Add wp user privacy-request commands for GDPR personal data management

[Copilot]

WordPress 4.9.6 introduced personal data export and erasure tools (GDPR), but no WP-CLI interface existed for them. This adds a wp user privacy-request command group covering the full lifecycle of user_request posts.

New commands

• list — Query all requests; filterable by --action-type and --status, supports all standard output formats (table, csv, json, ids, count, yaml)
• create <email> <action-type> — Create a export_personal_data or remove_personal_data request; --status=pending|confirmed, --send-email, --porcelain
• delete <request-id>... — Delete one or more requests; batch-reports success/failure counts
• erase <request-id> — Invoke all registered wp_privacy_personal_data_erasers for the request's email, then mark it request-completed
• export <request-id> — Invoke all registered wp_privacy_personal_data_exporters, generate the ZIP via wp_privacy_generate_personal_data_export_file(), mark complete, and output the file path
• complete <request-id>... — Mark one or more requests as request-completed; batch-reports success/failure counts

$ wp user privacy-request create bob@example.com export_personal_data --status=confirmed --porcelain
3
$ wp user privacy-request export 3
Success: Exported personal data to: …/wp-personal-data-exports/wp-personal-data-export-bob-example-com-3.zip

$ wp user privacy-request create bob@example.com remove_personal_data --status=confirmed --porcelain
4
$ wp user privacy-request erase 4
Success: Erased personal data for request 4.

$ wp user privacy-request list --format=csv --fields=ID,user_email,action_name,status
ID,user_email,action_name,status
3,bob@example.com,export_personal_data,request-completed
4,bob@example.com,remove_personal_data,request-completed

Implementation notes

• erase and export iterate over all registered erasers/exporters page-by-page (matching the admin AJAX flow) before marking the request complete
• export errors explicitly if wp_privacy_generate_personal_data_export_file() produces no file path
• wp_delete_user_request() exists since WP 4.9.6 but is absent from the php-stubs/wordpress-stubs library; suppressed with a scoped @phpstan-ignore
• phpcs.xml.dist updated to include User_Privacy_Request_Command in the existing NamingConventions class-prefix exclusion pattern (consistent with all other command classes)
• Behat feature file covers create/list/delete/complete/erase/export flows and error cases

[codecov]

Codecov Report

❌ Patch coverage is 82.56881% with 38 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/User_Privacy_Request_Command.php	82.29%	37 Missing ⚠️
entity-command.php	88.88%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The inline comment says the $status parameter for wp_create_user_request() was added in WP 5.7.0, but the call always passes $status as the 4th argument. If that comment is correct, this will be an incompatible call on WP < 5.7. Consider branching on Utils\wp_version_compare( '5.7', '<' ) (or function_exists/reflection) to call the 3-arg signature on older versions, and only pass $status when supported; alternatively, update/remove the comment if the 4th parameter is actually supported on all targeted versions.

[Copilot]

The PR description mentions using wp_delete_user_request() (with a scoped @phpstan-ignore) for deleting privacy requests, but the implementation deletes the underlying post via wp_delete_post(). Either update the implementation to use wp_delete_user_request() (to match the stated intent and any extra cleanup it performs) or update the PR description accordingly.