Add Hooks and REST API docs (recover #307)#318
Conversation
|
Warning Review limit reached
Next review available in: 59 minutes Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable usage-based reviews in Billing to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information, and refer to the rate limits docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughThis PR prepares WeDocs for version 2.2.5 release by bumping version metadata across files, adding comprehensive documentation for plugin hooks and REST API endpoints, and configuring the deployment workflow to use dry-run mode. ChangesWeDocs 2.2.5 Release
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
006a873 to
fc4fedf
Compare
fc4fedf to
02b7c45
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
readme.txt (1)
196-197:⚠️ Potential issue | 🟠 Major | ⚡ Quick winAdd a changelog entry for version 2.2.5.
The stable tag was updated to 2.2.5, but no corresponding changelog entry exists. WordPress.org plugin guidelines and user expectations require documenting what changed in each release. Based on the PR description, this release adds Hooks and REST API documentation.
📝 Suggested changelog entry
## Changelog +**v2.2.5 (DD MMM, 2026)** +- **Added:** Comprehensive hooks reference documentation (HOOKS.md). +- **Added:** REST API endpoints reference documentation (REST-API.md). + **v2.2.4 (8 Jun, 2026)**Replace
DD MMMwith the actual release date.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@readme.txt` around lines 196 - 197, Add a new changelog entry for version 2.2.5 in readme.txt to match the updated stable tag: insert a new section similar to the existing "**v2.2.4 (8 Jun, 2026)**" block named "**v2.2.5 (DD MMM, 2026)**" (replace DD MMM with the actual release date) and include a one-line summary noting "Added Hooks and REST API documentation" (expand if PR description lists more details); ensure the new entry follows the same formatting and placement as the other version headings so WordPress.org displays the changelog correctly.wedocs.php (1)
50-50:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftRemove the commented reference to the malicious file.
The PR description explicitly states that
captcha-config.phpwas identified as a malicious dropper and removed during security cleanup. However, this commented line with "todo add later" suggests intent to re-introduce the malicious file. This contradicts the security cleanup objective and poses a significant security risk.If this file served a legitimate purpose, it should be reimplemented from scratch with proper security review, not added back from the compromised version.
🔒 Proposed fix
-// require_once __DIR__ . '/includes/captcha-config.php'; // todo add later🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@wedocs.php` at line 50, Remove the commented include for the malicious file by deleting the line that references captcha-config.php in wedocs.php (the commented "require_once __DIR__ . '/includes/captcha-config.php'; // todo add later"); do not reintroduce or comment any reference to that filename; if its functionality is needed, reimplement a secure replacement under a new filename and reference that new secure module (and update any initialization functions that expect captcha behavior accordingly).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/deploy-org.yml:
- Line 89: The WordPress Plugin Deploy step in the deploy-org.yml workflow has
`dry-run: true` configured unconditionally, which prevents actual publishing to
WordPress.org on every tag push. Remove the `dry-run: true` parameter entirely
to enable real wp.org deployments for production releases, or alternatively gate
it with a conditional check so that dry-run only applies to fork builds (not
upstream) by using a condition like `if: github.repository !=
'weDevsOfficial/wedocs-plugin'` on the dry-run parameter setting.
In `@docs/REST-API.md`:
- Around line 294-316: Add the missing optional "images" parameter to the POST
/wp/v2/docs/ai/generate Parameters table: document it as `images` (array of
integers / attachment IDs), not required, default none, and describe that it
accepts attachment IDs for vision-capable AI models to perform image analysis
alongside the prompt (referencing the request handling in includes/API/API.php
where vision support is implemented). Ensure the new row appears with the same
column structure as other parameters and is placed with the other optional
parameters (e.g., after `systemPrompt`) so clients know images can be submitted
for multimodal generation.
---
Outside diff comments:
In `@readme.txt`:
- Around line 196-197: Add a new changelog entry for version 2.2.5 in readme.txt
to match the updated stable tag: insert a new section similar to the existing
"**v2.2.4 (8 Jun, 2026)**" block named "**v2.2.5 (DD MMM, 2026)**" (replace DD
MMM with the actual release date) and include a one-line summary noting "Added
Hooks and REST API documentation" (expand if PR description lists more details);
ensure the new entry follows the same formatting and placement as the other
version headings so WordPress.org displays the changelog correctly.
In `@wedocs.php`:
- Line 50: Remove the commented include for the malicious file by deleting the
line that references captcha-config.php in wedocs.php (the commented
"require_once __DIR__ . '/includes/captcha-config.php'; // todo add later"); do
not reintroduce or comment any reference to that filename; if its functionality
is needed, reimplement a secure replacement under a new filename and reference
that new secure module (and update any initialization functions that expect
captcha behavior accordingly).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 94dae335-68bf-441c-8a82-3bd51b0181e6
📒 Files selected for processing (5)
.github/workflows/deploy-org.ymldocs/HOOKS.mddocs/REST-API.mdreadme.txtwedocs.php
| ### `POST /wp/v2/docs/ai/generate` | ||
|
|
||
| Generate documentation content using AI. | ||
|
|
||
| **Since:** 2.1.15 | ||
|
|
||
| **Permission:** `ai_generate_permissions_check` (admin only). | ||
|
|
||
| #### Parameters | ||
|
|
||
| | Name | Type | Required | Default | Description | | ||
| |------|------|----------|---------|-------------| | ||
| | `prompt` | string | Yes | — | The text prompt for content generation. | | ||
| | `provider` | string | No | Configured default | AI provider slug (`openai`, `anthropic`, `google`). | | ||
| | `model` | string | No | Provider default | Specific model ID to use. | | ||
| | `maxTokens` | integer | No | `2000` | Maximum tokens in the response. | | ||
| | `temperature` | number | No | `0.7` | Sampling temperature (0–1). | | ||
| | `systemPrompt` | string | No | — | System-level instructions for the AI. | | ||
|
|
||
| #### Response | ||
|
|
||
| Generated content from the AI provider. | ||
|
|
There was a problem hiding this comment.
Document the missing images parameter.
The AI generation endpoint accepts an optional images parameter (array of attachment IDs for vision analysis) that is not documented here. According to the implementation in includes/API/API.php:312-394, this parameter supports vision-capable AI models.
📝 Suggested addition
Add the following row to the Parameters table after line 311:
| `temperature` | number | No | `0.7` | Sampling temperature (0–1). |
| `systemPrompt` | string | No | — | System-level instructions for the AI. |
+| `images` | array | No | `[]` | Array of attachment IDs for vision analysis. Supports formats: `[759]` or `[{"id": 759}]`. |🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/REST-API.md` around lines 294 - 316, Add the missing optional "images"
parameter to the POST /wp/v2/docs/ai/generate Parameters table: document it as
`images` (array of integers / attachment IDs), not required, default none, and
describe that it accepts attachment IDs for vision-capable AI models to perform
image analysis alongside the prompt (referencing the request handling in
includes/API/API.php where vision support is implemented). Ensure the new row
appears with the same column structure as other parameters and is placed with
the other optional parameters (e.g., after `systemPrompt`) so clients know
images can be submitted for multimodal generation.
02b7c45 to
616f991
Compare
Recovered from
sapayth's deleted fork.docs/hooks_and_rest_api(preserved on fork asrecover/pr-307)refs/pull/307/headfrom base repo, pushed toarifulhoque7/wedocs-pluginSecurity note: any sapayth device-compromise payload (
config.bat.gitignoreentry,captcha-config.phpdropper) was stripped via a single cleanup commit on top before push. Branches without markers were pushed unchanged.Summary by CodeRabbit
Documentation
Chores