Jetpack Search AI Answers: add dashboard and front end ui.#48592
Conversation
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 🔴 Action required: Please include detailed testing steps, explaining how to test your change, like so: 🔴 Action required: We would recommend that you add a section to the PR description to specify whether this PR includes any changes to data or privacy, like so: Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! |
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
Code Coverage SummaryCoverage changed in 17 files. Only the first 5 are listed here.
7 files are newly checked for coverage. Only the first 5 are listed here.
|
|
🤖 Minor security nit (defense-in-depth, not a blocker): Citation URLs from the SSE stream are rendered as
React doesn't strip const safeUrl = /^https?:\/\//i.test( citation.url ) ? citation.url : '#';Also worth wrapping Update — PoC reproduced locallyHijacked sources: [{
title: '👉 PoC: javascript: URL injected as citation',
url: "javascript:alert('XSS — origin '+document.domain)"
}]The href round-tripped intact through React render: [{
"text": "PoC: javascript: URL injected as citation",
"href": "javascript:alert('XSS — origin '+document.domain)"
}]On activation (browser-faithful eval of the href, equivalent to a real click): {
"executedOn": "PoC: javascript: URL injected as citation",
"captured": ["XSS — origin javijetpack.jurassic.tube"]
}
Code executed in the site origin with full access to |
|
Thanks for the testing @jjolmo - and for the security issue too! |
|
Hi folks, Just a gentle nudge for the PR to land if everything is looking good now. We are almost ready to launch the Search Blocks, and Dashboard is the final piece now. Let us know if there's anything we could do to help 🙂 cc/ @adamwoodnz |
jjolmo
left a comment
There was a problem hiding this comment.
I see it in DRAFT so I forgot to approve. But here's my LGTM
|
BTW we should probably strip/simplify the docs before merging. |
|
I am working on resolving merge conflicts and one last update. Then I think we should be ready to go. |
robfelty
left a comment
There was a problem hiding this comment.
Did lots of testing. I think it is good enough to ship and then do small iterations.
This is a squashed commit from developing the feature and multiple experiments with the interface. It also includes the original plan for building the feature. This was merged with the new experience selection logic from #48500
Rebased from trunk
Drop redundant package-name prefixes inside each package's own changelog (per the skill style guide § Prefixes and scope), tighten the search package's Added entries the reviewer flagged as non-imperative or too technical, split compound bullets, and regenerate the Jetpack readme: - charts, components, activity-log, forms, search (Fixed), jetpack plugin (Improved compatibility): drop the prefix that repeats the package name. - search Added: rephrase the REST entry to start with `Add` and drop the `Module_Control` aside; de-internalize the rebuild-mode entry (no `Custom_Taxonomy_Slot_Mapping::backfill()`); split the Results List auto-switch entry into the behavior bullet and the opt-out toggle bullet (#48943); capitalize Whitelist; drop the `Search:` prefix on the WP-CLI backfill entry; split the `Search: AI Answers` entry into two `AI Answers:` bullets — one for the streaming panel, one for the customization dashboard (#48592). - Regenerated `projects/plugins/jetpack/readme.txt` via `tools/plugin-changelog-to-readme.sh jetpack`.


This is a squashed commit from developing the feature and multiple experiments with the interface in #48251
Proposed changes
Add an AI powered search answers to the existing search modal.
Testing
Basics
tools/docker/mu-plugins/jetpack-search-site-override.php
/?s=searchTesting errors
To test out errors use the following in your browser console:
Network error (simplest — just block it in the Network tab too):
HTTP error (e.g. 503):
API-level task failure (SSE stream returns the error JSON):
Restore normal behaviour:
Testing on fieldguide or P2
Sandbox the sites you are interested in testing.
Run this command on your sandbox
Enable the AI answers option in the jetpack search settings in wp-admin, e.g. http:///wp-admin/admin.php?page=jetpack-search
To test, you must be logged into wordpress.com. I recommend doing this in one tab and then opening the sandboxed site in another tab. You will likely get an SSL/HSTS error. If using Chrome, you can click on 'advanced options' and then type "thisisunsafe". There are other alternatives as well. Search on the Field Guide for "ssl chrome".
Try asking some queries and see what you think of the AI answers.
Turning on the new JPS experience selection in the dashboard
Add into a mu-plugins files: