wp-update-server-plugin/AGENTS.md
David Stone e8193bf3ea
feat(paypal): add comprehensive logging to PayPal Connect proxy (#29)
* chore: add wp-cli.yml and local dev environment docs

Point wp-cli at shared WordPress 7.0-RC2 multisite dev install at
../wordpress (wordpress.local:8080). Documents reset workflow and
WP-CLI usage in AGENTS.md.

* feat(paypal): add comprehensive logging to PayPal Connect proxy

Previously only the deauthorize endpoint logged anything. All other
endpoints (oauth/init, oauth/verify, partner-token) were silent, making
it impossible to debug failed PayPal API calls in production.

This commit adds:
- Protected log() helper with consistent '[PayPal Connect]' prefix and
  JSON-encoded context data
- get_debug_id() helper to extract the PayPal-Debug-Id response header
  from every PayPal API call (the key value PayPal support and the
  integration review team ask for by name)
- Request-received and outcome log entries on all handlers
- Error logging with PayPal-Debug-Id on all failed PayPal API calls:
  - /v1/oauth2/token (partner access token)
  - /v2/customer/partner-referrals
  - /v1/customer/partners/{partner_id}/merchant-integrations/{merchant_id}
- Success logging with debug ID and key response fields

Sensitive values (access tokens, client secrets) are never logged.

Context: the PayPal integration review requires debug IDs from test
API calls. Without server-side logging, the only way to get them was
to instrument the plugin side, which misses proxy-side failures entirely.
2026-04-08 14:50:54 -06:00

91 lines
4.4 KiB
Markdown

# AGENTS.md — Ultimate Update Server Plugin
## Project Overview
WordPress plugin that creates an update server for distributing Ultimate Multisite plugins and addons via WooCommerce downloadable products. Handles update checks, telemetry collection, site discovery, Composer repository, Stripe/PayPal analytics, and release notifications. Runs on the marketplace site (multisiteultimate.com).
## Build Commands
```bash
composer install # Install PHP dependencies
# No npm build step — no compiled frontend assets
```
## Project Structure
```
ultimate-update-server-plugin/
├── wp-update-server-plugin.php # Plugin entry point
├── inc/
│ ├── class-update-server.php # Core update server logic
│ ├── class-request-endpoint.php # Update request handling
│ ├── class-product-icon.php # Product icon management
│ ├── class-store-api.php # Store REST API
│ ├── class-telemetry-table.php # Telemetry DB table
│ ├── class-telemetry-receiver.php # Telemetry data ingestion
│ ├── class-telemetry-admin.php # Telemetry dashboard
│ ├── class-passive-installs-table.php # Install tracking table
│ ├── class-passive-install-tracker.php # Passive install detection
│ ├── class-site-discovery-table.php # Site health DB table
│ ├── class-site-discovery-scraper.php # Background site scraper
│ ├── class-site-discovery-admin.php # Discovery dashboard
│ ├── class-composer-token-table.php # Composer auth tokens
│ ├── class-composer-token.php # Token management
│ ├── class-product-versions.php # Version tracking
│ ├── class-composer-repository.php # Composer packages.json endpoint
│ ├── class-downloads-page.php # Customer downloads page
│ ├── class-changelog-manager.php # Changelog tracking
│ ├── class-release-notifier.php # Email notifications (WooCommerce)
│ ├── class-stripe-analytics*.php # Stripe Connect analytics
│ ├── class-paypal-*.php # PayPal Connect + transaction sync
│ └── ...
├── assets/ # Admin CSS/JS
├── templates/ # Admin page templates
├── vendor/ # Composer dependencies
├── composer.json
└── README.md
```
## Code Style & Conventions
- **PHP version**: >= 7.4 (inferred)
- **Namespace**: `WP_Update_Server_Plugin\` for all classes in `inc/`
- **File naming**: `class-{name}.php` in `inc/`
- **No autoloader**: All files manually `require_once`'d in main plugin file
- **No PHPCS config** — follow WordPress Coding Standards
- **Relies on**: `yahnis-elsts/wp-update-server` library
## Key Patterns
- Classes instantiated at load time (global variables in main plugin file)
- WooCommerce-dependent classes loaded inside `woocommerce_loaded` hook
- Custom database tables for telemetry, installs, site discovery, tokens, analytics
- Site discovery scraper: daily WP-Cron, processes 20 domains/batch, respects robots.txt
- Composer repository endpoint serves `packages.json` for `composer require`
- Stripe and PayPal analytics track payment provider data
## Important Notes
- **Requires WooCommerce** and WP OAuth Server
- Runs only on the marketplace server, not on customer sites
- Telemetry is opt-in from Ultimate Multisite installations
- Site discovery respects `robots.txt` (User-Agent: `UltimateMultisiteBot`)
- Product name is "Ultimate Multisite" in user-facing text
## Local Development Environment
The shared WordPress dev install for testing this plugin is at `../wordpress` (relative to this repo root).
- **URL**: http://wordpress.local:8080
- **Admin**: http://wordpress.local:8080/wp-admin — `admin` / `admin`
- **WordPress version**: 7.0-RC2
- **This plugin**: symlinked into `../wordpress/wp-content/plugins/$(basename $PWD)`
- **Reset to clean state**: `cd ../wordpress && ./reset.sh`
WP-CLI is configured via `wp-cli.yml` in this repo root — run `wp` commands directly from here without specifying `--path`.
```bash
wp plugin activate $(basename $PWD) # activate this plugin
wp plugin deactivate $(basename $PWD) # deactivate
wp db reset --yes && cd ../wordpress && ./reset.sh # full reset
```