Updates

Author: PDowney

.github/ISSUE_TEMPLATE/vip-phpcs-failure.md

@@ -0,0 +1,71 @@
+---
+title: WordPress VIP Coding Standards Failure - PHP ${{ env.PHP_VERSION }}
+labels: ['vip-standards', 'coding-standards', 'needs-review', 'php-${{ env.PHP_VERSION }}']
+assignees: []
+---
+
+## WordPress VIP Coding Standards Failure
+
+**PHP Version:** ${{ env.PHP_VERSION }}
+**Run ID:** ${{ env.RUN_ID }}
+**Workflow:** [View Failed Run](${{ env.WORKFLOW_URL }})
+
+### Issue Description
+
+The WordPress VIP coding standards check has failed during the automated workflow. This scan specifically checks for enterprise-level WordPress development standards required for WordPress VIP platform compatibility.
+
+### VIP Standards Focus Areas
+
+The WordPress VIP Go coding standards check for:
+
+🏢 **Enterprise Platform Requirements:**
+- File system operation restrictions (VIP platform limitations)
+- Performance and caching best practices for high-traffic sites
+- Security vulnerabilities specific to enterprise WordPress environments
+- User experience guidelines for enterprise-level WordPress
+
+🚀 **Performance & Caching:**
+- Uncached function usage patterns
+- Database query optimization
+- Remote data fetching best practices
+- Resource-heavy operation detection
+
+🔒 **VIP-Specific Security:**
+- File operation security in restricted environments
+- Admin bar removal restrictions for VIP support users
+- Cookie and caching constraint validations
+- Restricted function usage for platform stability
+
+### Important Notes
+
+⚠️ **VIP Standards Context:**
+- Many VIP standards are specific to the WordPress VIP hosting platform
+- Not all VIP recommendations may apply to standard WordPress installations
+- Some restrictions are platform-specific (e.g., file system limitations)
+- This scan helps ensure compatibility with enterprise WordPress environments
+
+### Next Steps
+
+1. **Review the workflow logs** to identify specific VIP standard violations
+2. **Evaluate applicability** - determine which issues apply to your hosting environment
+3. **Prioritize fixes** based on your deployment target:
+   - **High Priority:** Security and performance issues
+   - **Medium Priority:** General code quality improvements
+   - **Low Priority:** VIP platform-specific restrictions (if not targeting VIP)
+4. **Update code** to address applicable VIP standard violations
+5. **Re-run the workflow** to verify fixes
+
+### Resources
+
+- [WordPress VIP Code Quality Standards](https://docs.wpvip.com/technical-references/code-quality-and-best-practices/)
+- [VIP Coding Standards GitHub](https://github.com/Automattic/VIP-Coding-Standards)
+- [WordPress VIP Platform Documentation](https://docs.wpvip.com/)
+- [VIP Go File System Documentation](https://docs.wpvip.com/technical-references/vip-go-files-system/)
+
+### Workflow Information
+
+**Failed Workflow Run:** [View Details](${{ env.WORKFLOW_URL }})
+**PHP Version Tested:** ${{ env.PHP_VERSION }}
+**Standards Used:** WordPress-VIP-Go ruleset
+
+This issue was automatically created when the WordPress VIP coding standards check failed. Please review the specific violations in the workflow logs and address them according to your project's deployment requirements.

.github/workflows/ai-pr-comment.yml

@@ -107,7 +107,7 @@ jobs:
             Hi @${author}! I've completed a comprehensive analysis of this pull request.
             
             ### 📊 Review Summary
-            - **Plugin:** Simple WP Optimizer
+            - **Plugin:** Optimizations ACE MC
             - **Commit:** \`${headSha.substring(0, 7)}\`
             - **WordPress Compatibility:** 6.5+
             - **PHP Compatibility:** 7.4+
@@ -118,7 +118,7 @@ jobs:
             ✅ **WordPress Coding Standards** (PSR-4, naming, structure)  
             ✅ **Performance Optimization** (queries, caching, scalability)  
             ✅ **Code Quality & Architecture** (complexity, error handling)  
-            ✅ **Plugin-Specific Best Practices** (WordPress optimization techniques)  
+            ✅ **Plugin-Specific Best Practices** (WooCommerce, WPSL integration)  
             
             ### 🛡️ Security Analysis
             All code changes have been analyzed for common WordPress vulnerabilities including:

.github/workflows/ai-pr-review.yml

@@ -31,16 +31,13 @@ jobs:
 
       - name: Get PR diff safely
         id: pr-diff
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           # SECURITY: Get diff without checking out untrusted code
           BASE_SHA="${{ github.event.pull_request.base.sha }}"
           HEAD_SHA="${{ github.event.pull_request.head.sha }}"
           
           # Use GitHub API to get diff instead of git checkout
-          # SECURITY: Use environment variable for token to avoid exposure in logs
-          curl -H "Authorization: token $GITHUB_TOKEN" \
+          curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
                -H "Accept: application/vnd.github.v3.diff" \
                "https://api.github.com/repos/${{ github.repository }}/compare/$BASE_SHA...$HEAD_SHA" \
                > pr_diff.txt
@@ -53,13 +50,12 @@ jobs:
         uses: google-github-actions/[email protected]
         with:
           prompt: |
-            You are an expert WordPress plugin developer and security consultant reviewing a pull request for the "Simple WP Optimizer" WordPress plugin.
+            You are an expert WordPress plugin developer and security consultant reviewing a pull request for the "Optimizations ACE MC" WordPress plugin.
             
             PLUGIN CONTEXT:
-            - WordPress performance optimization plugin
-            - Removes unnecessary WordPress features and scripts to improve performance
+            - WordPress optimization plugin for WooCommerce and WP Store Locator
             - Supports WordPress 6.5+ and PHP 7.4+
-            - Features include emoji removal, jQuery migrate removal, header cleanup, DNS prefetch optimization
+            - Single-site deployment (WooCommerce and WPSL guaranteed active)
             
             COMPREHENSIVE REVIEW CHECKLIST:
             
@@ -95,11 +91,10 @@ jobs:
             5. Naming conventions
             
             🔧 PLUGIN-SPECIFIC:
-            1. WordPress optimization best practices
-            2. Performance impact assessment
+            1. WooCommerce integration best practices
+            2. WP Store Locator compatibility
             3. Admin interface usability
             4. Plugin activation/deactivation handling
-            5. Compatibility with WordPress core features
             
             REVIEW FORMAT:
             For each category, provide:

.github/workflows/gemini-assistant.yml

@@ -193,6 +193,7 @@ jobs:
             - [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/)
             - [Plugin Security Guidelines](https://developer.wordpress.org/plugins/security/)
             - [WordPress Performance Optimization](https://developer.wordpress.org/apis/handbook/performance/)
+              [WooCommerce Developer Documentation](https://woocommerce.com/document/create-a-plugin/)
             
             ### 💡 Available Commands
             Try these commands with @gemini-cli:

.github/workflows/gemini-comprehensive-analysis.yml

@@ -112,11 +112,11 @@ jobs:
           - Proper use of transients
           
           ### PLUGIN-SPECIFIC CHECKS:
-          - WordPress optimization best practices
-          - Performance improvement techniques
+          - WooCommerce integration best practices
           - Admin interface conventions
-          - WordPress core feature interaction
-          - Feature toggle implementation
+          - REST API implementation
+          - Custom post type registration
+          - Meta box implementation
           
           ### COMPATIBILITY:
           - PHP version compatibility (7.4+)

readme.txt

@@ -48,8 +48,6 @@ No, the plugin has a simple interface where you can toggle features on and off.
 * **ARCHITECTURE**: Improved plugin load order by removing immediate global scope execution
 * **ARCHITECTURE**: Consolidated plugin initialization into proper WordPress lifecycle management
 * **ARCHITECTURE**: Enhanced plugin activation, deactivation, and uninstall lifecycle management
-* **SECURITY**: Fixed curl command in AI workflows to properly handle secrets via environment variables
-* **SECURITY**: Enhanced security in GitHub Actions workflows to prevent credential exposure
 * **CODE QUALITY**: Removed unused `es_optimizer_enqueue_admin_scripts()` function (dead code removal)
 * **CODE QUALITY**: Fixed inline comment punctuation to comply with WordPress coding standards
 * **STABILITY**: Enhanced plugin stability and compatibility with other WordPress plugins