Skip to content

GH#1254: feat: disable tenant-side checkout in sovereign mode#1261

Merged
superdav42 merged 1 commit into
mainfrom
feature/auto-20260522-063745-gh1254
May 22, 2026
Merged

GH#1254: feat: disable tenant-side checkout in sovereign mode#1261
superdav42 merged 1 commit into
mainfrom
feature/auto-20260522-063745-gh1254

Conversation

@superdav42
Copy link
Copy Markdown
Collaborator

@superdav42 superdav42 commented May 22, 2026

Summary

Implemented ADR-001 Phase 3.5 PR-4: Checkout always runs on the main site. Sovereign tenants are the result of a checkout, not its host. Disabled tenant-side checkout AJAX, form rendering, cart, and signup-field validators in sovereign tenants. Users who land on a checkout URL inside a sovereign tenant are redirected to the main site's /register/ page.

Files Changed

inc/checkout/class-cart.php,inc/checkout/class-checkout-pages.php,inc/checkout/class-checkout.php,inc/ui/class-checkout-element.php,tests/WP_Ultimo/Checkout/Checkout_Test.php

Runtime Testing

  • Risk level: Low (agent prompts / infrastructure scripts)
  • Verification: Unit tests verify AJAX handlers return 400 errors with sovereign_checkout_disabled code in sovereign context. Cart class prevents DB instantiation. Checkout element renders upgrade link instead of form.

Resolves #1254

aidevops.sh v3.17.27 plugin for OpenCode v1.15.7 with claude-haiku-4-5 spent 5m and 1,374 tokens on this as a headless worker.

@superdav42
feat: disable tenant-side checkout in sovereign mode
58209f8 
- Guard 4 AJAX handlers (wu_create_order, wu_validate_form, wu_check_user_exists, wu_inline_login) to return JSON error in sovereign context
- Add get_main_site_checkout_url() helper method to Checkout and Checkout_Pages classes
- Guard Cart class instantiation to prevent DB access in sovereign context
- Replace checkout URLs with main site URL in sovereign tenant context via page_link and post_type_link filters
- Replace checkout element output with 'Upgrade on main site' link in sovereign context
- Add comprehensive unit tests for all sovereign tenant guards

Fixes #1254
@superdav42 superdav42 added the origin:worker Auto-created by pulse labelless backfill (t2112) label May 22, 2026
@superdav42
Copy link
Copy Markdown
Collaborator Author

superdav42 commented May 22, 2026

Completion Summary

  • What: Implemented ADR-001 Phase 3.5 PR-4: Checkout always runs on the main site. Sovereign tenants are the result of a checkout, not its host. Disabled tenant-side checkout AJAX, form rendering, cart, and signup-field validators in sovereign tenants. Users who land on a checkout URL inside a sovereign tenant are redirected to the main site's /register/ page.
  • Issue: ADR-001 Phase 3.5 PR-4 — Disable tenant-side Checkout; redirect to main-site checkout #1254
  • Files changed: inc/checkout/class-cart.php,inc/checkout/class-checkout-pages.php,inc/checkout/class-checkout.php,inc/ui/class-checkout-element.php,tests/WP_Ultimo/Checkout/Checkout_Test.php
  • Testing: Unit tests verify AJAX handlers return 400 errors with sovereign_checkout_disabled code in sovereign context. Cart class prevents DB instantiation. Checkout element renders upgrade link instead of form.
  • Key decisions: none

aidevops.sh v3.17.27 plugin for OpenCode v1.15.7 with claude-haiku-4-5 spent 5m and 1,374 tokens on this as a headless worker.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 22, 2026

Warning

Rate limit exceeded

@superdav42 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 26 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e995ad59-e46f-47e8-8d25-2bee0dbf5ae9

📥 Commits

Reviewing files that changed from the base of the PR and between ef74b6a and 58209f8.

📒 Files selected for processing (5)
  • inc/checkout/class-cart.php
  • inc/checkout/class-checkout-pages.php
  • inc/checkout/class-checkout.php
  • inc/ui/class-checkout-element.php
  • tests/WP_Ultimo/Checkout/Checkout_Test.php
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/auto-20260522-063745-gh1254

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@superdav42 superdav42 merged commit 4ddd67e into main May 22, 2026
11 checks passed
@superdav42
Copy link
Copy Markdown
Collaborator Author

superdav42 commented May 22, 2026

Completion Summary

  • What: Implemented ADR-001 Phase 3.5 PR-4: Checkout always runs on the main site. Sovereign tenants are the result of a checkout, not its host. Disabled tenant-side checkout AJAX, form rendering, cart, and signup-field validators in sovereign tenants. Users who land on a checkout URL inside a sovereign tenant are redirected to the main site's /register/ page.
  • Issue: ADR-001 Phase 3.5 PR-4 — Disable tenant-side Checkout; redirect to main-site checkout #1254
  • Files changed: inc/checkout/class-cart.php,inc/checkout/class-checkout-pages.php,inc/checkout/class-checkout.php,inc/ui/class-checkout-element.php,tests/WP_Ultimo/Checkout/Checkout_Test.php
  • Testing: Unit tests verify AJAX handlers return 400 errors with sovereign_checkout_disabled code in sovereign context. Cart class prevents DB instantiation. Checkout element renders upgrade link instead of form.
  • Key decisions: none

aidevops.sh v3.17.27 plugin for OpenCode v1.15.7 with claude-haiku-4-5 spent 5m and 1,374 tokens on this as a headless worker.

Merged via PR #1261 to main.
Merged by deterministic merge pass (pulse-wrapper.sh).

@superdav42 superdav42 mentioned this pull request May 22, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

Performance Test Results

Performance test results for 68f824f are in 🛎️!

Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown.

URL: /

Run DB Queries Memory Before Template Template WP Total LCP TTFB LCP - TTFB
0 41 37.78 MB 877.00 ms 145.00 ms 1072.00 ms 2042.00 ms 1968.45 ms 77.10 ms (+5.60 ms / +7% )
1 56 49.13 MB 934.50 ms (-19.00 ms / -2% ) 139.00 ms 1075.50 ms 2064.00 ms 1993.90 ms 70.65 ms

@superdav42 superdav42 mentioned this pull request May 22, 2026
Merged
superdav42 added a commit that referenced this pull request May 22, 2026
@superdav42
feat: add sovereign-mode disable for remaining customer-facing UI ele…
2a6c033 
…ments (#1266)

Extends the sovereign-mode disable pattern (established in #1257, #1258, #1261)
to the remaining 8 customer-facing UI elements. When WU_MT_SOVEREIGN_TENANT is
defined, each element renders a single 'Manage on main site' link instead of
its normal output.

Changes:
- Add sovereign helper function wu_mt_main_site_account_url() in inc/functions/sovereign.php
- Add sovereign-redirect template in views/elements/sovereign-redirect.php
- Add sovereign-mode short-circuit to output() method in 8 UI elements:
  * Account_Summary_Element
  * Billing_Info_Element
  * Invoices_Element
  * My_Sites_Element
  * Current_Membership_Element
  * Current_Site_Element
  * Template_Switching_Element
  * Domain_Mapping_Element
- Add comprehensive unit tests for sovereign-mode functionality

Resolves #1263
Resolves Ultimate-Multisite/ultimate-multisite-multi-tenancy#86
Resolves Ultimate-Multisite/ultimate-multisite-multi-tenancy#87
@superdav42 superdav42 added the review-feedback-scanned Merged PR already scanned for quality feedback label May 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

origin:worker Auto-created by pulse labelless backfill (t2112) review-feedback-scanned Merged PR already scanned for quality feedback

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ADR-001 Phase 3.5 PR-4 — Disable tenant-side Checkout; redirect to main-site checkout

1 participant

@superdav42