Integrate Infection PHPStan checks into CI without a generated PHPStan baseline

[Copilot]

This change adds Infection's PHPStan-backed static-analysis pass to CI on a supported PHP version and keeps the workflow green without committing a generated 2k+ line baseline. The repo-wide PHPStan pass is now scoped to production code, while the dedicated PHPStan fixture coverage remains separate.

• CI / static-analysis integration

  • Enable Infection's staticAnalysisTool: "phpstan" integration.
  • Run PHPStan + Infection on the PHP 8.3 basic job in GitHub Actions.
  • Keep Infection installation local to the workflow job.

• PHPStan scope cleanup

  • Remove the generated phpstan-baseline.neon.
  • Change the main phpstan.neon pass to analyze src/ only.
  • Keep fixture-style PHPStan assertions on phpstan-fixtures.neon so test fixtures still validate expected type behavior.

• Targeted PHPStan debt reduction

  • Fix low-effort source issues in Json, AbstractCollection, Create, DetectFirstValueTypeCollection, TypeCheckCallback, TypeCheckPhpDoc, and Arrayy.
  • Replace blanket baseline suppression with a single targeted regex ignore for the recurring internal Arrayy::create() generic false positive in src/Arrayy.php.
  • Move the remaining PHPStan handling into source-level fixes and narrow inline suppressions where necessary, instead of broad config ignores.

• Typing improvements

  • Add iterable/value-type annotations for JSON mapper caches and handlers.
  • Tighten nullable handling and class-string/object mapping paths.
  • Improve return typing for helper methods and small collection/type-check utilities.
  • Preserve the PHPStan meta/array-shape fixture behavior while cleaning up the repo-wide analysis configuration.

Example of the CI/static-analysis wiring:

{
  "phpUnit": {
    "customPath": "vendor/bin/phpunit"
  },
  "staticAnalysisTool": "phpstan"
}

---

This change is 

---

This change is 

[coveralls]

coverage: 92.359% (-0.02%) from 92.38% — copilot/integrate-infection-into-ci into master

[voku]

/gemini review

[gemini-code-assist]

Code Review

This pull request focuses on improving static analysis and type safety using PHPStan. Key changes include the introduction of a dedicated PHPStan configuration for fixtures, extensive updates to PHPDoc annotations for better type coverage (especially in Json.php), and the removal of unused properties in TypeCheckPhpDoc.php. Additionally, logic was added to handle non-traversable objects in the JSON mapper and to verify class existence before mapping. I have no feedback to provide.

[voku]

@copilot do we really need to ignore all this phpstan errors in the config?

[Copilot]

@copilot do we really need to ignore all this phpstan errors in the config?

No. I reduced it to a single targeted regex ignore for the recurring internal Arrayy::create() generic false positive and moved the rest into source fixes / local inline suppressions where needed. Latest commit: 64879e7.

[sonarqubecloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud