weDevsOfficial

Release a new version of wedevs-project-manager (Project Manager free) to wp.org via GitHub Actions (`.github/workflows/deploy-org.yml`). Tag push triggers the deploy workflow — no Appsero. Trigger when user says "release wepm", "release project manager", "ship pm X.Y.Z", "publish wedevs project manager", "/wepm-release".

Add a new append-only database migration for WP Project Manager. Updates db/migrations/, db/Create_Table.php, the Eloquent model fillable/casts, and the Fractal transformer. TRIGGER when the user says 'add a column', 'new table', 'schema change', 'migration', 'alter wp_pm_*', invokes /db-migration, or describes a feature that requires a DB change.

Verify a change to the Free plugin does not break the window.PM contract that Pro depends on. Diffs window.PM exports, slot/filter/route registrations, externalized libs, and the shape of Free thunks/actions Pro consumes. TRIGGER when the diff touches views/assets/src/index.jsx, views/assets/src/hooks/useSlot.js, store/index.js, router/routeRegistry.js, or any file under @components/common that is re-exported via window.PM. Also TRIGGER when the user mentions Pro, asks 'will this break Pro', or invokes /free-pro-contract-check.

Pre-flight checklist before tagging a WP Project Manager release. Verifies version bumps, build, lint, POT regeneration, dist contents, changelog, readme stable tag, and Pro/Free compatibility. TRIGGER when the user says 'release', 'cut a release', 'ship it', 'prepare release', invokes /release-checklist, or mentions bumping the plugin version. Do NOT trigger for development builds.

Scan PHP + React changes in WP Project Manager for the security issues common to WordPress plugins: nonce/permission bypass, unsanitized input flowing to wp_send_json or echo, SQL injection in raw $wpdb queries, XSS via dangerouslySetInnerHTML, SVG upload bypass, missing capability checks on AJAX/REST routes, leaked secrets in JS bundle, broken CSRF protection. TRIGGER when the user says 'security review', 'audit for vulns', 'scan the diff', invokes /security-review, or asks 'is this safe'. Also trigger automatically when reviewing any change that touches routes/, core/Permissions/, db/, or files that handle uploads.

Release a new version of WP User Frontend (free) to weDevsOfficial GitHub + wp.org via Appsero. One-command pipeline via `wpuf-release-free` alias. Trigger when user says "release wpuf", "ship wpuf X.Y.Z", "publish wpuf", "/wpuf-release", "wpuf-release-free".

Add or modify WPUF backend PHP code following project conventions. Use when creating new classes, methods, hooks, REST controllers, or modifying existing backend code.

Review WPUF code changes and pull requests for coding standards, security, and architectural compliance. Use when reviewing PRs, performing code audits, or checking code quality.

Add or modify WPUF frontend code (jQuery, vanilla JS, Vue legacy, Tailwind). Use when creating components, modifying build configuration, or working with frontend assets.