Add LightSpeed WordPress block plugin starter repo scaffold

[Copilot]

Bootstraps a lean, production-aware GitHub template repository for LightSpeed WordPress plugin development — block-ready, AI-workflow-aware, intentionally lighter than block-plugin-scaffold.

Plugin skeleton

• {{PLUGIN_SLUG}}.php — valid WP plugin header, ABSPATH guard, version/path constants, plugins_loaded hook stub
• uninstall.php — conservative stub, no data deletion by default
• Placeholder tokens ({{PLUGIN_NAME}}, {{PLUGIN_SLUG}}, {{NAMESPACE}}, etc.) used consistently across all files

Tooling

• plugin-utils.mjs — Node CLI with validate-plugin, validate-schema, security-scan, scan-placeholders commands; security scanner uses exclusion patterns to suppress false positives for known sanitisation wrappers
• package.json — @wordpress/scripts-based with build, start, lint, i18n, and all validation scripts
• composer.json — PHPCS + PHPCBF + WordPress Coding Standards + PHPCompatibility-WP

Folder structure

• src/blocks/, blocks/, assets/, inc/, patterns/, templates/, languages/, docs/ — all scaffolded with .gitkeep
• docs/ — end-user docs only; developer reports go to .github/reports/

GitHub / AI infrastructure

• .github/copilot-instructions.md + five instructions/*.instructions.md files (php, blocks, plugin-structure, assets, workflows)
• Four prompt files: cleanup, audit-plugin, new-block, release
• .github/reports/ and .github/tasks/ with README conventions and starter task-list.md
• CI workflows (ci.yml, code-quality.yml, release.yml) — all scoped to permissions: contents: read
• .agents/skills/block-plugin-audit/SKILL.md and .agents/agents/plugin-architect.md for portable agent use

Original prompt

LightSpeed WordPress Block Plugin Starter Repo — Generation Prompt

You are a senior WordPress plugin engineer, repository architect, and AI workflow designer.

Your task is to generate a lean, production-aware starter GitHub template repository for LightSpeed’s GitHub organisation for building custom WordPress plugins, with a strong bias toward block-ready plugins for client and commercial work.

This is not a WordPress.org submission starter.
Do not over-engineer it.
Stay close to WordPress plugin best practices, security, accessibility, maintainability, and block development guidelines where sensible, but do not add unnecessary WordPress.org-only bureaucracy.

The repository must support both:

1. WordPress plugin development
2. AI-assisted workflows inside the repo

The repository should feel like a clean starter for developers and a structured workspace for AI agents.

---

Core Intent

Build a reusable starter repo that:

• gives LightSpeed a clean plugin scaffold
• supports block plugin work without forcing a huge multi-block framework
• includes essential plugin files and folders, mostly light or empty
• includes practical validation and linting
• includes clear AI instructions and prompt infrastructure
• includes folders for AI reports, task lists, skills, agents, and instructions
• includes a docs/ folder for end-user documentation
• uses consistent placeholders across the repo
• keeps complexity low unless there is strong justification

This starter is intentionally simpler than LightSpeed’s existing block-plugin-scaffold.
Do not reproduce the full generator-heavy scaffold unless a specific feature is genuinely required.

---

Reference Material To Review First

Use these references as source material and inspiration before generating anything.

LightSpeed plugin scaffold references

• https://github.com/lightspeedwp/block-plugin-scaffold
• https://github.com/lightspeedwp/block-plugin-scaffold/blob/main/README.md
• https://github.com/lightspeedwp/block-plugin-scaffold/blob/main/docs/GENERATE_PLUGIN.md
• https://github.com/lightspeedwp/block-plugin-scaffold/blob/main/package.json
• https://github.com/lightspeedwp/block-plugin-scaffold/blob/main/composer.json

LightSpeed theme scaffold references

• https://github.com/lightspeedwp/block-theme-scaffold
• https://github.com/lightspeedwp/block-theme-scaffold/blob/main/README.md
• https://github.com/lightspeedwp/block-theme-scaffold/blob/main/package.json
• https://github.com/lightspeedwp/block-theme-scaffold/blob/main/composer.json
• https://github.com/lightspeedwp/block-theme-scaffold/blob/main/.editorconfig
• https://github.com/lightspeedwp/block-theme-scaffold/blob/main/.coderabbit.yml
• https://github.com/lightspeedwp/block-theme-scaffold/blob/main/.gitattributes

WordPress / ecosystem inspiration

• https://github.com/OllieWP/ollie/blob/main/package.json
• https://github.com/OllieWP/ollie/blob/main/composer.json
• https://github.com/WordPress/community-themes/blob/add-ai-guidelines/AGENTS.md
• https://github.com/WordPress/community-themes/blob/add-ai-guidelines/CLAUDE.md

Changelog standards

• https://keepachangelog.com/en/1.1.0/
• https://semver.org/

---

What To Learn From The Existing Scaffolds

Review the current LightSpeed scaffolds and deliberately adapt only what is useful.

From block-plugin-scaffold

Borrow the useful ideas, but reduce the overall surface area.

Useful ideas to preserve in spirit:

• placeholder consistency across files
• clear README and docs structure
• Composer + Node tooling
• practical linting and validation
• release/changelog discipline
• AI instructions and prompt organisation
• support for block development
• support for future JSON schema validation

Things to avoid copying wholesale into this starter unless clearly justified:

• full generator infrastructure
• multi-stage mustache generator workflows
• heavy schema libraries
• large SCF-specific systems
• Playwright / E2E by default
• PHPStan by default unless kept very light
• large numbers of scripts and automation layers
• scaffold-management files that only make sense for the scaffold repo itself

From block-theme-scaffold

Borrow the useful structural discipline:

• root documentation clarity
• AI instruction files
• CodeRabbit setup style
• .editorconfig
• .gitattributes
• CODEOWNERS
• practical repo hygiene

But do not turn this plugin starter into a theme repo.

---

Design Principles

• Plugin-first, not monorepo
• One plugin in one repo
• Block-ready, but not forced into a large multi-block architecture
• Keep PHP architecture minimal
• Keep security in mind
• Keep accessibility in mind
• Use semantic, native WordPress conventions
• Prefer stable WordPress APIs before extra abstraction
• Use @wordpress/scripts only if it clearly helps
• Avoid a heavy JS toolchain unless clearly justified
• Do not add webpack config, Vite, Playwright, Storybook, Docker, or CI c...

[Copilot]

Pull request overview

Bootstraps a lean starter GitHub template repository for LightSpeed WordPress block-first plugin development, including a minimal plugin skeleton, validation/lint tooling, and AI/workflow scaffolding.

Changes:

• Added core plugin scaffold files ({{PLUGIN_SLUG}}.php, uninstall.php, readme.txt) plus standard folder layout via .gitkeep.
• Added Node/Composer tooling (plugin-utils.mjs, package.json, composer.json) and CI workflows for validation and code quality.
• Added AI/workflow infrastructure (AGENTS.md, .github/ instructions/prompts/reports/tasks, .agents/ skills/personas).

Reviewed changes

Copilot reviewed 41 out of 57 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
{{PLUGIN_SLUG}}.php	Main plugin bootstrap skeleton with constants and hooks.
uninstall.php	Conservative uninstall stub (no data deletion by default).
readme.txt	WP-style readme placeholder with versioning metadata.
README.md	Template repo documentation and getting-started guidance.
CHANGELOG.md	Keep a Changelog + SemVer scaffold.
package.json	@wordpress/scripts-based build/lint scripts and CLI wiring.
plugin-utils.mjs	Repo CLI for scaffold validation, JSON checks, security scan, placeholder scan.
composer.json	PHPCS/WPCS + PHPCompatibility-WP dev tooling and scripts.
.nvmrc	Pins Node major version for contributors/CI.
.editorconfig	Enforces tabs for PHP and 2-space indentation for JS/CSS/JSON/YAML.
.gitignore	Ignores vendor/node_modules and build artefacts; documents lockfile policy.
.gitattributes	Line-ending normalisation and export-ignore rules for release archives.
.lintstagedrc.json	Pre-commit staged-file lint configuration.
CODEOWNERS	Default ownership placeholder.
CLAUDE.md	Points Claude users to AGENTS.md.
AGENTS.md	Primary AI agent guidance and repo conventions.
.coderabbit.yml	CodeRabbit review configuration and path-specific instructions.
.github/README.md	Explains GitHub-specific AI/workflow folder purpose.
.github/copilot-instructions.md	High-level Copilot guidance and links to scoped instruction files.
.github/instructions/README.md	Index of instruction files and how they work.
.github/instructions/php.instructions.md	PHP/WPCS, escaping, sanitisation rules for Copilot.
.github/instructions/blocks.instructions.md	Block structure and block.json conventions for Copilot.
.github/instructions/plugin-structure.instructions.md	Repo structure rules and bootstrap expectations.
.github/instructions/assets.instructions.md	Source vs built vs static asset conventions.
.github/instructions/workflows.instructions.md	Workflow expectations (CI/release) for Copilot.
.github/prompts/README.md	Index of reusable Copilot prompt files.
.github/prompts/cleanup.prompt.md	Prompt scaffold for safe clean-ups.
.github/prompts/audit-plugin.prompt.md	Prompt scaffold for security/quality audits.
.github/prompts/new-block.prompt.md	Prompt scaffold for new block creation.
.github/prompts/release.prompt.md	Prompt scaffold for preparing a release.
.github/reports/README.md	Conventions for AI/dev reports storage and naming.
.github/reports/.gitkeep	Keeps reports folder in version control.
.github/tasks/README.md	Conventions for task lists and AI work tracking.
.github/tasks/task-list.md	Starter task list template.
.github/tasks/.gitkeep	Keeps tasks folder in version control.
.github/workflows/ci.yml	CI job running Node validation, schema checks, security scan, and lint.
.github/workflows/code-quality.yml	PHP lint + PHPCS job.
.github/workflows/release.yml	Tag-triggered validation workflow for releases.
.agents/README.md	Explains portable agent assets vs GitHub-specific assets.
.agents/skills/README.md	Describes skill structure and indexing.
.agents/skills/block-plugin-audit/SKILL.md	Portable audit skill definition aligned to repo prompts.
.agents/agents/README.md	Describes persona definitions and indexing.
.agents/agents/plugin-architect.md	Plugin architect persona definition for agent usage.
inc/.gitkeep	Keeps inc/ tracked for optional PHP includes.
languages/.gitkeep	Keeps languages/ tracked for translations.
docs/README.md	End-user docs guidance and suggested structure.
src/.gitkeep	Keeps src/ tracked for source assets.
src/blocks/.gitkeep	Keeps src/blocks/ tracked for block source.
src/js/.gitkeep	Keeps src/js/ tracked for JS source.
src/css/.gitkeep	Keeps src/css/ tracked for CSS source.
blocks/.gitkeep	Keeps blocks/ tracked for built block assets.
assets/js/.gitkeep	Keeps assets/js/ tracked for static JS.
assets/css/.gitkeep	Keeps assets/css/ tracked for static CSS.
assets/images/.gitkeep	Keeps assets/images/ tracked for images.
assets/icons/.gitkeep	Keeps assets/icons/ tracked for icons.
patterns/.gitkeep	Keeps patterns/ tracked for block patterns.
templates/.gitkeep	Keeps templates/ tracked for optional templates/template parts.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

composer run phplint -- is not compatible with the current phplint composer script (it uses find … | xargs php -l). When lint-staged appends filenames, they will be passed through to php -l (including a literal --), which is likely to break the lint step. Consider providing a phplint script that can accept a file list, or avoid passing staged filenames for this command.

[Copilot]

The placeholder {{PLUGIN_SLUG}} is intended to be a hyphenated slug (e.g. my-awesome-plugin), but it is used here in PHP function names and hook callbacks. Hyphens are invalid in PHP identifiers, so replacing placeholders as documented will produce a fatal parse error. Use a separate placeholder for a PHP-safe function prefix (e.g. an underscored variant) and update both the function declaration and add_action() callback accordingly.

[Copilot]

The same {{PLUGIN_SLUG}} placeholder is also used in the {{PLUGIN_SLUG}}_init() function name and its plugins_loaded callback, which will also break when the slug contains hyphens. Please switch to a PHP-identifier-safe prefix placeholder for function names/callbacks here as well.

[Copilot]

This ABSPATH guard does not follow the repo’s own stated convention (defined( 'ABSPATH' ) || exit;) and the exit; line is not indented. Align this with WordPress Coding Standards (tabs) and the documented one-liner guard to keep the bootstrap consistent.

[Copilot]

lint:json currently runs wp-scripts lint-md-docs and then forces success with || true, so npm run lint will not fail even when JSON is invalid. Either replace this with a command that actually validates JSON (or reuse schema:validate), and remove the unconditional success so CI can catch broken JSON.

[Copilot]

The README states that package-lock.json is committed, but there is no package-lock.json in this scaffold. Either add and commit the lockfile (preferred if you want reproducible installs) or update this note (and any related export-ignore entries) to match reality.

[Copilot]

The plugin bootstrap isn’t indented using tabs (e.g. the load_plugin_textdomain() call arguments and closing paren). This will fail or at least fight PHPCS/WPCS in a repo that enforces WordPress Coding Standards; please format these blocks with tab indentation.