@biggora/claude-plugins 1.0.0 → 1.1.0

package/src/skills/tm-search/scripts/tm_search.py

@@ -0,0 +1,375 @@
+#!/usr/bin/env python3
+"""
+tm-search: US Trademark Search CLI Tool
+Searches USPTO trademark database via tmsearch.uspto.gov and tsdrapi.uspto.gov
+
+Usage:
+  python tm_search.py keyword <word> [--status=A] [--rows=25] [--json]
+  python tm_search.py available <word>
+  python tm_search.py status <serial_number> [--api-key=KEY]
+  python tm_search.py batch <word1,word2,...> [--status=A] [--csv]
+  python tm_search.py validate <file.txt> [--status=A] [--output=results.csv]
+"""
+
+import sys
+import json
+import time
+import csv
+import argparse
+import xml.etree.ElementTree as ET
+from typing import Optional
+
+try:
+    import requests
+except ImportError:
+    print("Error: 'requests' library required. Run: pip install requests")
+    sys.exit(1)
+
+# ─── Constants ─────────────────────────────────────────────────────────────────
+
+SEARCH_BASE = "https://tmsearch.uspto.gov"
+TSDR_BASE = "https://tsdrapi.uspto.gov/ts/cd"
+
+HEADERS = {
+    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (compatible; tm-search/1.0)",
+    "Accept": "application/json, text/plain, */*",
+    "Accept-Language": "en-US,en;q=0.9",
+    "Referer": f"{SEARCH_BASE}/search/search-information",
+    "Origin": SEARCH_BASE,
+}
+
+DISCLAIMER = (
+    "\n⚠️  DISCLAIMER: This is a preliminary search only. Trademark availability depends on many\n"
+    "    factors. Consult a licensed trademark attorney before filing.\n"
+)
+
+# ─── Search Functions ───────────────────────────────────────────────────────────
+
+def search_trademark(
+        keyword: str,
+        status: str = "A",
+        rows: int = 25,
+        start: int = 0,
+        plural_variants: bool = False,
+        session: Optional[requests.Session] = None
+) -> dict:
+    """
+    Search USPTO trademark database by keyword.
+
+    Args:
+        keyword: Word/phrase to search (auto-uppercased)
+        status: "A"=active, "D"=dead, ""=all
+        rows: Number of results (max 500)
+        start: Pagination offset
+        plural_variants: Include plural forms
+
+    Returns:
+        dict with "totalFound" and "trademarks" list
+    """
+    s = session or requests.Session()
+    keyword = keyword.upper().strip()
+
+    payload = {
+        "keyword": keyword,
+        "searchType": "1",
+        "statusType": status,
+        "pluralVariants": plural_variants,
+        "start": start,
+        "rows": rows,
+    }
+
+    try:
+        # Try POST first
+        resp = s.post(
+            f"{SEARCH_BASE}/search/keyword",
+            json=payload,
+            headers=HEADERS,
+            timeout=30
+        )
+        if resp.status_code == 200:
+            return resp.json()
+
+        # Fallback: GET with query params
+        params = {k: str(v).lower() if isinstance(v, bool) else v for k, v in payload.items()}
+        resp = s.get(
+            f"{SEARCH_BASE}/search/keyword",
+            params=params,
+            headers=HEADERS,
+            timeout=30
+        )
+        resp.raise_for_status()
+        return resp.json()
+
+    except requests.exceptions.RequestException as e:
+        return {"error": str(e), "totalFound": 0, "trademarks": []}
+
+
+def check_availability(keyword: str) -> dict:
+    """Check if a keyword is available (no active trademarks)."""
+    result = search_trademark(keyword, status="A", rows=5)
+    dead_result = search_trademark(keyword, status="D", rows=5)
+
+    return {
+        "keyword": keyword.upper(),
+        "available": result.get("totalFound", 0) == 0,
+        "active_count": result.get("totalFound", 0),
+        "dead_count": dead_result.get("totalFound", 0),
+        "top_matches": result.get("trademarks", [])[:3],
+    }
+
+
+def get_status_by_serial(serial_number: str, api_key: Optional[str] = None) -> dict:
+    """Get trademark case status by serial number via TSDR API."""
+    headers = {"Accept": "application/xml"}
+    if api_key:
+        headers["USPTO-API-KEY"] = api_key
+
+    # Remove non-digits
+    sn = "".join(filter(str.isdigit, serial_number))
+    url = f"{TSDR_BASE}/casestatus/sn{sn}/info.xml"
+
+    try:
+        resp = requests.get(url, headers=headers, timeout=30)
+        resp.raise_for_status()
+
+        # Parse XML response
+        root = ET.fromstring(resp.content)
+        ns = {"ns1": "urn:us:gov:doc:uspto:trademark:status"}
+
+        def find_text(path):
+            el = root.find(path, ns)
+            return el.text if el is not None else None
+
+        return {
+            "serialNumber": sn,
+            "status": find_text(".//ns1:MarkCurrentStatusExternalDescriptionText"),
+            "statusDate": find_text(".//ns1:MarkCurrentStatusDate"),
+            "wordMark": find_text(".//ns1:MarkVerbalElementText"),
+            "owner": find_text(".//ns1:EntityName"),
+            "filingDate": find_text(".//ns1:ApplicationDate"),
+            "registrationDate": find_text(".//ns1:RegistrationDate"),
+            "registrationNumber": find_text(".//ns1:RegistrationNumber"),
+        }
+    except requests.exceptions.RequestException as e:
+        return {"error": str(e), "serialNumber": sn}
+    except ET.ParseError:
+        return {"error": "Failed to parse XML response", "serialNumber": sn}
+
+
+# ─── Output Formatting ──────────────────────────────────────────────────────────
+
+def format_trademark(tm: dict) -> str:
+    """Format a single trademark result for display."""
+    classes = ", ".join(tm.get("internationalClassification", []))
+    return (
+        f"  • \"{tm.get('wordMark', 'N/A')}\" | "
+        f"Owner: {tm.get('owner', 'N/A')} | "
+        f"Classes: {classes or 'N/A'} | "
+        f"Status: {tm.get('status', 'N/A')} | "
+        f"Serial: {tm.get('serialNumber', 'N/A')}"
+    )
+
+
+def print_search_results(keyword: str, results: dict, show_json: bool = False):
+    """Print search results to stdout."""
+    if show_json:
+        print(json.dumps(results, indent=2))
+        return
+
+    total = results.get("totalFound", 0)
+    trademarks = results.get("trademarks", [])
+
+    print(f"\n{'='*60}")
+    print(f"KEYWORD: \"{keyword.upper()}\"")
+    print(f"Total found: {total}")
+
+    if total == 0:
+        print("Status: ✅ LIKELY AVAILABLE (no matching active marks)")
+    else:
+        print(f"Status: ❌ REGISTERED/PENDING MARKS FOUND")
+        print(f"\nTop results:")
+        for tm in trademarks[:10]:
+            print(format_trademark(tm))
+        if total > 10:
+            print(f"  ... and {total - 10} more")
+
+    print(DISCLAIMER)
+
+
+def print_availability(result: dict, show_json: bool = False):
+    """Print availability check result."""
+    if show_json:
+        print(json.dumps(result, indent=2))
+        return
+
+    keyword = result["keyword"]
+    print(f"\n{'='*60}")
+    print(f"AVAILABILITY CHECK: \"{keyword}\"")
+
+    if result["available"]:
+        print(f"Status: ✅ LIKELY AVAILABLE")
+        print(f"Active marks: 0")
+        print(f"Dead/cancelled marks: {result['dead_count']} (historical, may not block registration)")
+    else:
+        print(f"Status: ❌ NOT AVAILABLE — {result['active_count']} active mark(s) found")
+        if result["top_matches"]:
+            print("\nConflicting marks:")
+            for tm in result["top_matches"]:
+                print(format_trademark(tm))
+
+    print(DISCLAIMER)
+
+
+# ─── Batch Validation ───────────────────────────────────────────────────────────
+
+def batch_validate(
+        keywords: list[str],
+        status: str = "A",
+        delay: float = 0.75,
+        output_csv: Optional[str] = None
+) -> list[dict]:
+    """
+    Validate a list of keywords against USPTO trademarks.
+
+    Args:
+        keywords: List of words to check
+        status: Filter status
+        delay: Seconds between requests (avoid rate limiting)
+        output_csv: If set, write results to this CSV file
+
+    Returns:
+        List of result dicts
+    """
+    results = []
+    session = requests.Session()
+
+    print(f"Checking {len(keywords)} keywords against USPTO trademarks...")
+    print(f"Status filter: {'ACTIVE' if status == 'A' else 'DEAD' if status == 'D' else 'ALL'}\n")
+
+    for i, word in enumerate(keywords, 1):
+        word = word.strip()
+        if not word:
+            continue
+
+        print(f"[{i}/{len(keywords)}] Checking: {word.upper()}", end=" ... ", flush=True)
+
+        r = search_trademark(word, status=status, rows=5, session=session)
+        count = r.get("totalFound", 0)
+        top = r.get("trademarks", [{}])
+
+        result = {
+            "keyword": word.upper(),
+            "status": "AVAILABLE" if count == 0 else "TAKEN",
+            "count": count,
+            "top_owner": top[0].get("owner", "") if top else "",
+            "top_mark": top[0].get("wordMark", "") if top else "",
+            "top_serial": top[0].get("serialNumber", "") if top else "",
+        }
+        results.append(result)
+
+        print(f"{'✅ AVAILABLE' if count == 0 else f'❌ TAKEN ({count} marks)'}")
+
+        if i < len(keywords):
+            time.sleep(delay)
+
+    if output_csv:
+        with open(output_csv, "w", newline="") as f:
+            writer = csv.DictWriter(f, fieldnames=results[0].keys())
+            writer.writeheader()
+            writer.writerows(results)
+        print(f"\n✅ Results saved to: {output_csv}")
+
+    return results
+
+
+# ─── CLI Entry Point ────────────────────────────────────────────────────────────
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Search and validate US trademarks via USPTO",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+Examples:
+  tm_search.py keyword "CLOUDPEAK"
+  tm_search.py keyword "APPLE" --status=A --rows=50
+  tm_search.py available "NEONPULSE"
+  tm_search.py status 78787878 --api-key=YOUR_KEY
+  tm_search.py batch "BRAND1,BRAND2,BRAND3" --csv
+  tm_search.py validate names.txt --output=results.csv
+        """
+    )
+
+    subparsers = parser.add_subparsers(dest="command", required=True)
+
+    # keyword command
+    p_kw = subparsers.add_parser("keyword", help="Search by keyword")
+    p_kw.add_argument("word", help="Keyword to search")
+    p_kw.add_argument("--status", default="A", choices=["A", "D", ""], help="A=active, D=dead")
+    p_kw.add_argument("--rows", type=int, default=25, help="Results per page (max 500)")
+    p_kw.add_argument("--plural", action="store_true", help="Include plural variants")
+    p_kw.add_argument("--json", action="store_true", help="Output raw JSON")
+
+    # available command
+    p_av = subparsers.add_parser("available", help="Check if keyword is available")
+    p_av.add_argument("word", help="Keyword to check")
+    p_av.add_argument("--json", action="store_true", help="Output raw JSON")
+
+    # status command
+    p_st = subparsers.add_parser("status", help="Get case status by serial number")
+    p_st.add_argument("serial", help="Serial number (8 digits)")
+    p_st.add_argument("--api-key", help="USPTO API key for bulk access")
+    p_st.add_argument("--json", action="store_true", help="Output raw JSON")
+
+    # batch command
+    p_bt = subparsers.add_parser("batch", help="Check multiple comma-separated keywords")
+    p_bt.add_argument("words", help="Comma-separated keywords")
+    p_bt.add_argument("--status", default="A", choices=["A", "D", ""])
+    p_bt.add_argument("--csv", action="store_true", help="Output as CSV")
+    p_bt.add_argument("--delay", type=float, default=0.75, help="Delay between requests (seconds)")
+
+    # validate command
+    p_vl = subparsers.add_parser("validate", help="Validate keywords from a file")
+    p_vl.add_argument("file", help="Text file with one keyword per line")
+    p_vl.add_argument("--status", default="A", choices=["A", "D", ""])
+    p_vl.add_argument("--output", help="Output CSV file path")
+    p_vl.add_argument("--delay", type=float, default=0.75)
+
+    args = parser.parse_args()
+
+    if args.command == "keyword":
+        result = search_trademark(args.word, status=args.status, rows=args.rows, plural_variants=args.plural)
+        print_search_results(args.word, result, show_json=args.json)
+
+    elif args.command == "available":
+        result = check_availability(args.word)
+        print_availability(result, show_json=args.json)
+
+    elif args.command == "status":
+        result = get_status_by_serial(args.serial, api_key=args.api_key)
+        if args.json:
+            print(json.dumps(result, indent=2))
+        else:
+            print(f"\nSerial: {result.get('serialNumber')}")
+            for k, v in result.items():
+                if k != "serialNumber" and v:
+                    print(f"  {k}: {v}")
+
+    elif args.command == "batch":
+        words = [w.strip() for w in args.words.split(",") if w.strip()]
+        results = batch_validate(words, status=args.status, delay=args.delay)
+        if args.csv:
+            import io
+            output = io.StringIO()
+            writer = csv.DictWriter(output, fieldnames=results[0].keys())
+            writer.writeheader()
+            writer.writerows(results)
+            print("\n" + output.getvalue())
+
+    elif args.command == "validate":
+        with open(args.file) as f:
+            words = [line.strip() for line in f if line.strip()]
+        batch_validate(words, status=args.status, delay=args.delay, output_csv=args.output)
+
+
+if __name__ == "__main__":
+    main()

package/src/skills/wp-rest-api/SKILL.md

@@ -0,0 +1,114 @@
+---
+name: wp-rest-api
+description: "Use when building, extending, or debugging WordPress REST API endpoints/routes: register_rest_route, WP_REST_Controller/controller classes, schema/argument validation, permission_callback/authentication, response shaping, register_rest_field/register_meta, or exposing CPTs/taxonomies via show_in_rest."
+compatibility: "Targets WordPress 6.9+ (PHP 7.2.24+). Filesystem-based agent with bash + node. Some workflows require WP-CLI."
+---
+
+# WP REST API
+
+## When to use
+
+Use this skill when you need to:
+
+- create or update REST routes/endpoints
+- debug 401/403/404 errors or permission/nonce issues
+- add custom fields/meta to REST responses
+- expose custom post types or taxonomies via REST
+- implement schema + argument validation
+- adjust response links/embedding/pagination
+
+## Inputs required
+
+- Repo root + target plugin/theme/mu-plugin (path to entrypoint).
+- Desired namespace + version (e.g. `my-plugin/v1`) and routes.
+- Authentication mode (cookie + nonce vs application passwords vs auth plugin).
+- Target WordPress version constraints (if below 6.9, call out).
+
+## Procedure
+
+### 0) Triage and locate REST usage
+
+1. Run triage:
+   - `node skills/wp-project-triage/scripts/detect_wp_project.mjs`
+2. Search for existing REST usage:
+   - `register_rest_route`
+   - `WP_REST_Controller`
+   - `rest_api_init`
+   - `show_in_rest`, `rest_base`, `rest_controller_class`
+
+If this is a full site repo, pick the specific plugin/theme before changing code.
+
+### 1) Choose the right approach
+
+- **Expose CPT/taxonomy in `wp/v2`:**
+  - Use `show_in_rest => true` + `rest_base` if needed.
+  - Optionally provide `rest_controller_class`.
+  - Read `references/custom-content-types.md`.
+- **Custom endpoints:**
+  - Use `register_rest_route()` on `rest_api_init`.
+  - Prefer a controller class (`WP_REST_Controller` subclass) for anything non-trivial.
+  - Read `references/routes-and-endpoints.md` and `references/schema.md`.
+
+### 2) Register routes safely (namespaces, methods, permissions)
+
+- Use a unique namespace `vendor/v1`; avoid `wp/*` unless core.
+- Always provide `permission_callback` (use `__return_true` for public endpoints).
+- Use `WP_REST_Server::READABLE/CREATABLE/EDITABLE/DELETABLE` constants.
+- Return data via `rest_ensure_response()` or `WP_REST_Response`.
+- Return errors via `WP_Error` with an explicit `status`.
+
+Read `references/routes-and-endpoints.md`.
+
+### 3) Validate/sanitize request args
+
+- Define `args` with `type`, `default`, `required`, `validate_callback`, `sanitize_callback`.
+- Prefer JSON Schema validation with `rest_validate_value_from_schema` then `rest_sanitize_value_from_schema`.
+- Never read `$_GET`/`$_POST` directly inside endpoints; use `WP_REST_Request`.
+
+Read `references/schema.md`.
+
+### 4) Responses, fields, and links
+
+- Do **not** remove core fields from default endpoints; add fields instead.
+- Use `register_rest_field` for computed fields; `register_meta` with `show_in_rest` for meta.
+- For `object`/`array` meta, define schema in `show_in_rest.schema`.
+- If you need unfiltered post content (e.g., ToC plugins injecting HTML), request `?context=edit` to access `content.raw` (auth required). Pair with `_fields=content.raw` to keep responses small.
+- Add related resource links via `WP_REST_Response::add_link()`.
+
+Read `references/responses-and-fields.md`.
+
+### 5) Authentication and authorization
+
+- For wp-admin/JS: cookie auth + `X-WP-Nonce` (action `wp_rest`).
+- For external clients: application passwords (basic auth) or an auth plugin.
+- Use capability checks in `permission_callback` (authorization), not just “logged in”.
+
+Read `references/authentication.md`.
+
+### 6) Client-facing behavior (discovery, pagination, embeds)
+
+- Ensure discovery works (`Link` header or `<link rel="https://api.w.org/">`).
+- Support `_fields`, `_embed`, `_method`, `_envelope`, pagination headers.
+- Remember `per_page` is capped at 100.
+
+Read `references/discovery-and-params.md`.
+
+## Verification
+
+- `/wp-json/` index includes your namespace.
+- `OPTIONS` on your route returns schema (when provided).
+- Endpoint returns expected data; permission failures return 401/403 as appropriate.
+- CPT/taxonomy routes appear under `wp/v2` when `show_in_rest` is true.
+- Run repo lint/tests and any PHP/JS build steps.
+
+## Failure modes / debugging
+
+- 404: `rest_api_init` not firing, route typo, or permalinks off (use `?rest_route=`).
+- 401/403: missing nonce/auth, or `permission_callback` too strict.
+- `_doing_it_wrong` for missing `permission_callback`: add it (use `__return_true` if public).
+- Invalid params: missing/incorrect `args` schema or validation callbacks.
+- Fields missing: `show_in_rest` false, meta not registered, or CPT lacks `custom-fields` support.
+
+## Escalation
+
+If version support or behavior is unclear, consult the REST API Handbook and core docs before inventing patterns.

package/src/skills/wp-rest-api/references/authentication.md

@@ -0,0 +1,18 @@
+# Authentication (summary)
+
+## Cookie authentication (in-dashboard / same-site)
+
+- Standard for wp-admin and theme/plugin JS.
+- Requires a REST nonce (`wp_rest`) sent as `X-WP-Nonce` header or `_wpnonce` param.
+- If the nonce is missing, the request is treated as unauthenticated even if cookies exist.
+
+## Application Passwords (external clients)
+
+- Available in WordPress 5.6+.
+- Use HTTPS + Basic Auth with the application password.
+- Recommended over the legacy Basic Auth plugin.
+
+## Auth plugins
+
+- OAuth 1.0a or JWT plugins are common for external apps.
+- Use only if required; follow plugin docs and security guidance.

package/src/skills/wp-rest-api/references/custom-content-types.md

@@ -0,0 +1,20 @@
+# Custom Content Types (summary)
+
+## Custom post types
+
+- Set `show_in_rest => true` in `register_post_type()` to expose in `wp/v2`.
+- Use `rest_base` to change the route slug.
+- Optionally set `rest_controller_class` (must extend `WP_REST_Controller`).
+
+## Custom taxonomies
+
+- Set `show_in_rest => true` in `register_taxonomy()`.
+- Use `rest_base` and optional `rest_controller_class` (default `WP_REST_Terms_Controller`).
+
+## Adding REST support to existing types
+
+- Use `register_post_type_args` or `register_taxonomy_args` filters to enable `show_in_rest` for types you do not control.
+
+## Discovery links for custom controllers
+
+- If you use a custom controller class, use `rest_route_for_post` or `rest_route_for_term` filters to map objects to routes.

package/src/skills/wp-rest-api/references/discovery-and-params.md

@@ -0,0 +1,20 @@
+# Discovery and Global Parameters (summary)
+
+## API discovery
+
+- REST API root is discovered via the `Link` header: `rel="https://api.w.org/"`.
+- HTML pages also include a `<link rel="https://api.w.org/" href="...">` element.
+- For non-pretty permalinks, use `?rest_route=/`.
+
+## Global parameters
+
+- `_fields` limits response fields (supports nested meta keys).
+- `_embed` includes linked resources in `_embedded`.
+- `_method` or `X-HTTP-Method-Override` allows POST to simulate PUT/DELETE.
+- `_envelope` puts headers/status in the response body.
+- `_jsonp` enables JSONP for legacy clients.
+
+## Pagination
+
+- Collections accept `page`, `per_page` (1-100), and `offset`.
+- Pagination headers: `X-WP-Total` and `X-WP-TotalPages`.

package/src/skills/wp-rest-api/references/responses-and-fields.md

@@ -0,0 +1,30 @@
+# Responses and Fields (summary)
+
+## Do not remove core fields
+
+- Removing or changing core fields breaks clients (including wp-admin).
+- Prefer adding new fields or using `_fields` to limit response size.
+
+## register_rest_field
+
+- Use for computed or custom fields.
+- Provide `get_callback`, optional `update_callback`, and `schema`.
+- Register on `rest_api_init`.
+
+## Raw vs rendered content
+
+- For posts, `content.rendered` reflects filters (plugins like ToC inject HTML).
+- Use `?context=edit` (authenticated) to access `content.raw`.
+- Combine with `_fields=content.raw` when you only need the editable body.
+
+## register_meta / register_post_meta / register_term_meta
+
+- Use when the data is stored as meta.
+- Set `show_in_rest => true` to expose under `.meta`.
+- For `object` or `array` types, provide a JSON schema in `show_in_rest.schema`.
+
+## Links and embedding
+
+- Add links with `WP_REST_Response::add_link( $rel, $href, $attrs )`.
+- Use `embeddable => true` to allow `_embed`.
+- Use IANA rels or a custom URI relation; CURIEs can be registered via `rest_response_link_curies`.

package/src/skills/wp-rest-api/references/routes-and-endpoints.md

@@ -0,0 +1,36 @@
+# Routes and Endpoints (summary)
+
+## Registering routes
+
+- Register routes on the `rest_api_init` hook with `register_rest_route( $namespace, $route, $args )`.
+- A **route** is the URL pattern; an **endpoint** is the method + callback bound to that route.
+- For non-pretty permalinks, the route is accessed via `?rest_route=/namespace/route`.
+
+## Namespacing
+
+- Always namespace routes (`vendor/v1`).
+- **Do not** use the `wp/*` namespace unless you are targeting core.
+
+## Methods
+
+- Use `WP_REST_Server::READABLE` (GET), `CREATABLE` (POST), `EDITABLE` (PUT/PATCH), `DELETABLE` (DELETE).
+- Multiple endpoints can share a route, one per method.
+
+## permission_callback (required)
+
+- Always provide `permission_callback`.
+- Public endpoints should use `__return_true`.
+- For restricted endpoints, use capability checks (`current_user_can`) or object-level authorization.
+- Missing `permission_callback` emits a `_doing_it_wrong` notice in modern WP.
+
+## Arguments
+
+- Register `args` to validate and sanitize inputs.
+- Use `type`, `required`, `default`, `validate_callback`, `sanitize_callback`.
+- Access params via the `WP_REST_Request` object, not `$_GET`/`$_POST`.
+
+## Return values
+
+- Return data via `rest_ensure_response()` or a `WP_REST_Response`.
+- Return `WP_Error` with a `status` in `data` for error responses.
+- Do not call `wp_send_json()` in REST callbacks.

package/src/skills/wp-rest-api/references/schema.md

@@ -0,0 +1,22 @@
+# Schema and Argument Validation (summary)
+
+## JSON Schema in WordPress
+
+- REST API uses JSON Schema (draft 4 subset) for resource and argument definitions.
+- Provide schema via `get_item_schema()` on controllers or `schema` callbacks on routes.
+- Schema enables discovery (`OPTIONS`) and validation.
+
+## Validation + sanitization
+
+- Use `rest_validate_value_from_schema( $value, $schema )` then `rest_sanitize_value_from_schema( $value, $schema )`.
+- If you override `sanitize_callback`, built-in schema validation will not run; use `rest_validate_request_arg` to keep it.
+- `WP_REST_Controller::get_endpoint_args_for_item_schema()` wires validation automatically.
+
+## Schema caching
+
+- Cache the generated schema on the controller instance (`$this->schema`) to avoid recomputation.
+
+## Formats and types
+
+- Common formats: `date-time`, `uri`, `email`, `ip`, `uuid`, `hex-color`.
+- For `array` and `object` types, you must define `items` or `properties` schemas.