pascalmartineau/claude-websimple-devops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
602092142d7fb740af6c028bb0b71a0e318ec278
claude-websimple-devops/references/wp-browser.md

78 lines
4.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# WP Browser
Use this skill for WordPress tasks that require a real browser instead of WP-CLI or file inspection. Prefer `references/wp-project.md` first when you need to resolve a project slug, local URL, production URL, repo, or paths.
## Safety and scope
- Treat local sites as safe to inspect and operate, but still avoid destructive admin actions unless explicitly requested.
- Ask before changing production content, settings, users, plugins, themes, orders, forms, menus, options, or publishing state.
- Prefer read-only checks on remote/production sites: navigate, inspect, screenshot, verify text/layout, check console/network symptoms.
- Do not submit public forms, checkout flows, newsletter signups, contact forms, or anything that sends email/external effects unless explicitly requested.
- If login is required, use existing browser session/cookies when available. Ask for credentials only if no usable session exists.
## Choosing the URL
Resolve the target URL from the request:
- If the user gives a full URL, use it directly.
- If the user gives a project slug, use `references/wp-project.md` conventions to derive the local site URL: `${WEBSIMPLE_STACK_PROTOCOL}://${slug}.${WEBSIMPLE_STACK_DOMAIN}`.
- If the user says production/remote, prefer `WP_SITE_URL` from Gitea repository Actions variables via `references/websimple-gitea.md` conventions/tools when available.
- If the request is ambiguous between local and production, default to local and state that assumption briefly.
## Browser environment prerequisite
Websimple local dev sites may resolve to private network IPs, for example a `*.${WEBSIMPLE_STACK_DOMAIN}` hostname resolving to an IPv6 ULA address like `fd00::/8`. Some browser/MCP harnesses are SSRF-guarded and block private-network targets by default.
If browser navigation to a local Websimple site fails with a policy-related error (e.g. "navigation blocked by policy"), the browser harness likely needs an allowlist entry for the local Websimple domain plus private-network opt-in. The shape of that configuration depends on the harness in use (Playwright MCP, OpenClaw, etc.), but conceptually:
- Allow `*.${WEBSIMPLE_STACK_DOMAIN}` (and `${WEBSIMPLE_STACK_DOMAIN}` itself) on the hostname allowlist.
- Permit private-network destinations.
Resolve `${WEBSIMPLE_STACK_DOMAIN}` from the environment; do not hard-code a specific local domain. Prefer an allowlisted form over globally allowing private-network access. Restart/reload the browser harness after changing its SSRF policy.
## Browser workflow
1. Open or reuse a browser tab for the target site.
2. Take a snapshot before interacting; use semantic/ARIA refs where possible.
3. Navigate like a user: click links/buttons, fill inputs, use menus, and wait for reliable UI state instead of arbitrary delays.
4. Check the page result with at least one concrete signal: visible text, URL, status page, screenshot, console messages, or DOM state.
5. Report concise evidence: URL checked, action performed, result, and any blockers.
For multi-step browser flows, login checks, stale refs, or tab recovery, follow the general `browser-automation` skills browser-control practices.
## WordPress admin
Common admin URLs:
- Dashboard: `/wp-admin/`
- Login: `/wp-login.php`
- Plugins: `/wp-admin/plugins.php`
- Themes: `/wp-admin/themes.php`
- Customizer: `/wp-admin/customize.php`
- Menus: `/wp-admin/nav-menus.php`
- Pages: `/wp-admin/edit.php?post_type=page`
- Posts: `/wp-admin/edit.php`
- Site Health: `/wp-admin/site-health.php`
When checking admin screens:
- Confirm whether the session is authenticated by looking for the admin bar, dashboard, or login form.
- Avoid saving forms unless requested.
- For settings screens, inspect current values and controls before editing.
- For editor screens, avoid autosave-risky content edits unless explicitly requested.
- If normal browser `fill` does not populate the WordPress login fields, use a narrow DOM fallback to set `#user_login` and `#user_pass`, dispatch `input` events, then submit. Do not echo credentials back to the user.
## Frontend checks
For frontend verification:
- Check desktop first unless the user asks for mobile/responsive.
- Capture a screenshot when visual appearance matters.
- Inspect console errors when behavior looks broken or JavaScript-heavy.
- Verify canonical symptoms with user-visible evidence, not assumptions from source code alone.
## Cookies and debugging hooks
- For Xdebug-specific browser requests, use `references/wp-xdebug.md`.
- If needed manually, set or include the `XDEBUG_SESSION=vscode` cookie only for local debugging flows and mention that it may route PHP through `wp-php-xdebug`.
Reference in New Issue View Git Blame Copy Permalink