Refactor

Author: PDowney

.github/ISSUE_TEMPLATE/phpcs-failure.md

@@ -22,7 +22,7 @@ The code does not meet WordPress coding standards as defined by PHPCS.
 1. Review the PHPCS output in the failed workflow run
 2. Fix coding standard violations in the code
 3. Ensure all PHP files follow WordPress coding standards
-4. Test locally with: `phpcs --standard=WordPress --extensions=php .`
+4. Test locally with: `composer run phpcs`
 
 **Resources:**
 - [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/)

.github/ISSUE_TEMPLATE/phpmd-failure.md

@@ -26,7 +26,7 @@ The code has quality issues detected by PHPMD analysis.
    - Code duplication
    - Naming conventions
    - Design issues
-3. Test locally with: `phpmd . text cleancode,codesize,controversial,design,naming,unusedcode`
+3. Test locally with: `composer run phpmd`
 
 **Resources:**
 - [PHPMD Documentation](https://phpmd.org/)

.github/ISSUE_TEMPLATE/psalm-failure.md

@@ -26,7 +26,7 @@ Psalm has detected potential issues in the code through static analysis.
    - Incorrect return types
    - Unused code
    - Potential null pointer issues
-3. Test locally with: `./vendor/bin/psalm`
+3. Test locally with: `composer run psalm`
 
 **Resources:**
 - [Psalm Documentation](https://psalm.dev/)

.github/ISSUE_TEMPLATE/security-failure.md

@@ -28,7 +28,7 @@ The security checker has identified known vulnerabilities in one or more of the
    - Implementing workarounds
 5. Test the application after updates
 
-**⚠️ Priority:** This is a security issue and should be addressed immediately.
+**Priority:** This is a security issue and should be addressed immediately.
 
 **Resources:**
 - [Symfony Security Checker](https://github.com/FriendsOfPHP/security-advisories)

.github/ISSUE_TEMPLATE/vip-phpcs-failure.md

@@ -1,71 +1,71 @@
----
-title: WordPress VIP Coding Standards Failure - PHP ${{ env.PHP_VERSION }}
-labels: ['vip-standards', 'coding-standards', 'needs-review', 'php-${{ env.PHP_VERSION }}']
-assignees: []
----
-
-## WordPress VIP Coding Standards Failure
-
-**PHP Version:** ${{ env.PHP_VERSION }}
-**Run ID:** ${{ env.RUN_ID }}
-**Workflow:** [View Failed Run](${{ env.WORKFLOW_URL }})
-
-### Issue Description
-
-The WordPress VIP coding standards check has failed during the automated workflow. This scan specifically checks for enterprise-level WordPress development standards required for WordPress VIP platform compatibility.
-
-### VIP Standards Focus Areas
-
-The WordPress VIP Go coding standards check for:
-
-🏢 **Enterprise Platform Requirements:**
-- File system operation restrictions (VIP platform limitations)
-- Performance and caching best practices for high-traffic sites
-- Security vulnerabilities specific to enterprise WordPress environments
-- User experience guidelines for enterprise-level WordPress
-
-🚀 **Performance & Caching:**
-- Uncached function usage patterns
-- Database query optimization
-- Remote data fetching best practices
-- Resource-heavy operation detection
-
-🔒 **VIP-Specific Security:**
-- File operation security in restricted environments
-- Admin bar removal restrictions for VIP support users
-- Cookie and caching constraint validations
-- Restricted function usage for platform stability
-
-### Important Notes
-
-⚠️ **VIP Standards Context:**
-- Many VIP standards are specific to the WordPress VIP hosting platform
-- Not all VIP recommendations may apply to standard WordPress installations
-- Some restrictions are platform-specific (e.g., file system limitations)
-- This scan helps ensure compatibility with enterprise WordPress environments
-
-### Next Steps
-
-1. **Review the workflow logs** to identify specific VIP standard violations
-2. **Evaluate applicability** - determine which issues apply to your hosting environment
-3. **Prioritize fixes** based on your deployment target:
-   - **High Priority:** Security and performance issues
-   - **Medium Priority:** General code quality improvements
-   - **Low Priority:** VIP platform-specific restrictions (if not targeting VIP)
-4. **Update code** to address applicable VIP standard violations
-5. **Re-run the workflow** to verify fixes
-
-### Resources
-
-- [WordPress VIP Code Quality Standards](https://docs.wpvip.com/technical-references/code-quality-and-best-practices/)
-- [VIP Coding Standards GitHub](https://github.com/Automattic/VIP-Coding-Standards)
-- [WordPress VIP Platform Documentation](https://docs.wpvip.com/)
-- [VIP Go File System Documentation](https://docs.wpvip.com/technical-references/vip-go-files-system/)
-
-### Workflow Information
-
-**Failed Workflow Run:** [View Details](${{ env.WORKFLOW_URL }})
-**PHP Version Tested:** ${{ env.PHP_VERSION }}
-**Standards Used:** WordPress-VIP-Go ruleset
-
-This issue was automatically created when the WordPress VIP coding standards check failed. Please review the specific violations in the workflow logs and address them according to your project's deployment requirements.
+---
+title: WordPress VIP Coding Standards Failure - PHP ${{ env.PHP_VERSION }}
+labels: ['vip-standards', 'coding-standards', 'needs-review', 'php-${{ env.PHP_VERSION }}']
+assignees: []
+---
+
+## WordPress VIP Coding Standards Failure
+
+**PHP Version:** ${{ env.PHP_VERSION }}
+**Run ID:** ${{ env.RUN_ID }}
+**Workflow:** [View Failed Run](${{ env.WORKFLOW_URL }})
+
+### Issue Description
+
+The WordPress VIP coding standards check failed during the automated workflow. This scan checks for enterprise-level WordPress development standards required for WordPress VIP platform compatibility.
+
+### VIP Standards Focus Areas
+
+The WordPress VIP Go coding standards check covers the following areas:
+
+**Enterprise Platform Requirements:**
+- File system operation restrictions (VIP platform limitations)
+- Performance and caching best practices for high-traffic sites
+- Security vulnerabilities specific to enterprise WordPress environments
+- User experience guidelines for enterprise-level WordPress
+
+**Performance and Caching:**
+- Uncached function usage patterns
+- Database query optimization
+- Remote data fetching best practices
+- Resource-heavy operation detection
+
+**VIP-Specific Security:**
+- File operation security in restricted environments
+- Admin bar removal restrictions for VIP support users
+- Cookie and caching constraint validations
+- Restricted function usage for platform stability
+
+### Important Notes
+
+**VIP Standards Context:**
+- Many VIP standards are specific to the WordPress VIP hosting platform
+- Not all VIP recommendations may apply to standard WordPress installations
+- Some restrictions are platform-specific (e.g., file system limitations)
+- This scan helps ensure compatibility with enterprise WordPress environments
+
+### Next Steps
+
+1. **Review the workflow logs** to identify specific VIP standard violations
+2. **Evaluate applicability**: Determine which issues apply to your hosting environment
+3. **Prioritize fixes** based on your deployment target:
+   - **High Priority:** Security and performance issues
+   - **Medium Priority:** General code quality improvements
+   - **Low Priority:** VIP platform-specific restrictions (if not targeting VIP)
+4. **Update code** to address applicable VIP standard violations
+5. **Re-run the workflow** to verify fixes
+
+### Resources
+
+- [WordPress VIP Code Quality Standards](https://docs.wpvip.com/technical-references/code-quality-and-best-practices/)
+- [VIP Coding Standards GitHub](https://github.com/Automattic/VIP-Coding-Standards)
+- [WordPress VIP Platform Documentation](https://docs.wpvip.com/)
+- [VIP Go File System Documentation](https://docs.wpvip.com/technical-references/vip-go-files-system/)
+
+### Workflow Information
+
+**Failed Workflow Run:** [View Details](${{ env.WORKFLOW_URL }})
+**PHP Version Tested:** ${{ env.PHP_VERSION }}
+**Standards Used:** WordPress-VIP-Go ruleset
+
+This issue was automatically created when the WordPress VIP coding standards check failed. Please review the specific violations in the workflow logs and address them according to your project's deployment requirements.

.github/copilot-instructions.md

@@ -2,23 +2,23 @@
 applyTo: '**'
 ---
 
-# EngineScript Site Optimizer — Development Standards
+# EngineScript Site Optimizer - Development Standards
 
 ## Project Context
 
-- **Plugin:** EngineScript Site Optimizer — WordPress performance optimization plugin
+- **Plugin:** EngineScript Site Optimizer - WordPress performance optimization plugin
 - **Text Domain:** `enginescript-site-optimizer`
 - **Function/Hook Prefix:** `es_optimizer_`
 - **Version Constant:** `ES_SITE_OPTIMIZER_VERSION`
-- **WordPress:** 6.6+ | **PHP:** 7.4+
+- **WordPress:** 6.6+ | **PHP:** 8.2+
 - **Work Environment:** GitHub Codespaces (remote). Never suggest local terminal commands.
 
 ## Code Standards
 
 ### WordPress & PHP
 
 - Follow [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/) for PHP, JS, CSS, HTML, and accessibility
-- Use WordPress APIs and hooks exclusively — no raw PHP/SQL or non-WP frameworks
+- Use WordPress APIs and hooks exclusively; avoid raw PHP/SQL and non-WP frameworks
 - Prefix all functions, classes, hooks, and globals with `es_optimizer_`
 - Use `wp_die()` instead of `die()` or `exit()`
 - Use `WP_Error` for error handling; log errors without exposing sensitive data
@@ -28,22 +28,22 @@ applyTo: '**'
 
 ### Modern PHP
 
-- PHP 7.4+ features are required; PHP 8.x features are allowed if they degrade gracefully on 7.4
+- PHP 8.2+ features are available; keep code aligned with the configured PHP compatibility baseline
 - Use typed function signatures wherever possible
 - Before submitting changes, run `phpcs`, `phpmd`, and `phpstan` (config files present in project root)
 
 ## Security (Critical)
 
-All code must follow OWASP Top 10 and WordPress security best practices. **Auto-identify and fix security vulnerabilities whenever found — never leave them.**
+All code must follow OWASP Top 10 and WordPress security best practices. **Auto-identify and fix security vulnerabilities whenever found; never leave them unresolved.**
 
 **Input:**
 - Sanitize with `sanitize_text_field()`, `sanitize_email()`, `absint()`, or `wp_kses()` as appropriate
-- Validate nonces with `wp_verify_nonce()` on all form submissions and AJAX handlers
+- Validate nonces with WordPress nonce helpers or Settings API nonces on form submissions and AJAX handlers
 - Use `$wpdb->prepare()` for every database query
 
 **Output:**
 - Escape with context-appropriate functions: `esc_html()`, `esc_attr()`, `esc_url()`, `esc_js()`, `esc_textarea()`
-- Use `wp_nonce_field()` for all admin forms
+- Use `wp_nonce_field()` or `settings_fields()` for admin forms
 
 **Access Control:**
 - Check `current_user_can('manage_options')` before any settings operation
@@ -73,11 +73,11 @@ All code must follow OWASP Top 10 and WordPress security best practices. **Auto-
 - Follow semantic versioning (MAJOR.MINOR.PATCH)
 - Update version in: plugin file header, `ES_SITE_OPTIMIZER_VERSION` constant, `README.md`, `readme.txt`, `CHANGELOG.md`, `GEMINI.md`, `composer.json`, and `languages/enginescript-site-optimizer.pot`
 - Move all `Unreleased` entries to the new version section in both `CHANGELOG.md` and `readme.txt`
-- **Never auto-bump versions** — wait for an explicit instruction to do so
+- **Never auto-bump versions** - wait for an explicit instruction to do so
 
 ## Workflow
 
-- Edit files in place — never create duplicate files or unnecessary new files
+- Edit files in place; never create duplicate files or unnecessary new files
 - Proceed automatically on non-destructive changes; ask before deleting files or data
 - Auto-fix bugs and security issues when identified
-- Keep responses concise and focused on what changed — no summary `.md` files
+- Keep responses concise and focused on what changed; do not create summary `.md` files

.github/labeler.yml

@@ -36,7 +36,7 @@ documentation:
     - any-glob-to-any-file: '*.md'
     - any-glob-to-any-file: docs/**/*
 
-# Export functionality
+# Optimization functionality
 optimization:
   - changed-files:
     - any-glob-to-any-file: '**/optimi*.php'
@@ -80,4 +80,4 @@ testing:
     - any-glob-to-any-file: tests/**/*
     - any-glob-to-any-file: phpunit.xml
     - any-glob-to-any-file: .travis.yml
-    - any-glob-to-any-file: .phpcs.xml
+    - any-glob-to-any-file: .phpcs.xml

.github/workflows/branch-cleanup.yml

@@ -15,13 +15,13 @@ permissions:
 jobs:
   cleanup:
     runs-on: ubuntu-latest
-    
+
     steps:
       - uses: actions/checkout@v6
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
-      
+
       - name: Delete merged branch
         if: github.event.pull_request.merged == true
         env:
@@ -30,13 +30,13 @@ jobs:
           REPOSITORY: ${{ github.repository }}
         run: |
           echo "Checking branch: $BRANCH_NAME"
-          
+
           # Protected branch check - using quotes to prevent injection
           if [[ "$BRANCH_NAME" =~ ^(main|master|dev|develop|staging|production)$ ]]; then
             echo "::warning::Skipping deletion of protected branch: $BRANCH_NAME"
             exit 0
           fi
-          
+
           # Attempt branch deletion - using quotes to prevent injection
           echo "Attempting to delete branch: $BRANCH_NAME"
           if git push origin --delete "$BRANCH_NAME" 2>/dev/null; then

.github/workflows/new-pull-request.yml

@@ -1,5 +1,5 @@
 # This workflow automatically posts a guidance comment on new pull requests.
-# It welcomes contributors and provides a brief message to acknowledge their 
+# It welcomes contributors and provides a brief message to acknowledge their
 # contribution to the EngineScript Site Optimizer plugin.
 # The workflow is triggered whenever a new pull request is opened.
 
@@ -21,18 +21,18 @@ jobs:
         with:
           issue-number: ${{ github.event.pull_request.number }}
           body: |
-            Thanks for contributing to EngineScript Site Optimizer! 🎉
+            Thanks for contributing to EngineScript Site Optimizer!
 
             **Before we review:**
             - [ ] Have you tested your changes with WordPress 6.6+?
-            - [ ] Are your changes compatible with PHP 7.4+?
+            - [ ] Are your changes compatible with PHP 8.2+?
             - [ ] Have you followed WordPress coding standards?
             - [ ] Did you update the CHANGELOG.md if needed?
-            
+
             **Security Reminder:**
             This plugin can handle sensitive site configuration information, so please ensure:
             - All user inputs are properly sanitized
             - All outputs are properly escaped
             - No security vulnerabilities are introduced
-            
-            We'll review your PR soon! 🚀
+
+            We'll review your PR soon.