Add AI Provider check to recommend the WordPress AI Client (#1341)#1343
Open
developeritsme wants to merge 1 commit into
Open
Add AI Provider check to recommend the WordPress AI Client (#1341)#1343developeritsme wants to merge 1 commit into
developeritsme wants to merge 1 commit into
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Unlinked AccountsThe following contributors have not linked their GitHub and WordPress.org accounts: @MarkPra. Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases. If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
125d80f to
4d7534d
Compare
MarkPra
reviewed
Jun 4, 2026
24e28ad to
5e5a130
Compare
Adds a new static check (ai_provider) that warns when a plugin integrates directly with a third-party AI provider API (OpenAI, Anthropic, Google Gemini, Grok, Mistral, Cohere, Groq, Perplexity, DeepSeek, OpenRouter) instead of using the WordPress AI Client and Connectors infrastructure introduced in WordPress 7.0. Detection is implemented as a tokenized PHPCS sniff (PluginCheck.CodeAnalysis.AIProvider) that only inspects string literals and requires an explicit http(s) scheme before a known provider host, so mentions in comments, docblocks or unrelated URLs are not flagged. The check reports a warning (not an error), matching the recommendation-only intent. Includes the sniff, the AI_Provider_Check class registered under the general category, sniff unit tests with positive and negative cases, a check-level PHPUnit test with test data, and a docs/checks.md entry. Closes WordPress#1341
5e5a130 to
d89ddcc
Compare
davidperezgar
approved these changes
Jun 30, 2026
Member
|
Thanks @developeritsme ! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What?
Closes #1341
Adds a new static check (
ai_provider) that warns when a plugin integrates directly with a third-party AI provider API instead of using the WordPress AI Client and Connectors infrastructure introduced in WordPress 7.0.Why?
WordPress 7.0 provides a standard abstraction (
wp_ai_client_prompt()) so site owners can configure an AI provider once and plugins can send prompts through whichever compatible provider is configured, without duplicating provider setup screens, API key fields, or credential storage. Direct provider integrations are not invalid, but the check helps authors discover and adopt the recommended path. As requested in the issue, this is a recommendation (warning), not a hard failure.How?
PluginCheck.CodeAnalysis.AIProviderthat inspects only string-literal tokens and requires an explicithttp(s)scheme before a known provider host. This means mentions inside comments/docblocks, bare hostnames without a scheme, and unrelated URLs are intentionally not flagged, keeping false positives low.api.openai.com,api.anthropic.com,generativelanguage.googleapis.com,api.x.ai,api.mistral.ai,api.cohere.ai,api.cohere.com,api.groq.com,api.perplexity.ai,api.deepseek.com,openrouter.ai.AI_Provider_Check(Abstract_PHP_CodeSniffer_Check) registered under thegeneralcategory inDefault_Check_Repository, mirroringOffloading_Files_Check.warning(DirectIntegration), not an error.docs/checks.md.A note on category: per the AGENTS.md definitions (
CATEGORY_PLUGIN_REPO= directory requirements,CATEGORY_GENERAL= best practices), this recommendation is placed undergeneral. Happy to move it if maintainers preferplugin_repo.Testing Instructions
cd phpcs-sniffs && composer installcomposer run-tests(or filter:vendor/bin/phpunit --filter AIProvider ./vendor/squizlabs/php_codesniffer/tests/AllTests.php --no-coverage).vendor/bin/phpcs --standard=PluginCheck --sniffs=PluginCheck.CodeAnalysis.AIProvider tests/phpunit/testdata/plugins/test-plugin-ai-provider-check-with-errors/load.phpExpected: warnings on the two real integration lines only; the bare host and unrelated URL are not flagged.
wp_remote_post( 'https://api.openai.com/v1/chat/completions', ... ):wp plugin check <slug> --checks=ai_providerAI Usage Disclosure
If AI tools were used, please describe how they were used:
Implemented with the assistance of Claude Code (Anthropic). The author reviewed and verified all changes, including running the sniff unit tests and PHPCS linting locally.