 0);
+defined('CI_DEBUG') || define('CI_DEBUG', false);

app/Config/Boot/testing.php

 <?php
 
+declare(strict_types=1);
+
 /*
-  |--------------------------------------------------------------------------
-  | ERROR DISPLAY
-  |--------------------------------------------------------------------------
-  | In development, we want to show as many errors as possible to help
-  | make sure they don't make it to production. And save us hours of
-  | painful debugging.
+ * The environment testing is reserved for PHPUnit testing. It has special
+ * conditions built into the framework at various places to assist with that.
+ * You can’t use it for your development.
+ */
+
+/**
+ * --------------------------------------------------------------------------
+ * ERROR DISPLAY
+ * --------------------------------------------------------------------------
+ * In development, we want to show as many errors as possible to help
+ * make sure they don't make it to production. And save us hours of
+ * painful debugging.
  */
-error_reporting(-1);
+error_reporting(E_ALL);
 ini_set('display_errors', '1');
 
-/*
-  |--------------------------------------------------------------------------
-  | DEBUG BACKTRACES
-  |--------------------------------------------------------------------------
-  | If true, this constant will tell the error screens to display debug
-  | backtraces along with the other error information. If you would
-  | prefer to not see this, set this value to false.
+/**
+ * --------------------------------------------------------------------------
+ * DEBUG BACKTRACES
+ * --------------------------------------------------------------------------
+ * If true, this constant will tell the error screens to display debug
+ * backtraces along with the other error information. If you would
+ * prefer to not see this, set this value to false.
  */
 defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
 
-/*
-  |--------------------------------------------------------------------------
-  | DEBUG MODE
-  |--------------------------------------------------------------------------
-  | Debug mode is an experimental flag that can allow changes throughout
-  | the system. It's not widely used currently, and may not survive
-  | release of the framework.
+/**
+ * --------------------------------------------------------------------------
+ * DEBUG MODE
+ * --------------------------------------------------------------------------
+ * Debug mode is an experimental flag that can allow changes throughout
+ * the system. It's not widely used currently, and may not survive
+ * release of the framework.
  */
-
-defined('CI_DEBUG') || define('CI_DEBUG', 1);
+defined('CI_DEBUG') || define('CI_DEBUG', true);

app/Config/CURLRequest.php

+<?php
+
+declare(strict_types=1);
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class CURLRequest extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * CURLRequest Share Options
+     * --------------------------------------------------------------------------
+     *
+     * Whether share options between requests or not.
+     *
+     * If true, all the options won't be reset between requests.
+     * It may cause an error request with unnecessary headers.
+     */
+    public bool $shareOptions = false;
+}

app/Config/Cookie.php

+<?php
+
+declare(strict_types=1);
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use DateTimeInterface;
+
+class Cookie extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Prefix
+     * --------------------------------------------------------------------------
+     *
+     * Set a cookie name prefix if you need to avoid collisions.
+     */
+    public string $prefix = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Expires Timestamp
+     * --------------------------------------------------------------------------
+     *
+     * Default expires timestamp for cookies. Setting this to `0` will mean the
+     * cookie will not have the `Expires` attribute and will behave as a session
+     * cookie.
+     */
+    public DateTimeInterface | int | string $expires = 0;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Path
+     * --------------------------------------------------------------------------
+     *
+     * Typically will be a forward slash.
+     */
+    public string $path = '/';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Domain
+     * --------------------------------------------------------------------------
+     *
+     * Set to `.your-domain.com` for site-wide cookies.
+     */
+    public string $domain = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Secure
+     * --------------------------------------------------------------------------
+     *
+     * Cookie will only be set if a secure HTTPS connection exists.
+     */
+    public bool $secure = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie HTTPOnly
+     * --------------------------------------------------------------------------
+     *
+     * Cookie will only be accessible via HTTP(S) (no JavaScript).
+     */
+    public bool $httponly = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie SameSite
+     * --------------------------------------------------------------------------
+     *
+     * Configure cookie SameSite setting. Allowed values are:
+     * - None
+     * - Lax
+     * - Strict
+     * - ''
+     *
+     * Alternatively, you can use the constant names:
+     * - `Cookie::SAMESITE_NONE`
+     * - `Cookie::SAMESITE_LAX`
+     * - `Cookie::SAMESITE_STRICT`
+     *
+     * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
+     * (empty string) means default SameSite attribute set by browsers (`Lax`)
+     * will be set on cookies. If set to `None`, `$secure` must also be set.
+     *
+     * @phpstan-var 'None'|'Lax'|'Strict'|''
+     */
+    public string $samesite = 'Lax';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Raw
+     * --------------------------------------------------------------------------
+     *
+     * This flag allows setting a "raw" cookie, i.e., its name and value are
+     * not URL encoded using `rawurlencode()`.
+     *
+     * If this is set to `true`, cookie names should be compliant of RFC 2616's
+     * list of allowed characters.
+     *
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
+     * @see https://tools.ietf.org/html/rfc2616#section-2.2
+     */
+    public bool $raw = false;
+}