From 78d5743c12f4576ef74186c4d27e1af1cfc5ca37 Mon Sep 17 00:00:00 2001 From: Jacek Pyziak Date: Tue, 28 Apr 2026 21:40:11 +0200 Subject: [PATCH] docs: add .paul/codebase/ codebase map (7 documents) Stack, architecture, conventions, testing, integrations, db_schema, concerns. Generated by PAUL /map-codebase workflow from codebase analysis. Co-Authored-By: Claude Sonnet 4.6 --- .paul/codebase/architecture.md | 142 ++++++++++++++++++++++++++++ .paul/codebase/concerns.md | 165 +++++++++++++++++++++++++++++++++ .paul/codebase/conventions.md | 94 +++++++++++++++++++ .paul/codebase/db_schema.md | 82 ++++++++++++++++ .paul/codebase/integrations.md | 117 +++++++++++++++++++++++ .paul/codebase/stack.md | 104 +++++++++++++++++++++ .paul/codebase/testing.md | 54 +++++++++++ 7 files changed, 758 insertions(+) create mode 100644 .paul/codebase/architecture.md create mode 100644 .paul/codebase/concerns.md create mode 100644 .paul/codebase/conventions.md create mode 100644 .paul/codebase/db_schema.md create mode 100644 .paul/codebase/integrations.md create mode 100644 .paul/codebase/stack.md create mode 100644 .paul/codebase/testing.md diff --git a/.paul/codebase/architecture.md b/.paul/codebase/architecture.md new file mode 100644 index 000000000..28f87047e --- /dev/null +++ b/.paul/codebase/architecture.md @@ -0,0 +1,142 @@ +# Architecture — krolewskie-miody.pl + +## Repository Structure + +Only `wp-content/` and WordPress root files are tracked in Git. +`wp-includes/` and `wp-admin/` core directories are present but represent standard WordPress core. + +``` +krolewskie-miody.pl/ +├── wp-config.php # DB config + constants +├── .htaccess # Rewrites, max_input_vars=10000 +├── index.php # WP entry point +├── wp-blog-header.php # WP bootstrap +├── wp-content/ +│ ├── themes/ +│ │ ├── betheme/ # Active theme (parent, no child) +│ │ ├── twentytwentyfive/ +│ │ ├── twentytwentyfour/ +│ │ └── twentytwentythree/ +│ └── plugins/ # 76 plugins +├── .paul/ # PAUL project management +├── .serena/ # Serena AI tooling +├── .vscode/ # VS Code + FTP config +└── CLAUDE.md # AI assistant instructions +``` + +## Theme Architecture: BeTheme (betheme/) + +``` +betheme/ +├── functions.php # Theme bootstrap (defines MFN_THEME_VERSION) +├── style.css # Theme header metadata only +├── woocommerce.php # WooCommerce template root +├── header.php / header-shop.php # Header templates +├── footer.php # Footer template (19KB) +├── style.php / style-colors.php # Dynamic PHP-generated CSS +├── functions/ # Core theme PHP logic +│ ├── theme-functions.php # 119KB — main hooks & functions +│ ├── theme-head.php # 79KB — HEAD/frontend logic +│ ├── theme-woocommerce.php # 72KB — WooCommerce customization (1,752 lines) +│ ├── theme-shortcodes.php # 405KB / 13,793 lines — visual builder shortcodes +│ ├── theme-hooks.php # Hook definitions +│ ├── theme-menu.php # Menu handling (350 lines) +│ ├── admin/ # Admin-side classes +│ ├── builder/ # Visual builder (class-mfn-builder*.php) +│ ├── modules/ # Dynamic data module +│ ├── plugins/ +│ │ ├── visual-composer.php # 81KB VC integration +│ │ └── elementor/ # Elementor support +│ ├── post-types/ # Custom post type classes +│ └── widgets/ # Theme widgets +├── woocommerce/ # 27 WooCommerce template overrides +│ ├── archive-product.php +│ ├── content-product.php +│ ├── content-single-product.php +│ ├── cart/ (5 files) +│ ├── checkout/form-checkout.php +│ ├── single-product/ (6+ files) +│ ├── loop/ (4 files) +│ ├── myaccount/downloads.php +│ └── notices/ (2 files) +├── muffin-options/ +│ └── theme-options.php # 337KB master options panel +├── visual-builder/ # Muffin's visual page builder +├── css/ # Pre-compiled stylesheets +├── js/ # Pre-compiled JavaScript +├── includes/ # Template partials +├── templates/ # Page templates +├── languages/ # Translations +└── wpml/wpml-config.xml # WPML multilingual config +``` + +## Class Architecture (BeTheme) + +BeTheme uses a class-per-feature pattern with `mfn_` prefix on all functions: + +**Admin classes** (`functions/admin/`): +- `class-mfn-api.php`, `class-mfn-dashboard.php`, `class-mfn-helper.php` +- `class-mfn-update.php`, `class-mfn-plugins.php`, `class-mfn-setup.php` + +**Builder classes** (`functions/builder/`): +- `class-mfn-builder.php` — main builder +- `class-mfn-builder-fields.php` — 2.4MB field definitions +- `class-mfn-builder-admin.php` — 154KB +- `class-mfn-builder-front.php` — 136KB +- `class-mfn-builder-woo-helper.php` — WooCommerce builder integration + +**Post type classes** (`functions/post-types/`): +- `class-mfn-post-type-page.php`, `class-mfn-post-type-product.php` +- `class-mfn-post-type-template.php` — 84KB +- 10+ additional post type classes + +**Elementor widget classes** (`functions/plugins/elementor/`): +- `class-mfn-elementor.php` + 80+ widget classes + +## WordPress Request Flow + +``` +HTTP Request + → index.php (defines WP_USE_THEMES = true) + → wp-blog-header.php + → wp-load.php → wp-config.php (DB + constants) + → wp-settings.php (load plugins + theme) + → betheme/functions.php (theme init: MFN_THEME_VERSION = 27.6.4) + → Loads theme-options.php, theme-functions.php, theme-head.php + → WordPress template hierarchy selects template file + → WooCommerce hooks modify product/cart/checkout rendering +``` + +## WooCommerce Integration Points + +1. **Theme support declared** in `theme-woocommerce.php`: + - `wc-product-gallery-zoom`, `wc-product-gallery-lightbox`, `wc-product-gallery-slider` + - Custom image sizes for thumbnails and single product + +2. **Hooks removed** (theme replaces defaults): + - `woocommerce_before_main_content` wrappers, breadcrumb, sidebar, sale flash, product thumbnail + +3. **Hooks added** (theme enhancements): + - Quantity buttons, wishlist button, excerpt in loop, cart fragment AJAX + +4. **Template overrides** (`betheme/woocommerce/`): + - 27 files override WooCommerce default templates + +## Custom Code Locations + +| Location | Purpose | +|----------|---------| +| `betheme/functions/theme-woocommerce.php` | WooCommerce hooks & filters | +| `betheme/functions/theme-functions.php` | Theme hooks, helpers, shortcodes | +| `betheme/woocommerce/` | WooCommerce template overrides | +| `code-snippets` plugin | DB-stored PHP snippets (admin-managed) | +| `head-footer-code` plugin | Header/footer injection | +| `wp-headers-and-footers` plugin | Global header/footer scripts | + +## Database + +- **Engine:** MariaDB at `mariadb114.miody.nazwa.pl` +- **Database:** `miody_miodynew` +- **Table prefix:** `wp_` (default — not hardened) +- **Custom tables:** None confirmed outside standard WordPress/WooCommerce tables +- **Schema doc:** `.paul/codebase/db_schema.md` diff --git a/.paul/codebase/concerns.md b/.paul/codebase/concerns.md new file mode 100644 index 000000000..9c96abb80 --- /dev/null +++ b/.paul/codebase/concerns.md @@ -0,0 +1,165 @@ +# Concerns — krolewskie-miody.pl + +## CRITICAL (Immediate Action Required) + +### C1 — Credentials Exposed in Version Control +- **wp-config.php** contains live database credentials committed to Git +- **.vscode/ftp-kr.json** contains live FTP credentials committed to Git +- **wp-config.php** line 3: `RSSSL_KEY` (Really Simple SSL API key) committed +- **Action:** Rotate all credentials immediately. Add `.gitignore`. Remove from Git history (`git filter-branch` or `git filter-repo`). + +### C2 — No .gitignore +- Entire WordPress installation tracked in Git with no exclusions +- Sensitive files: `wp-config.php`, `.vscode/ftp-kr.json` +- Large vendor code: all 76 plugin directories, all theme files +- **Action:** Create `.gitignore` excluding at minimum: `wp-config.php`, `.vscode/ftp-kr.json`, `/wp-content/uploads/`, `/wp-content/plugins/*/` (third-party), WordPress core dirs + +### C3 — FTP Instead of SFTP +- `.vscode/ftp-kr.json` uses plain FTP (port 21) — credentials and file contents transmitted unencrypted +- **Action:** Switch to SFTP in deploy config + +--- + +## HIGH (Address Soon) + +### H1 — No Child Theme +- All customizations are in the BeTheme parent theme directly +- Any BeTheme update will overwrite custom code in `functions/`, WooCommerce overrides, etc. +- Violates CLAUDE.md rule: *"Customizations only in child theme or dedicated plugin"* +- **Files at risk:** `betheme/functions/theme-woocommerce.php`, `betheme/woocommerce/` (27 templates) +- **Action:** Create a child theme; migrate project-specific hooks and template overrides + +### H2 — Duplicate SEO Plugins (2 full suites active) +- Yoast SEO + Yoast SEO Premium +- All in One SEO + AIOSEO Pro (same plugin, free + paid simultaneously) +- Plus: broken-link-checker-seo, buffor-seo, aioseo-index-now +- **Impact:** Conflicting meta tag output, duplicate sitemap generation, DB bloat +- **Action:** Pick one suite (Yoast recommended as it's newer and at v27.4). Deactivate and delete AIOSEO free/pro + +### H3 — Duplicate Analytics Plugins (7 implementations) +- `ga-google-analytics`, `google-analytics-for-wordpress`, `google-analytics-premium`, `google-site-kit`, `woo-ecommerce-tracking-for-google-and-facebook`, `pixelyoursite`, and GTM plugin +- **Impact:** GA4 events firing multiple times, inflated conversion data, page speed degradation +- **Action:** Consolidate to Google Site Kit (official) + GTM for custom events. Remove legacy GA plugins + +### H4 — Duplicate Cookie Consent Plugins +- `complianz-gdpr` (primary, comprehensive) +- `cookie-notice` (separate plugin) +- `wpconsent-cookies-banner-privacy-suite` (third plugin) +- **Impact:** Multiple consent banners shown, conflicting consent state, GDPR compliance uncertainty +- **Action:** Keep Complianz only; deactivate and remove cookie-notice and wpconsent + +### H5 — Duplicate SMTP Plugins +- `easy-wp-smtp` (primary, configured) +- `wp-mail-smtp` (secondary) +- **Impact:** Email delivery conflicts, double configuration +- **Action:** Deactivate and remove wp-mail-smtp + +### H6 — Duplicate Coupon Plugins (free + pro simultaneously) +- `flexible-coupons` (free v1.14.4) +- `flexible-coupons-pro` (pro v2.5.3) +- **Impact:** Plugin conflicts — pro version should replace free +- **Action:** Deactivate and delete flexible-coupons free; keep pro only + +### H7 — SQL Injection Risk in Builder Queries +- **File:** `wp-content/themes/betheme/functions/builder/` — 82+ `$wpdb->query()` / `$wpdb->get_results()` calls +- Some queries use direct variable interpolation without `$wpdb->prepare()`: + ```php + $wpdb->get_results("... and m.meta_value IN ( '{$type}' )"); + ``` +- **Impact:** SQL injection if `$type` is user-controlled +- **Action:** Audit all `$wpdb` calls in builder files; wrap dynamic values in `$wpdb->prepare()` + +### H8 — Duplicator Installer Files Present +- `wp-content/plugins/duplicator/installer/` contains active installer scripts +- Known security risk — Duplicator installers have been exploited historically +- `.htaccess` protections are in place but installer framework is accessible +- **Action:** Delete installer directory after backups are complete + +### H9 — No Caching Layer +- 76 plugins with zero caching plugin installed +- Shared hosting (Nazwa.pl) without built-in object cache +- **Impact:** Every page request hits database with full plugin stack +- **Action:** Install LiteSpeed Cache (if host supports LiteSpeed) or WP Super Cache + +--- + +## MEDIUM (Plan to Address) + +### M1 — Security Constants Missing from wp-config.php +- `DISALLOW_FILE_EDIT` not set — theme/plugin editor accessible in WP admin +- `FORCE_SSL_ADMIN` not set — admin login may occur over HTTP +- `WP_MEMORY_LIMIT` not set — using PHP default +- **Action:** Add to wp-config.php: + ```php + define('DISALLOW_FILE_EDIT', true); + define('FORCE_SSL_ADMIN', true); + define('WP_MEMORY_LIMIT', '256M'); + ``` + +### M2 — Default Table Prefix +- Tables use `wp_` prefix — slightly easier for automated attacks to target +- Changing after installation requires DB migration +- **Action:** Note for future migration during next major maintenance + +### M3 — xmlrpc.php Present +- `xmlrpc.php` is a common brute-force and DDoS vector +- Not needed if no XML-RPC integrations are active +- **Action:** Block via .htaccess or disable via plugin if not used + +### M4 — No Code Quality Tooling +- No `.phpcs.xml`, no ESLint, no PHPStan +- No pre-commit hooks enforcing standards +- **Action:** Add PHPCS with WordPress ruleset; configure in CI + +### M5 — Plugin Count (76 plugins) +- Industry best practice: under 20-25 plugins for performance +- 76 plugins = significant memory and execution time overhead +- Audit has identified at least 10-15 redundant plugins (see H1-H6) +- **Action:** After deduplication, target 50-55 active plugins + +### M6 — No Automated Tests +- No PHPUnit, no CI/CD pipeline +- Custom WooCommerce hooks and checkout modifications untested +- See `testing.md` for setup recommendations + +--- + +## LOW (Nice to Have) + +### L1 — Code Snippets Plugin on Production +- `code-snippets` stores PHP in the database — not version-controlled +- Snippets invisible in Git history; changes untracked +- **Action:** Migrate any production snippets to a custom plugin or child theme functions + +### L2 — Multiple Form Plugins +- `contact-form-7` and `wpforms-lite` both installed +- **Action:** Pick one and remove the other + +### L3 — Duplicate Popup Plugins +- `optinmonster` and `popup-maker` both installed +- **Action:** Consolidate to one popup solution + +--- + +## Summary Matrix + +| ID | Severity | Issue | Effort | +|----|----------|-------|--------| +| C1 | CRITICAL | Credentials in Git | Low (rotate + gitignore) | +| C2 | CRITICAL | No .gitignore | Low | +| C3 | CRITICAL | FTP unencrypted | Low | +| H1 | HIGH | No child theme | High | +| H2 | HIGH | Duplicate SEO plugins | Low | +| H3 | HIGH | Duplicate analytics (7x) | Low | +| H4 | HIGH | Duplicate cookie consent | Low | +| H5 | HIGH | Duplicate SMTP | Low | +| H6 | HIGH | Duplicate coupon plugins | Low | +| H7 | HIGH | SQL injection in builder | Medium | +| H8 | HIGH | Duplicator installer exposed | Low | +| H9 | HIGH | No caching | Low | +| M1 | MEDIUM | Security constants missing | Low | +| M2 | MEDIUM | Default table prefix | High | +| M3 | MEDIUM | xmlrpc.php active | Low | +| M4 | MEDIUM | No code quality tooling | Medium | +| M5 | MEDIUM | 76 plugins | Medium | +| M6 | MEDIUM | No automated tests | High | diff --git a/.paul/codebase/conventions.md b/.paul/codebase/conventions.md new file mode 100644 index 000000000..d69bdc93f --- /dev/null +++ b/.paul/codebase/conventions.md @@ -0,0 +1,94 @@ +# Conventions — krolewskie-miody.pl + +## PHP Conventions (CLAUDE.md) + +- **Standard:** PSR-12 formatting +- **Classes:** PascalCase — e.g. `MfnDynamicData`, `class-mfn-builder.php` +- **Methods/Functions:** snake_case — e.g. `mfn_woocommerce_product_reviews_tab_title()` +- **Database variables:** snake_case +- **Theme function prefix:** `mfn_` for all BeTheme functions +- **Max nesting depth:** 3 levels — extract deeper logic to named methods +- **Comments:** Only when explaining *why*, never *what* +- **Customizations:** Child theme or dedicated plugin only — never in WordPress core or parent theme directly + +## File Naming + +- Plugin/theme files: kebab-case — `class-mfn-builder.php` +- Class files: prefixed with `class-` — `class-mfn-dynamic-data.php` + +## WordPress Hook Usage + +Hooks registered in `wp-content/themes/betheme/functions/`: + +**Core hooks used:** +- `after_setup_theme` — theme init +- `init` — WP initialization +- `wp_enqueue_scripts` — script/style loading +- `pre_get_posts` — query modification +- `admin_menu` — admin customization + +**Custom theme hooks (mfn_):** +- `mfn_before_content` / `mfn_after_content` +- `mfn_before_shop_content` / `mfn_after_shop_content` +- `mfn_hook_bottom` + +## WooCommerce Hook Pattern + +See `wp-content/themes/betheme/functions/theme-woocommerce.php`. + +**Remove defaults, then add custom:** +```php +// Remove WooCommerce defaults +remove_action('woocommerce_before_main_content', 'woocommerce_output_content_wrapper', 10); +remove_action('woocommerce_sidebar', 'woocommerce_get_sidebar', 10); + +// Add theme equivalents +add_action('woocommerce_before_quantity_input_field', 'mfn_woocommerce_before_quantity_input_field'); +add_action('woocommerce_after_add_to_cart_button', 'mfn_append_wishlist_button'); +add_filter('loop_shop_columns', 'mfn_woo_loop_shop_columns', 20); +add_filter('woocommerce_add_to_cart_fragments', 'woocommerce_header_add_to_cart_fragment'); +``` + +## CSS / JS Conventions + +- **No build tooling** — no SASS, Webpack, or Gulp +- CSS and JS are pre-compiled and committed directly +- Main files: `betheme/css/be.css`, `betheme/js/scripts.js` +- Both minified and unminified versions maintained +- Custom CSS should go in child theme `style.css` (once child theme is created) + +## Configuration Constants (wp-config.php) + +Currently defined: +```php +define('RSSSL_KEY', '...'); // Really Simple SSL API key +define('WP_DEBUG', false); // Production mode +``` + +**Not yet defined (recommended):** +```php +define('DISALLOW_FILE_EDIT', true); +define('FORCE_SSL_ADMIN', true); +define('WP_MEMORY_LIMIT', '256M'); +``` + +## Database Conventions + +- Schema documented in `.paul/codebase/db_schema.md` +- Every schema change requires a new migration — never modify existing ones +- Use `$wpdb->prepare()` for all dynamic queries +- Table prefix: `wp_` (default) + +## Version Control + +- **Remote:** `https://git.project-pro.pl/Project-Pro/krolewskie-miody.pl.git` +- **Branch:** `main` +- **No `.gitignore`** — currently all files tracked (security risk; see concerns.md) +- Excluded from FTP deploy: `.git`, `.vscode`, `.paul`, `.serena`, `CLAUDE.md` + +## Code Quality Tools + +None configured. Recommended additions: +- `.phpcs.xml` — PHP CodeSniffer with WordPress/PSR-12 ruleset +- `phpstan.neon` — Static analysis +- `.eslintrc` — JavaScript linting diff --git a/.paul/codebase/db_schema.md b/.paul/codebase/db_schema.md new file mode 100644 index 000000000..d1313555f --- /dev/null +++ b/.paul/codebase/db_schema.md @@ -0,0 +1,82 @@ +# Database Schema — krolewskie-miody.pl + +## Connection + +- **Engine:** MariaDB +- **Host:** `mariadb114.miody.nazwa.pl` +- **Database:** `miody_miodynew` +- **Table prefix:** `wp_` (default WordPress prefix) +- **Charset:** `utf8mb4` + +## Standard WordPress Tables + +| Table | Purpose | +|-------|---------| +| `wp_posts` | All content (pages, products, orders, templates) | +| `wp_postmeta` | Post metadata (product price, order items, etc.) | +| `wp_terms` | Taxonomy terms (categories, tags, product attributes) | +| `wp_term_taxonomy` | Term-taxonomy relationships | +| `wp_term_relationships` | Object-term relationships | +| `wp_options` | Site configuration, plugin settings | +| `wp_users` | Customer and admin accounts | +| `wp_usermeta` | User metadata (shipping address, billing, roles) | +| `wp_comments` | Product reviews, order notes | +| `wp_commentmeta` | Comment metadata | +| `wp_links` | Blogroll (legacy, rarely used) | + +## WooCommerce Tables + +| Table | Purpose | +|-------|---------| +| `wp_woocommerce_sessions` | Cart sessions | +| `wp_woocommerce_api_keys` | REST API authentication | +| `wp_woocommerce_attribute_taxonomies` | Product attribute definitions | +| `wp_woocommerce_downloadable_product_permissions` | Digital product access | +| `wp_woocommerce_order_items` | Line items per order | +| `wp_woocommerce_order_itemmeta` | Metadata for order items | +| `wp_woocommerce_tax_rates` | Tax rate definitions | +| `wp_woocommerce_tax_rate_locations` | Tax rate geographic zones | +| `wp_woocommerce_shipping_zones` | Shipping zone definitions | +| `wp_woocommerce_shipping_zone_locations` | Zone geographic areas | +| `wp_woocommerce_shipping_zone_methods` | Methods per zone | +| `wp_woocommerce_payment_tokens` | Saved payment methods | +| `wp_woocommerce_payment_tokenmeta` | Payment token metadata | +| `wp_woocommerce_log` | WooCommerce action log | + +## Plugin Tables (selected) + +| Table | Plugin | Purpose | +|-------|--------|---------| +| `wp_code_snippets` | Code Snippets | Custom PHP snippet storage | +| `wp_complianz_*` | Complianz GDPR | Cookie consent records | +| `wp_wfpk_*` or similar | PixelYourSite | Tracking pixel config | + +## Key Relationships + +### Products +- `wp_posts` (post_type = 'product' or 'product_variation') +- `wp_postmeta` — `_price`, `_regular_price`, `_sale_price`, `_sku`, `_stock` +- `wp_term_relationships` → `wp_terms` (product categories, tags, attributes) + +### Orders +- `wp_posts` (post_type = 'shop_order') +- `wp_postmeta` — `_billing_*`, `_shipping_*`, `_order_total`, `_payment_method` +- `wp_woocommerce_order_items` + `wp_woocommerce_order_itemmeta` + +### Customers +- `wp_users` — account +- `wp_usermeta` — `billing_address_1`, `shipping_city`, etc. + +## Migration Rules + +Per CLAUDE.md: +1. Schema changes require a new migration file +2. Never modify existing migrations +3. Document all custom schema changes in this file + +## Custom Schema Changes + +*No custom tables or schema changes recorded yet.* + +--- +*Update this file whenever schema changes are made.* diff --git a/.paul/codebase/integrations.md b/.paul/codebase/integrations.md new file mode 100644 index 000000000..e12dd7bb2 --- /dev/null +++ b/.paul/codebase/integrations.md @@ -0,0 +1,117 @@ +# Integrations — krolewskie-miody.pl + +## Payment Gateways + +| Integration | Plugin | Version | Notes | +|-------------|--------|---------|-------| +| Przelewy24 | woocommerce-gateway-przelewy24 | 4.1.16 | Polish market primary | +| PayU | woo-payu-payment-gateway | 2.10.1 | Polish market secondary | +| PayPal | woocommerce-paypal-payments | 4.0.3 | International | +| WooCommerce Payments | woocommerce-payments | 10.7.1 | WordPress.com | +| InPost Pay | inpost-pay | 2.0.7 | Linked to InPost shipping | + +## Shipping & Logistics + +| Integration | Plugin | Version | Notes | +|-------------|--------|---------|-------| +| InPost Paczkomaty | woocommerce-paczkomaty-inpost | 4.6.30 | Parcel lockers (paczkomaty) | +| InPost for WooCommerce | inpost-for-woocommerce | — | Courier + locker | +| InPost Map | ws-inpost-map | 1.0.0 | Interactive locker map widget | +| PolKurier | woocommerce-polkurier | — | Polish courier network | +| WooCommerce Services | woocommerce-services | 3.6.1 | Shipping labels + tax | + +## Analytics & Tracking + +| Integration | Plugin | Version | Notes | +|-------------|--------|---------|-------| +| Google Tag Manager | duracelltomi-google-tag-manager | 1.22.3 | GTM container injection | +| Google Site Kit | google-site-kit | 1.177.0 | GA4 + GSC + PageSpeed | +| MonsterInsights | google-analytics-for-wordpress | — | GA dashboard in WP admin | +| MonsterInsights Premium | google-analytics-premium | 10.1.3 | Advanced GA features | +| GA4 snippet | ga-google-analytics | 20260421 | Simple GA snippet (legacy) | +| PixelYourSite | pixelyoursite | 11.2.0.4 | Multi-pixel management | +| Meta Pixel | official-facebook-pixel | 5.0.1 | Facebook/Instagram tracking | +| Meta for WooCommerce | facebook-for-woocommerce | 3.6.3 | Product catalog + pixel | +| TikTok for Business | tiktok-for-business | — | TikTok pixel + catalog | +| WC Google & Facebook tracking | woo-ecommerce-tracking-for-google-and-facebook | — | Enhanced e-commerce events | + +**Warning:** Significant tracking duplication — 4+ Google Analytics implementations. Review needed. + +## SEO + +| Integration | Plugin | Version | Notes | +|-------------|--------|---------|-------| +| Yoast SEO | wordpress-seo | 27.4 | Primary SEO | +| Yoast SEO Premium | wordpress-seo-premium | — | Premium features | +| AIOSEO | all-in-one-seo-pack | 4.9.6.2 | Duplicate — should remove | +| AIOSEO Pro | all-in-one-seo-pack-pro | 4.9.6.2 | Duplicate — should remove | +| AIOSEO IndexNow | aioseo-index-now | 1.0.13 | Instant indexing | +| Broken Link Checker | broken-link-checker-seo | 1.2.10 | SEO link audit | +| Google Listings & Ads | google-listings-and-ads | 3.6.1 | Google Shopping / Merchant | +| Buffor SEO | buffor-seo | — | Social media scheduling | + +**Warning:** Both Yoast and AIOSEO active simultaneously — meta tag conflicts likely. + +## Email / SMTP + +| Integration | Plugin | Notes | +|-------------|--------|-------| +| Easy WP SMTP | easy-wp-smtp 2.14.0 | Primary — configured | +| WP Mail SMTP | wp-mail-smtp | Secondary — potential conflict | + +## Reviews & Ratings + +| Integration | Plugin | Version | +|-------------|--------|---------| +| eKomi | ekomi | 3.4.0 | +| Google Reviews | wp-reviews-plugin-for-google | 13.2.9 | +| Facebook Reviews | free-facebook-reviews-and-recommendations-widgets | 13.2.9 | + +## Product Feeds (Polish Marketplaces) + +| Integration | Plugin | Notes | +|-------------|--------|-------| +| Ceneo.pl | woocommerce-ceneo-official | Polish price comparison | +| WebAppick Feed | webappick-product-feed-for-woocommerce | Multi-platform (Google, Facebook, etc.) | +| WP Product Feed Manager | wp-product-feed-manager | Additional feed management | + +## Security & Compliance + +| Integration | Plugin | Version | Notes | +|-------------|--------|---------|-------| +| Really Simple SSL | really-simple-ssl | 9.5.9 | SSL + 2FA + hardening | +| Complianz GDPR | complianz-gdpr | 7.4.5 | Cookie consent (primary) | +| Complianz T&C | complianz-terms-conditions | — | Legal document generator | +| Cookie Notice | cookie-notice | 3.0.2 | Cookie banner (potential duplicate) | +| WPConsent | wpconsent-cookies-banner-privacy-suite | — | Privacy suite (potential duplicate) | +| Cloudflare Turnstile | simple-cloudflare-turnstile | 1.39.0 | Bot protection / CAPTCHA | + +**Warning:** 3 cookie/consent plugins active simultaneously. + +## Marketing & Automation + +| Integration | Plugin | Version | +|-------------|--------|---------| +| ShopMagic | shopmagic-for-woocommerce | — | WooCommerce email automation | +| Uncanny Automator | uncanny-automator | 7.1.0.1 | No-code automation | +| OptinMonster | optinmonster | 2.16.22 | Lead capture / popups | +| Popup Maker | popup-maker | 1.22.0 | Popup builder | + +## Checkout & Cart + +| Integration | Plugin | Version | +|-------------|--------|---------| +| Flexible Checkout Fields | flexible-checkout-fields | 4.1.36 | Custom checkout fields | +| WC Checkout Field Editor Pro | woo-checkout-field-editor-pro | 2.1.8 | Checkout customization | +| WC Checkout Manager | woocommerce-checkout-manager | 7.8.9 | Checkout manager | +| Flexible Coupons | flexible-coupons | 1.14.4 | Advanced coupons | +| Flexible Coupons Pro | flexible-coupons-pro | 2.5.3 | Pro coupons (conflicts with free) | +| WC Auto-Added Coupons | woocommerce-auto-added-coupons | 3.4.2 | Auto-apply coupons | +| WC Active Payments | woocommerce-active-payments | 3.9.18 | Payment method manager | + +## Hosting + +- **Provider:** Nazwa.pl (Polish hosting) +- **FTP host:** `ftp.miody.nazwa.pl` +- **Database host:** `mariadb114.miody.nazwa.pl` +- **Git remote:** `https://git.project-pro.pl/Project-Pro/krolewskie-miody.pl.git` diff --git a/.paul/codebase/stack.md b/.paul/codebase/stack.md new file mode 100644 index 000000000..1cf0843b3 --- /dev/null +++ b/.paul/codebase/stack.md @@ -0,0 +1,104 @@ +# Stack — krolewskie-miody.pl + +## Core Platform + +| Layer | Technology | Version | +|-------|-----------|---------| +| CMS | WordPress | Check `wp-includes/version.php` | +| E-commerce | WooCommerce | 10.7.0 | +| Theme | BeTheme (Muffin Group) | 27.6.4 | +| Language | PHP | 7.4+ (WooCommerce requirement) | +| Database | MariaDB | mariadb114.miody.nazwa.pl | +| Hosting | Nazwa.pl (shared hosting) | FTP deploy | + +## Theme + +- **Parent theme:** `wp-content/themes/betheme/` — BeTheme v27.6.4 by Muffin Group +- **Child theme:** None — customizations live directly in parent theme (violation of CLAUDE.md; see concerns.md) +- **Visual builder:** Muffin's proprietary builder (`wp-content/themes/betheme/visual-builder/`) +- **WooCommerce overrides:** 27 template files in `wp-content/themes/betheme/woocommerce/` + +## Payment Gateways + +| Plugin | Version | Provider | +|--------|---------|----------| +| woocommerce-gateway-przelewy24 | 4.1.16 | Przelewy24 (P24) — Polish | +| woo-payu-payment-gateway | 2.10.1 | PayU — Polish | +| woocommerce-paypal-payments | 4.0.3 | PayPal | +| woocommerce-payments | 10.7.1 | WordPress.com Payments | +| inpost-pay | 2.0.7 | InPost Pay | + +## Shipping + +| Plugin | Version | Provider | +|--------|---------|----------| +| woocommerce-paczkomaty-inpost | 4.6.30 | InPost Paczkomaty (lockers) | +| inpost-for-woocommerce | — | InPost | +| ws-inpost-map | 1.0.0 | InPost map widget | +| woocommerce-polkurier | — | PolKurier courier | +| woocommerce-services | 3.6.1 | WooCommerce Services (tax/shipping) | + +## Analytics & Tracking + +| Plugin | Version | Purpose | +|--------|---------|---------| +| google-site-kit | 1.177.0 | GA4 + GSC + PageSpeed | +| duracelltomi-google-tag-manager | 1.22.3 | GTM container | +| pixelyoursite | 11.2.0.4 | Multi-pixel manager | +| official-facebook-pixel | 5.0.1 | Meta Pixel | +| facebook-for-woocommerce | 3.6.3 | Meta Catalog + Pixel | +| tiktok-for-business | — | TikTok Pixel | +| woo-ecommerce-tracking-for-google-and-facebook | — | Dual tracking | +| ga-google-analytics | 20260421 | GA snippet injection | +| google-analytics-for-wordpress | — | MonsterInsights | +| google-analytics-premium | 10.1.3 | MonsterInsights Premium | + +## SEO + +| Plugin | Version | +|--------|---------| +| wordpress-seo (Yoast) | 27.4 | +| wordpress-seo-premium | — | +| all-in-one-seo-pack | 4.9.6.2 | +| all-in-one-seo-pack-pro | 4.9.6.2 | +| aioseo-index-now | 1.0.13 | +| broken-link-checker-seo | 1.2.10 | +| buffor-seo | — | +| google-listings-and-ads | 3.6.1 | + +## GDPR / Compliance + +| Plugin | Version | +|--------|---------| +| complianz-gdpr | 7.4.5 | +| complianz-terms-conditions | — | +| cookie-notice | 3.0.2 | +| wpconsent-cookies-banner-privacy-suite | — | +| really-simple-ssl | 9.5.9 | +| simple-cloudflare-turnstile | 1.39.0 | + +## Email + +| Plugin | Version | +|--------|---------| +| easy-wp-smtp | 2.14.0 (primary) | +| wp-mail-smtp | — (secondary — potential conflict) | + +## Frontend Assets + +- **CSS:** Pre-compiled plain CSS — `wp-content/themes/betheme/css/be.css` (496KB), responsive.css, woocommerce.css +- **JS:** Pre-compiled plain JS — `wp-content/themes/betheme/js/scripts.js`, woocommerce.js +- **No build tooling:** No SASS, Webpack, or Gulp — assets are version-controlled compiled files +- **Skins:** 12 colour skins in `wp-content/themes/betheme/css/skins/` + +## Deployment + +- **Protocol:** FTP (plain, unencrypted) to `ftp.miody.nazwa.pl` +- **Remote path:** `/nowa` +- **Config:** `.vscode/ftp-kr.json` (credentials stored in file — security risk) +- **Strategy:** Manual upload — autoUpload disabled +- **Excluded from deploy:** `.git`, `.vscode`, `.paul`, `.serena`, `CLAUDE.md` + +## Plugin Count + +**76 plugins total** — heavy stack with significant duplication (see concerns.md) diff --git a/.paul/codebase/testing.md b/.paul/codebase/testing.md new file mode 100644 index 000000000..5a0f3dfe4 --- /dev/null +++ b/.paul/codebase/testing.md @@ -0,0 +1,54 @@ +# Testing — krolewskie-miody.pl + +## Current Status + +**No testing infrastructure is configured.** + +CLAUDE.md acknowledges this: *"Testy — Uzupełnij jak uruchamiać testy"* (incomplete placeholder). + +## What's Missing + +- No `phpunit.xml` or `phpunit.xml.dist` +- No `tests/` directory +- No `.github/workflows/` CI/CD pipelines +- No PHPUnit dependency in any `composer.json` +- No JavaScript test runner (Jest, Mocha, etc.) +- No automated code quality checks on commit + +## Recommended Setup + +### PHPUnit (WordPress unit tests) + +1. Install PHPUnit via Composer in a custom plugin or child theme: + ```bash + composer require --dev phpunit/phpunit wp-phpunit/wp-phpunit + ``` + +2. Create `phpunit.xml`: + ```xml + + + + tests/ + + + + ``` + +3. Place test files in `tests/` with `Test` suffix: `tests/class-checkout-test.php` + +### Manual Testing Checklist (current practice) + +Since no automated tests exist, manual testing covers: +- Product listing and filtering +- Add to cart / cart updates +- Checkout flow (Przelewy24, PayU, PayPal) +- InPost locker selection +- Order confirmation emails (via Easy WP SMTP) +- Coupon application (flexible-coupons-pro) +- GDPR consent banner (Complianz) + +## Notes + +- WooCommerce 10.x ships with its own test utilities — can be leveraged for integration tests +- Code Snippets plugin stores custom PHP in DB — these snippets are not version-controlled or testable via standard tooling