chore: add 5 production bug reports to TODO (GH#902-906)

[superdav42]

Summary

Adds TODO entries for 5 production bugs discovered on 2026-04-22, with linked GitHub issues:

• t529 (GH#902): Orphan pending_site after membership cancellation — watchdog cancels but pending_site meta stays, blocking site provisioning on retry
• t528 (GH#903): Duplicate wp_users on checkout retry — wp_insert_user() called without get_user_by('email') check
• t530 (GH#904): No reclaim of orphan pending_site on WC order completion — customer pays, gets nothing
• t526 (GH#905): JS checkout validator missing i18n strings — hardcoded English fallbacks for field_required etc.
• t527 (GH#906): Default minimum_password_strength too strict (super_strong / zxcvbn 4)

All 5 issues have worker-ready bodies with file references and acceptance criteria. Tagged #auto-dispatch for autonomous implementation.

Ref #902, Ref #903, Ref #904, Ref #905, Ref #906

---

aidevops.sh v3.8.94 plugin for OpenCode v1.3.17 with claude-opus-4-6 spent 4m and 7,404 tokens on this as a headless worker.

Summary by CodeRabbit

• Chores
  • Updated internal documentation with a new section to track production bugs identified in the live environment
  • Fixed file formatting by adding missing newline at end of file

[coderabbitai]

📝 Walkthrough

Walkthrough

TODO.md was updated to fix a missing newline at the end of the file and append a new "Production Bugs (2026-04-22)" section containing five new task entries documenting identified production issues.

Changes

Cohort / File(s)	Summary
Documentation TODO.md	Added new "Production Bugs (2026-04-22)" section with five unchecked task entries (t529, t528, t530, t526, t527) covering membership orphans, duplicate user creation, WooCommerce order handling, missing i18n strings, and password strength validation. Fixed missing EOF newline.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A changelog blooms in the April breeze,
Five bugs now tracked, the team puts minds at ease,
From orphans wandering to passwords too strict,
Each task gets noted, each problem picked,
Our TODO garden grows, ready to tend! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding 5 production bug reports to TODO with precise GitHub issue references.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/save-production-bugs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@TODO.md`:
- Around line 126-130: The TODO entries (t529, t528, t530, t526, t527) lack
explicit acceptance criteria and concrete file targets; update each task line in
TODO.md to include: a short, testable acceptance criterion (what to observe
after the fix, e.g., "watchdog cancellation removes pending_site meta and no
orphan remains"), the primary files or functions to change (e.g., membership
watchdog handler, WC order completion handler, checkout flow wp_insert_user
call, checkout.min.js validator, password strength default), and a verification
checklist (manual steps or unit/integration tests to run). For each task use the
existing task id (t529, t528, t530, t526, t527), append a one-sentence
acceptance test, list the exact file(s)/symbols to modify (e.g.,
MembershipWatchdog::cancelMembership, wc_order_complete_handler,
checkout.wp_insert_user call site, checkout.min.js validator strings,
password_strength config/default), and a short "how to verify" step so the task
is worker-ready.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d8f2fcdd-9d7b-4c66-9df7-04d37e7fc811

📥 Commits

Reviewing files that changed from the base of the PR and between b4116d9 and da3abad.

📒 Files selected for processing (1)

• TODO.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Please add explicit acceptance criteria + concrete file targets for each new bug task.

These entries are useful, but they don’t currently include clear acceptance criteria (and most don’t name target files), which conflicts with the stated “worker-ready” objective and can lead to inconsistent fixes.

Suggested TODO format upgrade

- - [ ] t529 fix(membership): orphan pending_site after membership cancellation — watchdog cancels membership but pending_site meta stays, customer retries checkout and gets no site `#bug` `#auto-dispatch` ~4h ref:GH#902
+ - [ ] t529 fix(membership): orphan pending_site after membership cancellation `#bug` `#auto-dispatch` ~4h ref:GH#902
+   - Files: inc/functions/membership.php, inc/managers/class-site-manager.php
+   - Acceptance criteria:
+     - On cancellation, `pending_site` meta is removed or marked reclaimable.
+     - Retried checkout provisions site successfully (no blocked retry path).
+     - Regression test covers cancellation → retry flow.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@TODO.md` around lines 126 - 130, The TODO entries (t529, t528, t530, t526,
t527) lack explicit acceptance criteria and concrete file targets; update each
task line in TODO.md to include: a short, testable acceptance criterion (what to
observe after the fix, e.g., "watchdog cancellation removes pending_site meta
and no orphan remains"), the primary files or functions to change (e.g.,
membership watchdog handler, WC order completion handler, checkout flow
wp_insert_user call, checkout.min.js validator, password strength default), and
a verification checklist (manual steps or unit/integration tests to run). For
each task use the existing task id (t529, t528, t530, t526, t527), append a
one-sentence acceptance test, list the exact file(s)/symbols to modify (e.g.,
MembershipWatchdog::cancelMembership, wc_order_complete_handler,
checkout.wp_insert_user call site, checkout.min.js validator strings,
password_strength config/default), and a short "how to verify" step so the task
is worker-ready.

[github-actions]

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

• Build: ultimate-multisite
• ⬇️ Download from GitHub Actions
• ⬇️ Download without Github Account (nightly.link)

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password

[github-actions]

Performance Test Results

Performance test results for 94cdc10 are in 🛎️!

Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown.

URL: /

Run	DB Queries	Memory	Before Template	Template	WP Total	LCP	TTFB	LCP - TTFB
0	41	37.78 MB	841.00 ms	169.50 ms (+11.00 ms / +6% )	1085.50 ms (+96.00 ms / +9% )	2062.00 ms (+88.00 ms / +4% )	1958.50 ms (+69.95 ms / +4% )	89.70 ms (-4.20 ms / -5% )
1	56	49.03 MB	937.50 ms (+60.50 ms / +6% )	146.00 ms (+3.00 ms / +2% )	1084.50 ms (+61.50 ms / +6% )	2042.00 ms (+90.00 ms / +4% )	1960.85 ms (+87.65 ms / +4% )	82.25 ms (+2.25 ms / +3% )