Auto Release Posts for GitHub

npm install && npm run build

Changelog

1.0.2

Addresses WordPress.org reviewer feedback on prefix consistency.

• Renamed plugin constants GITHUB_RELEASE_POSTS_VERSION, _URL, _PATH, _INC to GHRP_VERSION, GHRP_URL, GHRP_PATH, GHRP_INC for prefix consistency.
• Renamed the GitHub PAT environment variable / PHP constant from GITHUB_RELEASE_POSTS_PAT to GHRP_PAT. Sites that supplied the token via wp-config.php or an environment variable must update the constant/var name.
• Renamed the admin JavaScript global from ctbpAdmin / ctbpFetch to ghrpAdmin / ghrpFetch, completing the v0.9.0 rebrand. Removed remaining [CTBP] debug-log prefixes and internal placeholder markers from the v0.9.0 era.

1.0.1

Pre-publication fixes addressing automated and manual review feedback. Since 1.0.0 was withheld during the WordPress.org review process, this is the first version actually shipping to the directory; Composer-installed sites at 1.0.0 should update to pick up the bug fixes below.

Bug fixes

• Editor “Regenerate” now refreshes the post content in place. Previously, regeneration updated the post on the server but left the editor’s local state holding the old content; a subsequent Save could clobber the regenerated content with stale blocks.
• Adding a repository no longer leaves it stuck if the browser closes or AI generation fails between the page redirect and the inline generate call. The next scheduled cron run now correctly picks up unfinished first posts.
• Manual “Generate post” for a release whose previous post was sent to Trash now creates a fresh draft (matching documented intent). Previously the existing trashed post short-circuited the insert and the user received a success response with no new draft.
• Trashed generated posts are no longer auto-restored by unrelated workflow events.
• The cron worker lock is now atomic at the database level, eliminating a small race window when two cron workers run simultaneously.
• The 120-second AI request timeout is now applied correctly. Previously the filter was removed before the underlying HTTP request fired, so long-running generations silently hit the default 30-second timeout.
• Post lookup is now deterministically ordered by post ID descending, so the most recently inserted post wins when both a trashed predecessor and an active post exist for the same release.

Compliance with WordPress.org Plugin Directory guidelines

• Direct-access guards (if ( ! defined( 'ABSPATH' ) ) exit;) added to every PHP class file.
• Replaced heredoc syntax (disallowed by Plugin Check) with standard double-quoted string concatenation in the AI prompt builder.
• The cron-results admin notice is now scoped to the plugin’s own settings page (Guideline 11). It no longer appears on every wp-admin screen.
• Removed load_plugin_textdomain(); WordPress auto-loads translations for plugins hosted on the directory since version 4.6.
• New “Source Code” section in the readme documents the public GitHub repository, source-to-build mapping for the bundled JavaScript, and the build command (Guideline 4).
• Form-handler reads of $_SERVER['REQUEST_METHOD'] and $_GET['page'] now apply isset(), wp_unslash(), and sanitize_key() per WordPress coding standards.
• Removed stray .DS_Store / .gitkeep files from the distribution zip; included composer.json and composer.lock so reviewers can verify the (no-third-party-PHP-dependencies) manifest.

1.0.0

• Plugin renamed to Auto Release Posts for GitHub for WordPress.org compatibility (the prior name began with a trademark, which the Plugin Directory guidelines disallow). The WordPress.org slug and text domain are now auto-release-posts-for-github. The Composer package name (github-release-posts/github-release-posts), main plugin file, PHP namespace, hook prefix (ghrp_*), and REST namespace (ghrp/v1) are unchanged — existing Composer-installed sites are unaffected.
• New External Services section in the readme covering the GitHub REST API, image sideloading from GitHub-hosted domains, and AI provider connectors — meets the WordPress.org disclosure requirement for plugins that contact third-party services.
• Smarter display naming on add — names are pulled from the repo’s README first heading when possible (e.g., “Ads.txt” instead of “ads-txt”), with a cleaned-up slug as fallback.
• New per-repo “Include pre-releases” option to opt into tracking beta/RC versions. Off by default.
• Adding a repository now redirects immediately; the first post generates in the background instead of blocking the page for 30–60 seconds.

For developers

• Modernized the admin and editor JavaScript: var → let/const, template literals, URL.canParse() for URL validation, full wp-prettier compliance. Build output is byte-stable; runtime behavior is unchanged.
• Toolchain: pinned eslint-plugin-jsdoc@^46.10.1 and prettier@npm:wp-prettier@2.2.1-beta-1 via package.json overrides to fix a JSDoc plugin crash on Node 20+ and to honor the codebase’s WordPress paren-spacing style.
• JS lint and PHPCS now both pass with zero errors and zero warnings.
• Pre-release security review and hardening pass — KSES sanitization on AI/GitHub-sourced content at all save boundaries (defense-in-depth against prompt-injected HTML in release notes), output escaping for REST response data in admin JS, Unicode bidi-control character stripping in extracted display names, and tighter capability checks on release-attribution post meta REST endpoints.
• Engineering pass — PHPStan analysis now runs clean, dead constants and unused methods removed, several type-annotation gaps closed, cron lock guaranteed-released via try/finally so a single failing release can no longer block the next scheduled run.

0.11.1

• Installable via Composer (composer require github-release-posts/github-release-posts) for Composer-managed WordPress sites such as Roots/Bedrock. Bootstrap now detects when the plugin is loaded through the consumer’s Composer autoloader and skips the local vendor/autoload.php require — Composer-installed sites no longer see the spurious “missing Composer dependencies” admin notice that 0.11.0 surfaced.

0.11.0

New

• Repository picker on the Add Repository field. With a GitHub Personal Access Token configured, the field becomes a searchable list of repositories your token can access, grouped by owner. You can still type any public owner/repo to track a repository that isn’t in the list.
• The Personal Access Token can be supplied via a GHRP_PAT PHP constant in wp-config.php or an environment variable of the same name, for sites that prefer not to store secrets in the database.
• PAT validation indicator on Settings — a green check or yellow warning confirms whether GitHub accepts the token.

The repository picker and external PAT configuration are built on initial work contributed by Ben Word.

Improvements

• The editor’s “Regenerate” button now uses the post’s actual release (it was incorrectly always pulling the latest) and respects the title format you set in Settings.
• Better support for editorial-workflow plugins like Edit Flow and PublishPress — their custom post statuses are now recognized for titles, email links, and the repository table.
• Releases with many images no longer risk timing out — image processing has sensible limits and falls back gracefully on partial failures.
• Trashing a generated post now stops scheduled checks from recreating it. Clicking “Generate post” manually still creates fresh content for trashed releases when you want a new one.
• Hardened the admin against potentially malformed data in release tags from tracked repositories.
• Sites using a weekly release-check frequency now schedule correctly on plugin activation.
• Missing Composer dependencies show a friendly admin notice instead of a fatal error.

For developers

• PHP namespace renamed from Jakemgold\GitHubReleasePosts to GitHubReleasePosts. Composer package renamed from jakemgold/github-release-posts to github-release-posts/github-release-posts.
• New filter hooks: ghrp_max_sideload_images, ghrp_sideload_time_budget, ghrp_sideload_max_consecutive_failures, ghrp_sideload_request_timeout, ghrp_skip_accessible_repo.

Thanks to Thorsten Ott for the code review that prompted many of the improvements and internal refactors in this release.

0.10.0

• New: Post title format setting (Settings → Post Creation → Post Titles). Choose between the existing “{Project name} {version} — {subtitle}” prefix, a “Version X.Y — {subtitle}” prefix, or no auto-prefix (the AI writes the full title — recommended for sites focused on a single project).
• New: Version picker for the “Generate post” button. When a repository has multiple GitHub releases, an admin picker lets you generate a post for any historical release — useful for backfilling an archive. Older releases automatically have their post date set to one hour after the release was published, keeping the archive in chronological order.
• New: Inline conflict warning in the version picker when a post already exists for the selected tag — no surprise modal.
• New: Success affordance — after generating, a green checkmark appears next to the Generate post button, linked to the new post for one-click access.
• New: ghrp_post_title filter for full programmatic override of generated post titles.
• Tweak: Title prompt guidance is now project-neutral and gives the AI explicit direction on varying title openings across an archive (encouraging mid-title or version-led phrasings instead of always leading with project name + version).
• Tweak: The Last Post column flash on the Repositories tab no longer fires when generating a post for a non-latest release (since the new post would not actually be the most recent).

0.9.2

• Fix: Show a warning notice at the top of the plugin admin page (both tabs) when no AI connector is configured or ready. Previously the warning was buried inside the AI Connector status field on the Settings tab and was cached for up to a minute, so it didn’t always reflect the current state after toggling connectors.

0.9.1

• Fix: Plugin now fails gracefully on WordPress versions older than 7.0 instead of fataling. Adds explicit WordPress and PHP version checks before loading the autoloader, and shows an admin notice explaining the requirements.

0.9.0

• Plugin renamed and rebranded to GitHub Release Posts.
• Folder, slug, text domain, PHP namespace, hooks, options, REST routes, and CSS/JS prefixes all updated to match the new name.
• Plugin slug: github-release-posts (folder + text domain + WP.org slug).
• PHP namespace: GitHubReleasePosts.
• Hook/option/transient prefix: ghrp_* (was ctbp_*).
• REST namespace: ghrp/v1 (was ctbp/v1).
• No automatic migration from prior pre-release versions — uninstall and reinstall on a clean site.

0.8.1

• New: Deep research depth — optionally fetches commit messages and file change summaries between releases for richer AI context. Useful when release notes are sparse.
• New: Research Depth setting (Standard / Deep) in the Post Creation section of Settings.
• Tweak: Post Audience changed from a dropdown to radio buttons for clearer scanning.
• Tweak: Post Creation section now appears before GitHub on the Settings tab.
• Tweak: Cleaner page header copy on Tools → Release Posts.
• Tweak: Updated readme phrasing — describes researching releases, not just reading notes.

0.8.0

• Requires WordPress 7.0+ with Connectors API.
• AI generation via WordPress Connectors — supports Anthropic, OpenAI, Google, and any configured connector.
• Preferred model list with automatic fallback (Claude Opus 4.7, GPT-5.5, Gemini 2.5 Pro).
• Connector status panel replaces manual provider/API key configuration.
• Improved notification emails with contextual subject lines and post titles.
• Test notification email feature.