[ci] Block new std::to_string() usage, suggest snprintf alternatives

esphome/components/anova/anova_base.cpp

@@ -18,31 +18,31 @@ AnovaPacket *AnovaCodec::clean_packet_() {
 
 AnovaPacket *AnovaCodec::get_read_device_status_request() {
   this->current_query_ = READ_DEVICE_STATUS;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_DEVICE_STATUS);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_READ_DEVICE_STATUS);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_target_temp_request() {
   this->current_query_ = READ_TARGET_TEMPERATURE;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_TARGET_TEMP);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_READ_TARGET_TEMP);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_current_temp_request() {
   this->current_query_ = READ_CURRENT_TEMPERATURE;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_CURRENT_TEMP);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_READ_CURRENT_TEMP);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_unit_request() {
   this->current_query_ = READ_UNIT;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_UNIT);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_READ_UNIT);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_data_request() {
   this->current_query_ = READ_DATA;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_DATA);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_READ_DATA);
   return this->clean_packet_();
 }
 
@@ -50,25 +50,25 @@ AnovaPacket *AnovaCodec::get_set_target_temp_request(float temperature) {
   this->current_query_ = SET_TARGET_TEMPERATURE;
   if (this->fahrenheit_)
     temperature = ctof(temperature);
-  sprintf((char *) this->packet_.data, CMD_SET_TARGET_TEMP, temperature);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), CMD_SET_TARGET_TEMP, temperature);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_set_unit_request(char unit) {
   this->current_query_ = SET_UNIT;
-  sprintf((char *) this->packet_.data, CMD_SET_TEMP_UNIT, unit);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), CMD_SET_TEMP_UNIT, unit);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_start_request() {
   this->current_query_ = START;
-  sprintf((char *) this->packet_.data, CMD_START);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_START);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_stop_request() {
   this->current_query_ = STOP;
-  sprintf((char *) this->packet_.data, CMD_STOP);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), "%s", CMD_STOP);
   return this->clean_packet_();
 }
 

esphome/components/api/api_connection.cpp

@@ -1715,7 +1715,7 @@ void APIConnection::on_home_assistant_state_response(const HomeAssistantStateRes
     // HA state max length is 255 characters, but attributes can be much longer
     // Use stack buffer for common case (states), heap fallback for large attributes
     size_t state_len = msg.state.size();
-    SmallBufferWithHeapFallback<256> state_buf_alloc(state_len + 1);
+    SmallBufferWithHeapFallback<MAX_STATE_LEN + 1> state_buf_alloc(state_len + 1);
     char *state_buf = reinterpret_cast<char *>(state_buf_alloc.get());
     if (state_len > 0) {
       memcpy(state_buf, msg.state.c_str(), state_len);

esphome/components/api/homeassistant_service.h

@@ -25,7 +25,9 @@ template<typename... X> class TemplatableStringValue : public TemplatableValue<s
 
  private:
   // Helper to convert value to string - handles the case where value is already a string
-  template<typename T> static std::string value_to_string(T &&val) { return to_string(std::forward<T>(val)); }
+  template<typename T> static std::string value_to_string(T &&val) {
+    return to_string(std::forward<T>(val));
+  }  // NOLINT
 
   // Overloads for string types - needed because std::to_string doesn't support them
   static std::string value_to_string(char *val) {

esphome/components/esp32_ble/ble_uuid.h

@@ -46,7 +46,7 @@ class ESPBTUUID {
 
   esp_bt_uuid_t get_uuid() const;
 
-  std::string to_string() const;
+  std::string to_string() const;  // NOLINT
   const char *to_str(std::span<char, UUID_STR_LEN> output) const;
 
  protected:

esphome/components/shtcx/shtcx.cpp

@@ -52,7 +52,7 @@ void SHTCXComponent::dump_config() {
   ESP_LOGCONFIG(TAG,
                 "SHTCx:\n"
                 "  Model: %s (%04x)",
-                to_string(this->type_), this->sensor_id_);
+                to_string(this->type_), this->sensor_id_);  // NOLINT
   LOG_I2C_DEVICE(this);
   if (this->is_failed()) {
     ESP_LOGE(TAG, ESP_LOG_MSG_COMM_FAIL);

esphome/components/voice_assistant/voice_assistant.h

@@ -81,7 +81,7 @@ struct Timer {
              this->id.c_str(), this->name.c_str(), this->total_seconds, this->seconds_left, YESNO(this->is_active));
     return buffer.data();
   }
-  std::string to_string() const {
+  std::string to_string() const {  // NOLINT
     char buffer[TO_STR_BUFFER_SIZE];
     return this->to_str(buffer);
   }

script/ci-custom.py

@@ -732,6 +732,47 @@ def lint_no_heap_allocating_helpers(fname, match):
     )
 
 
+@lint_re_check(
+    # Match std::to_string() or unqualified to_string() calls
+    # The esphome namespace has "using std::to_string;" so unqualified calls resolve to std::to_string
+    # Use negative lookbehind to avoid matching:
+    #   - Function definitions: "const char *to_string(" or "std::string to_string("
+    #   - Method definitions: "Class::to_string("
+    #   - Method calls: ".to_string(" or "->to_string("
+    #   - Other identifiers: "_to_string("
+    r"(?<![*&.\w>:])to_string\s*\(" + CPP_RE_EOL,
+    include=cpp_include,
+    exclude=[
+        # Vendored library
+        "esphome/components/http_request/httplib.h",
+        # Deprecated helpers that return std::string
+        "esphome/core/helpers.cpp",
+        # The using declaration itself
+        "esphome/core/helpers.h",
+        # Test fixtures - not production embedded code
+        "tests/integration/fixtures/*",
+    ],
+)
+def lint_no_std_to_string(fname, match):
+    return (
+        f"{highlight('std::to_string()')} allocates heap memory. On long-running embedded "
+        f"devices, repeated heap allocations fragment memory over time.\n"
+        f"Please use {highlight('snprintf()')} with a stack buffer instead.\n"
+        f"\n"
+        f"Buffer sizes and format specifiers:\n"
+        f"  uint8_t/int8_t:   4 chars   - %u / %d (or PRIu8/PRId8)\n"
+        f"  uint16_t/int16_t: 6 chars   - %u / %d (or PRIu16/PRId16)\n"
+        f"  uint32_t/int32_t: 11 chars  - %" + "PRIu32 / %" + "PRId32\n"
+        "  uint64_t/int64_t: 21 chars  - %" + "PRIu64 / %" + "PRId64\n"
+        f"  float/double:     24 chars  - %.8g (15 digits + sign + decimal + e+XXX)\n"
+        f"                    317 chars - %f (for DBL_MAX: 309 int digits + decimal + 6 frac + sign)\n"
+        f"\n"
+        f"For sensor values, use value_accuracy_to_buf() from helpers.h.\n"
+        f'Example: char buf[11]; snprintf(buf, sizeof(buf), "%" PRIu32, value);\n'
+        f"(If strictly necessary, add `{highlight('// NOLINT')}` to the end of the line)"
+    )
+
+
 @lint_content_find_check(
     "ESP_LOG",
     include=["*.h", "*.tcc"],