claude-plugin-wordpress-manager 2.1.0 → 2.2.0

package/skills/wp-webhooks/references/wordpress-core-webhooks.md

@@ -0,0 +1,162 @@
+# WordPress Core Webhooks
+
+## Overview
+
+WordPress core does not have a built-in webhook management UI like WooCommerce. Instead, you implement outbound notifications by hooking into WordPress action hooks and using `wp_remote_post()` to send HTTP requests. The recommended approach is deploying a mu-plugin.
+
+## mu-Plugin Approach
+
+Create a mu-plugin at `wp-content/mu-plugins/outbound-webhooks.php`:
+
+```php
+<?php
+/**
+ * Plugin Name: Outbound Webhooks
+ * Description: Sends webhook notifications on content events.
+ */
+
+// Configuration — set these in wp-config.php
+// define('WEBHOOK_URL', 'https://hooks.example.com/wordpress');
+// define('WEBHOOK_SECRET', 'your-secret-key');
+
+if (!defined('WEBHOOK_URL') || !WEBHOOK_URL) {
+    return;
+}
+
+/**
+ * Send a webhook notification.
+ */
+function send_webhook($event, $data) {
+    $payload = wp_json_encode([
+        'event'     => $event,
+        'timestamp' => gmdate('c'),
+        'site_url'  => home_url(),
+        'data'      => $data,
+    ]);
+
+    $signature = hash_hmac('sha256', $payload, WEBHOOK_SECRET ?? '');
+
+    wp_remote_post(WEBHOOK_URL, [
+        'timeout' => 5,
+        'headers' => [
+            'Content-Type'         => 'application/json',
+            'X-WP-Webhook-Event'   => $event,
+            'X-WP-Webhook-Signature' => $signature,
+        ],
+        'body' => $payload,
+    ]);
+}
+
+/**
+ * Hook: Post published or updated.
+ */
+add_action('transition_post_status', function($new_status, $old_status, $post) {
+    if ($new_status === 'publish' && $old_status !== 'publish') {
+        send_webhook('post.published', [
+            'id'    => $post->ID,
+            'title' => $post->post_title,
+            'slug'  => $post->post_name,
+            'type'  => $post->post_type,
+            'url'   => get_permalink($post),
+        ]);
+    } elseif ($new_status === 'publish' && $old_status === 'publish') {
+        send_webhook('post.updated', [
+            'id'    => $post->ID,
+            'title' => $post->post_title,
+            'slug'  => $post->post_name,
+            'type'  => $post->post_type,
+            'url'   => get_permalink($post),
+        ]);
+    }
+}, 10, 3);
+
+/**
+ * Hook: Term created or edited.
+ */
+add_action('edited_term', function($term_id, $tt_id, $taxonomy) {
+    $term = get_term($term_id, $taxonomy);
+    send_webhook('term.updated', [
+        'id'       => $term_id,
+        'name'     => $term->name,
+        'slug'     => $term->slug,
+        'taxonomy' => $taxonomy,
+    ]);
+}, 10, 3);
+
+/**
+ * Hook: User registered.
+ */
+add_action('user_register', function($user_id) {
+    $user = get_userdata($user_id);
+    send_webhook('user.created', [
+        'id'       => $user_id,
+        'username' => $user->user_login,
+        'email'    => $user->user_email,
+        'role'     => implode(', ', $user->roles),
+    ]);
+});
+
+/**
+ * Hook: Navigation menu updated.
+ */
+add_action('wp_update_nav_menu', function($menu_id) {
+    send_webhook('menu.updated', [
+        'menu_id' => $menu_id,
+    ]);
+});
+```
+
+## Key WordPress Action Hooks
+
+| Hook | Fires When | Arguments |
+|------|-----------|-----------|
+| `transition_post_status` | Post status changes | $new_status, $old_status, $post |
+| `save_post` | Post is saved (any status) | $post_id, $post, $update |
+| `delete_post` | Post is deleted | $post_id |
+| `edited_term` | Term is created or edited | $term_id, $tt_id, $taxonomy |
+| `user_register` | New user registers | $user_id |
+| `profile_update` | User profile updated | $user_id, $old_user_data |
+| `wp_update_nav_menu` | Navigation menu updated | $menu_id |
+| `updated_option` | Option value changed | $option_name, $old, $new |
+| `activated_plugin` | Plugin activated | $plugin |
+| `switch_theme` | Theme switched | $new_name, $new_theme |
+
+## wp-config.php Constants
+
+Add these constants to `wp-config.php` for the mu-plugin:
+
+```php
+// Primary webhook endpoint
+define('WEBHOOK_URL', 'https://hooks.example.com/wordpress');
+
+// HMAC secret for signature verification
+define('WEBHOOK_SECRET', 'your-secret-key-here');
+
+// Optional: headless frontend revalidation
+define('HEADLESS_WEBHOOK_URL', 'https://frontend.example.com/api/revalidate');
+define('HEADLESS_WEBHOOK_SECRET', 'revalidation-secret');
+```
+
+## Deployment
+
+Deploy the mu-plugin via:
+1. **SSH/SFTP**: Upload to `wp-content/mu-plugins/`
+2. **WP-CLI**: `wp eval 'file_put_contents(WPMU_PLUGIN_DIR . "/outbound-webhooks.php", $code);'`
+3. **Hostinger MCP**: Use file deployment tools
+
+mu-plugins load automatically — no activation needed.
+
+## Testing
+
+Verify webhooks fire correctly:
+
+```bash
+# Check if mu-plugin is loaded
+wp eval "echo defined('WEBHOOK_URL') ? 'configured' : 'not configured';"
+
+# Trigger a test by updating a post
+wp post update 1 --post_title="Test Webhook Trigger"
+
+# Check for errors in debug.log
+tail -f wp-content/debug.log | grep -i webhook
+```

package/skills/wp-webhooks/scripts/webhook_inspect.mjs

@@ -0,0 +1,157 @@
+/**
+ * webhook_inspect.mjs — Detect webhook configuration for WordPress projects.
+ *
+ * Scans for WooCommerce webhooks, mu-plugin webhooks, webhook plugins,
+ * and wp-config.php webhook constants.
+ *
+ * Usage:
+ *   node webhook_inspect.mjs [--cwd=/path/to/project]
+ *
+ * Exit codes:
+ *   0 — webhook configuration found
+ *   1 — no webhook configuration found
+ */
+
+import { readFileSync, existsSync, readdirSync } from 'node:fs';
+import { join, resolve } from 'node:path';
+import { argv, stdout, exit } from 'node:process';
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function readFileSafe(filePath) {
+  try { return readFileSync(filePath, 'utf-8'); } catch { return null; }
+}
+
+function existsSafe(filePath) {
+  try { return existsSync(filePath); } catch { return false; }
+}
+
+function globDir(dirPath) {
+  try { return readdirSync(dirPath); } catch { return []; }
+}
+
+// ---------------------------------------------------------------------------
+// Detectors
+// ---------------------------------------------------------------------------
+
+function detectWooCommerceWebhooks(cwd) {
+  const indicators = [];
+
+  // Check for WooCommerce plugin
+  const plugins = globDir(join(cwd, 'wp-content', 'plugins'));
+  if (plugins.some(p => p.toLowerCase().includes('woocommerce'))) {
+    indicators.push('woocommerce_installed');
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+function detectMuPluginWebhooks(cwd) {
+  const indicators = [];
+
+  const muPlugins = globDir(join(cwd, 'wp-content', 'mu-plugins'));
+  for (const file of muPlugins) {
+    if (!file.endsWith('.php')) continue;
+    const content = readFileSafe(join(cwd, 'wp-content', 'mu-plugins', file));
+    if (!content) continue;
+
+    if (/wp_remote_post/i.test(content) && /webhook|hook|notify|propagat/i.test(content)) {
+      indicators.push(`mu_plugin_webhook: ${file}`);
+    }
+    if (/HEADLESS_WEBHOOK_URL|WEBHOOK_URL/i.test(content)) {
+      indicators.push(`mu_plugin_webhook_constant: ${file}`);
+    }
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+function detectWebhookPlugins(cwd) {
+  const indicators = [];
+  const plugins = globDir(join(cwd, 'wp-content', 'plugins'));
+  const webhookPlugins = [
+    'wp-webhooks', 'zapier', 'uncanny-automator', 'automator',
+    'wp-fusion', 'webhook', 'notification', 'hookpress',
+  ];
+
+  for (const plugin of plugins) {
+    if (webhookPlugins.some(wp => plugin.toLowerCase().includes(wp))) {
+      indicators.push(`webhook_plugin: ${plugin}`);
+    }
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+function detectWebhookConstants(cwd) {
+  const indicators = [];
+
+  const wpConfig = readFileSafe(join(cwd, 'wp-config.php'));
+  if (wpConfig) {
+    if (/WEBHOOK_URL/i.test(wpConfig)) {
+      indicators.push('webhook_url_constant');
+    }
+    if (/WEBHOOK_SECRET/i.test(wpConfig)) {
+      indicators.push('webhook_secret_constant');
+    }
+    if (/HEADLESS_WEBHOOK_URL/i.test(wpConfig)) {
+      indicators.push('headless_webhook_url');
+    }
+  }
+
+  return { found: indicators.length > 0, indicators };
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+function main() {
+  const cwdArg = argv.find(a => a.startsWith('--cwd='));
+  const cwd = cwdArg ? resolve(cwdArg.split('=')[1]) : process.cwd();
+
+  const wcWebhooks = detectWooCommerceWebhooks(cwd);
+  const muPluginWebhooks = detectMuPluginWebhooks(cwd);
+  const webhookPlugins = detectWebhookPlugins(cwd);
+  const webhookConstants = detectWebhookConstants(cwd);
+
+  const hasWebhooks = wcWebhooks.found || muPluginWebhooks.found ||
+                      webhookPlugins.found || webhookConstants.found;
+
+  const recommendations = [];
+
+  if (wcWebhooks.found) {
+    recommendations.push('WooCommerce detected — use wc_list_webhooks / wc_create_webhook MCP tools for webhook management');
+  }
+  if (muPluginWebhooks.found) {
+    recommendations.push('mu-plugin webhooks detected — review delivery URLs and secrets for security');
+  }
+  if (!hasWebhooks) {
+    recommendations.push('No webhook configuration detected — use wp-webhooks skill to set up outbound notifications');
+  }
+  if (webhookConstants.found && !webhookConstants.indicators.includes('webhook_secret_constant')) {
+    recommendations.push('Webhook URL configured but no secret found — add WEBHOOK_SECRET to wp-config.php for signature verification');
+  }
+
+  const report = {
+    tool: 'webhook_inspect',
+    version: '1.0.0',
+    timestamp: new Date().toISOString(),
+    cwd,
+    found: hasWebhooks,
+    areas: {
+      wc_webhooks: wcWebhooks,
+      mu_plugin_webhooks: muPluginWebhooks,
+      webhook_plugins: webhookPlugins,
+      webhook_constants: webhookConstants,
+    },
+    recommendations,
+  };
+
+  stdout.write(JSON.stringify(report, null, 2) + '\n');
+  exit(hasWebhooks ? 0 : 1);
+}
+
+main();

package/skills/wp-woocommerce/SKILL.md

@@ -108,3 +108,4 @@ For complex multi-step WooCommerce operations, use the `wp-ecommerce-manager` ag
 - `wp-deploy` — Deploy WooCommerce store changes to production
 - `wp-audit` — Audit WooCommerce store security and performance
 - `wp-backup` — Backup WooCommerce database and uploads
+- `wp-webhooks` — WooCommerce webhook management (order/product/customer event notifications)