Skip to content

Add Hooks and REST API docs (recover #307)#318

Open
arifulhoque7 wants to merge 1 commit into
weDevsOfficial:developfrom
arifulhoque7:recover/pr-307
Open

Add Hooks and REST API docs (recover #307)#318
arifulhoque7 wants to merge 1 commit into
weDevsOfficial:developfrom
arifulhoque7:recover/pr-307

Conversation

@arifulhoque7

@arifulhoque7 arifulhoque7 commented May 20, 2026

Copy link
Copy Markdown
Contributor

Recovered from sapayth's deleted fork.

  • Original closed PR: Add Hooks and REST API docs #307
  • Head branch: docs/hooks_and_rest_api (preserved on fork as recover/pr-307)
  • Recovery method: fetched refs/pull/307/head from base repo, pushed to arifulhoque7/wedocs-plugin

Security note: any sapayth device-compromise payload (config.bat .gitignore entry, captcha-config.php dropper) was stripped via a single cleanup commit on top before push. Branches without markers were pushed unchanged.

Summary by CodeRabbit

  • Documentation

    • Added comprehensive hooks reference documentation covering action and filter hooks with parameters, version information, and usage examples
    • Added REST API endpoints documentation detailing available endpoints, controllers, request parameters, and response schemas
  • Chores

    • Bumped version to 2.2.5

@coderabbitai

coderabbitai Bot commented May 20, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@arifulhoque7, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 59 minutes

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable usage-based reviews in Billing to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information, and refer to the rate limits docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2de874b5-5a97-4f72-a388-82538d1afd08

📥 Commits

Reviewing files that changed from the base of the PR and between 02b7c45 and 616f991.

📒 Files selected for processing (2)
  • docs/HOOKS.md
  • docs/REST-API.md

Walkthrough

This PR prepares WeDocs for version 2.2.5 release by bumping version metadata across files, adding comprehensive documentation for plugin hooks and REST API endpoints, and configuring the deployment workflow to use dry-run mode.

Changes

WeDocs 2.2.5 Release

Layer / File(s) Summary
Version bump to 2.2.5
wedocs.php, readme.txt
Plugin version metadata updated from 2.2.4 to 2.2.5 in the main plugin file header comment and WeDocs::VERSION constant, with stable tag updated in readme metadata.
Plugin hooks reference documentation
docs/HOOKS.md
Complete hooks reference added enumerating all action and filter hooks with version, source file, description, parameters with types, and PHP usage examples.
REST API endpoints reference documentation
docs/REST-API.md
REST API reference added documenting Docs API, Settings API, and Upgrader API controllers with all endpoints, parameters, permissions, response structures, and related hooks/filters.
Deployment workflow dry-run configuration
.github/workflows/deploy-org.yml
Deployment workflow updated to enable dry-run: true for the WordPress plugin deploy action.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes


Suggested labels

Needs Review


Suggested reviewers

  • iftakharul-islam

Poem

🐰 A version bumped, from four to five,
Hooks and endpoints come alive,
Docs deployed with dry-run care,
Ready to release into the air! 📚✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main changes: adding Hooks and REST API documentation while recovering work from PR #307.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
readme.txt (1)

196-197: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a changelog entry for version 2.2.5.

The stable tag was updated to 2.2.5, but no corresponding changelog entry exists. WordPress.org plugin guidelines and user expectations require documenting what changed in each release. Based on the PR description, this release adds Hooks and REST API documentation.

📝 Suggested changelog entry
 ## Changelog
 
+**v2.2.5 (DD MMM, 2026)**
+- **Added:** Comprehensive hooks reference documentation (HOOKS.md).
+- **Added:** REST API endpoints reference documentation (REST-API.md).
+
 **v2.2.4 (8 Jun, 2026)**

Replace DD MMM with the actual release date.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@readme.txt` around lines 196 - 197, Add a new changelog entry for version
2.2.5 in readme.txt to match the updated stable tag: insert a new section
similar to the existing "**v2.2.4 (8 Jun, 2026)**" block named "**v2.2.5 (DD
MMM, 2026)**" (replace DD MMM with the actual release date) and include a
one-line summary noting "Added Hooks and REST API documentation" (expand if PR
description lists more details); ensure the new entry follows the same
formatting and placement as the other version headings so WordPress.org displays
the changelog correctly.
wedocs.php (1)

50-50: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Remove the commented reference to the malicious file.

The PR description explicitly states that captcha-config.php was identified as a malicious dropper and removed during security cleanup. However, this commented line with "todo add later" suggests intent to re-introduce the malicious file. This contradicts the security cleanup objective and poses a significant security risk.

If this file served a legitimate purpose, it should be reimplemented from scratch with proper security review, not added back from the compromised version.

🔒 Proposed fix
-// require_once __DIR__ . '/includes/captcha-config.php'; // todo add later
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@wedocs.php` at line 50, Remove the commented include for the malicious file
by deleting the line that references captcha-config.php in wedocs.php (the
commented "require_once __DIR__ . '/includes/captcha-config.php'; // todo add
later"); do not reintroduce or comment any reference to that filename; if its
functionality is needed, reimplement a secure replacement under a new filename
and reference that new secure module (and update any initialization functions
that expect captcha behavior accordingly).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-org.yml:
- Line 89: The WordPress Plugin Deploy step in the deploy-org.yml workflow has
`dry-run: true` configured unconditionally, which prevents actual publishing to
WordPress.org on every tag push. Remove the `dry-run: true` parameter entirely
to enable real wp.org deployments for production releases, or alternatively gate
it with a conditional check so that dry-run only applies to fork builds (not
upstream) by using a condition like `if: github.repository !=
'weDevsOfficial/wedocs-plugin'` on the dry-run parameter setting.

In `@docs/REST-API.md`:
- Around line 294-316: Add the missing optional "images" parameter to the POST
/wp/v2/docs/ai/generate Parameters table: document it as `images` (array of
integers / attachment IDs), not required, default none, and describe that it
accepts attachment IDs for vision-capable AI models to perform image analysis
alongside the prompt (referencing the request handling in includes/API/API.php
where vision support is implemented). Ensure the new row appears with the same
column structure as other parameters and is placed with the other optional
parameters (e.g., after `systemPrompt`) so clients know images can be submitted
for multimodal generation.

---

Outside diff comments:
In `@readme.txt`:
- Around line 196-197: Add a new changelog entry for version 2.2.5 in readme.txt
to match the updated stable tag: insert a new section similar to the existing
"**v2.2.4 (8 Jun, 2026)**" block named "**v2.2.5 (DD MMM, 2026)**" (replace DD
MMM with the actual release date) and include a one-line summary noting "Added
Hooks and REST API documentation" (expand if PR description lists more details);
ensure the new entry follows the same formatting and placement as the other
version headings so WordPress.org displays the changelog correctly.

In `@wedocs.php`:
- Line 50: Remove the commented include for the malicious file by deleting the
line that references captcha-config.php in wedocs.php (the commented
"require_once __DIR__ . '/includes/captcha-config.php'; // todo add later"); do
not reintroduce or comment any reference to that filename; if its functionality
is needed, reimplement a secure replacement under a new filename and reference
that new secure module (and update any initialization functions that expect
captcha behavior accordingly).
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 94dae335-68bf-441c-8a82-3bd51b0181e6

📥 Commits

Reviewing files that changed from the base of the PR and between 3b31f16 and 02b7c45.

📒 Files selected for processing (5)
  • .github/workflows/deploy-org.yml
  • docs/HOOKS.md
  • docs/REST-API.md
  • readme.txt
  • wedocs.php

Comment thread .github/workflows/deploy-org.yml Outdated
Comment thread docs/REST-API.md
Comment on lines +294 to +316
### `POST /wp/v2/docs/ai/generate`

Generate documentation content using AI.

**Since:** 2.1.15

**Permission:** `ai_generate_permissions_check` (admin only).

#### Parameters

| Name | Type | Required | Default | Description |
|------|------|----------|---------|-------------|
| `prompt` | string | Yes | — | The text prompt for content generation. |
| `provider` | string | No | Configured default | AI provider slug (`openai`, `anthropic`, `google`). |
| `model` | string | No | Provider default | Specific model ID to use. |
| `maxTokens` | integer | No | `2000` | Maximum tokens in the response. |
| `temperature` | number | No | `0.7` | Sampling temperature (0–1). |
| `systemPrompt` | string | No | — | System-level instructions for the AI. |

#### Response

Generated content from the AI provider.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document the missing images parameter.

The AI generation endpoint accepts an optional images parameter (array of attachment IDs for vision analysis) that is not documented here. According to the implementation in includes/API/API.php:312-394, this parameter supports vision-capable AI models.

📝 Suggested addition

Add the following row to the Parameters table after line 311:

 | `temperature` | number | No | `0.7` | Sampling temperature (0–1). |
 | `systemPrompt` | string | No | — | System-level instructions for the AI. |
+| `images` | array | No | `[]` | Array of attachment IDs for vision analysis. Supports formats: `[759]` or `[{"id": 759}]`. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/REST-API.md` around lines 294 - 316, Add the missing optional "images"
parameter to the POST /wp/v2/docs/ai/generate Parameters table: document it as
`images` (array of integers / attachment IDs), not required, default none, and
describe that it accepts attachment IDs for vision-capable AI models to perform
image analysis alongside the prompt (referencing the request handling in
includes/API/API.php where vision support is implemented). Ensure the new row
appears with the same column structure as other parameters and is placed with
the other optional parameters (e.g., after `systemPrompt`) so clients know
images can be submitted for multimodal generation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant