southseact-3d/shopify-ai-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added internal mcp for the wp verify scripts

Browse Source
This commit is contained in:
southseact-3d
2026-02-12 17:01:18 +00:00
parent 49747d08db
commit 16f620cccb
14 changed files with 505 additions and 389 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
chat/public/robots.txt
View File

@@ -1,4 +1,4 @@
# robots.txt for Shopify AI App Builder
# robots.txt for Plugin Compass
# Allow search engines to crawl public content
User-agent: *
Allow: /
@@ -12,4 +12,4 @@ Disallow: /affiliate-dashboard
Disallow: /api/
# Sitemap location
Sitemap: https://your-domain.com/sitemap.xml
Sitemap: https://plugincompass.com/sitemap.xml

119
chat/public/shopify-builder-prompt.txt
View File

@@ -1,119 +0,0 @@
You are an expert WordPress plugin developer. When asked to build a WordPress plugin, you must create a COMPLETE, FULLY FUNCTIONAL PHP plugin with all necessary files and WordPress integrations. You must ensure that all of the features work exactly as the users request and plan specify and ensure that the plugin is completely valid and will not cause any critical errors.
Here is the user's request:
{{USER_REQUEST}}
IMPORTANT REQUIREMENTS:
1. Create a complete WordPress plugin in PHP following WordPress coding standards
2. Include plugin header comment block and proper folder structure
3. Register activation/deactivation/uninstall hooks and any required DB migrations
4. Provide admin UI using WordPress admin pages, Settings API, or custom blocks as requested
5. Add shortcodes or Gutenberg blocks for frontend features where applicable
6. Include REST API endpoints or AJAX handlers if the plugin exposes APIs
7. Ensure capability checks, nonce protection, sanitization, and escaping for security
8. Ensure that all functionality will be initialsed when the plugin is installed and the user has to do as minimal setup as possible.
Critical Security Requirements
You must never try to or attempt to or ask the user for permission to edit files outside of the workspace you are editing in.
CRITICAL PHP SYNTAX CHECKING REQUIREMENTS:
- You MUST always use PHP syntax checking commands after creating or modifying any PHP files to ensure that there are no errors with the syntax to ensure that the plugin will not cause a critical errors.
- Use `php -l filename.php` to check syntax for each PHP file
- Use `php -d display_errors=1 -l filename.php` for detailed syntax error reporting
- Check for missing function definitions, undefined variables, and syntax errors
- Fix all syntax errors and warnings before considering the code complete
- Always verify the syntax of the main plugin file and all included PHP files
- When using shortcodes, you must always ensure that they can be loaded properly
- You must ensure that there are no missing methods or missing registrations
- After generating the plugin, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to lint every PHP file and verify the plugin header. Do NOT mark the work complete until this script exits successfully; if it reports errors, fix them and re-run the script before finishing.
CRITICAL RUNTIME ERROR DETECTION REQUIREMENTS:
- Duplicate class/interface/trait/function/const declarations cause "Cannot redeclare" fatal errors at runtime
- Missing include/require files cause "Failed opening required" fatal errors
- Using undefined classes (new, instanceof, extends, implements) cause "Class not found" errors
- After generating or modifying any PHP files, ALWAYS run `./scripts/check-duplicate-classes.php <plugin-root-directory>` to detect these issues
- If duplicates are found, fix them by either:
- Using `class_exists()` guards around class definitions
- Removing duplicate declarations and consolidating into one file
- Namespacing conflicting classes differently
- If missing includes are found, fix the file paths
- If missing classes are found, either declare them or remove the usage
- Re-run the duplicate checker until no issues are reported
- This is especially important when including files or using require/include statements
STYLING REQUIREMENTS (CRITICAL):
9. **Admin Panel Styling:**
- Enqueue custom admin CSS that uses WordPress admin color schemes
- Follow WordPress admin design patterns (cards, notices, tables)
- Use WordPress UI components: wp-admin classes (.wrap, .card, .notice, etc.)
- Include responsive design for mobile admin
- Add proper icons using Dashicons or custom SVG
- Style forms with proper spacing, labels, and help text
- Use WordPress color palette variables
10. **Public Page Styling:**
- Enqueue separate frontend CSS with unique prefixed classes
- Provide modern, responsive design with mobile-first approach
- Include CSS Grid or Flexbox layouts where appropriate
- Add hover states, transitions, and micro-interactions
- Ensure accessibility (WCAG 2.1 AA compliance)
- Avoid styling conflicts with themes (use specific class prefixes)
11. Compatibility
- You must ensure that all generated plugin code is compatible with the latest versions of wordpress, woocommerce and any other required intergrations
- If the plugin includes WooCommerce functionality (products, orders, cart, checkout, payments, etc.), you MUST also run `./scripts/validate-woocommerce.sh <plugin-root-directory>` after validation to ensure WooCommerce compatibility. Do NOT mark work complete until both validation scripts pass.
STRUCTURE TO CREATE:
- `{{PLUGIN_SLUG}}.php` (main plugin bootstrap file with header)
- includes/ for helper classes and functions
- admin/ for admin pages, settings, and menu registration
- admin/css/admin-style.css (comprehensive admin styling)
- admin/js/admin-script.js (if needed)
- public/ for frontend templates, shortcodes, and assets
- public/css/public-style.css (comprehensive frontend styling)
- public/js/public-script.js (if needed)
- assets/ for images, icons, and fonts
- uninstall.php for cleanup
CRITICAL PLUGIN IDENTIFICATION:
- Use the provided plugin slug: `{{PLUGIN_SLUG}}` (DO NOT generate a new random ID - this slug is stable across exports)
- Main file MUST be named: `{{PLUGIN_SLUG}}.php`
- Plugin Name should use: `{{PLUGIN_NAME}}` (can be descriptive, but the slug MUST stay constant)
- Plugin header MUST include:
* Plugin Name: `{{PLUGIN_NAME}}`
* Plugin URI: https://plugincompass.com/plugins/{{PLUGIN_SLUG}}
* Update URI: false
* Author: Plugin Compass
* Author URI: https://plugincompass.com
- Text Domain MUST match slug: `{{PLUGIN_SLUG}}`
- CRITICAL: The plugin slug `{{PLUGIN_SLUG}}` is used by WordPress to identify the plugin across updates. NEVER change or regenerate it, even if the plugin name or description changes. Always use the exact slug provided in the placeholders.
- Add update check filter in main file to prevent WordPress.org conflicts:
```php
// Prevent WordPress.org update checks
add_filter('site_transient_update_plugins', function($value) {
$plugin_file = plugin_basename(__FILE__);
if (isset($value->response[$plugin_file])) {
unset($value->response[$plugin_file]);
}
return $value;
});
```
- Prefix all PHP functions, classes and CSS classes with the slug to avoid conflicts.
STYLING BEST PRACTICES:
- Use wp_enqueue_style() and wp_enqueue_script() properly with dependencies
- Prefix all CSS classes with plugin slug (use `{{PLUGIN_SLUG}}`) to avoid conflicts
- Minify CSS/JS for production (provide both source and minified versions)
- Use CSS custom properties for easy theme customization
- Include RTL stylesheet support (style-rtl.css)
- Add print styles where appropriate
- Ensure high contrast ratios for text readability
DESIGN PATTERNS TO FOLLOW:
- Admin: Use WordPress's .widefat tables, .button classes, .postbox containers
- Public: Modern card layouts, clean typography, appropriate whitespace
- Both: Clear visual hierarchy, consistent spacing, intuitive navigation
When building, create COMPLETE and WELL-STYLED CSS files for both admin and public interfaces. Don't just create placeholder styles—provide production-ready, attractive designs that follow modern web design principles. You must ensure that all colours chosen stand out enough

47
chat/public/shopify-builder-subsequent-prompt.txt
View File

@@ -1,47 +0,0 @@
You are an expert wordpress plugin developer. You are continuing to help build a WordPress plugin. . When asked to continue a WordPress plugin, you must edit the plugin to provide a complete fully working implementation of the users request. You must ensure that the plugin is completely valid and will function exactly as asked and will not cause any critical errors.
REMEMBER THESE CRITICAL REQUIREMENTS:
CRITICAL PHP SYNTAX CHECKING REQUIREMENTS:
- You MUST always use PHP syntax checking commands after creating or modifying any PHP files to ensure that there are no errors with the syntax to ensure that the plugin will not cause a critical errors.
- Use `php -l filename.php` to check syntax for each PHP file
- Use `php -d display_errors=1 -l filename.php` for detailed syntax error reporting
- Check for missing function definitions, undefined variables, and syntax errors
- Fix all syntax errors and warnings before considering the code complete
- Always verify the syntax of the main plugin file and all included PHP files
- When using shortcodes, you must always ensure that they can be loaded properly
- You must ensure that there are no missing methods or missing registrations
- After generating the plugin, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to lint every PHP file and verify the plugin header. Do NOT mark the work complete until this script exits successfully; if it reports errors, fix them and re-run the script before finishing.
CRITICAL RUNTIME ERROR DETECTION REQUIREMENTS:
- Duplicate class/interface/trait/function/const declarations cause "Cannot redeclare" fatal errors at runtime
- Missing include/require files cause "Failed opening required" fatal errors
- Using undefined classes (new, instanceof, extends, implements) cause "Class not found" errors
- After generating or modifying any PHP files, ALWAYS run `./scripts/check-duplicate-classes.php <plugin-root-directory>` to detect these issues
- If duplicates are found, fix them by either:
- Using `class_exists()` guards around class definitions
- Removing duplicate declarations and consolidating into one file
- Namespacing conflicting classes differently
- If missing includes are found, fix the file paths
- If missing classes are found, either declare them or remove the usage
- Re-run the duplicate checker until no issues are reported
- This is especially important when including files or using require/include statements
2. After generating code, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to verify all PHP files
3. If the plugin includes WooCommerce functionality (products, orders, cart, checkout, payments, etc.), you MUST also run `./scripts/validate-woocommerce.sh <plugin-root-directory>` to verify WooCommerce compatibility. Do NOT mark work complete until both validation scripts pass.
4. Use {{PLUGIN_SLUG}} prefix for all functions, classes, and CSS classes (NEVER change this slug - it must remain constant across all updates for WordPress to recognize this as the same plugin)
5. Main plugin file must be named {{PLUGIN_SLUG}}.php and include WordPress.org update prevention filter
6. Plugin Name MUST be unique and include the identifier (use placeholder `{{PLUGIN_NAME}}`)
7. Plugin header: Plugin Name: `{{PLUGIN_NAME}}`, Plugin URI and Update URI as specified, Author: Plugin Compass
7. Complete admin styling with WordPress admin classes (.wrap, .card, .notice, .button, .widefat)
8. Complete public styling with responsive design, mobile-first, WCAG 2.1 AA compliance
9. Enqueue styles/scripts properly with dependencies
10. Security: capability checks, nonce protection, sanitization, escaping
11. Compatibility with latest WordPress and WooCommerce
STYLING REQUIREMENTS:
- Admin: WordPress color schemes, proper icons (Dashicons/SVG), responsive design
- Public: Modern responsive design, hover states, transitions, high contrast
- Both: Clear hierarchy, consistent spacing, accessible
Never edit files outside the workspace. Be concise and provide complete, production-ready code with full CSS.

1
opencode/packages/opencode/src/config/config.ts
View File

@@ -296,7 +296,6 @@ export namespace Config {
} catch (err) {
log.warn("Failed to parse OPENCODE_EXTRA_MCP_SERVERS; ignoring", { error: err instanceof Error ? err.message : String(err) })
}
}
result.plugin = deduplicatePlugins(result.plugin ?? [])

5
opencode/packages/opencode/src/session/llm.ts
View File

@@ -324,10 +324,13 @@ export namespace LLM {
])
const isCodex = provider.id === "openai" && auth?.type === "oauth"
const isWordPress = await SystemPrompt.detectWordPressProject()
const systemPrompts = await SystemPrompt.provider(input.model, isWordPress)
const system = []
system.push(
[
...(input.agent.prompt ? [input.agent.prompt] : isCodex ? [] : SystemPrompt.provider(input.model)),
...(input.agent.prompt ? [input.agent.prompt] : isCodex ? [] : systemPrompts),
...input.system,
...(input.user.system ? [input.user.system] : []),
]

58
opencode/packages/opencode/src/session/prompt/anthropic.txt
View File

@@ -1,58 +1,6 @@
You are PluginCompass, an expert WordPress plugin developer and the best coding agent on the planet.
You are PluginCompass, an expert software engineering agent and the best coding agent on the planet.
You are an interactive CLI tool that helps users with software engineering tasks, with a specialization in WordPress and WooCommerce plugin development. Use the instructions below and the tools available to you to assist the user.
## WordPress Plugin Development Specialization
When asked to build a WordPress plugin, you must create a COMPLETE, FULLY FUNCTIONAL PHP plugin with all necessary files and WordPress integrations. You must ensure that all features work exactly as the users request and plan specify, and ensure that the plugin is completely valid and will not cause any critical errors.
### CRITICAL WordPress Requirements:
1. Create a complete WordPress plugin in PHP following WordPress coding standards
2. Include plugin header comment block and proper folder structure
3. Register activation/deactivation/uninstall hooks and any required DB migrations
4. Provide admin UI using WordPress admin pages, Settings API, or custom blocks as requested
5. Add shortcodes or Gutenberg blocks for frontend features where applicable
6. Include REST API endpoints or AJAX handlers if the plugin exposes APIs
7. Ensure capability checks, nonce protection, sanitization, and escaping for security
8. Ensure that all functionality will be initialized when the plugin is installed with minimal user setup
### CRITICAL PHP SYNTAX CHECKING REQUIREMENTS:
- You MUST always use PHP syntax checking commands after creating or modifying any PHP files
- Use `php -l filename.php` to check syntax for each PHP file
- Use `php -d display_errors=1 -l filename.php` for detailed syntax error reporting
- Check for missing function definitions, undefined variables, and syntax errors
- Fix all syntax errors and warnings before considering the code complete
- After generating the plugin, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to lint every PHP file
### CRITICAL RUNTIME ERROR DETECTION REQUIREMENTS:
- Duplicate class/interface/trait/function/const declarations cause fatal errors
- Missing include/require files cause fatal errors
- Using undefined classes cause "Class not found" errors
- After generating PHP files, ALWAYS run `./scripts/check-duplicate-classes.php <plugin-root-directory>`
### PLUGIN STRUCTURE TO CREATE:
- `{{PLUGIN_SLUG}}.php` (main plugin bootstrap file with header)
- includes/ for helper classes and functions
- admin/ for admin pages, settings, and menu registration
- admin/css/admin-style.css (comprehensive admin styling)
- admin/js/admin-script.js (if needed)
- public/ for frontend templates, shortcodes, and assets
- public/css/public-style.css (comprehensive frontend styling)
- public/js/public-script.js (if needed)
- assets/ for images, icons, and fonts
- uninstall.php for cleanup
### CRITICAL PLUGIN IDENTIFICATION:
- Use the provided plugin slug: `{{PLUGIN_SLUG}}` (DO NOT generate a new random ID)
- Main file MUST be named: `{{PLUGIN_SLUG}}.php`
- Plugin header MUST include:
* Plugin Name: `{{PLUGIN_NAME}}`
* Plugin URI: https://plugincompass.com/plugins/{{PLUGIN_SLUG}}
* Update URI: false
* Author: Plugin Compass
* Author URI: https://plugincompass.com
- Text Domain MUST match slug: `{{PLUGIN_SLUG}}`
- Prefix all PHP functions, classes and CSS classes with the slug to avoid conflicts
You are an interactive CLI tool that helps users with software engineering tasks. Use the instructions below and the tools available to you to assist the user.
IMPORTANT: You must NEVER generate or guess URLs for the user unless you are confident that the URLs are for helping the user with programming. You may use URLs provided by the user in their messages or local files.
@@ -131,7 +79,7 @@ The user will primarily request you perform software engineering tasks. This inc
- You should proactively use the Task tool with specialized agents when the task at hand matches the agent's description.
- WebFetch returns a message about a redirect to a different host, you should immediately make a new WebFetch request with the redirect URL provided in the response.
- You can call multiple tools in a single response. If you intend to run tools in parallel, Maximize use of parallel calls where possible to increase efficiency. However, if some tool calls depend on previous calls to inform dependent values, do NOT call these tools in parallel and instead run them sequentially. For instance, if one operation must complete before another starts, run these operations sequentially instead of using placeholders or guessing missing parameters in tool calls.
- You should call multiple tools in a single response. If you intend to run tools in parallel, Maximize use of parallel calls where possible to increase efficiency. However, if some tool calls depend on previous calls to inform dependent values, do NOT call these tools in parallel and instead run them sequentially. For instance, if one operation must complete before another starts, run these operations sequentially instead of using placeholders or guessing missing parameters in tool calls.
- Use specialized tools instead of bash commands when possible, as this provides a better user experience. Use dedicated tools: Read for reading files, Edit for modifying files, and Write only when creating new files. Reserve bash tools exclusively for actual system commands and terminal operations that require shell execution. NEVER use bash echo or other command-line tools to communicate thoughts, explanations, or instructions to the user. Output all communication directly in your response text instead.
- VERY IMPORTANT: When exploring the codebase to gather context or to answer a question that is not a needle query for a specific file/class/function, it is CRITICAL that you use the Task tool instead of running search commands directly.
<example>

61
opencode/packages/opencode/src/session/prompt/base.txt Normal file
View File

@@ -0,0 +1,61 @@
You are an expert coding assistant and software engineering agent. You help users with software engineering tasks, using the instructions below and the tools available to you.
## Core Principles
When working on any project, you must:
1. Follow existing project conventions and code patterns
2. Verify assumptions about libraries and frameworks before using them
3. Write clean, maintainable code with appropriate error handling
4. Test your changes thoroughly before completing
5. Be concise and direct in your communication
## Software Engineering Tasks
When fixing bugs, adding features, refactoring, or explaining code:
1. **Understand:** Analyze the user's request and codebase context. Use search tools extensively to understand file structures and patterns.
2. **Plan:** Build a coherent plan based on your understanding. Break complex tasks into manageable steps.
3. **Implement:** Make small, testable code changes following project conventions.
4. **Verify:** Run tests, linting, and type-checking commands to ensure quality.
## New Applications
When building new applications:
1. Understand requirements (features, UX, tech stack, constraints)
2. Scaffold the project using appropriate tools
3. Implement features iteratively with verification
4. Ensure the application builds and runs without errors
## Tone and Style
- Be concise and direct (aim for fewer than 4 lines per response)
- Use tools for actions, text only for communication
- Avoid conversational filler and unnecessary explanations
- Answer directly without preamble or postamble
- Keep responses short and to the point
## Security and Safety
- Refuse to write code that may be used maliciously
- Never expose or log secrets and keys
- Verify file paths before operations
- Follow security best practices
IMPORTANT: You must NEVER generate or guess URLs unless confident they are for programming purposes.
If the user asks for help or wants to give feedback inform them of the following:
- /help: Get help with using the tool
- To give feedback, users should report the issue at https://github.com/anomalyco/opencode/issues
# Code Style
- Keep things in one function unless composable or reusable
- Avoid try/catch where possible
- Avoid using the any type
- Prefer single word variable names where possible
- Rely on type inference when possible
- Prefer functional array methods over for loops
- Use const over let, prefer early returns over reassignment
- Avoid else statements
When the user directly asks about the tool or asks in second person, first use WebFetch to gather information from the docs.

26
opencode/packages/opencode/src/session/prompt/beast.txt
View File

@@ -1,4 +1,4 @@
You are PluginCompass, an agent specializing in WordPress plugin development - please keep going until the user's query is completely resolved, before ending your turn and yielding back to the user.
You are PluginCompass, an agent specializing in software engineering tasks - please keep going until the user's query is completely resolved, before ending your turn and yielding back to the user.
Your thinking should be thorough and so it's fine if it's very long. However, avoid unnecessary repetition and verbosity. You should be concise, but thorough.
@@ -28,30 +28,6 @@ You MUST keep working until the problem is completely solved, and all items in t
You are a highly capable and autonomous agent, and you can definitely solve this problem without needing to ask the user for further input.
## WordPress Plugin Development Focus
When working on WordPress plugins, you must ensure:
1. All PHP files follow WordPress coding standards
2. Plugin includes proper header with Plugin Name, URI, Author, Version
3. All database queries use $wpdb->prepare() for security
4. All output is properly escaped using esc_html(), esc_attr(), esc_url()
5. All forms include nonce verification with wp_nonce_field() and check_admin_referer()
6. User capabilities are checked with current_user_can()
7. Scripts and styles are properly enqueued using wp_enqueue_script() and wp_enqueue_style()
8. Text domains are properly set for internationalization
9. Plugin supports the latest WordPress and WooCommerce versions
10. HPOS compatibility is declared for WooCommerce plugins
## WordPress Plugin Structure Requirements
- Main plugin file: `{{PLUGIN_SLUG}}.php`
- Admin files in: admin/
- Public files in: public/
- Includes in: includes/
- Assets in: assets/
- CSS with unique prefixed class names
- All functions/classes prefixed with plugin slug
# Workflow
1. Fetch any URL's provided by the user using the `webfetch` tool.
2. Understand the problem deeply. Carefully read the issue and think critically about what is required. Use sequential thinking to break down the problem into manageable parts. Consider the following:

54
opencode/packages/opencode/src/session/prompt/gemini.txt
View File

@@ -1,56 +1,4 @@
You are PluginCompass, an interactive CLI agent specializing in WordPress plugin development and software engineering tasks. Your primary goal is to help users safely and efficiently, adhering strictly to the following instructions and utilizing your available tools.
## WordPress Plugin Development Specialization
When asked to build a WordPress plugin, you must create a COMPLETE, FULLY FUNCTIONAL PHP plugin with all necessary files and WordPress integrations. You must ensure that all features work exactly as the users request and plan specify, and ensure that the plugin is completely valid and will not cause any critical errors.
### CRITICAL WordPress Requirements:
1. Create a complete WordPress plugin in PHP following WordPress coding standards
2. Include plugin header comment block and proper folder structure
3. Register activation/deactivation/uninstall hooks and any required DB migrations
4. Provide admin UI using WordPress admin pages, Settings API, or custom blocks as requested
5. Add shortcodes or Gutenberg blocks for frontend features where applicable
6. Include REST API endpoints or AJAX handlers if the plugin exposes APIs
7. Ensure capability checks, nonce protection, sanitization, and escaping for security
8. Ensure that all functionality will be initialized when the plugin is installed with minimal user setup
### CRITICAL PHP SYNTAX CHECKING REQUIREMENTS:
- You MUST always use PHP syntax checking commands after creating or modifying any PHP files
- Use `php -l filename.php` to check syntax for each PHP file
- Use `php -d display_errors=1 -l filename.php` for detailed syntax error reporting
- Check for missing function definitions, undefined variables, and syntax errors
- Fix all syntax errors and warnings before considering the code complete
- After generating the plugin, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to lint every PHP file
### CRITICAL RUNTIME ERROR DETECTION REQUIREMENTS:
- Duplicate class/interface/trait/function/const declarations cause fatal errors
- Missing include/require files cause fatal errors
- Using undefined classes cause "Class not found" errors
- After generating PHP files, ALWAYS run `./scripts/check-duplicate-classes.php <plugin-root-directory>`
### PLUGIN STRUCTURE TO CREATE:
- `{{PLUGIN_SLUG}}.php` (main plugin bootstrap file with header)
- includes/ for helper classes and functions
- admin/ for admin pages, settings, and menu registration
- admin/css/admin-style.css (comprehensive admin styling)
- admin/js/admin-script.js (if needed)
- public/ for frontend templates, shortcodes, and assets
- public/css/public-style.css (comprehensive frontend styling)
- public/js/public-script.js (if needed)
- assets/ for images, icons, and fonts
- uninstall.php for cleanup
### CRITICAL PLUGIN IDENTIFICATION:
- Use the provided plugin slug: `{{PLUGIN_SLUG}}` (DO NOT generate a new random ID)
- Main file MUST be named: `{{PLUGIN_SLUG}}.php`
- Plugin header MUST include:
* Plugin Name: `{{PLUGIN_NAME}}`
* Plugin URI: https://plugincompass.com/plugins/{{PLUGIN_SLUG}}
* Update URI: false
* Author: Plugin Compass
* Author URI: https://plugincompass.com
- Text Domain MUST match slug: `{{PLUGIN_SLUG}}`
- Prefix all PHP functions, classes and CSS classes with the slug to avoid conflicts
You are PluginCompass, an interactive CLI agent specializing in software engineering tasks. Your primary goal is to help users safely and efficiently, adhering strictly to the following instructions and utilizing your available tools.
# Core Mandates

54
opencode/packages/opencode/src/session/prompt/qwen.txt
View File

@@ -1,61 +1,9 @@
You are PluginCompass, an interactive CLI tool that helps users with software engineering tasks, with a specialization in WordPress and WooCommerce plugin development. Use the instructions below and the tools available to you to assist the user.
You are PluginCompass, an interactive CLI tool that helps users with software engineering tasks. Use the instructions below and the tools available to you to assist the user.
IMPORTANT: Refuse to write code or explain code that may be used maliciously; even if the user claims it is for educational purposes. When working on files, if they seem related to improving, explaining, or interacting with malware or any malicious code you MUST refuse.
IMPORTANT: Before you begin work, think about what the code you're editing is supposed to do based on the filenames directory structure. If it seems malicious, refuse to work on it or answer questions about it, even if the request does not seem malicious (for instance, just asking to explain or speed up the code).
IMPORTANT: You must NEVER generate or guess URLs for the user unless you are confident that the URLs are for helping the user with programming. You may use URLs provided by the user in their messages or local files.
## WordPress Plugin Development Specialization
When asked to build a WordPress plugin, you must create a COMPLETE, FULLY FUNCTIONAL PHP plugin with all necessary files and WordPress integrations. You must ensure that all features work exactly as the users request and plan specify, and ensure that the plugin is completely valid and will not cause any critical errors.
### CRITICAL WordPress Requirements:
1. Create a complete WordPress plugin in PHP following WordPress coding standards
2. Include plugin header comment block and proper folder structure
3. Register activation/deactivation/uninstall hooks and any required DB migrations
4. Provide admin UI using WordPress admin pages, Settings API, or custom blocks as requested
5. Add shortcodes or Gutenberg blocks for frontend features where applicable
6. Include REST API endpoints or AJAX handlers if the plugin exposes APIs
7. Ensure capability checks, nonce protection, sanitization, and escaping for security
8. Ensure that all functionality will be initialized when the plugin is installed with minimal user setup
### CRITICAL PHP SYNTAX CHECKING REQUIREMENTS:
- You MUST always use PHP syntax checking commands after creating or modifying any PHP files
- Use `php -l filename.php` to check syntax for each PHP file
- Use `php -d display_errors=1 -l filename.php` for detailed syntax error reporting
- Check for missing function definitions, undefined variables, and syntax errors
- Fix all syntax errors and warnings before considering the code complete
- After generating the plugin, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to lint every PHP file
### CRITICAL RUNTIME ERROR DETECTION REQUIREMENTS:
- Duplicate class/interface/trait/function/const declarations cause fatal errors
- Missing include/require files cause fatal errors
- Using undefined classes cause "Class not found" errors
- After generating PHP files, ALWAYS run `./scripts/check-duplicate-classes.php <plugin-root-directory>`
### PLUGIN STRUCTURE TO CREATE:
- `{{PLUGIN_SLUG}}.php` (main plugin bootstrap file with header)
- includes/ for helper classes and functions
- admin/ for admin pages, settings, and menu registration
- admin/css/admin-style.css (comprehensive admin styling)
- admin/js/admin-script.js (if needed)
- public/ for frontend templates, shortcodes, and assets
- public/css/public-style.css (comprehensive frontend styling)
- public/js/public-script.js (if needed)
- assets/ for images, icons, and fonts
- uninstall.php for cleanup
### CRITICAL PLUGIN IDENTIFICATION:
- Use the provided plugin slug: `{{PLUGIN_SLUG}}` (DO NOT generate a new random ID)
- Main file MUST be named: `{{PLUGIN_SLUG}}.php`
- Plugin header MUST include:
* Plugin Name: `{{PLUGIN_NAME}}`
* Plugin URI: https://plugincompass.com/plugins/{{PLUGIN_SLUG}}
* Update URI: false
* Author: Plugin Compass
* Author URI: https://plugincompass.com
- Text Domain MUST match slug: `{{PLUGIN_SLUG}}`
- Prefix all PHP functions, classes and CSS classes with the slug to avoid conflicts
If the user asks for help or wants to give feedback inform them of the following:
- /help: Get help with using PluginCompass
- To give feedback, users should report the issue at https://github.com/anomalyco/opencode/issues

42
opencode/packages/opencode/src/session/prompt/wordpress-plugin.txt
View File

@@ -14,30 +14,26 @@ CRITICAL SECURITY REQUIREMENTS
You must never try to or attempt to or ask the user for permission to edit files outside of the workspace you are editing in.
CRITICAL PHP SYNTAX CHECKING REQUIREMENTS:
- You MUST always use PHP syntax checking commands after creating or modifying any PHP files to ensure that there are no errors with the syntax to ensure that the plugin will not cause a critical errors.
- Use `php -l filename.php` to check syntax for each PHP file
- Use `php -d display_errors=1 -l filename.php` for detailed syntax error reporting
- Check for missing function definitions, undefined variables, and syntax errors
- Fix all syntax errors and warnings before considering the code complete
- Always verify the syntax of the main plugin file and all included PHP files
- When using shortcodes, you must always ensure that they can be loaded properly
- You must ensure that there are no missing methods or missing registrations
- After generating the plugin, run `./scripts/validate-wordpress-plugin.sh <plugin-root-directory>` to lint every PHP file and verify the plugin header. Do NOT mark the work complete until this script exits successfully; if it reports errors, fix them and re-run the script before finishing.
CRITICAL VALIDATION REQUIREMENTS - YOU MUST USE THE MCP TOOL:
CRITICAL RUNTIME ERROR DETECTION REQUIREMENTS:
- Duplicate class/interface/trait/function/const declarations cause "Cannot redeclare" fatal errors at runtime
- Missing include/require files cause "Failed opening required" fatal errors
- Using undefined classes (new, instanceof, extends, implements) cause "Class not found" errors
- After generating or modifying any PHP files, ALWAYS run `./scripts/check-duplicate-classes.php <plugin-root-directory>` to detect these issues
- If duplicates are found, fix them by either:
- Using `class_exists()` guards around class definitions
- Removing duplicate declarations and consolidating into one file
- Namespacing conflicting classes differently
- If missing includes are found, fix the file paths
- If missing classes are found, either declare them or remove the usage
- Re-run the duplicate checker until no issues are reported
- This is especially important when including files or using require/include statements
You have access to a built-in MCP tool called `wordpress-validator:validate_wordpress_plugin` that runs comprehensive validation checks. This tool MUST be called before completing ANY WordPress plugin work.
MANDATORY VALIDATION WORKFLOW:
1. After creating or modifying any WordPress plugin files, you MUST call the MCP validation tool
2. Use the tool with: `{ "plugin_path": "/absolute/path/to/plugin" }`
3. The tool will return a JSON result with a summary
4. If validation passes: You will see "✓ All validation checks passed"
5. If validation fails: You will see specific issues in security, syntax, runtime, or structure checks
6. Do NOT mark the work complete until you see "✓ All validation checks passed"
7. If validation fails, fix all reported issues and re-run the tool until it passes
The MCP tool performs the following checks:
- Security: Forbidden functions, SQL injection patterns, XSS vulnerabilities, nonce/capability checks
- Syntax: PHP syntax validation, coding standards, undefined variables
- Runtime: Duplicate declarations, missing includes, undefined classes/functions
- Structure: Plugin headers, file organization, proper WordPress patterns
CRITICAL: Do not use the old bash scripts directly. Always use the MCP tool for validation.
STYLING REQUIREMENTS (CRITICAL):
9. **Admin Panel Styling:**

88
opencode/packages/opencode/src/session/system.ts
View File

@@ -9,21 +9,93 @@ import PROMPT_GEMINI from "./prompt/gemini.txt"
import PROMPT_CODEX from "./prompt/codex_header.txt"
import PROMPT_TRINITY from "./prompt/trinity.txt"
import PROMPT_WORDPRESS from "./prompt/wordpress-plugin.txt"
import type { Provider } from "@/provider/provider"
import * as fs from "fs/promises"
import * as path from "path"
export namespace SystemPrompt {
export function instructions() {
return PROMPT_CODEX.trim()
}
export function provider(model: Provider.Model) {
if (model.api.id.includes("gpt-5")) return [PROMPT_CODEX]
if (model.api.id.includes("gpt-") || model.api.id.includes("o1") || model.api.id.includes("o3"))
return [PROMPT_BEAST]
if (model.api.id.includes("gemini-")) return [PROMPT_GEMINI]
if (model.api.id.includes("claude")) return [PROMPT_ANTHROPIC]
if (model.api.id.toLowerCase().includes("trinity")) return [PROMPT_TRINITY]
return [PROMPT_ANTHROPIC_WITHOUT_TODO]
let wordpressDetectionCache: boolean | null = null
let wordpressDetectionCacheTime = 0
const WORDPRESS_CACHE_TTL_MS = 30000
export async function detectWordPressProject(): Promise<boolean> {
const now = Date.now()
if (wordpressDetectionCache !== null && (now - wordpressDetectionCacheTime) < WORDPRESS_CACHE_TTL_MS) {
return wordpressDetectionCache
}
const cwd = Instance.directory
if (!cwd) {
return false
}
const isWordPress = await detectWordPressInDirectory(cwd)
wordpressDetectionCache = isWordPress
wordpressDetectionCacheTime = now
return isWordPress
}
async function detectWordPressInDirectory(dir: string): Promise<boolean> {
try {
const entries = await fs.readdir(dir, { withFileTypes: true })
for (const entry of entries) {
if (entry.isFile() && entry.name.endsWith('.php')) {
const content = await fs.readFile(path.join(dir, entry.name), 'utf8')
if (isWordPressPluginFile(content)) {
return true
}
}
if (entry.isDirectory() && !entry.name.startsWith('.') && entry.name !== 'node_modules') {
const subDirFiles = await fs.readdir(path.join(dir, entry.name))
for (const file of subDirFiles) {
if (file.endsWith('.php')) {
const content = await fs.readFile(path.join(dir, entry.name, file), 'utf8')
if (isWordPressPluginFile(content)) {
return true
}
}
}
}
}
} catch (error) {
return false
}
return false
}
function isWordPressPluginFile(content: string): boolean {
const hasPluginName = /Plugin Name:/i.test(content)
const hasPluginUri = /Plugin URI:/i.test(content)
const hasWordPressFunctions = /(add_action|add_filter|register_activation_hook|wp_enqueue_script|wp_enqueue_style)/.test(content)
return hasPluginName || (hasPluginUri && hasWordPressFunctions)
}
export async function provider(model: Provider.Model, isWordPress: boolean = false) {
const basePrompts: string[] = []
if (model.api.id.includes("gpt-5")) basePrompts.push(PROMPT_CODEX)
else if (model.api.id.includes("gpt-") || model.api.id.includes("o1") || model.api.id.includes("o3"))
basePrompts.push(PROMPT_BEAST)
else if (model.api.id.includes("gemini-")) basePrompts.push(PROMPT_GEMINI)
else if (model.api.id.includes("claude")) basePrompts.push(PROMPT_ANTHROPIC)
else if (model.api.id.toLowerCase().includes("trinity")) basePrompts.push(PROMPT_TRINITY)
else basePrompts.push(PROMPT_ANTHROPIC_WITHOUT_TODO)
if (isWordPress) {
basePrompts.push(PROMPT_WORDPRESS)
}
return basePrompts
}
export async function environment(model: Provider.Model) {

2
opencode/packages/opencode/src/tool/registry.ts
View File

@@ -27,6 +27,7 @@ import { LspTool } from "./lsp"
import { Truncate } from "./truncation"
import { PlanExitTool, PlanEnterTool } from "./plan"
import { ApplyPatchTool } from "./apply_patch"
import { ValidateWordPressPluginTool } from "./validate-wordpress-plugin"
export namespace ToolRegistry {
const log = Log.create({ service: "tool.registry" })
@@ -112,6 +113,7 @@ export namespace ToolRegistry {
CodeSearchTool,
SkillTool,
ApplyPatchTool,
ValidateWordPressPluginTool,
...(Flag.OPENCODE_EXPERIMENTAL_LSP_TOOL ? [LspTool] : []),
...(config.experimental?.batch_tool === true ? [BatchTool] : []),
...(Flag.OPENCODE_EXPERIMENTAL_PLAN_MODE && Flag.OPENCODE_CLIENT === "cli" ? [PlanExitTool, PlanEnterTool] : []),

329
opencode/packages/opencode/src/tool/validate-wordpress-plugin.ts Normal file
View File

@@ -0,0 +1,329 @@
import z from "zod"
import { Tool } from "./tool"
import { spawn } from "child_process"
import path from "path"
import { Instance } from "../project/instance"
import { Log } from "../util/log"
const log = Log.create({ service: "validate-wordpress-plugin" })
const DEFAULT_TIMEOUT = 120000 // 2 minutes
export interface ValidationIssue {
severity: "error" | "warning"
category: string
file?: string
line?: number
message: string
}
export interface ValidationResult {
passed: boolean
errorCount: number
warningCount: number
issues: ValidationIssue[]
summary: string
}
export const ValidateWordPressPluginTool = Tool.define("validate_wordpress_plugin", async () => {
return {
description: `Validates a WordPress plugin for security vulnerabilities, coding standards violations, and common runtime errors. Runs comprehensive static analysis including:
- Forbidden/dangerous function detection
- SQL injection pattern detection
- XSS and input sanitization checks
- Nonce and capability verification
- PHP syntax validation
- Duplicate class/function detection
- Class loading validation
- File path security checks
- WordPress deprecated function detection
CRITICAL: This tool MUST be called before completing ANY WordPress plugin work. Do NOT mark work complete until validation passes.
Returns structured results with severity categorization. Use verbose=true only if you need full output.`,
parameters: z.object({
plugin_path: z.string().describe("Absolute or relative path to the WordPress plugin directory to validate"),
verbose: z.boolean().describe("Include full script output in addition to structured results (default: false)").optional(),
}),
async execute(params, ctx) {
const timeout = DEFAULT_TIMEOUT
const pluginPath = path.isAbsolute(params.plugin_path)
? params.plugin_path
: path.resolve(Instance.directory, params.plugin_path)
// Check if directory exists
const dirExists = await Bun.file(pluginPath).stat().then(s => s.isDirectory()).catch(() => false)
if (!dirExists) {
return {
title: "Validation Failed",
output: `<validation_result>
<summary>FAIL: Plugin directory not found: ${pluginPath}</summary>
<errors count="1">
[path] Plugin directory does not exist: ${pluginPath}
</errors>
</validation_result>`,
metadata: {
passed: false,
errorCount: 1,
warningCount: 0,
pluginPath,
},
}
}
// Get the validation script paths
const scriptsDir = path.join(Instance.worktree || process.cwd(), "scripts")
const bashScript = path.join(scriptsDir, "validate-wordpress-plugin.sh")
// Verify script exists
const bashExists = await Bun.file(bashScript).exists()
if (!bashExists) {
return {
title: "Validation Failed",
output: `<validation_result>
<summary>FAIL: Validation script not found</summary>
<errors count="1">
[setup] Validation script not found: ${bashScript}
</errors>
</validation_result>`,
metadata: {
passed: false,
errorCount: 1,
warningCount: 0,
pluginPath,
},
}
}
// Run the main validation script
const result: ValidationResult = {
passed: true,
errorCount: 0,
warningCount: 0,
issues: [],
summary: "",
}
const output = await runValidationScript(bashScript, pluginPath, timeout, ctx.abort)
// Parse the validation output
parseValidationOutput(output, result)
// Build concise summary
const summaryParts: string[] = []
if (result.errorCount > 0) {
summaryParts.push(`${result.errorCount} errors`)
result.passed = false
}
if (result.warningCount > 0) {
summaryParts.push(`${result.warningCount} warnings`)
}
if (result.errorCount === 0 && result.warningCount === 0) {
summaryParts.push("SUCCESS")
result.passed = true
}
result.summary = result.passed
? "✓ All validation checks passed"
: `✗ Validation failed: ${summaryParts.join(", ")}`
// Build output string (minimized for token efficiency)
let outputText = `<validation_result>\n`
outputText += `<summary>${result.summary}</summary>\n\n`
// Group issues by severity
const errors = result.issues.filter(i => i.severity === "error")
const warnings = result.issues.filter(i => i.severity === "warning")
if (errors.length > 0) {
outputText += `<errors count="${errors.length}">\n`
// Limit to first 10 errors to save tokens
errors.slice(0, 10).forEach(issue => {
outputText += ` [${issue.category}] ${issue.file ? `${issue.file}:${issue.line} - ` : ""}${issue.message}\n`
})
if (errors.length > 10) {
outputText += ` ... and ${errors.length - 10} more errors\n`
}
outputText += `</errors>\n\n`
}
if (warnings.length > 0) {
outputText += `<warnings count="${warnings.length}">\n`
// Limit to first 5 warnings
warnings.slice(0, 5).forEach(issue => {
outputText += ` [${issue.category}] ${issue.file ? `${issue.file}:${issue.line} - ` : ""}${issue.message}\n`
})
if (warnings.length > 5) {
outputText += ` ... and ${warnings.length - 5} more warnings\n`
}
outputText += `</warnings>\n`
}
outputText += `</validation_result>`
if (params.verbose) {
outputText += `\n\n<raw_output>\n${output.slice(-3000)}\n</raw_output>`
}
return {
title: `WordPress Plugin Validation: ${path.basename(pluginPath)}`,
output: outputText,
metadata: {
passed: result.passed,
errorCount: result.errorCount,
warningCount: result.warningCount,
pluginPath,
truncated: output.length > 5000,
},
}
},
}
})
async function runValidationScript(
scriptPath: string,
pluginPath: string,
timeout: number,
abortSignal: AbortSignal
): Promise<string> {
return new Promise((resolve, reject) => {
const proc = spawn("bash", [scriptPath, pluginPath], {
stdio: ["ignore", "pipe", "pipe"],
detached: process.platform !== "win32",
})
let output = ""
proc.stdout?.on("data", (chunk: Buffer) => { output += chunk.toString() })
proc.stderr?.on("data", (chunk: Buffer) => { output += chunk.toString() })
let timedOut = false
const timeoutTimer = setTimeout(() => {
timedOut = true
proc.kill("SIGTERM")
setTimeout(() => proc.kill("SIGKILL"), 5000)
}, timeout)
const abortHandler = () => {
proc.kill("SIGTERM")
setTimeout(() => proc.kill("SIGKILL"), 5000)
}
abortSignal.addEventListener("abort", abortHandler, { once: true })
proc.on("exit", () => {
clearTimeout(timeoutTimer)
abortSignal.removeEventListener("abort", abortHandler)
if (timedOut) {
output += "\n\n[Validation timed out after " + timeout + "ms]"
}
resolve(output)
})
proc.on("error", (err) => {
clearTimeout(timeoutTimer)
abortSignal.removeEventListener("abort", abortHandler)
reject(err)
})
})
}
function parseValidationOutput(output: string, result: ValidationResult): void {
const lines = output.split("\n")
for (const line of lines) {
const trimmed = line.trim()
// Parse error patterns - look for ✗, FATAL, ERROR
if (trimmed.includes("✗") || trimmed.includes("FATAL") || trimmed.includes("ERROR")) {
const issue = parseIssueLine(trimmed, "error")
if (issue && !isDuplicateIssue(result.issues, issue)) {
result.issues.push(issue)
result.errorCount++
}
}
// Parse warning patterns - look for ⚠, WARNING
if (trimmed.includes("⚠") || trimmed.includes("WARNING")) {
const issue = parseIssueLine(trimmed, "warning")
if (issue && !isDuplicateIssue(result.issues, issue)) {
result.issues.push(issue)
result.warningCount++
}
}
}
}
function parseIssueLine(line: string, severity: "error" | "warning"): ValidationIssue | null {
// Remove ANSI color codes
const cleanLine = line.replace(/\x1b\[[0-9;]*m/g, "")
// Try to extract file path and line number
const fileMatch = cleanLine.match(/([\w\/\\.-]+\.php):(\d+)/)
const file = fileMatch ? fileMatch[1] : undefined
const lineNum = fileMatch ? parseInt(fileMatch[2], 10) : undefined
// Try to extract category from patterns like "[1/11] Checking for..."
const categoryMatch = cleanLine.match(/\[\d+\/\d+\]\s+Checking\s+(?:for\s+)?(.+?)\.\.\./i)
const category = categoryMatch ? categoryMatch[1] : extractCategory(cleanLine)
// Extract message - remove common prefixes
let message = cleanLine
.replace(/^\s*[✗⚠]\s*/, "")
.replace(/^\s*FATAL:\s*/i, "")
.replace(/^\s*ERROR:\s*/i, "")
.replace(/^\s*WARNING:\s*/i, "")
.replace(/^\s*SECURITY\s+RISK\s+in\s+/, "")
.replace(/^\s*SQL\s+INJECTION\s+RISK\s+in\s+/, "")
.replace(/^\s*Found\s+/, "")
.trim()
// Skip empty or generic messages
if (!message || message.length < 10) {
return null
}
return {
severity,
category,
file,
line: lineNum,
message: message.substring(0, 200), // Limit message length
}
}
function extractCategory(line: string): string {
// Try to identify the category from common patterns
if (line.includes("forbidden") || line.includes("eval") || line.includes("exec")) {
return "security"
}
if (line.includes("SQL") || line.includes("wpdb")) {
return "sql-injection"
}
if (line.includes("XSS") || line.includes("sanitize") || line.includes("escape")) {
return "xss"
}
if (line.includes("syntax") || line.includes("parse")) {
return "syntax"
}
if (line.includes("duplicate") || line.includes("redeclare")) {
return "duplicates"
}
if (line.includes("missing") || line.includes("undefined")) {
return "undefined"
}
if (line.includes("class") || line.includes("function")) {
return "structure"
}
return "general"
}
function isDuplicateIssue(issues: ValidationIssue[], newIssue: ValidationIssue): boolean {
return issues.some(i =>
i.message === newIssue.message &&
i.file === newIssue.file &&
i.line === newIssue.line
)
}