Skip to content

Target Storyboard UX (Before VS Code Extension)Β #6

Open
Open
Target Storyboard UX (Before VS Code Extension)#6
@noelsaw1

Description

@noelsaw1
noelsaw1
opened on Feb 7, 2026

Perfect! Now let me create a succinct user storyboard:

🎬 User Storyboard: Brand New User β†’ Fully Operational

Act 1: Discovery & Clone (2 minutes)

User: "I heard about AI-DDTK for WordPress development..."

# User finds the repo on GitHub
# Clicks "Clone" β†’ copies URL
git clone https://github.com/Hypercart-Dev-Tools/AI-DDTK.git ~/bin/ai-ddtk
cd ~/bin/ai-ddtk

What they see:

Cloning into '/Users/username/bin/ai-ddtk'...
remote: Enumerating objects: 500, done.
remote: Counting objects: 100% (500/500), done.
Receiving objects: 100% (500/500), 2.5 MiB | 5.0 MiB/s, done.

What they have now:

  • βœ… AI-DDTK repository cloned to ~/bin/ai-ddtk
  • βœ… /temp folder structure already exists (16 folders with .gitkeep)
  • βœ… temp/README.md ready to guide them
  • βœ… .gitignore protecting them from committing sensitive data

Act 2: Installation (1 minute)

User: "Let me install this..."

./install.sh

What happens:

  1. Script checks for shell config (~/.zshrc or ~/.bashrc)
  2. Adds export PATH="$HOME/bin/ai-ddtk/bin:$PATH" to shell config
  3. Shows success message

Output:

βœ“ Added AI-DDTK to PATH in ~/.zshrc
βœ“ Installation complete!

Next steps:
  1. Run: source ~/.zshrc
  2. Run: ./install.sh setup-wpcc
  3. Verify: wpcc --help

What they have now:

  • βœ… wpcc command available (after sourcing shell)
  • βœ… local-wp wrapper available
  • ⏳ WPCC not yet set up (needs subtree)

Act 3: WPCC Setup (30 seconds)

User: "Okay, let me set up WPCC..."

./install.sh setup-wpcc
source ~/.zshrc  # Activate PATH changes

What happens:

  1. Git subtree adds WP-Code-Check to tools/wp-code-check/
  2. Downloads ~100 files from WPCC repository
  3. Installs Node.js dependencies for WPCC

Output:

Setting up WP Code Check via git subtree...
git subtree add --prefix=tools/wp-code-check \
  https://github.com/Hypercart-Dev-Tools/WP-Code-Check.git main --squash

Added dir 'tools/wp-code-check'
βœ“ WPCC setup complete!

What they have now:

  • βœ… wpcc command fully functional
  • βœ… WPCC embedded at tools/wp-code-check/
  • βœ… Can scan WordPress code from any project

Act 4: Verification (10 seconds)

User: "Does it work?"

wpcc --help

Output:

WP Code Check - WordPress Security & Performance Scanner

Usage:
  wpcc --paths <path> [options]

Options:
  --paths <path>        Path(s) to scan (comma-separated)
  --format <format>     Output format: text, json (default: text)
  --exclude <patterns>  Exclude patterns (comma-separated)
  --features            Show all available features

Examples:
  wpcc --paths ./wp-content/plugins/my-plugin
  wpcc --paths . --format json
  wpcc --features

User: "βœ… It works!"

Act 5: First Use - Scanning a Plugin (1 minute)

User: "Let me scan my WordPress plugin..."

cd ~/projects/my-wordpress-site
wpcc --paths ./wp-content/plugins/my-plugin --format json

What happens:

  1. WPCC scans the plugin (30+ security/performance checks)
  2. Generates JSON output
  3. User wants to save it...

User thinks: "Where should I save this report?"

User reads: temp/README.md β†’ "Aha! temp/reports/wpcc/"

wpcc --paths ./wp-content/plugins/my-plugin --format json > ~/bin/ai-ddtk/temp/reports/wpcc/my-plugin-scan-$(date +%Y%m%d).json

What they have now:

  • βœ… Scan report saved to temp/reports/wpcc/my-plugin-scan-20260207.json
  • βœ… Report will never be committed to git (.gitignore protects it)
  • βœ… Can share manually if needed

Act 6: Working with AI Agent (5 minutes)

User: "Let me use Claude to analyze this scan..."

Opens VS Code with Augment/Claude:

User: "Analyze this WPCC scan and fix the issues"

AI Agent:

  1. Reads ~/bin/ai-ddtk/AGENTS.md (WordPress guidelines)
  2. Reads ~/bin/ai-ddtk/temp/README.md (knows where to put files)
  3. Reads scan results from temp/reports/wpcc/my-plugin-scan-20260207.json
  4. Identifies 5 security issues
  5. Saves analysis notes to temp/analysis/notes/security-findings.md
  6. Fixes the code
  7. Runs WPCC again to verify

AI Agent: "I found 5 issues and fixed them. New scan shows 0 issues. Analysis saved to temp/analysis/notes/security-findings.md"

What they have now:

  • βœ… Plugin code fixed
  • βœ… Analysis notes in temp/analysis/notes/
  • βœ… Before/after scan reports in temp/reports/wpcc/
  • βœ… All temporary files protected from git

Act 7: Storing Credentials (2 minutes)

User: "I need to test API integration with credentials..."

User reads: temp/README.md β†’ "Store credentials in temp/credentials/"

# User creates credentials file
cat > ~/bin/ai-ddtk/temp/credentials/api-keys.json << EOF
{
  "stripe_key": "sk_test_...",
  "mailchimp_key": "abc123..."
}
EOF

User to AI Agent: "Load the API keys from temp and test the integration"

AI Agent:

// βœ… CORRECT - Loads from temp/credentials/
const keys = JSON.parse(fs.readFileSync('temp/credentials/api-keys.json', 'utf8'));

// Tests the integration
// Saves test results to temp/logs/api-test.log

What they have now:

  • βœ… Credentials stored securely in temp/credentials/
  • βœ… Never committed to git (.gitignore protects it)
  • βœ… AI agent knows to load from there (guided by temp/README.md)

Act 8: Daily Workflow (Ongoing)

User's typical day:

# Morning: Check for updates
cd ~/bin/ai-ddtk
./install.sh status

# Scan a new plugin
cd ~/projects/client-site
wpcc --paths ./wp-content/plugins/new-plugin --format json > ~/bin/ai-ddtk/temp/reports/wpcc/new-plugin-$(date +%Y%m%d).json

# AI agent analyzes and fixes issues
# (AI saves notes to temp/analysis/notes/)

# Export database for testing (contains PII)
wp db export ~/bin/ai-ddtk/temp/data/backups/client-db-$(date +%Y%m%d).sql

# Run Playwright tests with saved auth
npx playwright test --project=chromium
# (Auth state loaded from temp/playwright/.auth/admin.json)

# End of day: Clean up old reports
find ~/bin/ai-ddtk/temp/reports -type f -mtime +30 -delete

What they have:

  • βœ… Organized workflow
  • βœ… All sensitive data in /temp (never committed)
  • βœ… AI agents know where to put files
  • βœ… Easy to find reports, logs, credentials
  • βœ… Security by default

🎯 Summary: User Journey

Step Time What User Does What They Get
1. Clone 2 min git clone β†’ cd Repo + /temp structure ready
2. Install 1 min ./install.sh wpcc in PATH
3. Setup WPCC 30 sec ./install.sh setup-wpcc WPCC fully functional
4. Verify 10 sec wpcc --help Confirmation it works
5. First Scan 1 min wpcc --paths ... Scan results in temp/reports/
6. AI Analysis 5 min Ask AI to analyze Fixed code + notes in temp/
7. Credentials 2 min Store in temp/credentials/ Secure credential storage
8. Daily Use Ongoing Scan, analyze, fix, repeat Organized, secure workflow

Total time to fully operational: ~5 minutes
Total time to first value: ~10 minutes (including first AI-assisted fix)

🎁 What Makes This Special

For the User:

  • βœ… Works immediately - No configuration needed
  • βœ… Secure by default - /temp never committed
  • βœ… Clear guidance - temp/README.md shows where everything goes
  • βœ… AI-friendly - Agents know where to put files automatically

For AI Agents:

  • βœ… Path recommendations - Decision table in temp/README.md
  • βœ… WordPress guidelines - AGENTS.md with best practices
  • βœ… Examples everywhere - Code snippets showing correct usage
  • βœ… No guessing - Clear structure for credentials, reports, logs, data

For Teams:

  • βœ… Consistent structure - Everyone uses same folders
  • βœ… Easy onboarding - New team members follow same path
  • βœ… Security enforced - .gitignore prevents accidents
  • βœ… Scalable - Works for solo devs and teams

The user goes from "What is AI-DDTK?" to "I'm scanning plugins and fixing issues with AI" in under 10 minutes, with security and organization built in from day one.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions