chore(lint): clean up 34 pre-existing phpcs errors blocking clean releases

[chubes4]

Summary

Cleans up the 34 pre-existing phpcs errors on main so homeboy release data-machine-code stops requiring --skip-checks.

Pure formatting/cleanup. No behavior changes.

Before / after

	Errors	Total findings
Before (main)	33 (issue says 34; baseline drifted by 1)	627
After	0	315

(Warnings dropped from 593 → 315 as a free side effect of the formatting pass on the same files. The remaining warnings are out of scope per the issue.)

How

1. Ran homeboy lint --fix --errors-only (= phpcbf under the hood) on the workspace.
2. Reverted the auto-fix on files outside the issue's scope (untouched test files, abilities, tasks, etc.).
3. Reviewed every remaining inc/ change and reverted behavior-changing auto-fixes (see below).
4. Hand-fixed the 16 non-auto-fixable errors:
   • 11 SQL WordPress.DB.PreparedSQL.* errors in WorkspaceLockStore, CleanupRunRepository, WorktreeInventoryRepository — added phpcs:ignore comments scoped to the specific lines. All flagged queries use table names sourced from \$wpdb->prefix + internal schema constants (CleanupSchema::runs_table(), etc.), never user input. The dynamic parameters are already passed through \$wpdb->prepare() with %s placeholders.
   • 1 count() in loop condition in DataMachineJobCleanupRunEvidenceStore::format_bytes() — extracted to \$max_unit local variable.
   • 2 short ternary errors:
     • WorkspacePreloadArtifact::clone_callback ?: — expanded to full ternary on the property read (no side effect, behavior-equivalent).
     • GitHub.php hash('sha256', wp_json_encode(...) ?: — kept the short ternary with phpcs:ignore to avoid double-encoding (a naive expansion would call wp_json_encode() twice per loop iteration).
   • 2 Yoda condition errors in CleanupRunService::pending_rows_of_type and WorkspaceWorktreeLifecycle::resolve_* — swapped operand order (symmetric comparisons, behavior-equivalent).

Behavior-changing auto-fixes reverted

phpcbf applied a wp-filesystem ruleset transform that replaced @file_get_contents() / @file() with \$wp_filesystem->get_contents() in three files. This was reverted because:

• \$wp_filesystem is null unless WP_Filesystem() has been initialized — caused fatal in smoke-worktree-context-injection.php and smoke-wordpress-runtime-inspection.php.
• \$wp_filesystem->get_contents() only accepts \$file — it silently ignores the offset/length args, so the 8 KiB read in WordPressRuntimeInspector::read() would have become a full-file read.

Reverted to the original native calls with phpcs:ignore comments documenting the trust boundary (controlled worktree paths, validated upstream).

Affected files (all reverts):

• inc/Runtime/WordPressRuntimeInspector.php (2 reads)
• inc/Workspace/WorktreeContextInjector.php (3 reads)
• inc/Workspace/WorkspaceWorktreeLifecycle.php (2 reads)

Files touched

 inc/Bundle/WorkspacePreloadArtifact.php            |   2 +-
 inc/Cleanup/DataMachineJobCleanupRunEvidenceStore.php |  19 +--
 inc/Handlers/GitHub/GitHub.php                     |  52 ++++----
 inc/Runtime/WordPressRuntimeInspector.php          |  10 +-
 inc/Storage/CleanupRunRepository.php               |   4 +
 inc/Storage/WorktreeInventoryRepository.php        |   4 +-
 inc/Workspace/CleanupRunService.php                |  36 ++++--
 inc/Workspace/WorkspaceArtifactCleanup.php         |   7 +-
 inc/Workspace/WorkspaceCleanupPlan.php             |  49 ++++---
 inc/Workspace/WorkspaceHygieneReport.php           | 127 +++++++++---------
 inc/Workspace/WorkspaceLockStore.php               |  29 +++--
 inc/Workspace/WorkspaceMetadataReconciliation.php  | 143 ++++++++++-----------
 inc/Workspace/WorkspaceMutationLock.php            |  29 +++--
 inc/Workspace/WorkspaceRepositoryLifecycle.php     |   5 +-
 inc/Workspace/WorkspaceWorktreeEmergencyCleanup.php |  23 ++--
 inc/Workspace/WorkspaceWorktreeInventoryCleanup.php |  23 ++--
 inc/Workspace/WorkspaceWorktreeLifecycle.php       |  39 +++---
 inc/Workspace/WorktreeContextInjector.php          |  45 ++++---
 tests/smoke-github-fetch-by-number.php             |   4 +-
 19 files changed, 344 insertions(+), 306 deletions(-)

The one test edit (smoke-github-fetch-by-number.php) was forced by phpcs — the test was asserting via strpos on whitespace-sensitive substrings of GitHub.php source (\$issue_number = (int) ... with two spaces). Once phpcs realigned those assignments to single space, the assertions had to be updated to match. No assertion logic changed, only the spacing in the matched string literals.

Verification

• Lint: homeboy lint data-machine-code --errors-only → 0 errors (was 33).
• Smoke tests: Ran all tests/smoke-*.php. 78 pass / 8 fail. Confirmed all 8 failures pre-exist on main (verified by stashing my changes and re-running). No new regressions caused by this PR.
• Release dry-run:

$ homeboy release data-machine-code --dry-run --bump patch
{
  "success": true,
  ...
  "plan": {
    "enabled": true,
    "steps": [
      { "status": "ready",    "id": "preflight.default_branch", ... },
      { "status": "ready",    "id": "preflight.working_tree",   ... },
      { "status": "ready",    "id": "preflight.remote_sync",    ... },
      { "status": "ready",    "id": "preflight.bump_policy",    ... },
      { "status": "ready",    "id": "preflight.lint",           ... },
      { "status": "ready",    "id": "preflight.test",           ... },
      { "status": "ready",    "id": "preflight.changelog_bootstrap", ... },
      ...
    ]
  }
}

preflight.lint shows ready (previously failed/required --skip-checks). The pre-existing WP_Agent_Token_Store cross-plugin compatibility break still affects preflight.test at runtime — that's out of scope per the issue and tracked separately.

• No docs/CHANGELOG.md edits.
• No version bumps.

Closes #419

[homeboy-ci]

Homeboy Results — data-machine-code

Lint

❌ lint — failed

• phpstan — 31 finding(s)
• formatting — 8 finding(s)
• wp-alternatives — 6 finding(s)
• other — 2 finding(s)
• code-analysis — 1 finding(s)
• Total: 48 finding(s)

ℹ️ Auto-fix: homeboy lint data-machine-code --path /home/runner/work/data-machine-code/data-machine-code --changed-since 6674a08 --fix (or homeboy refactor data-machine-code --path /home/runner/work/data-machine-code/data-machine-code --changed-since 6674a08 --from lint --write)
ℹ️ Some issues may require manual fixes
ℹ️ Full options: homeboy docs commands/lint
ℹ️ Save lint baseline: homeboy lint data-machine-code --baseline
Deep dive: homeboy lint data-machine-code --changed-since 6674a08

Test

❌ test — failed

ℹ️ No tests ran — the runner failed before producing results. See raw_output.stderr_tail / raw_output.stdout_tail for the underlying error (bootstrap failure, missing deps, DB connection, etc.).
ℹ️ To run specific tests: homeboy test data-machine-code -- --filter=TestName
ℹ️ Auto-fix lint issues: homeboy refactor data-machine-code --from lint --write
ℹ️ Collect coverage: homeboy test data-machine-code --coverage
ℹ️ Analyze failures: homeboy test data-machine-code --analyze
ℹ️ Pass args to test runner: homeboy test -- [args]
ℹ️ Full options: homeboy docs commands/test
Deep dive: homeboy test data-machine-code --changed-since 6674a08

Audit

✅ audit — passed

• dead_code — 137 finding(s)
• test_coverage — 48 finding(s)
• intra-method-duplication — 34 finding(s)
• requested_detectors — 20 finding(s)
• duplication — 7 finding(s)
• Tools — 6 finding(s)
• repeated_literal_shape — 5 finding(s)
• structural — 5 finding(s)
• dead_guard — 3 finding(s)
• Abilities — 2 finding(s)
• Total: 272 finding(s)

Deep dive: homeboy audit data-machine-code --changed-since 6674a08

Tooling versions

• Homeboy CLI: homeboy 0.182.0+a811c1c
• Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
• Extension revision: dd47f26a
• Action: unknown@unknown