SilverAssist
diff --git a/‎.github/copilot-instructions.md‎
Lines changed: 102 additions & 0 deletions b/‎.github/copilot-instructions.md‎
Lines changed: 102 additions & 0 deletions
diff --git a/‎.github/workflows/quality-checks.yml‎
Lines changed: 129 additions & 0 deletions b/‎.github/workflows/quality-checks.yml‎
Lines changed: 129 additions & 0 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 92 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 44 additions & 0 deletions b/‎.gitignore‎
Lines changed: 44 additions & 0 deletions
@@ -0,0 +1,102 @@
+# LeadCapture Form — Project Context
+
+WordPress plugin for embedding LeadCapture.io forms via shortcode, Gutenberg block, or Elementor widget with embed and popup mode support.
+
+## Plugin Info
+
+| Key              | Value                          |
+|------------------|--------------------------------|
+| Namespace        | `LeadCaptureForm`              |
+| Text Domain      | `leadcapture-form`             |
+| Version          | 1.0.0                         |
+| Requires PHP     | 8.2                           |
+| License          | Polyform Noncommercial 1.0.0  |
+| GitHub Repo      | `SilverAssist/leadcapture-form`|
+
+## Differences from Global Standards
+
+- **Double quotes** everywhere (PHP and JS) — not single quotes
+- **Singleton pattern** (`get_instance()`) — not LoadableInterface
+- **No activation/deactivation hooks** — plugin doesn't modify WP internals
+- PSR-4 autoloading via `require_once` in `load_dependencies()`, not a DI container
+- **Vanilla JavaScript** — no jQuery dependency
+
+## Architecture
+
+```
+leadcapture-form.php              # Entry point (Singleton)
+includes/
+├── LeadCaptureFormBlock.php      # Gutenberg block handler
+├── LeadCaptureFormUpdater.php    # GitHub updater (extends silverassist/wp-github-updater)
+├── LeadCaptureFormAdmin.php      # Admin interface (Settings → LeadCapture)
+└── elementor/
+    ├── WidgetsLoader.php         # Conditional loader (only when Elementor active)
+    └── widgets/
+        └── LeadCaptureFormWidget.php # Elementor widget
+blocks/leadcapture-form/          # Gutenberg block assets (block.json, block.js, editor.css)
+assets/css/                       # leadcapture-form.css, admin-settings.css
+assets/js/                        # leadcapture-form.js (frontend, vanilla JS)
+```
+
+### Namespaces
+
+- `LeadCaptureForm` — main plugin classes
+- `LeadCaptureForm\Block` — Gutenberg block
+- `LeadCaptureForm\Elementor` — Elementor loader
+- `LeadCaptureForm\Elementor\Widgets` — Elementor widgets
+
+### Key Differences from LeadGen App Form
+
+- **Single form-token** (not desktop-id/mobile-id) — LeadCapture.io handles responsiveness internally
+- **Embed & popup modes** — `mode="embed"` for inline, `mode="popup"` for click-triggered popup
+- **LeadCapture.io pixel script** — loads `https://api.useleadbot.com/lead-bots/get-pixel-script.js`
+- **`window.form_token`** — set before script loads (not per-form custom elements)
+- **Embed container** — `<div class="leadforms-embd-form"></div>` populated by pixel script
+- **Popup trigger** — CSS class `leadforms-trigger-XX` on trigger elements
+
+### Form Integration Methods
+
+```php
+// Shortcode — embed mode
+[leadcapture_form form-token="GLFT-XXXXX" mode="embed" height="600px"]
+
+// Shortcode — popup mode
+[leadcapture_form form-token="GLFT-XXXXX" mode="popup" trigger-class="leadforms-trigger-01"]
+
+// Gutenberg Block — search "LeadCapture Form" in block inserter
+// Elementor Widget — drag from "LeadCapture Forms" category
+```
+
+### Form Loading Flow
+
+1. PHP renders placeholder with pulse animation
+2. JS waits for user interaction (focus/mousemove/scroll/touchstart)
+3. Sets `window.form_token` from data attribute
+4. Loads pixel script from `api.useleadbot.com` (singleton — only loaded once)
+5. Script populates `<div class="leadforms-embd-form">` for embed mode
+6. For popup mode, trigger elements use `leadforms-trigger-XX` CSS class
+
+### Update System
+
+Uses `silverassist/wp-github-updater` package. `LeadCaptureFormUpdater` extends `GitHubUpdater` with plugin-specific config (asset pattern `leadcapture-form-v{version}.zip`, 12h cache, AJAX action `leadcapture_check_version`). Updates show in standard WP admin.
+
+### Elementor Integration
+
+- Conditional loading: `\did_action('elementor/loaded')`
+- Widget category: `leadcapture-forms`
+- Hooks: `elementor/widgets/register`, `elementor/elements/categories_registered`
+- Renders via same `render_shortcode()` method as the shortcode
+
+## Quick Reference
+
+| File | Role |
+|------|------|
+| `leadcapture-form.php` | Main plugin file (Singleton) |
+| `includes/LeadCaptureFormBlock.php` | Gutenberg block handler |
+| `includes/LeadCaptureFormUpdater.php` | GitHub updater |
+| `includes/LeadCaptureFormAdmin.php` | Admin settings page |
+| `includes/elementor/WidgetsLoader.php` | Elementor widgets manager |
+| `includes/elementor/widgets/LeadCaptureFormWidget.php` | LeadCapture Form widget |
+| `assets/js/leadcapture-form.js` | Frontend form loading (Vanilla JS, lazy load) |
+| `assets/css/leadcapture-form.css` | Main styles + animations |
+| `assets/css/admin-settings.css` | Admin page card-based UI |
@@ -0,0 +1,129 @@
+name: Plugin Quality Checks
+permissions:
+  contents: read
+
+on:
+    push:
+        branches: [main, develop]
+    pull_request:
+        branches: [main]
+
+jobs:
+    quality-checks:
+        runs-on: ubuntu-latest
+
+        strategy:
+            matrix:
+                php-version: [8.2, 8.3, 8.4]
+                wordpress-version: [6.5, 6.6, latest]
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+              with:
+                  php-version: ${{ matrix.php-version }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite
+                  coverage: none
+
+            - name: Validate composer.json
+              run: composer validate --strict
+
+            - name: Install Composer dependencies
+              run: composer install --prefer-dist --no-progress --no-suggest
+
+            - name: Configure WordPress Coding Standards
+              run: vendor/bin/phpcs --config-set installed_paths vendor/wp-coding-standards/wpcs
+
+            - name: Run PHP CodeSniffer
+              run: |
+                  # Run basic syntax validation
+                  echo "🔍 Running PHP syntax validation..."
+                  find . -name "*.php" -not -path "./vendor/*" -exec php -l {} \;
+                  echo "✅ PHP syntax validation completed"
+
+    security-check:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+              with:
+                  php-version: 8.2
+
+            - name: Install dependencies
+              run: composer install --prefer-dist --no-progress
+
+            - name: Run security check
+              run: |
+                  # Check for common security issues (only in PHP files, excluding this workflow)
+                  echo "🔍 Checking for eval() usage in PHP code..."
+                  EVAL_FILES=$(find . -name "*.php" -not -path "./vendor/*" -exec grep -l "eval(" {} \; 2>/dev/null || true)
+                  if [ -n "$EVAL_FILES" ]; then
+                    echo "❌ eval() usage found in PHP files - security risk!"
+                    echo "$EVAL_FILES"
+                    exit 1
+                  else
+                    echo "✅ No eval() found in PHP code"
+                  fi
+                  
+                  echo "🔍 Checking for direct \$_GET usage in PHP code..."
+                  GET_FILES=$(find . -name "*.php" -not -path "./vendor/*" -exec grep -l "\$_GET\[" {} \; 2>/dev/null || true)
+                  if [ -n "$GET_FILES" ]; then
+                    echo "⚠️ Direct \$_GET usage found - consider using sanitize_text_field()"
+                    echo "$GET_FILES"
+                  else
+                    echo "✅ No direct \$_GET usage in PHP code"
+                  fi
+                  
+                  echo "🔍 Checking for direct \$_POST usage in PHP code..."
+                  POST_FILES=$(find . -name "*.php" -not -path "./vendor/*" -exec grep -l "\$_POST\[" {} \; 2>/dev/null || true)
+                  if [ -n "$POST_FILES" ]; then
+                    echo "⚠️ Direct \$_POST usage found - consider using sanitize_text_field()"
+                    echo "$POST_FILES"
+                  else
+                    echo "✅ No direct \$_POST usage in PHP code"
+                  fi
+                  
+                  echo "🔍 Checking for remote file_get_contents usage in PHP code..."
+                  HTTP_FILES=$(find . -name "*.php" -not -path "./vendor/*" -exec grep -l "file_get_contents.*http" {} \; 2>/dev/null || true)
+                  if [ -n "$HTTP_FILES" ]; then
+                    echo "❌ Remote file_get_contents found - potential SSRF risk!"
+                    echo "$HTTP_FILES"
+                    exit 1
+                  else
+                    echo "✅ No remote file_get_contents found in PHP code"
+                  fi
+
+    compatibility-check:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+              with:
+                  php-version: 8.2
+
+            - name: Check PHP 8.2+ compatibility
+              run: |
+                  # Check for PHP 8.2+ features usage
+                  php -r "
+                    if (version_compare(PHP_VERSION, '8.2.0', '<')) {
+                      echo 'PHP 8.2+ required';
+                      exit(1);
+                    }
+                    echo '✅ PHP version compatible';
+                  "
+
+            - name: WordPress compatibility check
+              run: |
+                  # Basic WordPress function usage validation (only in PHP files)
+                  find . -name "*.php" -not -path "./vendor/*" -not -path "./.github/*" -not -path "./node_modules/*" -exec grep -l "add_action\|add_filter\|wp_enqueue" {} \; && echo "✅ WordPress functions found" || echo "⚠️  No WordPress functions detected"
@@ -0,0 +1,92 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g. 1.2.0). Leave empty to use plugin file version.'
+        required: false
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Build & Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+        with:
+          php-version: '8.2'
+          tools: composer
+
+      - name: Detect version
+        id: version
+        run: |
+          if [[ "${{ github.event_name }}" == "push" ]]; then
+            VERSION="${GITHUB_REF_NAME#v}"
+          elif [[ -n "${{ github.event.inputs.version }}" ]]; then
+            VERSION="${{ github.event.inputs.version }}"
+          else
+            VERSION=$(grep -o 'Version: [0-9]\+\.[0-9]\+\.[0-9]\+' *.php 2>/dev/null | head -1 | cut -d' ' -f2)
+          fi
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "🏷️ Version: $VERSION"
+
+      - name: Install dependencies
+        run: composer install --no-interaction
+
+      - name: Update version
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          if [ -f "scripts/update-version-simple.sh" ]; then
+            chmod +x scripts/update-version-simple.sh
+            ./scripts/update-version-simple.sh "$VERSION" --no-confirm --force
+          elif [ -f "scripts/update-version.sh" ]; then
+            chmod +x scripts/update-version.sh
+            ./scripts/update-version.sh "$VERSION" --no-confirm --force
+          fi
+
+      - name: Code quality
+        run: |
+          HAS_CHECKS=false
+          if [ -f phpcs.xml ] || [ -f .phpcs.xml.dist ] || [ -f phpcs.xml.dist ]; then
+            echo "▶ PHPCS"
+            vendor/bin/phpcs --runtime-set ignore_warnings_on_exit 1
+            HAS_CHECKS=true
+          fi
+          if [ -f phpstan.neon ] || [ -f phpstan.neon.dist ]; then
+            echo "▶ PHPStan"
+            vendor/bin/phpstan analyse --no-progress
+            HAS_CHECKS=true
+          fi
+          if [ "$HAS_CHECKS" = false ]; then
+            echo "ℹ️ No quality tool configs found — skipping"
+          fi
+
+      - name: Build release
+        id: build
+        run: |
+          chmod +x scripts/build-release.sh
+          ./scripts/build-release.sh "${{ steps.version.outputs.version }}"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+        with:
+          tag_name: v${{ steps.version.outputs.version }}
+          name: v${{ steps.version.outputs.version }}
+          files: |
+            build/*.zip
+            build/*.md5
+            build/*.sha256
+          generate_release_notes: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,44 @@
+# Composer
+/vendor/
+composer.lock
+
+# Node modules
+/node_modules/
+
+# Development tools
+*.tmp
+*.log
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# WordPress
+wp-config.php
+wp-content/uploads/
+wp-content/cache/
+wp-content/backup-db/
+wp-content/advanced-cache.php
+wp-content/wp-cache-config.php
+
+# Package builds
+/dist/
+/build/
+
+# Temporary files
+temp-package/
+temp-package.zip
+
+# Generated files (created by GitHub Actions)
+RELEASE-NOTES.md