EngineScript
diff --git a/‎.github/copilot-instructions.md‎
Lines changed: 50 additions & 90 deletions b/‎.github/copilot-instructions.md‎
Lines changed: 50 additions & 90 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 0 additions & 4 deletions b/‎.github/dependabot.yml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎.github/workflows/update-pot-file.yml‎
Lines changed: 97 additions & 0 deletions b/‎.github/workflows/update-pot-file.yml‎
Lines changed: 97 additions & 0 deletions
@@ -4,109 +4,69 @@ applyTo: '**'
 
 # WordPress Plugin Development Standards
 
-## 🎯 Core Principles
+## Compatibility
 
-**Work Environment:** Remote GitHub Codespaces only. Never suggest local Terminal commands.
-
-**WordPress First:** Use WordPress APIs, hooks, and standards exclusively. Avoid non-WP frameworks.
-
-**Security Critical:** Sanitize all input, escape all output, use WordPress security functions.
+- WordPress 6.5+, PHP 7.4+, WooCommerce 5.0+
+- Follow [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/) for PHP, JS, CSS, HTML, and accessibility
+- Never use deprecated WordPress or PHP functions — this is a modern plugin (2026)
+- Use ES6+ JavaScript (WordPress 6.5+ targets modern browsers)
 
-**Thorough Analysis:** Read complete files (minimum 1500 lines) for accurate code review.
+## Environment
 
-## 📋 Essential Requirements
+- Remote GitHub Codespaces only — never suggest local terminal commands
+- Use WordPress APIs, hooks, and standards exclusively — no non-WP frameworks
 
-### WordPress Compatibility
+## Security
 
-- **WordPress:** 6.5+ minimum
-- **PHP:** 7.4+ minimum  
-- **WooCommerce:** 5.0+ (when applicable)
-- Follow [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/) for PHP, JS, CSS, HTML, and accessibility
+All input must be sanitized. All output must be escaped. No exceptions.
 
-### Code Quality Standards
+- **Input:** `sanitize_text_field()`, `sanitize_email()`, `wp_kses()`, `absint()`, `wp_unslash()`
+- **Output:** `esc_html()`, `esc_attr()`, `esc_url()`, `esc_js()`, `wp_kses_post()`
+- **Forms:** `wp_nonce_field()` + `wp_verify_nonce()` for CSRF protection
+- **Permissions:** `current_user_can()` before any sensitive operation
+- **Database:** `$wpdb->prepare()` for all direct queries; prefer WooCommerce/WordPress APIs over raw SQL
+- **Vulnerabilities to prevent:** SQL injection, XSS, CSRF, LFI, path traversal
+- Auto-identify and fix security issues when found
 
-1. **Security First:** Always sanitize input (`sanitize_*()`) and escape output (`esc_*()`)
-2. **WordPress APIs:** Use WP functions instead of raw PHP/SQL
-3. **Hook System:** Proper use of `add_action()` and `add_filter()`
-4. **Internationalization:** Use `__()`, `_e()`, `esc_html__()` for all strings
-5. **Performance:** Avoid N+1 queries, use WP caching, optimize database calls
+## Code Quality
 
-## 🔒 Security Requirements (Critical)
+- Use WordPress APIs instead of raw PHP equivalents (e.g., `wc_get_products()` over `get_posts()` for products)
+- Use WooCommerce HPOS-compatible APIs (no direct `wp_posts`/`wp_postmeta` queries for orders or products)
+- Use `add_action()` / `add_filter()` with named methods (not anonymous closures) so hooks can be unhooked
+- No inline styles in PHP or JS — use dedicated CSS files with proper classes
+- Define magic numbers as named constants
+- Use `WP_Error` for error handling; log errors via `wc_get_logger()` without exposing sensitive data
+- PHPDoc all functions: `@param`, `@return`, `@since` tags
+- Remove unused code; don't leave dead code behind
 
-**Input Handling:**
-- Use `sanitize_text_field()`, `sanitize_email()`, `wp_kses()` for user input
-- Validate with `is_email()`, `absint()`, `wp_verify_nonce()` for security
-- Use prepared statements for database queries (`$wpdb->prepare()`)
+## Internationalization (i18n)
 
-**Output Security:**
-- Escape all output: `esc_html()`, `esc_attr()`, `esc_url()`, `esc_js()`
-- Use `wp_nonce_field()` and `wp_verify_nonce()` for forms
-- Check permissions with `current_user_can()` before sensitive operations
+- Text domain: `free-gift-coupons-bulk-coupons-generator`
+- All user-facing strings must use `__()`, `_e()`, `esc_html__()`, `esc_attr__()`, etc.
+- Update `.pot` language files when adding or modifying translatable strings
+- JS strings must be passed via `wp_localize_script()` or `wp_add_inline_script()`, never hardcoded
 
-**Vulnerability Prevention:**
-- Prevent SQL injection, XSS, CSRF, Local File Inclusion (LFI), and path traversal
-- Follow principle of least privilege
-- Auto-identify and fix security issues when found
+## Performance
 
-## 📝 Documentation & Versioning
+- Use WordPress caching (`wp_cache_*()`, transients) with targeted invalidation hooks
+- Avoid N+1 queries — use batch-fetching APIs
+- Enqueue assets with `wp_enqueue_script()` / `wp_enqueue_style()` — load only on relevant admin pages
+- Prefer `wc_get_products()` over `get_posts()` + `wc_get_product()` loops
 
-**Changelog Management:**
-- Always update CHANGELOG.md and readme.txt when making code changes
-- **Sync both changelogs:** CHANGELOG.md and readme.txt changelog section
-- Use "Unreleased" section for ongoing changes
+## Documentation & Versioning
 
-**Version Release Process (only when instructed):**
-- Follow semantic versioning (MAJOR.MINOR.PATCH)
-- Update version in: plugin header, README.md, readme.txt, CHANGELOG.md, GEMINI.md, and `.pot` language files, constants section, package.json, and composer.json
-- Move "Unreleased" changes to new version section in both changelogs
-- **Never auto-update versions** - wait for explicit instruction
+- Always update both CHANGELOG.md and readme.txt changelog section — keep them in sync
+- Use an "Unreleased" section for ongoing changes
+- **Version releases (only when explicitly instructed):**
+  - Follow semantic versioning (MAJOR.MINOR.PATCH)
+  - Update version in: plugin header, README.md, readme.txt, CHANGELOG.md, GEMINI.md, `.pot` files, constants, and composer.json
+  - Move "Unreleased" entries to new version section in both changelogs
+  - Never auto-update versions
 
-**Code Documentation:**
-- Use PHPDoc with `@param`, `@return`, `@since` tags
-- Write clear function/class descriptions
-- Document security considerations and hooks used
+## Workflow
 
-**Internationalization (i18n):**
-- Update `.pot` language files when adding or modifying translatable strings
-- Always use the correct text domain when dealing with translation functions
-- Mark all user-facing strings with `__()`, `_e()`, `esc_html__()`, `esc_attr__()`, etc.
-
-## ⚡ Performance & Quality
-
-**Performance Optimization:**
-- Use WordPress caching (`wp_cache_*()`, transients)
-- Optimize database queries, avoid N+1 problems
-- Proper asset enqueueing with `wp_enqueue_*()` functions
-- Focus on correctness first, then optimize
-
-**Code Architecture:**
-- Group by feature, not by type
-- Use descriptive function/variable names
-- Remove unused code automatically
-- Follow feature-sliced design when applicable
-
-**Error Handling:**
-- Use `WP_Error` for WordPress-specific errors
-- Log errors without exposing sensitive data
-- Handle edge cases gracefully
-- Validate all function parameters
-
-## 🚀 Workflow & Automation
-
-**Task Execution:**
-- Make changes directly to existing files (don't create duplicates)
-- Proceed automatically unless action is destructive
-- Auto-identify and fix bugs when possible
-- Only ask confirmation for data loss/deletion scenarios
-
-**File Management:**
-- Edit files in place (e.g., modify `admin.php` directly)
-- Create new files only when truly necessary
-- Avoid file duplication and unnecessary rewrites
-- Maintain clean project structure
-
-**Communication:**
-- Provide concise, actionable responses
-- Use clear formatting for readability
-- Never create change summaries as separate .md files
-- Focus on specific changes made, not verbose explanations
+- Read complete files before modifying them — understand context first
+- Edit files in place; create new files only when necessary
+- Proceed automatically unless the action is destructive (data loss, deletion)
+- Provide concise, actionable responses — no separate summary files
+- Auto-identify and fix bugs when encountered
@@ -47,13 +47,9 @@ updates:
     groups:
       # Group all dev dependencies together
       dev-dependencies:
-        patterns:
-          - "*"
         dependency-type: "development"
       # Group production dependencies (if any are added later)
       production-dependencies:
-        patterns:
-          - "*"
         dependency-type: "production"
     # Allow updates to all dependency types
     allow:
 
@@ -0,0 +1,97 @@
+# Automatically regenerate .pot translation file on code changes
+# Triggered on pushes to main branch (excluding docs-only changes)
+# Creates a pull request if translations need updating
+
+name: Update Translation File
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - '**.php'
+      - '**.js'
+      - '.github/workflows/update-pot-file.yml'
+    paths-ignore:
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - 'GEMINI.md'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-pot:
+    name: Regenerate .pot File
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '7.4'
+          
+      - name: Install WP-CLI
+        run: |
+          curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
+          chmod +x wp-cli.phar
+          sudo mv wp-cli.phar /usr/local/bin/wp
+          wp --version
+          
+      - name: Regenerate .pot file
+        run: |
+          wp i18n make-pot . languages/Free-Gift-Coupons-Bulk-Coupons-Generator.pot \
+            --skip-audit \
+            --exclude=vendor,node_modules,tests,build
+        
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet languages/Free-Gift-Coupons-Bulk-Coupons-Generator.pot; then
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "✓ Translation file is up to date"
+          else
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            echo "✓ Translation file updated"
+            git diff languages/Free-Gift-Coupons-Bulk-Coupons-Generator.pot | head -20
+          fi
+          
+      - name: Create Pull Request
+        if: steps.changes.outputs.has_changes == 'true'
+        uses: peter-evans/create-pull-request@v5
+        with:
+          commit-message: 'chore(i18n): regenerate translation template'
+          title: 'chore(i18n): Update translation template (.pot file)'
+          body: |
+            ## Translation Template Update
+            
+            This PR updates the translation template (`.pot` file) based on recent code changes.
+            
+            ### What Changed
+            The following PHP and JavaScript source files had translatable strings added or modified:
+            
+            ```
+            ${{ github.event.head_commit.message }}
+            ```
+            
+            ### Next Steps
+            1. Review the changes in the `.pot` file
+            2. Approve and merge this PR
+            3. Translators can then use the updated `.pot` file with their translation tools
+            
+            ---
+            *This PR was automatically generated by the [Update Translation File](https://github.com/${{ github.repository }}/blob/main/.github/workflows/update-pot-file.yml) workflow.*
+          branch: chore/update-pot-file
+          delete-branch: true
+          labels: |
+            chore
+            i18n
+            translations
+          assignees: |
+            ${{ github.repository_owner }}