ci+docs: PHPStan net on the god-files (baselined) + doc refresh#4
Merged
Conversation
Highest-leverage low-risk step from the post-fix re-score: extend PHPStan analysis to download.php, admin.php, auth.php and handlers/ — ~4700 lines of the riskiest, previously-unanalysed code. The 157 pre-existing findings are captured in phpstan-baseline.neon so CI stays green while NEW regressions in those files now fail the build. No runtime code change. Baseline to be shrunk opportunistically as code gets extracted/cleaned. Docs refreshed to match reality: - README: 416/824 -> 441/886 tests. - CHANGELOG: [Unreleased] section documenting the security, perf, build, test and fix work from this cycle. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The highest-leverage, zero-runtime-risk step identified by the post-fix re-score.
PHPStan now analyses the riskiest code
Extended
phpstan.neonpaths todownload.php,admin.php,auth.php,handlers/— ~4700 lines that were never statically analysed (the "level 5 clean" only covered the easy files). The 157 pre-existing findings are baselined (phpstan-baseline.neon) so CI stays green, while new regressions in those files now fail the build. Verified: injecting a type error inhandlers/is caught; removing it returns to clean. No runtime code changes.The baseline is meant to shrink over time — opportunistically, as functions get extracted (the
probe_cache_data()/backup_db()style), not via a big-bang refactor.Docs refreshed
416/824→441/886tests.[Unreleased]section documenting this cycle (security, perf, build, tests, fixes).PHPUnit 441/886 green · PHPStan level 5 clean (with baseline).
🤖 Generated with Claude Code