[WIP] Review and resolve TODO in ms-functions.php

[Claude]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

---

This section details on the original issue you should resolve

<issue_title>Address TODO in wp-includes/ms-functions.php: : Review this call to add_user_to_blog too - to get here the user must have a ro</issue_title>
<issue_description>Found a @todo comment that needs attention.

File: src/wp-includes/ms-functions.php
Line: 66
Comment: : Review this call to add_user_to_blog too - to get here the user must have a role on this blog?

Investigate, implement if appropriate, and include tests.
If no longer relevant, remove it and explain why.</issue_description>

Comments on the Issue (you are @claude[agent] in this section)

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Unlinked Accounts

The following contributors have not linked their GitHub and WordPress.org accounts: @claude.

Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[nopilots-doc]

Doc (Code Quality):

1. The removal of the add_user_to_blog call is appropriate, as indicated by the new comment explaining the reasoning. However, the comment could be clearer on why it's essential to avoid overwriting the existing role. A more explicit statement about the potential confusion for future readers would enhance understanding.

2. The new comments added are informative, but they could benefit from being more concise. The first comment in particular is somewhat verbose, which could hinder readability. Consider simplifying to focus on the critical information.

3. The tests added are thorough and cover the necessary scenarios, ensuring that the function behaves as expected. They are well-structured and provide clarity on what is being validated.

4. Ensure that the comment style is consistent throughout. The switch from a single-line // TODO: comment to a multi-line block comment may confuse future readers regarding the importance of the original TODO.

Checklist:

READABILITY: FAIL — Comments could be clearer and more concise.
PHPDOC: N/A — No PHPDoc present to evaluate.
COMPLEXITY: PASS — The complexity remains manageable and is well-documented.
TESTS: PASS — Tests are thorough and cover necessary scenarios.
STYLE: FAIL — Inconsistent comment styles could lead to confusion.

[nopilots-dalton]

Dalton (Security):

The changes in this pull request focus on modifying the logic in the get_active_blog_for_user function to avoid overwriting a user's existing role when setting their primary blog. The original code called add_user_to_blog, which could inadvertently change the user's role to 'subscriber'. The new implementation correctly updates the user's primary blog without modifying their role.

1. The removal of the add_user_to_blog call mitigates the risk of privilege escalation or unauthorized role assignment, as it ensures that existing roles remain intact. This is a positive security enhancement.

2. The test cases added verify that the user's role is preserved during this process, which adds an additional layer of assurance that the function behaves as intended.

Overall, the changes made in this PR do not introduce any new security vulnerabilities and actually enhance the security posture by preventing unwanted role changes.

INPUT_SANITIZATION: N/A — No user input is directly processed in this change.
OUTPUT_ESCAPING: N/A — No output escaping is relevant in this change.
SQL_PREPARATION: N/A — No SQL queries are modified or introduced.
CAPABILITY_CHECKS: PASS — The logic ensures that only users with appropriate roles are affected.
NONCE_VERIFICATION: N/A — Nonces are not applicable in this context.
ATTACK_SURFACE: PASS — The attack surface is reduced by not allowing role overwrites.

[nopilots-pat]

Pat (Compatibility + Decision):

The changes in this PR primarily focus on enhancing the logic around user roles and blog assignments, which is a positive shift. Both Doc and Dalton's reviews highlight improvements in clarity and security, but I need to ensure that no public function signatures or hooks are affected. After reviewing the changes, I found no compatibility issues that would affect the ecosystem.

FUNCTION_SIGNATURES: PASS — no changes to public function signatures.
HOOK_COMPATIBILITY: PASS — no hooks renamed or removed.
RETURN_TYPES: PASS — return types remain consistent.
DEPRECATION_PATH: PASS — no functions removed or changed that require deprecation.
DECISION: APPROVE
RATIONALE: The changes improve security and clarity without impacting compatibility.

DECISION: APPROVE

[josephfusco]

Closing as part of a system simplification.

The pipeline has been stuck for 7 days with no merges. Root causes identified: revision chains, work-generation workflows, test-failures bypassing approval gates, and workflow self-modification noise.

A clean-slate cleanup is in progress. The system will resume with a tighter, simpler workflow set. Fresh PRs from agents will flow through the corrected pipeline.