Feat/wpuf ai form builder design #1697

arifulhoque7 · 2025-09-05T08:29:04Z

🎨 AI Form Builder – Design & Implementation

📋 Overview

This PR introduces a groundbreaking AI-powered form builder for WP User Frontend, allowing users to create complex WordPress forms through natural language descriptions. It reimagines the traditional form creation workflow by integrating a conversational, intelligent interface that adapts to user intent and provides real-time refinement options.

The feature is built with a mix of AI orchestration, Vue.js components, modern styling, and secure REST APIs, transforming WP User Frontend into a next-generation, AI-assisted platform.

🚀 Major Additions

🧠 AI Infrastructure (+8,500 lines)

Core AI System – Multiple provider support with centralized orchestration.
Predefined Provider – 1,189 lines of intelligent form pattern recognition.
Form Generator – 577 lines of context-aware generation logic.
REST API Controller – 1,004 lines of secure API endpoints.
AI Manager – Unified service handling for AI interactions.

🖥️ Vue.js Components (+2,825 lines)

AIFormBuilder.vue – Main orchestration with 3-stage workflow.
FormInputStage.vue – Natural language form input interface.
FormProcessingStage.vue – Real-time form generation progress feedback.
FormSuccessStage.vue – Conversational refinement & instant form preview.

🎨 Styling & UI (+8,656 lines)

ai-form-builder.css – New styling system (7,636 lines).
form-builder.css – Enhanced form builder visuals (1,020 lines).
Tailwind CSS Integration – Clean, modern UI components.
Animations – Interactive confetti and visual feedback.

📚 Documentation & References (+3,704 lines)

Implementation Plan (1,847 lines).
System Prompts & AI Context (454 lines).
Field Reference Documentation (1,403 lines).
Comprehensive Testing Utilities for reproducible results.

✨ Key Features

Natural Language Processing
- Understands complex requirements.
- Detects field types automatically.
- Provides context-aware suggestions.
Three-Stage Workflow
- Input → Processing → Success/Refinement.
- Smooth progression with visual feedback.
Interactive Chat Refinement
- Conversational field adjustments.
- Real-time preview updates.
Smart Field Mapping
- Supports 30+ field types.
- WordPress-specific fields (posts, taxonomies).
- Handles Pro-only features gracefully.
Settings Integration
- Configurable AI providers.
- Temperature & token controls.
- API key management.

🔧 Technical Enhancements

Performance – Optimized build process with Vite.
Security – Nonce-based authentication, sanitized inputs.
Testing – Utilities for AI response simulation.
Error Handling – Graceful fallbacks, user-friendly messages.
Internationalization (i18n) – Full multi-language support.

📊 Stats

Files Changed: 39
Additions: 19,666
Deletions: 68
Net Change: +19,598

🧪 Testing Files

check-ai-status.php – AI availability checker.
test-ai-context.php – AI context validation.
test-google-gemini.php – Google AI provider tests.
setup-google-ai.php – Setup and config helper.

🎯 Impact

This feature elevates WP User Frontend into an AI-assisted form creation platform, bridging the gap between beginner-friendly usability and professional-grade customization. Users can now describe forms in plain English and instantly receive production-ready WordPress forms, making form creation faster, smarter, and more accessible.

Summary by CodeRabbit

New Features
- AI Form Builder: multi-stage UI to generate, preview, chat-update, persist, and edit forms from prompts.
- REST endpoints and admin tooling to generate, test providers, manage settings, and create/modify AI-generated forms.
- Offline "predefined" provider for local testing and dynamic model filtering in settings.
Style
- Large Tailwind/CSS expansion with UI utilities, chat/form styles, RTL and responsive refinements.
Documentation
- Full implementation plan, system prompt, and WPUF field/reference guides.
Chores
- Build/watch pipeline, asset entries and build scripts added for AI assets.
Tests
- Diagnostic and test harnesses for provider and conversation-context validation.

Introduces a comprehensive Markdown reference for all available WPUF (WordPress User Frontend) post form fields, including field types, properties, options, Pro vs Free distinctions, validation rules, templates, and usage guidelines for AI-driven form creation

coderabbitai · 2025-09-05T08:29:12Z

Important

Review skipped

Review was skipped as selected files did not have any reviewable changes.

💤 Files selected but had no reviewable changes (1)

assets/js/components/FormSuccessStage.vue

⛔ Files ignored due to path filters (1)

assets/js/ai-form-builder.min.js is excluded by !**/*.min.js

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds a complete AI Form Builder feature: backend AI orchestration (multi-provider FormGenerator, PredefinedProvider), REST API, admin handlers/templates, Vue frontend with components and build pipeline updates, new assets/styles, settings UI, diagnostic/test scripts, and plugin bootstrap wiring.

Changes

Cohort / File(s)	Summary
Planning & Prompts `AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md`, `includes/AI/system-prompt.md`, `includes/AI/wpuf-post-form-fields-reference.md`	New implementation plan and strict system prompt/field reference documents defining JSON schema, validation checklist, field mappings, examples, and AI guidance for WPUF forms.
AI Core & Orchestration `includes/AI/FormGenerator.php`, `includes/AI/RestController.php`, `Lib/AI/PredefinedProvider.php`, `includes/AI_Manager.php`	New FormGenerator service (multi-provider: OpenAI/Anthropic/Google/predefined), REST controller with routes for generate/test/providers/settings/create/modify, PredefinedProvider for local testing, and AI_Manager to wire hooks, localization and component access.
Admin Integration & Handlers `includes/Admin.php`, `includes/Admin/Forms/AI_Form_Handler.php`, `includes/Admin/template-parts/ai-form-builder.php`, `includes/Admin/template-parts/modal-v4.2.php`	Admin wiring: container AI form handler entry; handlers for AI template/generating/success flows; Vue mount template; AI template tile and AI config modal injected into template grid; updated modal JS/CSS integration.
Settings UI `includes/functions/settings-options.php`	Adds "AI Settings" section and fields: `ai_provider`, `ai_model` (extendable via filter), and `ai_api_key`.
Frontend Vue App & Components `assets/js/ai-form-builder.js`, `assets/js/components/AIFormBuilder.vue`, `assets/js/components/FormInputStage.vue`, `assets/js/components/FormProcessingStage.vue`, `assets/js/wpuf-admin.js`	New Vue bootstrap and components implementing input → processing → success/chat stages, preview/apply flows, session handling, field mapping helpers, pro-gating modals, and admin AI provider→model filtering logic.
Assets & Styles `includes/Assets.php`, `src/css/ai-form-builder.css`, `assets/css/admin/form-builder.css`	Registers ai-form-builder CSS/JS handles; adds Tailwind-based ai-form-builder.css (spin animation) and extensive admin CSS expansions (form controls, chat UI, utilities, RTL/responsive rules).
Build Pipeline `Gruntfile.js`, `package.json`, `vite.config.mjs`, `tailwind.config.js`	Vite entry added for `ai-form-builder`, npm script `build:ai-form-builder`, Grunt tailwind mapping/watch tasks and new watchers, Tailwind content scanning extended to include PHP templates.
Diagnostics & Tests `check-ai-status.php`, `setup-google-ai.php`, `test-ai-context.php`, `test-google-context.php`, `test-google-gemini.php`	New setup/status/testing scripts and harnesses for configuring/exercising Google Gemini and predefined provider flows; quick status and functional checks.
Admin Asset Enqueue & Templates `includes/Assets.php`, `includes/Admin/template-parts/ai-form-builder.php`, `includes/Admin.php`	Asset registration and localized data injection for AI pages; admin enqueue helper added; template mount point localizes boot data via wp_localize_script.
Bootstrap & Small Edits `wpuf.php`, `includes/class-frontend-render-form.php`, `includes/Admin/Posting.php`	Plugin bootstrap loads AI_Manager and registers container entry; minor whitespace and logging removals.

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

Possibly related PRs

enhance: post form UI revamp #1513 — Overlaps Grunt/Tailwind file mapping, tasks and watchers; likely conflicts in build tooling and asset pipeline.
Feature/template filtering search in post form #1621 — Modifies includes/Admin/template-parts/modal-v4.2.php; potential overlap with AI template tile and modal changes.
enhance: global settings for Cloudflare Turnstile #1495 — Changes wpuf_settings_fields()/wpuf_settings_sections; related to new AI settings additions.

Suggested reviewers

sapayth

Pre-merge checks (2 passed, 1 inconclusive)

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The title mentions the AI form builder but includes a branch-style prefix and lacks clarity and conciseness, making it too generic to clearly summarize the primary implementation details.	Rewrite the title to a concise, descriptive sentence focused on the main change, for example “Add AI-powered form builder design and integration.”

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	The description is thorough, detailed, and directly related to the changeset, clearly outlining the new AI form builder’s objectives, components, and implementation plan.
Docstring Coverage	✅ Passed	Docstring coverage is 92.21% which is sufficient. The required threshold is 80.00%.

Poem

I tapped my paws on keys so bright,
I spun up prompts beneath moonlight.
From REST to Vue I hopped with glee,
Fields and CSS bloomed merrily.
A rabbit's nudge — now go create! 🐇✨

✨ Finishing Touches

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 49

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

includes/Admin/Posting.php (1)
156-163: Register or guard localization of ‘wpuf-field-initialization’
The handle ‘wpuf-field-initialization’ isn’t registered in includes/Assets.php, so calling wp_localize_script() on it will enqueue data that never prints. Either add a corresponding entry to get_scripts() (so ‘wpuf-field-initialization’ is registered) or wrap the wp_localize_script() call in a check, for example:
if ( wp_script_is( 'wpuf-field-initialization', 'registered' ) ) {
    wp_localize_script( 'wpuf-field-initialization', 'wpuf_field_initializer', [
        'asset_uri' => defined( 'WPUF_PRO_ASSET_URI' ) ? WPUF_PRO_ASSET_URI : '',
    ] );
}
Location: includes/Admin/Posting.php:157–160

🧹 Nitpick comments (58)

tailwind.config.js (1)

12-13: LGTM — broadened content globs ensure PHP template classes are scanned.

Consider narrowing if build times spike (e.g., target only includes/Admin/template-parts and other known template dirs) or use a safelist for dynamic classes.
src/css/ai-form-builder.css (1)
13-16: LGTM — scoped spin animation with wpuf- prefix.

Consider honoring reduced motion:
@media (prefers-reduced-motion: reduce) {
  .wpuf-animate-spin { animation: none; }
}
setup-google-ai.php (1)
7-14: Support env override to avoid editing the file.

Allow running via WPUF_GOOGLE_API_KEY=... wp eval-file ....
-// REPLACE THIS WITH YOUR ACTUAL API KEY
-$api_key = 'YOUR_GOOGLE_API_KEY_HERE';
+// Prefer environment variable if present
+$api_key = getenv('WPUF_GOOGLE_API_KEY') ?: 'YOUR_GOOGLE_API_KEY_HERE';
test-google-gemini.php (1)
101-114: Improve error reporting for non-200 responses.

Surface cURL errors and HTTP reason text to speed up debugging.
 } else {
-    echo "❌ ERROR: Request failed\n";
-    $error_data = json_decode($response, true);
+    echo "❌ ERROR: Request failed\n";
+    $curl_err = isset($ch) ? '' : '';
+    $error_data = json_decode($response, true);
     if (isset($error_data['error'])) {
         echo "Error: " . $error_data['error']['message'] . "\n";
         echo "Status: " . $error_data['error']['status'] . "\n";
         
         if (strpos($error_data['error']['message'], 'API key not valid') !== false) {
             echo "\n⚠️  Please check your API key!\n";
             echo "Get one at: https://aistudio.google.com/\n";
         }
     } else {
-        echo "Response: $response\n";
+        echo "Response body: $response\n";
     }
 }
Additionally, check and print curl_error($ch) when $response === false.
includes/functions/settings-options.php (1)

655-685: Model list: prefer stable “latest” aliases and verify defaults.

Several IDs (e.g., gpt-3.5-turbo, older dated Anthropic models) may be deprecated or superseded. Consider using each provider’s “latest” aliases and setting a sensible default (e.g., gpt-4o-mini or gemini-1.5-flash) to reduce support churn.

Would you like me to switch to “latest” aliases and gate model options by selected provider (to avoid cross-provider IDs in the dropdown)?
assets/css/admin/form-builder.css (4)
1209-1211: Duplicate transition declarations in same rule.

Two transition declarations override each other. Merge into one to satisfy linters.
-  transition: visibility 0.2s;
-  transition: padding 0.2s ease-out,
-    background-color 0.2s ease-out;
+  transition: visibility 0.2s, padding 0.2s ease-out, background-color 0.2s ease-out;
Note: If this file is generated, fix in the source (Tailwind/CSS) or suppress the linter for generated assets.

3899-3901: visibility: collapse on non-table elements is inconsistent across browsers.

Use display: none or visibility: hidden depending on layout needs.
-.wpuf-collapse {
-  visibility: collapse;
-}
+.wpuf-collapse { visibility: hidden; } /* or display: none; if layout permits */
7075-7113: Hard-coded green color for range slider; use theme tokens.

Replace raw green with your design tokens to support theming (light/dark/brand).
-input[type="range"] {
-  ... 
-  background: green;
-  ...
-}
+input[type="range"] {
+  ...
+  background: var(--fallback-su, oklch(var(--su)/1));
+  ...
+}
-input[type="range"]::-webkit-slider-thumb {
-  background: green;
-}
+input[type="range"]::-webkit-slider-thumb {
+  background: var(--fallback-su, oklch(var(--su)/1));
+}
-input[type="range"]::-moz-range-thumb {
-  background: green;
-}
+input[type="range"]::-moz-range-thumb {
+  background: var(--fallback-su, oklch(var(--su)/1));
+}
2661-2786: Collapse control: multiple duplicate transition timing declarations.

Several transition-timing-function lines repeat; keep one to reduce CSS size and appease linters.
-  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
-  transition-timing-function: cubic-bezier(0, 0, 0.2, 1);
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
If compiled by Tailwind/DaisyUI, consider post-processing with cssnano to dedupe in dist files.
Lib/AI/PredefinedProvider.php (4)
818-821: Don’t overwrite response['fields'] with WPUF fields

Overwriting the generic fields with WPUF-shaped fields can break consumers expecting the original shape. Keep fields as-is and expose only wpuf_fields (optionally include original_fields for debugging).

Apply this diff to stop overriding fields:
-        // Update the response fields to show the converted WPUF fields in debug logs
-        // This ensures RestController logs show the correct field structure
-        $response['fields'] = $wpuf_fields;
+        // Keep original `fields` intact; `wpuf_fields` already contains the converted structure.
If you still want debug visibility, capture the original before conversion and add original_fields:
// place before conversion
$original_fields = $response['fields'];

// after conversion
$response['original_fields'] = $original_fields;
1023-1040: Taxonomy field may be missing required props and has mixed boolean convention

WPUF taxonomy fields typically need the taxonomy slug (often via name or a dedicated taxonomy key) and toggle values as 'yes'/'no'. Here show_inline is set to false (boolean), while other flags use 'no'. Also consider explicitly setting the taxonomy to 'category'.

Proposed adjustments:
-                    $wpuf_field['show_inline'] = false;
+                    $wpuf_field['show_inline'] = 'no';
+                    // Ensure taxonomy slug is explicit if WPUF expects it
+                    $wpuf_field['taxonomy'] = 'category';
Please verify against WPUF’s taxonomy field schema to confirm the expected keys.

1134-1187: Prefix WP global functions for clarity and slight perf (FQN) + ensure availability

In namespaced PHP, using global WP functions via FQNs is clearer and avoids an extra global lookup. Apply to __(), get_option(), current_time(), etc.

Apply representative changes:
-            'message_restrict' => __('This page is restricted. Please {login} / {register} to view this page.', 'wp-user-frontend'),
+            'message_restrict' => \__('This page is restricted. Please {login} / {register} to view this page.', 'wp-user-frontend'),
-            'submit_text' => sprintf(__('Create %s', 'wp-user-frontend'), $title),
+            'submit_text' => \sprintf(\__('Create %s', 'wp-user-frontend'), $title),
-                'new_to' => get_option('admin_email', ''),
-                'new_subject' => sprintf(__('New %s has been created', 'wp-user-frontend'), strtolower($title)),
+                'new_to' => \get_option('admin_email', ''),
+                'new_subject' => \sprintf(\__('New %s has been created', 'wp-user-frontend'), \strtolower($title)),
Also update earlier current_time('mysql') similarly:
-        $response['generated_at'] = current_time('mysql');
+        $response['generated_at'] = \current_time('mysql');
949-981: Map consistency between input_type and template; avoid later overrides

Some types (e.g., 'number', 'file', 'image') are remapped again in addFieldSpecificProperties, contradicting the “don’t override” comment. Keep mapping in one place (here) and make addFieldSpecificProperties additive only.

Simplify addFieldSpecificProperties by removing input_type/template reassignments and centralize the mapping here to reduce drift.
assets/js/components/FormProcessingStage.vue (6)
125-125: Use WordPress JS i18n when available and support domain argument

Rely on wp.i18n.__ if present and pass through extra args. Current method ignores the text-domain parameter.

Apply:
-        __: window.__ || ((text) => text),
+        __(...args) {
+            const fn = window?.wp?.i18n?.__ || ((t) => t);
+            return fn(...args);
+        },
136-152: Clear timers on unmount to prevent leaks and stray emits

Track setTimeout IDs and clear them on beforeUnmount. This component schedules multiple timers and currently never clears them.

Apply:
-            steps.forEach((step, index) => {
-                setTimeout(() => {
+            this._timers = this._timers || [];
+            steps.forEach((step, index) => {
+                const id = setTimeout(() => {
                     this.currentStep = step;
                     
                     if (step === 4) {
-                        setTimeout(() => {
+                        const cid = setTimeout(() => {
                             this.showConfetti = true;
                             this.confettiUrl = this.getConfettiUrl();
                             
-                            setTimeout(() => {
+                            const fid = setTimeout(() => {
                                 this.$emit('generation-complete');
                                 this.isProcessing = false;
-                            }, this.completeDelay);
-                        }, this.confettiDelay);
+                            }, this.completeDelay);
+                            this._timers.push(fid);
+                        }, this.confettiDelay);
+                        this._timers.push(cid);
                     }
-                }, (index + 1) * this.stepDelay);
+                }, (index + 1) * this.stepDelay);
+                this._timers.push(id);
             });
Add this hook near the end of the script:
beforeUnmount() {
    (this._timers || []).forEach(clearTimeout);
    this._timers = [];
}
2-3: Improve accessibility: announce progress and busy state

Add ARIA to help screen readers track progress.

Apply:
-    <div class="wpuf-ai-form-wrapper wpuf-font-sans wpuf-bg-white wpuf-w-full wpuf-h-screen wpuf-overflow-hidden wpuf-relative">
+    <div class="wpuf-ai-form-wrapper wpuf-font-sans wpuf-bg-white wpuf-w-full wpuf-h-screen wpuf-overflow-hidden wpuf-relative"
+         role="status" :aria-busy="isProcessing.toString()">
85-85: Decorative confetti image should have empty alt

Avoids unnecessary announcements by screen readers.

Apply:
-                <img :src="confettiUrl" alt="Confetti" class="wpuf-w-full wpuf-h-full wpuf-object-cover"/>
+                <img :src="confettiUrl" alt="" class="wpuf-w-full wpuf-h-full wpuf-object-cover" />
92-115: Declare emitted events

Declare generation-complete for better DX and Vue 3 compatibility (dev warnings).

Apply:
 export default {
     name: 'FormProcessingStage',
+    emits: ['generation-complete'],
     props: {
7-16: Inline base64 image in the SVG is very large; consider replacing

The embedded 276×276 PNG inflates bundle size. Prefer a lightweight SVG/CSS spinner or a small external asset processed by Vite.

I can provide a minimal CSS spinner replacement if helpful.
vite.config.mjs (1)
21-47: Set an explicit build target to ensure optional chaining is transpiled

The component uses optional chaining (?.). Explicit build.target helps guarantee compatibility with older admin browsers if needed.

Apply:
         build: {
+            target: 'es2018',
             rollupOptions: {
wpuf.php (1)
165-166: Prefer WPUF_INCLUDES and keep includes consistent

Use the existing WPUF_INCLUDES constant for consistency with the rest of the codebase.
-        require_once __DIR__ . '/includes/AI_Manager.php';
+        require_once WPUF_INCLUDES . '/AI_Manager.php';
assets/js/wpuf-admin.js (1)

235-237: Localize “Select AI Model”

Hard-coded English string. Use wp.i18n.__ or a localized string injected from PHP.
test-ai-context.php (2)
99-103: Normalize provider usage or update the comment

Comment says “Test with Google Gemini” but provider is taken from settings. Either set provider explicitly or adjust the label.

Apply one:
-// Test with Google Gemini
+// Test with current provider configured in WPUF settings
Or:
 $options = [
     'conversation_context' => $scenario['context'],
-    'session_id' => 'test_session_' . time()
+    'session_id' => 'test_session_' . time(),
+    'provider' => 'google'
 ];
101-101: Use a collision-resistant session id

time() can collide within a loop. Prefer uniqid with entropy.
-        'session_id' => 'test_session_' . time()
+        'session_id' => uniqid('test_session_', true)
includes/Admin/template-parts/ai-form-builder.php (3)
27-29: Preserve punctuation/newlines for prompt/description

Prompts/descriptions can be multi-line; sanitize_textarea_field keeps intent while preventing XSS.
-$description = isset( $_GET['description'] ) && ! empty( $_GET['description'] ) ? sanitize_text_field( wp_unslash( $_GET['description'] ) ) : '';
-$prompt = isset( $_GET['prompt'] ) && ! empty( $_GET['prompt'] ) ? sanitize_text_field( wp_unslash( $_GET['prompt'] ) ) : '';
+$description = isset( $_GET['description'] ) && ! empty( $_GET['description'] ) ? sanitize_textarea_field( wp_unslash( $_GET['description'] ) ) : '';
+$prompt = isset( $_GET['prompt'] ) && ! empty( $_GET['prompt'] ) ? sanitize_textarea_field( wp_unslash( $_GET['prompt'] ) ) : '';
38-43: Harden localized URLs

Minor: mirror rest_url escaping for siteUrl as well.
-        'siteUrl'      => site_url(),
+        'siteUrl'      => esc_url_raw( site_url() ),
57-64: Tailwind arbitrary class safelisting

wpuf-pr-[20px] may be purged by JIT if not safelisted. Ensure it’s included in Tailwind safelist.
includes/AI/system-prompt.md (1)

435-454: Markdown structure nits

Use proper headings (##) instead of emphasis for sections; helps maintainers and linters (MD036).
test-google-context.php (3)
52-65: Prefer systemInstruction for Gemini system prompts

Passing the entire system prompt as user content works but is suboptimal. Use systemInstruction to improve adherence.
-    $body = [
-        'contents' => [
-            [
-                'parts' => [
-                    ['text' => $full_prompt]
-                ]
-            ]
-        ],
-        'generationConfig' => [
+    $body = [
+        'systemInstruction' => [
+            'parts' => [['text' => $system_prompt]]
+        ],
+        'contents' => [
+            [
+                'parts' => [
+                    ['text' => (!empty($context) ? "CURRENT CONTEXT:\n" . json_encode($context, JSON_PRETTY_PRINT) . "\n\n" : "") . "User request: " . $prompt]
+                ]
+            ]
+        ],
+        'generationConfig' => [
             'temperature' => 0.7,
             'maxOutputTokens' => 2000,
             'responseMimeType' => 'application/json'
         ]
     ];
73-86: Add cURL error handling and clearer API failures

Improve diagnostics for non-200 responses and cURL errors.
     $response = curl_exec($ch);
+    if ($response === false) {
+        $err = curl_error($ch);
+        curl_close($ch);
+        return ['error' => true, 'message' => 'cURL error: ' . $err];
+    }
     $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
     curl_close($ch);
     
     if ($http_code === 200) {
         $data = json_decode($response, true);
         if (isset($data['candidates'][0]['content']['parts'][0]['text'])) {
             $content = $data['candidates'][0]['content']['parts'][0]['text'];
             return json_decode($content, true);
         }
     }
     
-    return ['error' => true, 'message' => 'API request failed'];
+    return ['error' => true, 'message' => 'API request failed', 'http_code' => $http_code, 'raw' => $response];
132-134: Avoid printing API keys (even partially)

Remove API key echo to prevent accidental leakage in logs.
-echo "API Key: " . substr($API_KEY, 0, 10) . "...***\n";
-echo "Model: gemini-1.5-flash (Free tier)\n";
+echo "Model: gemini-1.5-flash\n";
includes/Admin/template-parts/modal-v4.2.php (5)
154-161: Harden total template count when $registry is null/non-countable.

count() on null emits warnings on older PHP. Guard with is_countable.
-// Base count: registry templates + blank form
-$total_count = count($registry) + 1;
+// Base count: registry templates + blank form
+$total_count = ( isset( $registry ) && is_countable( $registry ) ? count( $registry ) : 0 ) + 1;
197-201: Localize hard‑coded strings (“Blank Form”, “AI Forms”).

Use translation functions for title and labels.
-<a href="<?php echo esc_url( $blank_form_url ); ?>" class="wpuf-btn-secondary ... " title="<?php echo esc_attr( 'Blank Form' ); ?>">
+<a href="<?php echo esc_url( $blank_form_url ); ?>" class="wpuf-btn-secondary ... " title="<?php echo esc_attr__( 'Blank Form', 'wp-user-frontend' ); ?>">
...
-<p class="wpuf-text-sm ..."><?php echo esc_html( 'Blank Form' ); ?></p>
+<p class="wpuf-text-sm ..."><?php echo esc_html__( 'Blank Form', 'wp-user-frontend' ); ?></p>
-<a href="<?php echo esc_url( $ai_form_url ); ?>" class="wpuf-btn-secondary ... " title="<?php echo esc_attr( 'AI Forms' ); ?>">
+<a href="<?php echo esc_url( $ai_form_url ); ?>" class="wpuf-btn-secondary ... " title="<?php echo esc_attr__( 'AI Forms', 'wp-user-frontend' ); ?>">
...
-<p class="wpuf-text-sm ..."><?php echo esc_html( 'AI Forms' ); ?></p>
+<p class="wpuf-text-sm ..."><?php echo esc_html__( 'AI Forms', 'wp-user-frontend' ); ?></p>
Also applies to: 262-266

450-464: Remove debug console logs before release.

Logs spam the console and may leak state. Gate behind a debug flag or remove.
-                console.log('AI Template found:', $aiTemplate.length);
-                console.log('AI Configured raw:', aiConfigured);
-                console.log('AI Configured type:', typeof aiConfigured);
...
-                    console.log('Attaching AI click handler because AI is NOT configured');
...
-                    console.log('NOT attaching AI click handler - AI is configured or template not found');
575-586: Unify “configured” detection (string vs boolean).

Make the click guard consistent with init logic.
-                var $template = $( e.target ).closest( '.wpuf-ai-forms-template' );
-                var isConfigured = $template.data( 'ai-configured' ) === 'true';
+                var $template = $( e.target ).closest( '.wpuf-ai-forms-template' );
+                var raw = $template.data( 'ai-configured' );
+                var isConfigured = ( raw === true || raw === 'true' );
379-409: Add modal ARIA attributes for accessibility.

Role and labelling help screen readers.
-<div class="wpuf-ai-config-modal ... " id="ai-config-modal">
+<div class="wpuf-ai-config-modal ... " id="ai-config-modal" role="dialog" aria-modal="true" aria-labelledby="ai-config-modal-title">
...
-        <h2 class="wpuf-text-2xl wpuf-font-medium wpuf-text-center wpuf-text-gray-900 wpuf-mb-4">
+        <h2 id="ai-config-modal-title" class="wpuf-text-2xl wpuf-font-medium wpuf-text-center wpuf-text-gray-900 wpuf-mb-4">
Also applies to: 390-392
assets/js/components/FormInputStage.vue (2)
123-124: Prefer wp.i18n.__ when available.

Use WordPress i18n fallback chain.
-        __: window.__ || ((text) => text),
+        __: ( (window.wp && window.wp.i18n && window.wp.i18n.__) || window.__ || ((text) => text) ),
56-62: Optional: disable button via aria and prevent double submits.

Add aria-busy for accessibility and guard against double clicks.
-                <button 
+                <button 
                     @click="startGeneration"
                     :disabled="!formDescription.trim() || isGenerating"
+                    :aria-busy="isGenerating ? 'true' : 'false'"
                     class="wpuf-px-8 ...
includes/Admin/Forms/AI_Form_Handler.php (1)

49-54: Consistent screen IDs (nit).

You use wpuf-ai-form-generation and wpuf-ai-form-generating; consider standardizing for consistency.

Also applies to: 89-94, 124-129
check-ai-status.php (1)
7-16: Optional: Gate output through WP-CLI when available.

This improves UX (colors, exit codes) and avoids accidental web execution.
-echo "=== WPUF AI Form Builder Status Check ===\n\n";
+if (defined('WP_CLI') && WP_CLI) {
+    \WP_CLI::line('=== WPUF AI Form Builder Status Check ===');
+} else {
+    echo "=== WPUF AI Form Builder Status Check ===\n\n";
+}
includes/AI/FormGenerator.php (2)

104-129: Keep predefined keyword logic in one place to avoid drift.

isPredefinedPrompt hardcodes patterns that can diverge from PredefinedProvider’s templates. Consider delegating detection to the provider or centralizing the keyword list.

372-393: Gemini request shape: prefer system_instruction for clarity.

Bundling system + user into one text works, but using system_instruction plus a separate user message tends to produce cleaner JSON and is closer to docs.

Example shape:

system_instruction: { parts: [ { text: $system_prompt } ] }

contents: [ { role: "user", parts: [ { text: $prompt } ] } ]
includes/Admin.php (1)
176-212: Localize all required frontend config here (good), but guard against missing settings.

Looks fine. To harden:

Cast hasApiKey to bool.

Provide the generation route path to avoid frontend guessing.
-                'hasApiKey'  => !empty($ai_settings['ai_api_key']),
+                'hasApiKey'  => ! empty( $ai_settings['ai_api_key'] ) ? true : false,
+                'endpoint'   => 'wpuf/v1/ai-form-builder/generate',
AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md (5)
970-1034: Make the system prompt injectable and single-sourced.

Hardcoding the prompt string here and again in providers risks drift. Centralize via a single AI_System_Prompt::get_form_generation_prompt() and reference it in all formatters/providers.

615-653: Predefined provider: avoid sleep(1) and add nonce/session validation notes.

Sleeping in PHP slows admin requests. If you want simulated latency, do it in the frontend. Also add a note that session IDs are not trusted input and should be validated/sanitized.
- // Simulate processing delay (like real AI)
- sleep(1);
+ // Frontend can simulate latency if needed; avoid delaying PHP requests.
707-730: Avoid logging full provider error bodies in production.

Bodies may include provider error details that can leak into logs. Log sanitized summaries and attach the raw body only when WP_DEBUG_LOG is true.
- error_log('WPUF AI OpenAI HTTP Error: ' . $status_code . ' - ' . $error_body);
+ if (defined('WP_DEBUG_LOG') && WP_DEBUG_LOG) {
+   error_log('WPUF AI OpenAI HTTP Error: ' . $status_code);
+ }
Also applies to: 721-725

1533-1535: Rate limiting listed as TODO—document minimal strategy.

Given API cost and abuse risks, include a short section recommending per-user/hour limits via transients keyed by user ID and provider.

1776-1811: Field-structure notes: ensure ToC and taxonomy examples reflect required keys.

Great that you called out toc and taxonomy specifics. Add quick JSON examples showing the minimal valid WPUF payload for each to reduce ambiguity for implementers.

Also applies to: 1812-1826
includes/AI/wpuf-post-form-fields-reference.md (3)
370-372: Free vs Pro classification conflicts (multiple_select, recaptcha, google_map, etc.).

multiple_select listed as Free here but PRO earlier; google_map listed as PRO but appears in “Real Estate” examples; confirm actual SKU gating and unify labels. Mark disputed items with a single “Free/Pro” source of truth.

Also applies to: 392-418

421-448: Meta key rules: tighten regex guidance.

Docs say “Only letters and underscores allowed,” but examples include numbers; adjust rule to “lowercase letters, numbers, underscores,” and provide the actual regex you’ll apply during normalization.
- **Characters**: Only letters and underscores allowed
+ **Characters**: Lowercase letters, numbers, and underscores allowed
+ **Validation regex**: `/^[a-z0-9_]+$/`
Also applies to: 449-455

1236-1345: Settings taxonomy: label a few as Pro-only.

Some settings (payments, subscription packs, conditional logic) are Pro. Add explicit “Pro” badges to those keys to guide AI output and UI expectations.

Also applies to: 1348-1367
Gruntfile.js (4)
6-8: Tailwind map key is unused; duplication will run the same build twice.

tailwind() ignores the left-hand key and builds per CSS filename. Mapping two different keys to the same CSS (admin/form-builder.css) triggers duplicate builds. Consider unique CSS targets only.
- 'admin/form-builder/views/form-builder-v4.1.php': 'admin/form-builder.css',
- 'admin/form-builder/views/post-form-settings.php': 'admin/form-builder.css',
- 'assets/js/forms-list.js': 'admin/form-builder.css',
+ 'admin/form-builder': 'admin/form-builder.css',
125-134: Overlapping watchers may cause redundant builds.

aiFormBuilderVue and aiFormBuilder both watch assets/js/components/**/*.vue. This will run both npm_build_ai_form_builder and Tailwind builds on the same change. If intentional, ignore; otherwise, split globs or use a single watcher that chains both tasks.
- 'assets/js/components/**/*.vue',
+ // Vue files handled by aiFormBuilderVue watcher
Also applies to: 152-162

301-316: build-tailwind runs ai-form-builder twice.

build-tailwind first builds ai-form-builder.css, then calls tailwind which also builds it via tailwindFileMap. Drop the first step to avoid duplicate work.
- grunt.registerTask( 'build-tailwind', [ 'shell:tailwind:src/css/ai-form-builder.css:assets/css/ai-form-builder.css', 'tailwind' ] );
+ grunt.registerTask( 'build-tailwind', [ 'tailwind' ] );
323-339: Tailwind task: guard against missing Tailwind binary and add failure feedback.

If npx tailwindcss is missing, Grunt fails late. Consider pre-checking and logging a clearer message, or document the requirement in CONTRIBUTING.
includes/AI_Manager.php (1)
45-48: Redundant REST API initialization hook

The init_rest_api method is registered but serves no purpose since the RestController handles its own registration in the constructor.

Remove the redundant hook registration and method:
 private function init_hooks() {
-    add_action('rest_api_init', [$this, 'init_rest_api']);
     add_action('wp_enqueue_scripts', [$this, 'enqueue_scripts']);
     add_action('admin_enqueue_scripts', [$this, 'enqueue_admin_scripts']);
 }
-/**
- * Initialize REST API
- */
-public function init_rest_api() {
-    // REST API is already initialized in RestController constructor
-    // This hook ensures it runs at the right time
-}
assets/js/components/AIFormBuilder.vue (2)
394-394: Pro modal auto-close timeout may be too aggressive

The 15-second auto-close for the pro modal might not give users enough time to read and make a decision.

Consider increasing the timeout or making it configurable:
 // Auto-close after 15 seconds
-setTimeout(closeModal, 15000);
+// Auto-close after 30 seconds to give users time to read
+const autoCloseTimeout = setTimeout(closeModal, 30000);
+
+// Clear timeout if user interacts
+overlay.addEventListener('click', () => {
+    clearTimeout(autoCloseTimeout);
+});
535-539: TODO comment indicates incomplete implementation

The handleSendMessage method has a TODO comment but no implementation.

The chat message handling is not implemented. Would you like me to help implement the API call for chat functionality or create an issue to track this task?

coderabbitai · 2025-09-05T08:43:58Z

AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md

+    public function generate($prompt, $provider = 'predefined') {
+        switch ($provider) {
+            case 'predefined':
+                $service = new PredefinedProvider();
+                break;
+            case 'openai':
+                $service = new OpenaiProvider();
+                break;
+            default:
+                throw new \Exception('Unknown provider');
+        }
+
+        return $service->generateForm($prompt);
+    }


⚠️ Potential issue

Fix inconsistent provider method names (generateForm vs generate_form).

Examples use both generateForm() and generate_form(). This will lead to fatal errors when wiring providers via FormGenerator. Standardize on one name across all snippets and usages.

Apply a consistent rename:

- return $service->generateForm($prompt); + return $service->generate_form($prompt);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

public function generate($prompt, $provider = 'predefined') {

switch ($provider) {

case 'predefined':

$service = new PredefinedProvider();

break;

case 'openai':

$service = new OpenaiProvider();

break;

default:

throw new \Exception('Unknown provider');

}

return $service->generateForm($prompt);

}

public function generate($prompt, $provider = 'predefined') {

switch ($provider) {

case 'predefined':

$service = new PredefinedProvider();

break;

case 'openai':

$service = new OpenaiProvider();

break;

default:

throw new \Exception('Unknown provider');

}

return $service->generate_form($prompt);

}

🤖 Prompt for AI Agents

In AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md around lines 123 to 136, the provider implementations and callers mix generateForm() and generate_form(), causing fatal method-not-found errors; standardize on a single method name (use generateForm) by renaming generate_form() to generateForm() in all provider classes, update any interfaces/abstract classes to declare generateForm(), and update all call sites (including FormGenerator and examples) to invoke generateForm(); run a quick grep across the repo to ensure no remaining generate_form references and run tests.

coderabbitai · 2025-09-05T08:43:58Z

AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md

+class AI_Response_Parser {
+    public function parse_response($provider, $response) {
+        $method = 'parse_' . $provider . '_response';
+
+        if (method_exists($this, $method)) {
+            return $this->$method($response);
+        }
+
+        return $this->parse_generic_response($response);
+    }
+
+    private function parse_openai_response($response) {
+        $data = json_decode($response, true);
+
+        if (isset($data['choices'][0]['message']['content'])) {
+            $content = $data['choices'][0]['message']['content'];
+            return $this->extract_json_from_content($content);
+        }
+
+        throw new Exception('Invalid OpenAI response format');
+    }
+
+    private function parse_anthropic_response($response) {
+        $data = json_decode($response, true);
+
+        if (isset($data['content'][0]['text'])) {
+            $content = $data['content'][0]['text'];
+            return $this->extract_json_from_content($content);
+        }
+
+        throw new Exception('Invalid Anthropic response format');
+    }
+
+    private function parse_google_response($response) {
+        $data = json_decode($response, true);
+
+        if (isset($data['candidates'][0]['content']['parts'][0]['text'])) {
+            $content = $data['candidates'][0]['content']['parts'][0]['text'];
+            return $this->extract_json_from_content($content);
+        }
+
+        throw new Exception('Invalid Google response format');
+    }
+
+    private function parse_cohere_response($response) {
+        $data = json_decode($response, true);
+
+        if (isset($data['text'])) {
+            $content = $data['text'];
+            return $this->extract_json_from_content($content);
+        }
+
+        throw new Exception('Invalid Cohere response format');
+    }
+
+    private function extract_json_from_content($content) {
+        // Try to extract JSON from the content
+        if (preg_match('/\{.*\}/s', $content, $matches)) {
+            $json = json_decode($matches[0], true);
+            if (json_last_error() === JSON_ERROR_NONE) {
+                return $json;
+            }
+        }
+
+        // Try to parse the entire content as JSON
+        $json = json_decode($content, true);
+        if (json_last_error() === JSON_ERROR_NONE) {
+            return $json;
+        }
+
+        throw new Exception('Could not extract valid JSON from response');
+    }
+}


🛠️ Refactor suggestion

JSON extraction via regex is brittle.

preg_match('/\{.*\}/s', $content, ...) can over-capture nested braces and fail on code fences. Prefer streaming parse with first valid-JSON slice or require tool-JSON via provider “json mode”.

Example approach:

- if (preg_match('/\{.*\}/s', $content, $matches)) { - $json = json_decode($matches[0], true); - ... - } + $candidates = [$content]; + if (preg_match_all('/```json\s*(\{.*?\})\s*```/s', $content, $m)) { + $candidates = array_merge($m[1], $candidates); + } + foreach ($candidates as $c) { + $json = json_decode(trim($c), true); + if (json_last_error() === JSON_ERROR_NONE) { return $json; } + }

🤖 Prompt for AI Agents

In AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md around lines 315-387, the extract_json_from_content implementation uses a single greedy regex (preg_match('/\{.*\}/s',...)) which is brittle and will over-capture nested braces or miss JSON inside code fences; replace it with a robust extraction routine that: 1) first scans for explicit JSON code fences and ```json blocks (collect all matches), 2) then collects non-greedy brace-delimited candidates (e.g. small /{.*?}/s matches), and 3) as a fallback perform a balanced-brace scanner that iterates from each '{' and advances a brace counter to find the matching closing '}' to produce exact slices; iterate over all collected candidates, trim and json_decode each, returning the first one where json_last_error() === JSON_ERROR_NONE, and only if none succeed throw the exception.

coderabbitai · 2025-09-05T08:43:58Z

AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md

+    private function addWPUFDefaults($form_data) {
+        // Add WPUF-specific settings
+        $form_data['form_settings'] = array_merge([
+            'form_title' => $form_data['form_title'] ?? 'AI Generated Form',
+            'submit_text' => 'Submit',
+            'success_message' => 'Form submitted successfully!',
+            'form_template' => 'default'
+        ], $form_data['form_settings'] ?? []);
+
+        return $form_data;
+    }
+}


🛠️ Refactor suggestion

Normalizer: field IDs and template mapping.

uniqid() yields string IDs; WPUF core often expects numeric keys for field arrays. Consider using incremental integers.

Some mappings (email_address, image_upload, taxonomy) need input_type/template pairs to render correctly. Extend the mapping to set both when required.

- if (!isset($field['id'])) { $field['id'] = uniqid(); } + static $nextId = 1; + if (!isset($field['id'])) { $field['id'] = $nextId++; } - if (isset($type_mapping[$field['type']])) { $field['template'] = $type_mapping[$field['type']]; } + if (isset($type_mapping[$field['type']])) { + $field['template'] = $type_mapping[$field['type']]; + // ensure input_type for complex templates + if (!isset($field['input_type'])) { + $field['input_type'] = $field['type']; + } + }

Also applies to: 486-491

🤖 Prompt for AI Agents

In AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md around lines 484 to 495, the normalizer uses uniqid() string IDs and incomplete mappings which WPUF expects numeric field keys and paired input_type/template values; replace uniqid() usage with an incremental integer counter for field array keys (ensure uniqueness within the form by starting from 1 or max existing key +1), and extend the mapping logic so that fields like email_address, image_upload and taxonomy set both the input_type and the corresponding template (or form_template) entries so WPUF can render them properly.

coderabbitai · 2025-09-05T08:43:58Z

AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md

+            throw new Exception('Unknown provider: ' . $this->current_provider);
+        }


⚠️ Potential issue

Qualify Exception in namespaced code.

Within namespace WeDevs\Wpuf\AI;, throw new Exception(...) resolves to WeDevs\Wpuf\AI\Exception. Use \Exception (or import) to avoid runtime errors.

- throw new Exception('Unknown provider: ' . $this->current_provider); + throw new \Exception('Unknown provider: ' . $this->current_provider); - throw new Exception('API request failed: ' . $response->get_error_message()); + throw new \Exception('API request failed: ' . $response->get_error_message()); - throw new Exception('API returned error ' . $status_code . ': ' . $body); + throw new \Exception('API returned error ' . $status_code . ': ' . $body);

Also applies to: 949-951, 957-960

🤖 Prompt for AI Agents

In AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md around lines 881-882 (and similarly at 949-951 and 957-960), the code throws Exception unqualified inside namespace WeDevs\Wpuf\AI which resolves to WeDevs\Wpuf\AI\Exception and can cause runtime errors; update each throw to reference the global Exception class by using \Exception (or add a use statement / import for Exception) so the thrown exception resolves correctly.

coderabbitai · 2025-09-05T08:43:58Z

AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md

+class WPUF_AI_REST_Controller {
+
+    private $namespace = 'wpuf/v1';
+    private $rest_base = 'ai-form-builder';
+
+    public function __construct() {
+        add_action('rest_api_init', [$this, 'register_routes']);
+    }
+
+    public function register_routes() {
+        // Generate form endpoint
+        register_rest_route($this->namespace, '/' . $this->rest_base . '/generate', [
+            'methods' => WP_REST_Server::CREATABLE,
+            'callback' => [$this, 'generate_form'],
+            'permission_callback' => [$this, 'check_permission'],
+            'args' => [
+                'prompt' => [
+                    'required' => true,
+                    'type' => 'string',
+                    'sanitize_callback' => 'sanitize_text_field'
+                ],
+                'provider' => [
+                    'required' => false,
+                    'type' => 'string',
+                    'default' => 'predefined',
+                    'enum' => ['predefined', 'openai', 'anthropic', 'google']
+                ]
+            ]
+        ]);
+
+        // Test connection endpoint
+        register_rest_route($this->namespace, '/' . $this->rest_base . '/test', [
+            'methods' => WP_REST_Server::READABLE,
+            'callback' => [$this, 'test_connection'],
+            'permission_callback' => [$this, 'check_permission']
+        ]);
+    }
+
+    public function generate_form(WP_REST_Request $request) {
+        $prompt = $request->get_param('prompt');
+        $provider = $request->get_param('provider');
+
+        try {
+            // Get settings
+            $settings = get_option('wpuf_ai_settings', []);
+
+            // Use predefined provider if no API key or explicitly selected
+            if ($provider === 'predefined' || empty($settings['api_key'])) {
+                $predefined = new Predefined_AI_Provider();
+                $result = $predefined->generate_form($prompt);
+            } else {
+                // Use selected provider with WordPress HTTP API
+                switch ($provider) {
+                    case 'openai':
+                        $service = new WPUF_OpenAI_Simple($settings['api_key']);
+                        $result = $service->generate_form($prompt, $settings['model'] ?? 'gpt-3.5-turbo');
+                        break;
+
+                    case 'anthropic':
+                        $service = new WPUF_Anthropic_Simple($settings['api_key']);
+                        $result = $service->generate_form($prompt, $settings['model'] ?? 'claude-3-haiku-20240307');
+                        break;
+
+                    default:
+                        throw new Exception('Unsupported provider: ' . $provider);
+                }
+            }
+
+            // Check for errors
+            if (isset($result['error']) && $result['error']) {
+                return new WP_Error(
+                    'generation_failed',
+                    $result['message'] ?? 'Form generation failed',
+                    ['status' => 400]
+                );
+            }
+
+            // Return successful response
+            return new WP_REST_Response([
+                'success' => true,
+                'data' => $result
+            ], 200);
+
+        } catch (Exception $e) {
+            return new WP_Error(
+                'generation_error',
+                $e->getMessage(),
+                ['status' => 500]
+            );
+        }
+    }
+
+    public function test_connection(WP_REST_Request $request) {
+        $settings = get_option('wpuf_ai_settings', []);
+        $provider = $settings['provider'] ?? 'predefined';
+
+        if ($provider === 'predefined') {
+            return new WP_REST_Response([
+                'success' => true,
+                'provider' => 'predefined',
+                'message' => 'Predefined provider is always available'
+            ], 200);
+        }
+
+        // Test actual API connection with minimal request
+        try {
+            $test_prompt = 'Say "connection successful"';
+
+            switch ($provider) {
+                case 'openai':
+                    $service = new WPUF_OpenAI_Simple($settings['api_key']);
+                    $service->generate_form($test_prompt, 'gpt-3.5-turbo');
+                    break;
+
+                case 'anthropic':
+                    $service = new WPUF_Anthropic_Simple($settings['api_key']);
+                    $service->generate_form($test_prompt, 'claude-3-haiku-20240307');
+                    break;
+            }
+
+            return new WP_REST_Response([
+                'success' => true,
+                'provider' => $provider,
+                'message' => 'Connection successful'
+            ], 200);
+
+        } catch (Exception $e) {
+            return new WP_Error(
+                'connection_failed',
+                $e->getMessage(),
+                ['status' => 500]
+            );
+        }
+    }
+
+    public function check_permission() {
+        // Check if user can manage options (admin capability)
+        return current_user_can('manage_options');
+    }
+}
+
+// Initialize REST controller
+add_action('init', function() {
+    new WPUF_AI_REST_Controller();
+});
+```


⚠️ Potential issue

REST controller class name drift vs provider classes.

This block references Predefined_AI_Provider, WPUF_OpenAI_Simple, WPUF_Anthropic_Simple but earlier snippets define PredefinedProvider, OpenaiProvider, AnthropicProvider. Harmonize names to match actual classes to prevent copy/paste implementation mistakes.

🤖 Prompt for AI Agents

AI_FORM_BUILDER_IMPLEMENTATION_PLAN.md lines 1044-1189: The REST controller uses incorrect class names (Predefined_AI_Provider, WPUF_OpenAI_Simple, WPUF_Anthropic_Simple) that don’t match the actual provider classes (PredefinedProvider, OpenaiProvider, AnthropicProvider); update the controller to instantiate the real class names used elsewhere and adjust any constructor arguments/method names to match those provider implementations (e.g., replace Predefined_AI_Provider with PredefinedProvider, WPUF_OpenAI_Simple with OpenaiProvider, and WPUF_Anthropic_Simple with AnthropicProvider), ensuring generate_form/test method signatures are called with the correct parameters.

coderabbitai · 2025-09-05T08:44:03Z

test-ai-context.php

+// 1. Initial form creation
+echo "User: Create a contact form\n";
+$result1 = $generator->generate_form('Create a contact form', ['conversation_context' => []]);
+echo "AI: Created form with " . count($result1['fields'] ?? []) . " fields\n\n";
+


🛠️ Refactor suggestion

Also normalize field count in the flow example

Keep the conversation example consistent with the spec.

echo "User: Create a contact form\n"; $result1 = $generator->generate_form('Create a contact form', ['conversation_context' => []]); -echo "AI: Created form with " . count($result1['fields'] ?? []) . " fields\n\n"; +$fields1 = $result1['wpuf_fields'] ?? $result1['fields'] ?? []; +echo "AI: Created form with " . count($fields1) . " fields\n\n";

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

// 1. Initial form creation

echo "User: Create a contact form\n";

$result1 = $generator->generate_form('Create a contact form', ['conversation_context' => []]);

echo "AI: Created form with " . count($result1['fields'] ?? []) . " fields\n\n";

// 1. Initial form creation

echo "User: Create a contact form\n";

$result1 = $generator->generate_form('Create a contact form', ['conversation_context' => []]);

$fields1 = $result1['wpuf_fields'] ?? $result1['fields'] ?? [];

echo "AI: Created form with " . count($fields1) . " fields\n\n";

🤖 Prompt for AI Agents

In test-ai-context.php around lines 149 to 153, the example prints the raw field count using count($result1['fields'] ?? []), which is inconsistent with the spec that uses normalized field lists; update the printed count to use the normalized fields if present (for example count($result1['fields_normalized'] ?? $result1['fields'] ?? [])) so the conversation example always reflects the spec-normalized field count.

coderabbitai · 2025-09-05T08:44:03Z

test-google-context.php

+$API_KEY = 'YOUR_GOOGLE_GEMINI_API_KEY_HERE';
+


⚠️ Potential issue

Do not hardcode API keys; restrict execution

Avoid committing API key placeholders and block web access. Load from env and require CLI.

-$API_KEY = 'YOUR_GOOGLE_GEMINI_API_KEY_HERE'; +if (php_sapi_name() !== 'cli') { + header('HTTP/1.1 403 Forbidden'); + exit; +} +$API_KEY = getenv('GOOGLE_API_KEY') ?: ''; +if ($API_KEY === '') { + fwrite(STDERR, "GOOGLE_API_KEY not set in environment.\n"); + exit(1); +}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

$API_KEY = 'YOUR_GOOGLE_GEMINI_API_KEY_HERE';

// Restrict to CLI only

if (php_sapi_name() !== 'cli') {

header('HTTP/1.1 403 Forbidden');

exit;

}

// Load API key from environment

$API_KEY = getenv('GOOGLE_API_KEY') ?: '';

if ($API_KEY === '') {

fwrite(STDERR, "GOOGLE_API_KEY not set in environment.\n");

exit(1);

}

🤖 Prompt for AI Agents

In test-google-context.php around lines 6-7, remove the hardcoded $API_KEY and instead load the key from an environment variable (e.g. getenv or $_ENV like GOOGLE_GEMINI_API_KEY), fail fast with a clear message and non-zero exit if the env var is empty, and immediately prevent web execution by checking runtime (php_sapi_name() or PHP_SAPI) and exiting unless running via CLI; ensure no default placeholder value is committed and return a non-zero status when the key is missing.

coderabbitai · 2025-09-05T08:44:03Z

test-google-context.php

+    } else if (isset($result['form_title'])) {
+        echo "Response: FORM CREATED\n";
+        echo "Title: " . $result['form_title'] . "\n";
+        echo "Fields: " . count($result['fields'] ?? []) . "\n";
+
+        // Show field types
+        if (isset($result['fields'])) {
+            foreach ($result['fields'] as $field) {
+                echo "  - " . $field['label'] . " (" . $field['type'] . ")\n";
+            }
+        }


🛠️ Refactor suggestion

Print fields from wpuf_fields (or normalize) per spec

Align output with the system prompt by preferring wpuf_fields and falling back to fields.

- } else if (isset($result['form_title'])) { + } else if (isset($result['form_title'])) { echo "Response: FORM CREATED\n"; echo "Title: " . $result['form_title'] . "\n"; - echo "Fields: " . count($result['fields'] ?? []) . "\n"; + $fields = $result['wpuf_fields'] ?? $result['fields'] ?? []; + echo "Fields: " . count($fields) . "\n"; // Show field types - if (isset($result['fields'])) { - foreach ($result['fields'] as $field) { - echo " - " . $field['label'] . " (" . $field['type'] . ")\n"; + if (!empty($fields)) { + foreach ($fields as $field) { + $label = $field['label'] ?? ($field['name'] ?? 'field'); + $type = $field['input_type'] ?? ($field['type'] ?? 'unknown'); + echo " - " . $label . " (" . $type . ")\n"; } }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

} else if (isset($result['form_title'])) {

echo "Response: FORM CREATED\n";

echo "Title: " . $result['form_title'] . "\n";

echo "Fields: " . count($result['fields'] ?? []) . "\n";

// Show field types

if (isset($result['fields'])) {

foreach ($result['fields'] as $field) {

echo " - " . $field['label'] . " (" . $field['type'] . ")\n";

}

}

} else if (isset($result['form_title'])) {

echo "Response: FORM CREATED\n";

echo "Title: " . $result['form_title'] . "\n";

$fields = $result['wpuf_fields'] ?? $result['fields'] ?? [];

echo "Fields: " . count($fields) . "\n";

// Show field types

if (!empty($fields)) {

foreach ($fields as $field) {

$label = $field['label'] ?? ($field['name'] ?? 'field');

$type = $field['input_type'] ?? ($field['type'] ?? 'unknown');

echo " - " . $label . " (" . $type . ")\n";

}

}

🤖 Prompt for AI Agents

In test-google-context.php around lines 114 to 124, the output always uses $result['fields'] but the system requires preferring wpuf_fields and falling back to fields; update the logic to choose $fields = $result['wpuf_fields'] ?? $result['fields'] ?? [] for the count and iteration, print "Fields: " . count($fields), and then loop over $fields to echo each label and type (handling missing keys defensively), ensuring the code uses wpuf_fields when present and only falls back to fields.

coderabbitai · 2025-09-05T08:44:03Z

test-google-gemini.php

+echo "Testing Google Gemini API...\n";
+echo "Endpoint: $endpoint\n\n";
+


⚠️ Potential issue

Do not print endpoint with API key (secret leakage).

echo "Endpoint: $endpoint" exposes the API key in logs/CI. Mask or omit it.

-echo "Testing Google Gemini API...\n"; -echo "Endpoint: $endpoint\n\n"; +echo "Testing Google Gemini API...\n"; +echo "Endpoint: https://generativelanguage.googleapis.com/v1beta/models/{$model}:generateContent?key=****\n\n";

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

echo "Testing Google Gemini API...\n";

echo "Endpoint: $endpoint\n\n";

echo "Testing Google Gemini API...\n";

echo "Endpoint: https://generativelanguage.googleapis.com/v1beta/models/{$model}:generateContent?key=****\n\n";

🤖 Prompt for AI Agents

In test-google-gemini.php around lines 59 to 61, the code prints the full endpoint which contains the API key causing secret leakage; remove or mask the API key before logging by either omitting the endpoint entirely or printing a redacted version (e.g., only hostname or endpoint path and replace query/credential parts with "***"), ensure any logging uses the sanitized value so secrets are not exposed in stdout/CI logs.

coderabbitai · 2025-09-05T08:44:03Z

test-google-gemini.php

+// Make the request
+$ch = curl_init($endpoint);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_POST, true);
+curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($request_body));
+curl_setopt($ch, CURLOPT_HTTPHEADER, [
+    'Content-Type: application/json'
+]);


🛠️ Refactor suggestion

Harden cURL request: timeouts, UA, and JSON headers.

Avoid hangs and improve diagnostics.

$ch = curl_init($endpoint); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($request_body)); -curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Content-Type: application/json' -]); +curl_setopt($ch, CURLOPT_HTTPHEADER, [ + 'Content-Type: application/json', + 'Accept: application/json', + 'User-Agent: WPUF-AI-Gemini-Test/1.0' +]); +curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); +curl_setopt($ch, CURLOPT_TIMEOUT, 30);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

// Make the request

$ch = curl_init($endpoint);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($request_body));

curl_setopt($ch, CURLOPT_HTTPHEADER, [

'Content-Type: application/json'

]);

// Make the request

$ch = curl_init($endpoint);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($request_body));

curl_setopt($ch, CURLOPT_HTTPHEADER, [

'Content-Type: application/json',

'Accept: application/json',

'User-Agent: WPUF-AI-Gemini-Test/1.0'

]);

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);

curl_setopt($ch, CURLOPT_TIMEOUT, 30);

🤖 Prompt for AI Agents

In test-google-gemini.php around lines 62 to 69, the cURL request lacks timeouts, a User-Agent and richer JSON/diagnostic headers which can cause hangs and poor debugging; update the curl options to set a connect timeout and overall timeout (e.g. CURLOPT_CONNECTTIMEOUT and CURLOPT_TIMEOUT), ensure SSL verification remains enabled (CURLOPT_SSL_VERIFYPEER), add a User-Agent header, include Accept: application/json and Content-Length headers alongside Content-Type, and consider enabling CURLOPT_FAILONERROR so HTTP errors return and can be logged; apply these header and option changes when initializing $ch.

coderabbitai

Review continued from previous batch...

coderabbitai · 2025-09-05T08:45:11Z

assets/js/components/AIFormBuilder.vue

+                const style = document.createElement('style');
+                style.id = 'wpuf-ai-error-styles';
+                style.textContent = `
+                    .wpuf-ai-error-modal {
+                        position: fixed;
+                        top: 0;
+                        left: 0;
+                        right: 0;
+                        bottom: 0;
+                        z-index: 999999;
+                        display: flex;
+                        align-items: center;
+                        justify-content: center;
+                    }
+                    .wpuf-ai-error-overlay {
+                        position: absolute;
+                        top: 0;
+                        left: 0;
+                        right: 0;
+                        bottom: 0;
+                        background: rgba(0, 0, 0, 0.5);
+                    }
+                    .wpuf-ai-error-content {
+                        position: relative;
+                        background: white;
+                        padding: 30px;
+                        border-radius: 8px;
+                        max-width: 500px;
+                        box-shadow: 0 4px 20px rgba(0, 0, 0, 0.15);
+                    }
+                    .wpuf-ai-error-title {
+                        color: #dc3545;
+                        margin: 0 0 15px 0;
+                        font-size: 20px;
+                    }
+                    .wpuf-ai-error-message {
+                        color: #333;
+                        margin: 0 0 10px 0;
+                        line-height: 1.5;
+                    }
+                    .wpuf-ai-error-hint {
+                        color: #666;
+                        font-style: italic;
+                        margin: 10px 0 20px 0;
+                        padding: 10px;
+                        background: #f8f9fa;
+                        border-left: 3px solid #007cba;
+                    }
+                    .wpuf-ai-error-close {
+                        margin-top: 15px;
+                    }
+                `;
+                document.head.appendChild(style);
+            }


🛠️ Refactor suggestion

Dynamic style injection can cause memory leaks

The error modal creates style elements dynamically but never removes them, potentially causing memory leaks with repeated errors.

Check if styles already exist before adding:

// Add styles if not already present if (!document.getElementById('wpuf-ai-error-styles')) { const style = document.createElement('style'); style.id = 'wpuf-ai-error-styles'; style.textContent = ` .wpuf-ai-error-modal { position: fixed; top: 0; left: 0; right: 0; bottom: 0; z-index: 999999; display: flex; align-items: center; justify-content: center; } /* ... rest of styles ... */ `; document.head.appendChild(style); + + // Clean up styles when component is destroyed + this.$once('hook:beforeDestroy', () => { + const styleEl = document.getElementById('wpuf-ai-error-styles'); + if (styleEl) { + styleEl.remove(); + } + }); }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

const style = document.createElement('style');

style.id = 'wpuf-ai-error-styles';

style.textContent = `

.wpuf-ai-error-modal {

position: fixed;

top: 0;

left: 0;

right: 0;

bottom: 0;

z-index: 999999;

display: flex;

align-items: center;

justify-content: center;

}

.wpuf-ai-error-overlay {

position: absolute;

top: 0;

left: 0;

right: 0;

bottom: 0;

background: rgba(0, 0, 0, 0.5);

}

.wpuf-ai-error-content {

position: relative;

background: white;

padding: 30px;

border-radius: 8px;

max-width: 500px;

box-shadow: 0 4px 20px rgba(0, 0, 0, 0.15);

}

.wpuf-ai-error-title {

color: #dc3545;

margin: 0 0 15px 0;

font-size: 20px;

}

.wpuf-ai-error-message {

color: #333;

margin: 0 0 10px 0;

line-height: 1.5;

}

.wpuf-ai-error-hint {

color: #666;

font-style: italic;

margin: 10px 0 20px 0;

padding: 10px;

background: #f8f9fa;

border-left: 3px solid #007cba;

}

.wpuf-ai-error-close {

margin-top: 15px;

}

`;

document.head.appendChild(style);

}

// Add styles if not already present

if (!document.getElementById('wpuf-ai-error-styles')) {

const style = document.createElement('style');

style.id = 'wpuf-ai-error-styles';

style.textContent = `

.wpuf-ai-error-modal {

position: fixed;

top: 0;

left: 0;

right: 0;

bottom: 0;

z-index: 999999;

display: flex;

align-items: center;

justify-content: center;

}

.wpuf-ai-error-overlay {

position: absolute;

top: 0;

left: 0;

right: 0;

bottom: 0;

background: rgba(0, 0, 0, 0.5);

}

.wpuf-ai-error-content {

position: relative;

background: white;

padding: 30px;

border-radius: 8px;

max-width: 500px;

box-shadow: 0 4px 20px rgba(0, 0, 0, 0.15);

}

.wpuf-ai-error-title {

color: #dc3545;

margin: 0 0 15px 0;

font-size: 20px;

}

.wpuf-ai-error-message {

color: #333;

margin: 0 0 10px 0;

line-height: 1.5;

}

.wpuf-ai-error-hint {

color: #666;

font-style: italic;

margin: 10px 0 20px 0;

padding: 10px;

background: #f8f9fa;

border-left: 3px solid #007cba;

}

.wpuf-ai-error-close {

margin-top: 15px;

}

`;

document.head.appendChild(style);

// Clean up styles when component is destroyed

this.$once('hook:beforeDestroy', () => {

const styleEl = document.getElementById('wpuf-ai-error-styles');

if (styleEl) {

styleEl.remove();

}

});

}

🤖 Prompt for AI Agents

In assets/js/components/AIFormBuilder.vue around lines 214 to 267, the component always injects a <style> element with id 'wpuf-ai-error-styles' when showing the error modal, which can leak memory if done repeatedly; modify the logic to first check document.getElementById('wpuf-ai-error-styles') and only create/append the style element if it doesn't already exist, and ensure that when the modal is removed or the component is unmounted you also remove the style element (or leave it if intended to persist) to avoid orphaned elements; additionally, consolidate style injection into a single init/cleanup path (e.g., create once on mount and remove on unmount) rather than recreating on each error.

coderabbitai · 2025-09-05T08:45:11Z