Draft
Conversation
Read-only feature that detects C2PA Content Credentials in uploaded JPEG/PNG/WebP images at the `add_attachment` hook, captures the raw manifest store to a sidecar file under `wp-content/uploads/ai-c2pa/`, and persists a structured `_wpai_monitor_record` postmeta entry for downstream consumers. Scope (PR 1): - Format detection via streaming magic-byte/segment walks (JPEG APP11/JUMBF, PNG caBX, WebP RIFF C2PA) with hard byte caps. - JPEG APP11 detection tracks Box Instance Numbers across segments so manifests fragmented across multiple APP11 markers (per ISO 19566-5) are reassembled correctly. Continuation segments do not need the c2pa/jumb token in their first 64 bytes. - Raw manifest capture: SHA-256 + length + sidecar path stored in postmeta; bytes streamed straight to disk under uploads/ai-c2pa/. - Sidecar dir is created on demand with .htaccess (Apache deny) and index.php hardening; nginx operators must add a deny rule manually (documented). - Fail-open boundary: every error is captured into the record and the upload itself is never blocked. - No external dependencies, no Composer additions, no outbound HTTP. Test coverage: - Format_Detector: magic bytes, single-segment APP11, multi-segment reassembly, interleaved APP0/APP1/APP2 around C2PA, generic JUMBF (non-C2PA) ignored, truncated input, JPEG_MAX_SEGMENTS cap (positive and negative), PNG/caBX, WebP simple + extended (VP8X) + odd-length padding. - Manifest_Reader: byte-exact roundtrip for JPEG/PNG/WebP, multi-segment reassembly, deterministic sha256, MAX_MANIFEST_BYTES rejection, missing file, empty segments, bad offsets. - Sidecar_Writer: write + roundtrip, hardening files, format sanitization, overwrite, multi-attachment coexistence, custom .htaccess preserved across ensure_dir(). - Record: roundtrip, defaults on empty input, JSON-not-serialize storage format, null on corrupt JSON, null when absent. - C2pa_Monitor end-to-end: JPEG/PNG/WebP present, JPEG absent, unsupported MIME, fail-open on bogus ID, truncated JPEG, duration_ms recorded, add_attachment hook actually fires, file-deleted-on-disk produces errors[0].stage = 'resolve_path'. Synthetic fixtures are generated at runtime so no binary blobs land in the repo and there is no third-party fixture licensing question. Deferred (out of scope for PR 1): - JUMBF box reader and CBOR decoder; populating `c2pa.decoded` claim summary (claim generator, digital source type, action history). - Admin UI, media library badge, CR icon (gated on C2PA conformance). - Cryptographic verification. - Preserving manifests through WordPress's image processing pipeline. Made-with: Cursor
- Skip postmeta when MIME is unsupported (should_persist guard in finally). - Document that errors are stored in postmeta, not sent to a log. - Classify Sidecar_Writer RuntimeException as errors[].stage sidecar_write. - Manifest_Reader: reject locations where segment lengths do not sum to total_length; add regression test. Made-with: Cursor
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## develop #459 +/- ##
=============================================
+ Coverage 66.90% 68.95% +2.04%
- Complexity 907 1131 +224
=============================================
Files 59 66 +7
Lines 4699 5318 +619
=============================================
+ Hits 3144 3667 +523
- Misses 1555 1651 +96
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Align assignment operators in C2pa_Monitor. Satisfy Slevomat (multi-constant, early exit) in Record. Use elseif for JPEG APP11 branch in Format_Detector. Targeted phpcs disables for WPCS AlternativeFunctions and VIP RestrictedFunctions; remove error suppression on fopen where checked. FQCN docblocks in Manifest_Reader and Sidecar_Writer; early return in hardening. readme.txt: set Contributors to openverifiable to avoid reserved plugin-check warning. Made-with: Cursor
…mentAlignment Made-with: Cursor
…aths Prevents PHP warnings on fopen() for non-existent or unreadable files; PHPUnit treats those as test errors. Behavior unchanged: return null before opening. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Read-only feature that detects C2PA Content Credentials in uploaded JPEG/PNG/WebP images at the
add_attachmenthook, captures the raw manifest store to a sidecar file underwp-content/uploads/ai-c2pa/, and persists a structured_wpai_monitor_recordpostmeta entry for downstream consumers.Scope (PR 1):
Test coverage:
Synthetic fixtures are generated at runtime so no binary blobs land in the repo and there is no third-party fixture licensing question.
Deferred (out of scope for PR 1):
c2pa.decodedclaim summary (claim generator, digital source type, action history).Made-with: Cursor
What?
Closes
Why?
How?
Use of AI Tools
Testing Instructions
Screenshots or screencast
Changelog Entry