Merged
Conversation
- **Wrapped 8 raw `grep -r` file-discovery calls with `run_with_timeout "$MAX_SCAN_TIME"`**
- These one-off check sections lacked any timeout protection and could stall indefinitely
- Aggregated pattern detection (Magic String Detector) was already protected; these checks were not
- **Affected checks:**
- `AJAX_FILES` — wp_ajax handlers without nonce validation (line ~4216)
- `TERMS_FILES` — get_terms without number limit (line ~4617)
- `CRON_FILES` — Unvalidated cron intervals (line ~5024)
- `N1_FILES` — N+1 meta-in-loop patterns (line ~5271, pipeline: timeout wraps first recursive grep)
- `THANKYOU_CONTEXT_FILES` — WooCommerce coupon logic in thank-you context (line ~5463)
- `SMART_COUPONS_FILES` — WooCommerce Smart Coupons detection (line ~5554)
- `PERF_RISK_FILES` — WooCommerce Smart Coupons performance risk (line ~5566)
- `JSON_RESPONSE_FILES` — HTML-escaping in JSON response URL fields (line ~5633)
- **Behavior on timeout:** Check returns empty result, reports "passed," scan continues
- **Impact:** Eliminates "apparent hang" reports on small/medium repositories where a single check stalled
- **No new functions or abstractions** — reuses existing `run_with_timeout` infrastructure
Replaces Linux runners with macOS to resolve persistent CI failures. Updates jq install step to use brew with a pre-installed check fallback. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Enables CI to run on every push to development so failures can be caught and iterated on without requiring a PR or manual dispatch. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces file-specific log ignores with a blanket dist/logs/ rule and removes the tracked .gitkeep. Logs are runtime artifacts and should never appear in the repo. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add timeout-minutes: 10 as job-level safety net - Add --skip-magic-strings to prevent the known CI hang at that step - Narrow --paths to dist/bin dist/lib (skip test fixtures which contain intentional antipatterns and inflate scan time) - Add --no-log to avoid writing runtime log files during CI Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true at workflow level to silence the Node.js 20 deprecation warning on actions/checkout@v4 and actions/upload-artifact@v4 ahead of the June 2 2026 deadline. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Type of Change
Related Issue
Fixes #(issue number)
Changes Made
Testing
dist/tests/run-fixture-tests.sh- All tests passdist/tests/fixtures/clean-code.phpChecklist
CLA Signature
For first-time contributors: Please comment below with:
This is a one-time requirement. Once signed, you can contribute to all future PRs without re-signing.
Questions about the CLA? See CLA.md or email cla@hypercart.com
Additional Notes