Feature/package for packagist#62
Conversation
There was a problem hiding this comment.
Code Review
This pull request focuses on improving code quality, type safety, and static analysis across the codebase. It introduces strict parameter and return type declarations, adds comprehensive PHPStan annotations, and implements defensive checks (such as is_array, is_scalar, and is_wp_error) to prevent runtime errors. Additionally, quality check commands were documented in the README, and several features were refactored for better readability. Feedback on these changes highlights a potential PHP warning in SaltusAdminCols.php if get_post_status_object() returns null, as well as a minor indentation inconsistency in Core.php.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces comprehensive type-hinting, return type declarations, and defensive checks across the codebase to achieve a clean PHPStan level 7 run. Key changes include tightening property and method signatures in core services, models, and features, as well as handling potential WordPress errors and type mismatches. The review feedback identifies two important issues: a potential PHP 8.x TypeError in UpdateMenuDragAndDrop.php when parsing the order parameter, and a potential undefined index notice in WalkerTaxonomyDropdown.php if the taxonomy argument is missing.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review :( |
There was a problem hiding this comment.
Code Review
This pull request focuses on tightening type declarations, adding return types, and improving static analysis compliance across the codebase to achieve a clean PHPStan level 7 run. Key feedback points out several critical issues: an undefined variable $hook_name in Core.php that will cause a crash on initialization, a missing authorization check in the AJAX callback within UpdateMenuDragAndDrop.php, and inconsistent usage of raw model names instead of the newly introduced sanitized registration name in PostType.php, Taxonomy.php, and ModelFactory.php. Additionally, get_registration_name() should be made public, and GenericContainer.php needs to be updated to properly pass and handle registered dependencies.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request focuses on tightening types, adding PHPStan type annotations, and improving static analysis compliance across the codebase to reach PHPStan level 7. Key feedback includes addressing a bug in GenericContainer.php where constructor dependencies are ignored during instantiation, fixing a security vulnerability in UpdateMenuDragAndDrop.php due to a missing authorization check on the AJAX callback, and resolving an issue in Taxonomy.php where string-based associations are not properly registered.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request focuses on tightening types, adding property and return type declarations, and updating PHPDoc annotations across the codebase to achieve a clean PHPStan level 7 run. It also updates development dependencies and documents quality checks in the README. The review feedback highlights opportunities to improve usability and code quality, specifically by falling back to plain text instead of rendering empty links when term links are invalid, and by removing unnecessary HTML-escaping and localization from developer-facing exception messages.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
When get_edit_term_link returns null or a WP_Error, the previous code rendered an empty href attribute (<a href="">), which is confusing for screen readers and provides no usable navigation. Now falls back to rendering just the escaped term name without a link, matching the behavior used when the user lacks edit_terms capability.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request focuses on tightening types, adding PHPStan type annotations, and improving overall code quality across the repository to achieve a clean PHPStan level 7 run. Key changes include adding strict type declarations, return types, and parameter types across core files, features, and infrastructure classes, as well as upgrading dev dependencies. The review feedback identifies a critical security vulnerability where the AJAX handler in UpdateMenuDragAndDrop.php lacks a user capability check, allowing unauthorized users to modify the menu order. Additionally, it is recommended to cast $post->menu_order to an integer in SaltusDragAndDrop.php to prevent potential SQL injection or malformed queries.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Cast $post->menu_order to (int) in previous_post_where() and next_post_where() to prevent SQL injection or malformed queries from unexpected property data.
|
/gemini review 🤞 |
There was a problem hiding this comment.
Code Review
This pull request refactors the codebase to achieve a clean PHPStan level 7 run by tightening types, adding return types, and updating annotations across various services, models, and features. It also introduces a get_registration_name() method in BaseModel to sanitize model names for WordPress registration. The reviewer recommends validating WordPress length limits (20 characters for post types and 32 for taxonomies) within this new method to prevent silent registration failures.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
…name() WordPress imposes strict length limits on registered keys: 20 characters for post types and 32 characters for taxonomies. The get_registration_name() method now validates these limits based on the model type to prevent silent registration failures or database errors.
|
/gemini review 🤞 |
There was a problem hiding this comment.
Code Review
This pull request focuses on tightening type safety, adding type hints, and improving static analysis compliance across the codebase, alongside updating development dependencies. Key changes include adding parameter and return types, introducing defensive type checks, and adding a sanitized model name resolver for WordPress APIs. The review feedback highlights a critical signature compatibility issue in WalkerTaxonomyDropdown::start_el that would cause a PHP Fatal Error, as well as opportunities to clean up an exception message in Core.php and correct an instance call of a static method in ModelFactory.php.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
The parent class Walker::start_el does not declare a return type. Adding : void in the child causes a PHP fatal error at runtime due to incompatible signature.
The Assembly interface declares make() as a static method. Calling it via -> works but is a code smell flagged by static analysis. Use :: for clarity.
Exception messages are developer-facing and logged in system logs or CLI environments. HTML escaping with esc_html__ or esc_html makes them harder to read and is unnecessary.
The hook name is built from class constants and can never be empty. Remove the guard clause that checked for this impossible condition.
Add @return void annotation to start_el method.
Add PHPDoc param annotation for GenericContainer::instantiate. Add PHPStan var annotations for type refinement in AssetManager.
Add abstract get_type method to BaseModel to formalize the contract already required by the Model interface. Add phpcs ignore annotations for developer-facing exception messages.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request focuses on tightening type safety and improving PHPStan static analysis compliance across the codebase. Key changes include adding property, parameter, and return type hints to core classes, models, and features, as well as introducing model name validation via get_registration_name(). Additionally, development dependencies were updated, and quality check commands were documented in the README. The review feedback suggests explicitly casting the filtered $priority value to an integer in src/Core.php to guarantee type safety.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request refactors the codebase to achieve a clean PHPStan level 7 run by tightening type declarations, adding parameter and return types, and introducing runtime checks to prevent type errors. It also introduces a sanitized get_registration_name() method in BaseModel to ensure safe WordPress registration. The review feedback points out critical inconsistencies where the unsanitized $cpt->name is still used instead of $cpt->get_registration_name(), specifically when initializing 'meta' and 'settings' services in ModelFactory.php and within the enter_title_here() method in PostType.php.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request focuses on improving type safety and bringing the codebase up to PHPStan level 7 compliance. Key changes include adding strict parameter, property, and return type declarations across all core features, infrastructure, and model files, alongside introducing defensive type checks and detailed PHPDoc annotations. Additionally, development dependencies in composer.json have been updated, quality check instructions have been documented in the README.md, and a new get_registration_name() method has been introduced in BaseModel to sanitize and validate model names during registration. I have no feedback to provide as there are no review comments.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Extract the repeated Setup PHP / Get Composer cache directory / Cache Composer packages pattern into a reusable composite action at .github/actions/php-setup/. All three existing jobs that used the pattern now reference the action, reducing boilerplate and ensuring consistent configuration. Add a composer-audit job that runs composer audit after Composer validation, checking for known security vulnerabilities.
Add more checks and type safety