Project-Pro/luxmed2.pagedev.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: map existing codebase

Browse Source
This commit is contained in:
Roman Pyrih
2026-05-07 10:15:04 +02:00
parent f7afb4e4dc
commit 04de2ac558
9 changed files with 999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
.paul/codebase/architecture.md Normal file
View File

@@ -0,0 +1,143 @@
# Architecture
**Analysis Date:** 2026-05-07
## Pattern Overview
**Overall:** WordPress monolith with theme/plugin architecture and Elementor as the page-building layer.
**Key Characteristics:**
- Full WordPress core is present in the repository: `wp-admin/`, `wp-includes/`, and root `wp-*.php` files.
- Site behavior is split between WordPress configuration, theme files, normal plugins, and a must-use plugin.
- Landing page content/layout is likely stored mostly in the WordPress database through Elementor.
- Custom lead-generation/consent behavior is concentrated in Hello Elementor assets and the Cookie Notice Pro MU plugin.
## Layers
**WordPress Core:**
- Purpose: bootstrap, routing, template loading, admin, database API, plugin/theme lifecycle.
- Contains: `wp-admin/`, `wp-includes/`, `wp-settings.php`, `wp-load.php`, `wp-blog-header.php`.
- Depends on: PHP runtime and MySQL/MariaDB.
- Used by: every frontend/admin request.
**Configuration:**
- Purpose: database constants, salts, table prefix, debug flags.
- Contains: `wp-config.php`.
- Depends on: hosting environment.
- Used by: `wp-load.php` and WordPress bootstrap.
**Theme Layer:**
- Purpose: frontend shell, template files, theme support, local styles/scripts.
- Contains: `wp-content/themes/hello-elementor/`.
- Depends on: WordPress core and Elementor.
- Used by: public page rendering.
**Plugin Layer:**
- Purpose: page builder, forms, anti-spam, icon/SVG support, backups, content utilities.
- Contains: `wp-content/plugins/elementor/`, `wp-content/plugins/elementor-pro/`, `wp-content/plugins/akismet/`, `wp-content/plugins/lordicon/`, `wp-content/plugins/svg-support/`, `wp-content/plugins/duplicator-pro-v4.5.16.2/`, `wp-content/plugins/copy-delete-posts/`.
- Depends on: WordPress plugin lifecycle.
- Used by: frontend, admin, forms, backup workflows.
**Must-Use Plugin Layer:**
- Purpose: always-loaded site-specific consent/GTM behavior.
- Contains: `wp-content/mu-plugins/cookie-notice-pro-loader.php`, `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`, and assets under `wp-content/mu-plugins/cookie-notice-pro/assets/`.
- Depends on: WordPress hooks and frontend assets.
- Used by: every frontend request.
## Data Flow
**Frontend Request:**
1. Request enters `index.php`.
2. `index.php` loads `wp-blog-header.php`.
3. `wp-blog-header.php` loads WordPress via `wp-load.php`.
4. `wp-load.php` resolves `wp-config.php`.
5. `wp-config.php` defines DB settings and loads `wp-settings.php`.
6. `wp-settings.php` boots core, loads MU plugins from `wp-content/mu-plugins/`, normal plugins from `wp-content/plugins/`, then the active theme from `wp-content/themes/`.
7. WordPress resolves the query/template through core files such as `wp-includes/template-loader.php`.
8. Hello Elementor templates render the shell while Elementor/Elementor Pro render page builder content stored in DB.
**State Management:**
- Persistent state lives in the WordPress database.
- Elementor page layout, form definitions, options, menus, and active plugin/theme state are database-resident and not fully visible in files.
- Filesystem state includes themes, plugins, MU plugin code, translations, and backup artifacts.
## Key Abstractions
**WordPress Hooks:**
- Purpose: attach behavior to WordPress lifecycle events.
- Examples: enqueue hooks and setup hooks in `wp-content/themes/hello-elementor/functions.php`; consent/GTM hooks in `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Pattern: `add_action` / `add_filter`.
**Theme Bootstrap:**
- Purpose: declare theme support, menus, Elementor locations, and frontend assets.
- Examples: `wp-content/themes/hello-elementor/functions.php`, `wp-content/themes/hello-elementor/theme.php`.
- Pattern: procedural WordPress functions plus Hello Elementor namespaced modules.
**Elementor Modules:**
- Purpose: page builder, forms, theme builder, popups, widgets, Pro features.
- Examples: `wp-content/plugins/elementor/modules/`, `wp-content/plugins/elementor-pro/modules/forms/`.
- Pattern: plugin module architecture controlled by Elementor.
**MU Plugin:**
- Purpose: site-specific behavior loaded automatically before normal plugins.
- Examples: `wp-content/mu-plugins/cookie-notice-pro-loader.php`, `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Pattern: loader file includes plugin implementation.
## Entry Points
**Frontend:**
- Location: `index.php`.
- Triggers: public HTTP requests.
- Responsibilities: load WordPress and render the resolved page.
**WordPress Bootstrap:**
- Location: `wp-blog-header.php`, `wp-load.php`, `wp-config.php`, `wp-settings.php`.
- Triggers: frontend/admin/core request lifecycle.
- Responsibilities: configure and initialize WordPress.
**Admin:**
- Location: `wp-admin/index.php`, `wp-admin/admin.php`, `wp-admin/admin-ajax.php`, `wp-admin/admin-post.php`.
- Triggers: WordPress admin and AJAX/action requests.
- Responsibilities: admin UI, plugin/theme settings, AJAX endpoints.
**Theme:**
- Location: `wp-content/themes/hello-elementor/functions.php`, `wp-content/themes/hello-elementor/index.php`, `wp-content/themes/hello-elementor/header.php`, `wp-content/themes/hello-elementor/footer.php`, `wp-content/themes/hello-elementor/theme.php`.
- Triggers: theme loading and template rendering.
- Responsibilities: theme support, templates, assets.
**Plugins:**
- Location: `wp-content/plugins/elementor/elementor.php`, `wp-content/plugins/elementor-pro/elementor-pro.php`, `wp-content/plugins/lordicon/lordicon.php`, `wp-content/plugins/svg-support/svg-support.php`, `wp-content/plugins/akismet/akismet.php`, `wp-content/plugins/copy-delete-posts/copy-delete-posts.php`, `wp-content/plugins/duplicator-pro-v4.5.16.2/duplicator-pro.php`.
- Triggers: WordPress plugin loading.
- Responsibilities: plugin-specific features.
**MU Plugin:**
- Location: `wp-content/mu-plugins/cookie-notice-pro-loader.php`.
- Triggers: must-use plugin bootstrap.
- Responsibilities: load cookie notice/GTM logic.
## Error Handling
**Strategy:** WordPress/PHP runtime handles most errors; custom code should fail quietly on the frontend and avoid breaking public lead capture.
**Patterns:**
- `WP_DEBUG` is false in `wp-config.php`.
- Custom JS currently uses direct `JSON.parse()` in `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`; malformed cookie handling needs hardening.
## Cross-Cutting Concerns
**Logging:**
- No dedicated application logger detected.
- Browser console logging exists in `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
**Validation:**
- WordPress and Elementor handle most admin/form validation.
- Cookie notice JS should validate cookie JSON more defensively.
**Authentication:**
- WordPress native authentication via `wp-login.php` and core user/session APIs.
---
*Architecture analysis: 2026-05-07*
*Update when major patterns change*

162
.paul/codebase/concerns.md Normal file
View File

@@ -0,0 +1,162 @@
# Codebase Concerns
**Analysis Date:** 2026-05-07
## Tech Debt
**Generated backup artifacts committed:**
- Issue: Backup archive and Duplicator working files are present in the repository.
- Files: `project_backup_2026-03-26_13-38-53.zip`, `wp-content/backups-dup-pro/`.
- Why: Likely copied from hosting/restore workflow.
- Impact: Large diffs, possible secret/data exposure, noisy repository, unclear source of truth.
- Fix approach: Add a `.gitignore`, remove generated backup artifacts from version control, and rotate secrets if already exposed.
**WordPress core and plugins committed as source:**
- Issue: Full WordPress core and third-party plugins are committed.
- Files: `wp-admin/`, `wp-includes/`, `wp-content/plugins/`.
- Why: Common FTP-style WordPress project snapshot.
- Impact: Accidental vendor/core edits are easy; updates/provenance are hard to audit; diffs become noisy.
- Fix approach: Define an update/deployment policy and keep custom changes isolated in theme/MU plugin/project-owned plugin files.
**Missing custom JS asset referenced by theme:**
- Issue: `wp-content/themes/hello-elementor/functions.php` references `wp-content/themes/hello-elementor/assets/js/custom.js`, but that file was not found.
- Files: `wp-content/themes/hello-elementor/functions.php`, `wp-content/themes/hello-elementor/assets/js/`.
- Why: Possibly planned custom JS or removed asset.
- Impact: Extra 404 request or dead enqueue depending on existence checks and deployment state.
- Fix approach: Create the asset intentionally or remove the enqueue.
## Known Bugs
**Possible duplicate GTM noscript output:**
- Symptoms: GTM noscript iframe may render twice on themes that support `wp_body_open`.
- Trigger: Both `wp_body_open` and `wp_footer` actions run.
- Files: `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Workaround: Browser usually tolerates it, but markup is duplicated.
- Root cause: Same callback registered to two hooks without a one-time guard.
**Malformed consent cookie can break banner JS:**
- Symptoms: Cookie banner initialization or helper methods can throw if stored cookie JSON is malformed.
- Trigger: User/browser has invalid consent cookie value.
- Files: `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
- Workaround: Clear browser cookies.
- Root cause: direct `JSON.parse()` calls without defensive parsing.
## Security Considerations
**Secrets committed in configuration files:**
- Risk: Database credentials, WordPress salts, and Duplicator auth material are present in source files.
- Files: `wp-config.php`, `wp-content/backups-dup-pro/installer/original_files_e507eb0-03080010/source_site_wpconfig`.
- Current mitigation: Secret values are not copied into PAUL docs.
- Recommendations: rotate exposed credentials/salts/auth keys, move environment-specific secrets out of committed files, and remove generated restore artifacts from version control.
**Backup archive may contain sensitive data:**
- Risk: Root backup archive may contain code, uploads, config, database dumps, or credentials.
- Files: `project_backup_2026-03-26_13-38-53.zip`.
- Current mitigation: none visible.
- Recommendations: inspect outside normal docs, remove from repo, rotate credentials if contents were committed/shared.
**Installer logs expose operational details:**
- Risk: Duplicator logs may reveal server paths, restore process details, and environment data.
- Files: `wp-content/backups-dup-pro/installer/dup-installer-log__c3605a4-03080010.txt`, `wp-content/backups-dup-pro/installer/dup-installer-bootlog__c3605a4-03080010.txt`.
- Current mitigation: none visible.
- Recommendations: treat as sensitive generated artifacts and remove from version control.
**Default WordPress table prefix:**
- Risk: Default prefix is a minor hardening weakness, especially on older/poorly protected installs.
- Files: `wp-config.php`.
- Current mitigation: WordPress security does not rely on prefix secrecy.
- Recommendations: consider custom prefix only during rebuild/migration, not casually on a live site.
## Performance Bottlenecks
**Cookie notice script loaded on every frontend page:**
- Problem: Custom consent script is about 25 KB and includes inline SVG strings.
- Files: `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`, `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Measurement: file is about 438 lines / 25 KB in scan.
- Cause: MU plugin enqueues the script globally.
- Improvement path: minify it, defer where safe, and keep it cached.
**Per-request `filemtime()` cache busting:**
- Problem: PHP calls `filemtime()` for custom assets on frontend requests.
- Files: `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Measurement: not measured; likely minor.
- Cause: development-friendly cache busting.
- Improvement path: use a fixed plugin/theme version constant if filesystem calls become a concern.
## Fragile Areas
**Cookie/consent frontend logic:**
- Files: `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
- Why fragile: public page code controls consent defaults, GTM updates, DOM rendering, and cookie parsing.
- Common failures: malformed cookies, duplicate events, console noise, markup string escaping issues.
- Safe modification: add defensive parsing first, then test accept/deny/update flows manually.
- Test coverage: no automated tests detected.
**Elementor form configuration lives in DB:**
- Files: `wp-content/plugins/elementor-pro/modules/forms/`, WordPress database.
- Why fragile: the actual form actions and field configuration are not visible in the file tree.
- Common failures: code/files appear unchanged while form delivery changes in admin/database.
- Safe modification: verify WordPress admin form settings and a real submission after any lead-flow work.
- Test coverage: no project E2E tests detected.
**Encoding of Polish copy:**
- Files: `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`, `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
- Why fragile: some text appears mojibake in scans.
- Common failures: broken Polish characters after edits.
- Safe modification: confirm encoding before editing copy; preserve UTF-8.
- Test coverage: manual visual verification only.
## Scaling Limits
**Unknown hosting/deployment capacity:**
- Current capacity: not documented.
- Limit: unknown.
- Symptoms at limit: not measured.
- Scaling path: document hosting, cache strategy, and form delivery path.
## Dependencies at Risk
**Duplicator Pro restore tooling with PHP 8.4 noise:**
- Risk: installer logs show PHP 8.4 deprecation noise during restore.
- Impact: future restores on newer PHP runtimes may be noisy or brittle.
- Migration plan: update Duplicator Pro before relying on it for restore, or validate restore in staging.
**Committed plugin versions without update policy:**
- Risk: security/update status is hard to audit from repo alone.
- Impact: outdated plugins can create security and compatibility risk.
- Migration plan: document update ownership, version checks, and deployment process.
## Missing Critical Features
**No project-owned `.gitignore`:**
- Problem: generated artifacts and OS files are committed.
- Current workaround: manual care.
- Blocks: clean source control and safer collaboration.
- Implementation complexity: low.
**No deployment/update notes:**
- Problem: unclear how WordPress core/plugins/theme changes are deployed.
- Current workaround: infer from FTP/SFTP/hosting behavior.
- Blocks: reliable updates and rollback planning.
- Implementation complexity: low to medium.
## Test Coverage Gaps
**Lead capture flow:**
- What's not tested: landing page CTA, Elementor form submission, delivery/storage, thank-you/redirect behavior.
- Files: `wp-content/plugins/elementor-pro/modules/forms/`, WordPress database configuration, `wp-content/themes/hello-elementor/assets/css/custom.scss`.
- Risk: lead form could break silently.
- Priority: High.
- Difficulty to test: requires running WordPress environment and real/staged form configuration.
**Consent/GTM behavior:**
- What's not tested: consent defaulting, malformed cookie handling, GTM consent updates.
- Files: `wp-content/mu-plugins/cookie-notice-pro/`.
- Risk: analytics/compliance behavior can break public pages.
- Priority: High.
- Difficulty to test: moderate; JS unit tests or browser tests could cover this.
---
*Concerns audit: 2026-05-07*
*Update as issues are fixed or new ones discovered*

115
.paul/codebase/conventions.md Normal file
View File

@@ -0,0 +1,115 @@
# Coding Conventions
**Analysis Date:** 2026-05-07
## Naming Patterns
**Files:**
- WordPress entry/template names follow WordPress conventions: `index.php`, `functions.php`, `header.php`, `footer.php`, `comments.php`.
- MU plugin loader and implementation use descriptive plugin paths: `wp-content/mu-plugins/cookie-notice-pro-loader.php`, `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Custom assets use descriptive names: `wp-content/themes/hello-elementor/assets/css/custom.scss`, `wp-content/themes/hello-elementor/assets/css/custom.css`, `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
- Third-party plugin file naming varies by vendor; do not use vendor files as project style unless working inside that plugin intentionally.
**Functions:**
- WordPress theme functions use prefixed snake_case, e.g. `hello_elementor_setup()` in `wp-content/themes/hello-elementor/functions.php`.
- Site-specific MU plugin functions use `cnp_*` prefix, e.g. `cnp_render_gtm_noscript()` in `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- New project-owned PHP functions should use a clear prefix and WordPress-style snake_case.
**Variables:**
- PHP variables follow WordPress/PHP conventions: `$lower_snake_case` where applicable.
- Constants use uppercase names; example: `CNP_GTM_ID` in `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
**Types:**
- Hello Elementor theme classes use namespaces and PascalCase class names, e.g. `HelloTheme\Modules\AdminHome\Components\Ajax_Handler` in `wp-content/themes/hello-elementor/modules/admin-home/components/ajax-handler.php`.
- Most site-owned custom code is procedural WordPress PHP rather than class-based.
## Code Style
**Formatting:**
- Project guidance in `CLAUDE.md` says to use WordPress Coding Standards for PHP, JS, and CSS.
- `wp-content/themes/hello-elementor/functions.php` follows WordPress spacing style such as `if ( ! defined( 'ABSPATH' ) )`.
- `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php` uses 4-space indentation and less consistent WordPress spacing such as `if (!defined('ABSPATH'))`.
- New project-owned PHP should prefer WordPress Coding Standards even when older custom code is mixed.
- SCSS in `wp-content/themes/hello-elementor/assets/css/custom.scss` uses nested SCSS, Elementor-oriented selectors, and mobile breakpoints.
- `wp-content/themes/hello-elementor/assets/css/custom.css` is compiled/minified and includes a source map reference.
**Linting:**
- No root `.eslintrc*`, `.prettierrc*`, `phpcs.xml*`, `.editorconfig`, `composer.json`, or `package.json` detected.
- No project lint command detected.
## Import / Dependency Organization
**PHP Loading:**
- Use WordPress hooks (`add_action`, `add_filter`) for lifecycle integration.
- Enqueue frontend styles/scripts from PHP rather than hardcoding tags.
- MU plugin loading is done through `wp-content/mu-plugins/cookie-notice-pro-loader.php`.
**Path Aliases:**
- Not applicable; no project-owned module bundler or PHP autoload setup detected.
## Error Handling
**Patterns:**
- WordPress/PHP handles most runtime errors.
- Use guard checks such as `defined( 'ABSPATH' )` in PHP entry files.
- Escape frontend output with WordPress helpers (`esc_js`, `esc_attr`, etc.) as seen in `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
**Expected Practice:**
- Avoid breaking public pages/forms if optional assets or config are missing.
- In frontend JS, guard JSON parsing and cookie access before use.
## Logging
**Framework:**
- No dedicated logger detected.
- Browser console logging exists in `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
**Patterns:**
- Avoid new production console noise unless it is behind a debug flag.
## Comments
**When to Comment:**
- Explain business/compliance decisions, especially consent/GTM behavior.
- Avoid comments that restate obvious WordPress API usage.
**JSDoc/TSDoc:**
- Not used as a project standard.
**TODO Comments:**
- Many TODOs exist in WordPress core and third-party plugins; do not treat them as project-owned debt.
- No meaningful custom TODO/FIXME debt was found in the MU plugin or theme customizations.
## Function Design
**Size:**
- Keep new custom PHP functions focused around a WordPress hook or one behavior.
- Extract helpers when frontend consent/form logic grows.
**Parameters:**
- Prefer explicit arguments and small option arrays for custom helpers.
**Return Values:**
- Use early returns for guard conditions.
- Ensure frontend helpers handle missing/malformed cookies without throwing.
## Module Design
**Exports:**
- WordPress hooks/functions are the main module boundary in custom code.
- For new site-owned behavior, prefer a dedicated MU plugin or project-owned plugin over editing third-party plugin files.
**Barrel Files:**
- Not applicable.
## Editing Boundaries
- Do not edit `wp-admin/` or `wp-includes/`.
- Do not edit third-party plugin code in `wp-content/plugins/` unless explicitly required.
- Prefer custom work in `wp-content/themes/hello-elementor/assets/`, `wp-content/themes/hello-elementor/functions.php`, or a site-owned plugin/MU plugin.
- Confirm file encoding before editing Polish copy in `wp-content/mu-plugins/cookie-notice-pro/`; some text appears mojibake.
---
*Convention analysis: 2026-05-07*
*Update when patterns change*

79
.paul/codebase/db_schema.md Normal file
View File

@@ -0,0 +1,79 @@
# Database Schema
**Updated:** 2026-05-07 | **Total tables:** Unknown from files | **Engine:** MySQL/MariaDB via WordPress | **Charset:** Not available from files
---
## WordPress Core Schema
This repository does not include an authoritative live database dump or project-owned migration set. The site depends on the standard WordPress schema managed by WordPress core and plugins.
Expected core tables use the configured table prefix from `wp-config.php`:
| Table | Purpose | Source |
|-------|---------|--------|
| `wp_posts` | Pages, posts, Elementor documents, attachments, revisions | WordPress core |
| `wp_postmeta` | Post/page/Elementor metadata | WordPress core |
| `wp_options` | Site options, plugin settings, active theme/plugin state | WordPress core |
| `wp_users` | WordPress users | WordPress core |
| `wp_usermeta` | User metadata/capabilities | WordPress core |
| `wp_terms` | Terms/categories/tags | WordPress core |
| `wp_term_taxonomy` | Term taxonomy definitions | WordPress core |
| `wp_term_relationships` | Content-to-term relationships | WordPress core |
| `wp_comments` | Comments/submissions where applicable | WordPress core |
| `wp_commentmeta` | Comment metadata | WordPress core |
Elementor page layouts, form definitions, menus, options, and active plugin/theme state are database-resident and are not fully visible in this file tree.
---
## Elementor Pro Tables
Elementor Pro includes plugin-managed migrations for form submissions and notes.
**Form submissions** - lead/form submission storage
- Migration: `wp-content/plugins/elementor-pro/modules/forms/submissions/database/migrations/initial.php`.
- Creates submission, submission value, and form action log tables via WordPress `dbDelta`.
- Exact live table names depend on WordPress table prefix.
**Notes** - Elementor collaboration/notes features
- Migration: `wp-content/plugins/elementor-pro/modules/notes/database/migrations/initial.php`.
- Creates note-related custom tables via plugin migration infrastructure.
Other database migration/update infrastructure exists under:
- `wp-content/plugins/elementor/core/database`.
- `wp-content/plugins/elementor-pro/core/database`.
- `wp-content/plugins/elementor/modules/*/database`.
---
## Backup / Installer Database Logic
Duplicator Pro contains database packaging and installer logic, but this is restore tooling rather than the authoritative application schema.
Relevant paths:
- `wp-content/plugins/duplicator-pro-v4.5.16.2/classes`.
- `wp-content/plugins/duplicator-pro-v4.5.16.2/installer`.
- `wp-content/backups-dup-pro/`.
No extracted SQL dump was found during the scan.
---
## Schema Characteristics
| Property | Value |
|----------|-------|
| Engine | MySQL/MariaDB through WordPress |
| Charset | Not available from files |
| Encrypted columns | Not detected in project-owned schema |
| Soft deletes | Not detected in project-owned schema |
| Audit via JSON | Not detected in project-owned schema |
| Migrations | WordPress core/plugin-managed; no project-owned migration directory detected |
| Deferred indexes | Not documented |
| Table prefix | Configured in `wp-config.php`; value intentionally not repeated here |
## Verification Notes
- For planning that touches form submissions, leads, Elementor layouts, or page content, verify live schema/content via database access, WP-CLI, or WordPress admin.
- Do not rely on file tree alone for Elementor page structure or active form settings.

111
.paul/codebase/integrations.md Normal file
View File

@@ -0,0 +1,111 @@
# External Integrations
**Analysis Date:** 2026-05-07
## APIs & External Services
**Email/Lead Forms:**
- Elementor Pro Forms - lead capture and form handling.
- Implementation: `wp-content/plugins/elementor-pro/modules/forms/`.
- Actions include email, redirect, webhook, Slack, Discord, Mailchimp, Drip, ActiveCampaign, GetResponse, ConvertKit, MailerLite, MailPoet, and submission logging.
- Action registry: `wp-content/plugins/elementor-pro/modules/forms/registrars/form-actions-registrar.php`.
**External APIs:**
- Akismet - anti-spam API integration.
- Files: `wp-content/plugins/akismet/class.akismet.php`, `wp-content/plugins/akismet/class.akismet-admin.php`, `wp-content/plugins/akismet/class.akismet-rest-api.php`.
- Google Tag Manager / Google Consent Mode - custom MU plugin integration.
- Files: `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`, `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
- GTM ID is hardcoded in the MU plugin; value intentionally omitted here.
- Google reCAPTCHA / reCAPTCHA v3 - available through Elementor Pro forms.
- Files: `wp-content/plugins/elementor-pro/modules/forms/classes/recaptcha-handler.php`, `wp-content/plugins/elementor-pro/modules/forms/classes/recaptcha-v3-handler.php`.
- Elementor account/license/cloud library services.
- Files: `wp-content/plugins/elementor-pro/core/connect/apps/activate.php`, `wp-content/plugins/elementor-pro/modules/cloud-library/module.php`, `wp-content/plugins/elementor-pro/core/app/modules/kit-library/module.php`.
- Lordicon service/plugin integration.
- Files: `wp-content/plugins/lordicon/lordicon.php`, `wp-content/plugins/lordicon/dist/block.js`.
## Data Storage
**Databases:**
- MySQL/MariaDB - primary WordPress database.
- Connection: constants in `wp-config.php`.
- Table prefix: configured in `wp-config.php`.
- Client: WordPress `$wpdb` and plugin database helpers.
- Migrations: WordPress core/plugin-managed; no project-owned migration directory detected.
**File Storage:**
- WordPress filesystem uploads are expected, but `wp-content/uploads/` is not present in this checkout.
- Duplicator Pro includes remote storage addons:
- Amazon S3 / compatible providers: `wp-content/plugins/duplicator-pro-v4.5.16.2/addons/amazons3addon/`.
- Dropbox: `wp-content/plugins/duplicator-pro-v4.5.16.2/addons/dropboxaddon/`.
- Google Drive: `wp-content/plugins/duplicator-pro-v4.5.16.2/addons/gdriveaddon/`.
- OneDrive: `wp-content/plugins/duplicator-pro-v4.5.16.2/addons/onedriveaddon/`.
- FTP/SFTP: `wp-content/plugins/duplicator-pro-v4.5.16.2/addons/ftpaddon/`.
**Caching:**
- No dedicated cache plugin/service detected in files.
## Authentication & Identity
**Auth Provider:**
- WordPress native user/session system.
- Core files: `wp-login.php`, `wp-includes/pluggable.php`, `wp-admin/`.
**OAuth Integrations:**
- Not detected as site-specific configuration.
- Elementor/Lordicon/third-party plugin account integrations may exist through their plugin dashboards.
## Monitoring & Observability
**Error Tracking:**
- Dedicated service not detected.
**Analytics:**
- Google Tag Manager / Consent Mode through `wp-content/mu-plugins/cookie-notice-pro/`.
**Logs:**
- WordPress/PHP hosting logs are likely external to repo.
- Duplicator installer logs are present under `wp-content/backups-dup-pro/installer/`; treat them as sensitive generated artifacts.
## CI/CD & Deployment
**Hosting:**
- Not documented.
- Project appears to be a WordPress filesystem checkout, likely managed through hosting/FTP/SFTP outside the repository.
**CI Pipeline:**
- Not detected.
## Environment Configuration
**Development:**
- Required values are currently direct constants in `wp-config.php`.
- `.env.example`: not detected.
**Staging:**
- Not documented.
**Production:**
- Secrets management appears file-based in `wp-config.php`.
- Recommended future direction: move environment-specific secrets out of committed files and document deployment responsibilities.
## Webhooks & Callbacks
**Incoming:**
- Elementor Pro supports generic webhook form actions via `wp-content/plugins/elementor-pro/modules/forms/actions/webhook.php`.
- Actual configured form actions live in the WordPress database and are not visible in this file tree.
**Outgoing:**
- Elementor Pro form integrations can call marketing/email/chat services depending on form configuration stored in DB.
## Not Detected
- WooCommerce plugin.
- SEO plugins such as Yoast or Rank Math.
- Contact Form 7 / WPForms / Gravity Forms.
- Dedicated SMTP/email delivery plugin.
- Root-level custom API client code outside installed plugins.
---
*Integration audit: 2026-05-07*
*Update when adding/removing external services*

86
.paul/codebase/stack.md Normal file
View File

@@ -0,0 +1,86 @@
# Technology Stack
**Analysis Date:** 2026-05-07
## Languages
**Primary:**
- PHP - WordPress core, theme, plugins, and MU plugin code. Examples: `wp-settings.php`, `wp-content/themes/hello-elementor/functions.php`, `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
**Secondary:**
- JavaScript - frontend/admin assets in WordPress, Elementor, Lordicon, and the cookie notice MU plugin. Examples: `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`, `wp-content/plugins/lordicon/dist/block.js`.
- CSS/SCSS - theme and plugin styling. Examples: `wp-content/themes/hello-elementor/assets/css/custom.scss`, `wp-content/themes/hello-elementor/assets/css/custom.css`, `wp-content/plugins/svg-support/scss/`.
- Twig - detected in vendor/plugin code.
## Runtime
**Environment:**
- WordPress 6.9.4 - detected in `wp-includes/version.php`.
- Required PHP version from WordPress core: 7.2.24 - `wp-includes/version.php`.
- Required MySQL version from WordPress core: 5.5.5 - `wp-includes/version.php`.
- Database configured through constants in `wp-config.php`; secret values are intentionally not documented.
**Package Manager:**
- No root `composer.json` detected.
- No root `package.json` detected.
- Plugin/theme-local manifests exist but are not a project-level dependency contract: `wp-content/plugins/svg-support/composer.json`, `wp-content/themes/twentytwentyfive/package.json`, `wp-content/themes/twentytwentyfive/package-lock.json`.
- Composer lockfile: not detected.
- Yarn/pnpm lockfiles: not detected.
## Frameworks
**Core:**
- WordPress - CMS/application runtime in `wp-admin/`, `wp-includes/`, `wp-content/`.
- Hello Elementor 3.4.7 - installed theme in `wp-content/themes/hello-elementor/style.css`.
- Elementor 3.35.9 - page builder plugin in `wp-content/plugins/elementor/elementor.php`.
- Elementor Pro 3.35.1 - forms, theme builder, popups, and Pro modules in `wp-content/plugins/elementor-pro/elementor-pro.php`.
**Testing:**
- Not detected at project level.
**Build/Dev:**
- Twenty Twenty-Five has npm/PostCSS/cssnano scripts in `wp-content/themes/twentytwentyfive/package.json`, but this applies to the bundled default theme.
- No project-owned build pipeline detected for the Hello Elementor customizations.
## Key Dependencies
**Critical:**
- Elementor 3.35.9 - primary page-building layer, `wp-content/plugins/elementor/elementor.php`.
- Elementor Pro 3.35.1 - forms and lead capture features, `wp-content/plugins/elementor-pro/elementor-pro.php`.
- Cookie Notice Pro MU plugin 1.0.0 - consent/GTM behavior, `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Hello Elementor 3.4.7 - active/customized theme candidate, `wp-content/themes/hello-elementor/style.css`.
**Infrastructure:**
- Duplicator Pro 4.5.16.2 - backup/migration tooling, `wp-content/plugins/duplicator-pro-v4.5.16.2/duplicator-pro.php`.
- Akismet Anti-spam 5.6 - spam protection, `wp-content/plugins/akismet/akismet.php`.
- Copy & Delete Posts 1.5.3 - content duplication, `wp-content/plugins/copy-delete-posts/copy-delete-posts.php`.
- Lordicon 1.0 - icon/media integration, `wp-content/plugins/lordicon/lordicon.php`.
- SVG Support 2.5.14 - SVG upload/render support, `wp-content/plugins/svg-support/svg-support.php`.
## Configuration
**Environment:**
- Primary configuration is in `wp-config.php`.
- `wp-config.php` contains DB constants, salts, table prefix, `WP_DEBUG`, and a Duplicator auth key. Do not copy secret values into documentation.
- `.env` files: not detected.
- Root environment example/config manifest: not detected.
**Build:**
- No root build config detected.
- Custom theme CSS source exists at `wp-content/themes/hello-elementor/assets/css/custom.scss` and compiled CSS at `wp-content/themes/hello-elementor/assets/css/custom.css`.
## Platform Requirements
**Development:**
- PHP + MySQL/MariaDB environment capable of running WordPress.
- Database/content is required for the actual Elementor landing page; page layouts are not fully represented by files alone.
**Production:**
- WordPress hosting with PHP and MySQL/MariaDB.
- Deployment process not documented in the repository.
- Backup artifacts are present in `project_backup_2026-03-26_13-38-53.zip` and `wp-content/backups-dup-pro/`.
---
*Stack analysis: 2026-05-07*
*Update after major dependency changes*

166
.paul/codebase/structure.md Normal file
View File

@@ -0,0 +1,166 @@
# Codebase Structure
**Analysis Date:** 2026-05-07
## Directory Layout
```
luxmed2.pagedev.pl/
|-- .paul/ # PAUL project state and codebase documentation
|-- wp-admin/ # WordPress admin application (vendor/core)
|-- wp-includes/ # WordPress core libraries (vendor/core)
|-- wp-content/ # Mutable site layer: themes, plugins, MU plugins, languages, backups
| |-- themes/ # Installed themes
| |-- plugins/ # Installed normal plugins
| |-- mu-plugins/ # Must-use plugins loaded automatically
| |-- languages/ # WordPress/plugin translations
| `-- backups-dup-pro/ # Duplicator generated backup/installer artifacts
|-- index.php # WordPress frontend entry
|-- wp-config.php # Environment/database configuration with secrets
|-- wp-*.php # WordPress root bootstrap/admin endpoints
|-- CLAUDE.md # Project working rules
`-- project_backup_2026-03-26_13-38-53.zip # Backup archive artifact
```
## Directory Purposes
**`wp-admin/`:**
- Purpose: WordPress admin application.
- Contains: admin screens, AJAX endpoints, install/update/admin logic.
- Key files: `wp-admin/admin.php`, `wp-admin/admin-ajax.php`, `wp-admin/index.php`.
- Modification rule: treat as vendor/core; do not edit directly.
**`wp-includes/`:**
- Purpose: WordPress core libraries.
- Contains: bootstrap, template loader, database API, user/session APIs, block/editor support.
- Key files: `wp-includes/version.php`, `wp-includes/template-loader.php`.
- Modification rule: treat as vendor/core; do not edit directly.
**`wp-content/themes/`:**
- Purpose: installed themes.
- Contains: `hello-elementor`, `twentytwentyfive`, `twentytwentyfour`, `twentytwentythree`.
- Key files: `wp-content/themes/hello-elementor/functions.php`, `wp-content/themes/hello-elementor/style.css`, `wp-content/themes/hello-elementor/assets/css/custom.scss`.
**`wp-content/themes/hello-elementor/`:**
- Purpose: primary customized theme candidate.
- Contains: theme templates, theme bootstrap, admin modules, custom assets.
- Key files: `functions.php`, `theme.php`, `header.php`, `footer.php`, `assets/css/custom.scss`, `assets/css/custom.css`.
- Note: `functions.php` references `assets/js/custom.js`, but that file was not found.
**`wp-content/plugins/`:**
- Purpose: installed WordPress plugins.
- Contains: Elementor, Elementor Pro, Akismet, Duplicator Pro, Copy & Delete Posts, Lordicon, SVG Support.
- Key files: plugin main entry files such as `wp-content/plugins/elementor/elementor.php` and `wp-content/plugins/elementor-pro/elementor-pro.php`.
- Modification rule: treat third-party plugin code as vendor unless explicitly choosing to patch it.
**`wp-content/mu-plugins/`:**
- Purpose: must-use plugins loaded automatically by WordPress.
- Contains: `cookie-notice-pro-loader.php` and `cookie-notice-pro/`.
- Key files: `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`, `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
- This is the main site-specific custom code found in the scan.
**`wp-content/backups-dup-pro/`:**
- Purpose: Duplicator Pro generated backup/installer working files.
- Contains: installer logs, restore artifacts, original config copies.
- Key files: `wp-content/backups-dup-pro/installer/dup-installer-log__c3605a4-03080010.txt`.
- Treat as generated sensitive state, not source.
## Key File Locations
**Entry Points:**
- `index.php` - public WordPress frontend entry.
- `wp-blog-header.php` - loads the WordPress environment.
- `wp-load.php` - resolves and loads config.
- `wp-config.php` - environment/database configuration.
- `wp-login.php` - WordPress login entry.
- `xmlrpc.php` - legacy XML-RPC entry.
- `wp-cron.php` - WordPress cron entry.
**Configuration:**
- `wp-config.php` - DB constants, salts, table prefix, debug flag, Duplicator auth key.
- `CLAUDE.md` - project rules for future coding sessions.
- `.paul/config.md` - PAUL configuration.
**Core Logic / Customization:**
- `wp-content/themes/hello-elementor/functions.php` - theme setup and asset enqueue hooks.
- `wp-content/themes/hello-elementor/assets/css/custom.scss` - local custom CSS source.
- `wp-content/themes/hello-elementor/assets/css/custom.css` - compiled/minified local CSS.
- `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php` - consent/GTM plugin PHP.
- `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js` - consent banner frontend logic.
**Testing:**
- No project-owned test directory or config detected.
**Documentation:**
- `.paul/PROJECT.md` - business context.
- `.paul/ROADMAP.md` - planning skeleton.
- `.paul/STATE.md` - PAUL session state.
- `.paul/codebase/*.md` - codebase map.
- `readme.html` - WordPress core documentation, not project-specific docs.
## Naming Conventions
**Files:**
- WordPress root/core files use `wp-*` naming: `wp-load.php`, `wp-settings.php`.
- Theme templates use standard WordPress names: `index.php`, `header.php`, `footer.php`, `comments.php`, `sidebar.php`.
- Theme fragments live under `template-parts/`.
- Custom assets use descriptive/kebab-case names: `wp-content/themes/hello-elementor/assets/css/custom.scss`, `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
**Directories:**
- WordPress conventional directories: `wp-admin/`, `wp-includes/`, `wp-content/`.
- Plugin/theme directories are lower-case or kebab-case: `hello-elementor`, `elementor-pro`, `copy-delete-posts`, `cookie-notice-pro`.
**Special Patterns:**
- Hello Elementor functions use `hello_elementor_*` prefixes in `wp-content/themes/hello-elementor/functions.php`.
- MU plugin custom functions use `cnp_*` prefix in `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php`.
- Plugin class files often use `class-*.php`, e.g. `wp-content/plugins/lordicon/includes/class-plugin.php`.
## Where to Add New Code
**New Landing Page Styling:**
- Primary code: `wp-content/themes/hello-elementor/assets/css/custom.scss`.
- Compiled output: `wp-content/themes/hello-elementor/assets/css/custom.css`.
- Verify Elementor selectors against rendered page and mobile breakpoints.
**New Frontend Behavior:**
- Prefer a site-specific file under `wp-content/themes/hello-elementor/assets/js/` and enqueue from `wp-content/themes/hello-elementor/functions.php`.
- Note: `assets/js/custom.js` is referenced but missing; create or remove the enqueue deliberately.
**New Always-On Site Logic:**
- Use `wp-content/mu-plugins/cookie-notice-pro/` only when behavior must always load and is related to consent/GTM.
- For unrelated custom behavior, prefer a separate MU plugin directory or project-owned plugin rather than editing third-party plugins.
**New Elementor/Form Configuration:**
- Likely configured in WordPress admin and stored in DB; export/document separately if it must be versioned.
**Tests/Tooling:**
- No current project-owned setup. If introduced, add root-level tooling and document commands in `.paul/codebase/testing.md` and `CLAUDE.md`.
## Special Directories
**`wp-admin/` and `wp-includes/`:**
- Purpose: WordPress core.
- Source: upstream WordPress release.
- Committed: yes.
- Handling: avoid direct edits; update through WordPress release process.
**`wp-content/plugins/`:**
- Purpose: third-party plugin code.
- Source: installed plugins.
- Committed: yes.
- Handling: avoid direct edits unless explicitly patching vendor code.
**`wp-content/backups-dup-pro/`:**
- Purpose: Duplicator generated restore/backup artifacts.
- Source: generated by Duplicator.
- Committed: yes, but should be treated as sensitive generated state.
**`.paul/`:**
- Purpose: PAUL planning and memory files.
- Source: generated/maintained by PAUL workflows.
- Committed: intended.
---
*Structure analysis: 2026-05-07*
*Update when directory structure changes*

19
.paul/codebase/tech_changelog.md Normal file
View File

@@ -0,0 +1,19 @@
# Technical Changelog
> Chronological log of technical changes - what and why.
## 2026-05-07 - Codebase Map Initialized
**Co zrobiono / What changed:**
- Created initial PAUL codebase documentation in `.paul/codebase/`.
- Captured WordPress/Elementor stack, architecture, structure, conventions, testing gaps, integrations, database notes, and concerns.
**Dlaczego / Why:**
- Establish technical context before planning landing page lead-generation work.
- Preserve warnings about secrets, backup artifacts, and custom consent/form boundaries for future sessions.
---
## Earlier entries
No earlier technical changelog entries recorded.

118
.paul/codebase/testing.md Normal file
View File

@@ -0,0 +1,118 @@
# Testing Patterns
**Analysis Date:** 2026-05-07
## Test Framework
**Runner:**
- No project-level automated test framework detected.
- No root `composer.json`, `package.json`, `phpunit.xml`, Jest config, Playwright config, Cypress config, `.eslintrc`, `.prettierrc`, or `phpcs.xml` detected.
- `CLAUDE.md` states that no standard test command was detected.
**Assertion Library:**
- Not detected.
**Run Commands:**
```bash
# No project-owned automated test command detected.
# Current practice: manual verification in browser / WordPress environment.
```
## Test File Organization
**Location:**
- No site-owned `tests/`, `__tests__/`, `*.test.*`, or `*.spec.*` files detected.
- Duplicator installer validation classes under `wp-content/plugins/duplicator-pro-v4.5.16.2/installer/dup-installer/classes/validation/tests/` are runtime validation classes, not the project test suite.
**Naming:**
- Not established for project-owned tests.
**Structure:**
```
luxmed2.pagedev.pl/
|-- wp-content/
| |-- mu-plugins/cookie-notice-pro/ # custom code without automated tests
| `-- themes/hello-elementor/assets/ # custom assets without automated tests
`-- (no project-owned tests directory detected)
```
## Test Structure
**Suite Organization:**
- Not established.
**Patterns:**
- Manual QA is the current practical verification path.
- For frontend changes, verify page rendering, mobile layout, consent behavior, and form submission.
- For lead form changes, verify Elementor Pro form configuration in WordPress admin and a real submission path in the target environment.
## Mocking
**Framework:**
- Not detected.
**Patterns:**
- Not established.
**What to Mock:**
- If tests are introduced later: mock WordPress hooks/database for unit tests, and test browser behavior with Playwright or similar for consent/form flows.
**What NOT to Mock:**
- Do not mock the final manual verification of Elementor form submission; that should be tested against a real WordPress environment when possible.
## Fixtures and Factories
**Test Data:**
- Not established.
**Location:**
- Not established.
## Coverage
**Requirements:**
- No enforced coverage target.
**Configuration:**
- No coverage tooling detected.
**View Coverage:**
```bash
# Not available.
```
## Test Types
**Unit Tests:**
- Not currently present.
- Good future candidates: consent cookie parsing and defaulting in `wp-content/mu-plugins/cookie-notice-pro/assets/cookienoticepro.script.js`.
**Integration Tests:**
- Not currently present.
- Good future candidates: WordPress enqueue behavior in `wp-content/mu-plugins/cookie-notice-pro/cookie-notice-pro.php` and `wp-content/themes/hello-elementor/functions.php`.
**E2E Tests:**
- Not currently present.
- Good future candidates: landing page load, mobile layout, cookie banner, form submission, redirect/thank-you behavior.
## Common Manual Verification
**Landing Page:**
- Open the public page in desktop and mobile widths.
- Confirm hero/content renders without layout overlap.
- Confirm CTA leads to the form.
- Confirm the form is visible, usable, and submits successfully.
**Consent/GTM:**
- Verify initial consent defaults.
- Accept/deny/update cookie preferences.
- Confirm malformed cookies do not break the banner once hardened.
**Elementor/Form:**
- Verify Elementor assets load.
- Submit the form and confirm delivery/storage/integration configured in WordPress admin.
---
*Testing analysis: 2026-05-07*
*Update when test patterns change*