Changelog

Changed

• sync.yml: Added airfleet/structural-website-2026

Added

• disable-data-uninstalling: New module allowing site administrators to prevent plugin data from being deleted when the plugin is uninstalled or when switching between plugin preview versions in the Airfleet plugin manager. Module state is checked directly in the uninstall hook via ModuleManager to ensure data protection works correctly outside the normal plugin lifecycle.

Changed

• Internal: Store unreleased changelog entries as separate changelog/unreleased/*.md fragments and consolidate them into CHANGELOG.md during plugin release via @airfleet/wordpress-dev.
• Internal: Update @airfleet/wordpress-dev to 4.11.1.

Fixed

• Fixed afwp release changelog fragment consolidation so fragments are merged before release-it and Keep a Changelog validate CHANGELOG.md.

Added

• Added changelog-fragments command for validating and consolidating changelog/unreleased/*.md files into CHANGELOG.md.

Changed

• changelog-add --check now accepts either CHANGELOG.md Unreleased entries or valid changelog/unreleased/*.md fragments, with --skip-changelog-fragments available when fragments should be ignored.
• version-set now includes changelog fragments when auto-determining and checking .airfleet-release, with --skip-changelog-fragments to use only CHANGELOG.md entries.
• release github, release npm, release plugin, and release theme now consolidate changelog fragments before Keep a Changelog updates CHANGELOG.md, with --skip-changelog-fragments to bypass consolidation.

Changed

• Updated docs docs/guide/modules.md and docs/blocks/background-image.md.

Added

• block-registration - added method to unregister blocks that depend on modules, when the modules are not active.
• accordion: New Accordion module — registers and manages the lifecycle of the accordion block. Enabled by default; disabling this module will unregister the accordion block and its related child blocks (accordion-item, accordion-item-heading, accordion-item-content).
• block-accordion: New Accordion block (airfleet-nexus/accordion) — a container block for collapsible content items with autoClose behavior and showIcon context. Toolbar "Add item" button for faster item creation. CSS modifier classes (.afnb-accordion--has-icon, .afnb-accordion--no-icon, .afnb-accordion--icon-left, .afnb-accordion--icon-right) for icon-aware heading padding. Tab color controls (Active/Inactive Background and Text) set via inline style attribute on the wrapper, cascading to all tabs via CSS custom properties. Auto-switch option with timed item cycling, configurable interval, manual click reset, viewport-aware pausing, and optional progress bar animation.
• block-accordion: Extensible icon system featuring SVG path-based animations (plus-minus and arrows), a filterable PHP configuration, and a server-side localized icon picker in the editor.
• block-accordion: Custom DOM events dispatched on the wrapper: afnx-accordion-load, afnx-accordion-open, and afnx-accordion-close.
• block-accordion: Vanilla JS frontend behavior (view.js) — handles expand/collapse toggling, autoClose logic, and deep linking via URL hash. No external dependencies or Interactivity API.
• block-accordion: Enhanced editor experience mimicking the native accordion block.
• block-accordion-item: New Accordion Item block (airfleet-nexus/accordion-item) — a wrapper for heading and content, supporting openByDefault for initial state control.
• block-accordion-item-heading: New Accordion Item Heading block (airfleet-nexus/accordion-item-heading) — locked inner block for accordion-item. Wraps a core/heading and a toggle button HTML element. The heading's native HTML anchor field enables URL deep-linking to that item.
• block-accordion-item-content: New Accordion Item Content block (airfleet-nexus/accordion-item-content) — locked inner block for accordion-item. Provides the collapsible panel body with CSS grid-based transitions.
• SanitizeCssColor: New utility for sanitizing CSS color values (hex, rgb/rgba, hsl/hsla, oklch, oklab, color, var, and CSS keywords). Includes comprehensive PHPUnit test suite covering all WordPress-produced color formats and injection attack prevention.

Fixed

• Prevented open_basedir warnings (is_readable(): open_basedir restriction in effect. File(~/.aws/config) is not within the allowed path(s)) when initializing the S3 client on hosts that restrict access to the home directory (e.g. Kinsta). The AWS SDK is now configured with use_aws_shared_config_files => false, so it no longer probes ~/.aws/config and ~/.aws/credentials since credentials are already supplied explicitly.

Fixed

• Suppress spurious invalid_grant: Malformed auth code errors caused by duplicate OAuth callback requests (browser back/forward navigation, link prefetch, and bot replay) re-redeeming a single-use Google authorization code. The callback handler now guards against duplicate processing per state using an atomic object-cache lock with a transient fallback, redirecting already-authenticated users instead of re-exchanging the code.

Changed

• Docs: move all auto-generated documentation (docs/api/, docs/release-notes.md) to docs/generated/ and add it to .gitignore to prevent merge conflicts across branches.

Fixed

• Fixed JobPosting JSON-LD schema crash when job location data is null.

Changed

• Slack digest release lists: Weekly Slack digests now list only the latest release per repository and show the total release count across the number of repos, matching the monthly digest format. Both weekly and monthly Slack digests also drop the extra generated-from-summary footer line.

Added

• Worker observability: Enabled Cloudflare Worker observability in worker/wrangler.toml and added explicit release-processing/build-hook logs so webhook deliveries, summary generation, and Pages build-trigger attempts can be traced in Cloudflare Workers logs.

Changed

• Slack digest workflows: Moved the weekly and monthly Slack schedules off the top of the hour, added shared period-target resolution, and updated both workflows to seed the required closed-period summary before sending to Slack.
• Summary and deploy docs: Documented the production site URL, clarified the daily Worker cron and rollover rebuild behavior, and noted the optional PAGES_BUILD_HOOK_URL GitHub Actions secret used to refresh the static site after Slack-triggered summary backfills.
• Worker scheduled rebuilds: The daily Worker cron now triggers a Pages rebuild when the featured closed week or month rolls over, even if the relevant summary already exists and no summary content changed.

Fixed

• Slack summary availability: Weekly and monthly Slack digests now ensure the required summary exists in KV before posting, so scheduled sends no longer fail when the daily Worker cron has not backfilled that period yet.
• Static weekly/monthly freshness: Weekly and monthly landing pages no longer stay pinned to the previous closed period until another release arrives; the Worker now forces a rebuild after week/month rollover so the featured static pages stay aligned with current closed periods.

Fixed

• Added error handling for missing compiled Blade cache files during rendering; automatically recompiles and retries when a compiled cache file is deleted mid-request (race condition during cache clear)
• Added logging for cache file recovery attempts via Airfleet Cache Control logger (falls back to error_log)

Fixed

• Worker uncaught exception handling: Wrapped the fetch handler's handleWebhook call in a top-level try/catch so any unhandled exception returns a 500 response instead of crashing the Worker with a Cloudflare 1101 error. GitHub retries on 500, so no webhook deliveries are permanently lost.
• Missing secret guards: Added explicit configuration guards for GITHUB_PRIVATE_KEY (in importPrivateKey) and PAGES_BUILD_HOOK_URL (in maybeTriggerBuild), throwing descriptive errors when either secret is not set rather than a cryptic TypeError.

Fixed

• GitHub App webhook signature verification: Guarded verifySignature against an undefined or empty GITHUB_WEBHOOK_SECRET, which previously caused crypto.subtle.importKey to throw a DataError (empty HMAC key material) and return a 500 instead of processing the webhook. The worker now throws a descriptive error that is caught and logged clearly. Also added a missing draft release check so draft releases are ignored alongside prereleases.

Added

• Local summary generation: Added scripts/summarize-local.ts and npm run summarize:local to generate release, weekly, and monthly summaries using a local Ollama model instead of Cloudflare Workers AI. Supports the same --year/--month/--week/--release selectors and --existing/--only modes as the cloud seeding script. An optional --upload flag pushes generated summaries directly to Cloudflare KV. OLLAMA_HOST and OLLAMA_DEFAULT_MODEL env vars configure the Ollama endpoint and default model.
• Changelog stats: Added a Stats page with all-time repository and release totals, monthly release activity, and per-repository release counts.
• Seeded previews: Added a preview:seed script to seed live KV data, build the site, and start the local preview server in one command.
• Selective summary seeding: Added --only flag to npm run data:seed-summaries to control which summary types are regenerated. Accepts a comma-separated list of releases, weekly, and monthly — e.g. --month 2026-04 --only monthly regenerates only the monthly summary without touching release or weekly summaries.
• Repository exclusion config: Added src/data/excluded-repos.json to exclude repositories from all changelog views. Entries are full repo names (owner/name). airfleet/airfleet-elements-test is excluded by default. Filtering is applied centrally in the data layer across all pages.

Changed

• Changelog page polish: Refined release-card disclosure controls, simplified the project filter, tightened weekly/monthly summary layouts, added month summaries to archive cards, aligned weekly/monthly archive labels and cards, and added previous/next navigation to archive detail pages.
• Layout and archive polish: Made the site brand in the header link back to the homepage, refreshed the footer copy to use the product name, surfaced the all-time release count, and aligned archive week pages around the YYYY-Www label plus a clearer week range.
• Weekly and monthly summaries: Added a Monthly page, promoted summary-aware weekly cards, introduced separate monthly and summary KV paths, and wired the Worker plus a manual backfill workflow to generate Cloudflare-native release/weekly/monthly summaries for closed periods.
• Summary backfill controls and prompts: Expanded the manual summary seeding workflow and CLI to target a full year, one month, one week, or one release; added explicit refresh/skip/overwrite behavior plus model overrides; switched the shared default model to @cf/zai-org/glm-4.7-flash; and upgraded monthly summaries to use a more narrative grouped prompt.
• Summary presentation: Tightened release, weekly, and monthly summary prompts to avoid redundant project/version/count phrasing and generic openings; stopped generating unused expanded release summaries; promoted compact summaries on week/month cards; and aligned weekly/monthly landing pages with the archive detail layouts.
• Monthly summary prompts: Upgraded monthly compact summaries to avoid opening with the month name, year, or any time-period reference — the summary must start with the work itself. Upgraded monthly expanded summaries to produce a richer structured narrative with 2–4 ##-headed sections by capability theme, starting with a one-sentence overview. Prompt version bumped to monthly-v6 with increased token budget.
• Release card repo label: The repository label on release cards is now a link to the repository's release history page (/repo/{owner}/{name}).
• Slack digest automation: Added weekly and monthly GitHub Actions workflows plus CLI helpers that post stored summaries to Slack through a Slack app bot, with manual period overrides for reruns.
• Docs and workflow guidance: Updated README.md and AGENTS.md for the summaries workflow, release checklist, and changelog expectations.

Fixed

• Homepage load-more page count: Capped getRequiredPageCount() by the total matching release count so filtering to a repo with fewer releases than the visible limit no longer requests non-existent pages and triggers 404 errors.
• Monthly week overlap filter: Normalized both sides of the week/month overlap comparison to YYYY-MM-DD so full ISO timestamps stored in monthly index items no longer cause boundary weeks to be incorrectly excluded.
• Markdown protocol-relative URL sanitization: sanitizeUrl now explicitly rejects protocol-relative URLs (//example.com) instead of normalizing them to http: and passing the allowlist check.
• Weekly Slack digest formatting: Applied the same markdown-to-mrkdwn conversion used by the monthly digest so weekly summaries render bold text, headings, and links correctly in Slack instead of showing raw markdown syntax.
• KV data download safety: downloadKvData now only deletes public/data after confirming the KV namespace contains keys, preventing an empty build when credentials point at a wrong or temporarily empty namespace.

Added

• Added front-page and page block templates with header, post content, and footer template parts.
• Added a brand style variation partial with an alternate palette and Plus Jakarta Sans typography setup.
• Added light fill and outline button style variation partials with theme.json hover states.
• Added expanded theme presets for border radii, aspect ratios, shadows, semantic spacing sizes, fluid spacing sizes, and transition custom tokens.
• Added global theme styles for core button, code, navigation, preformatted, pullquote, separator, and table blocks.
• Added link default, hover, and visited styles in theme.json.
• Added .cursor/plans to ignored local tooling files.

Changed

• Updated the theme color palette and gradient definitions to the latest brand token slugs and values.
• Updated font size, heading, paragraph, button, spacing, block gap, and root padding styles in theme.json.
• Moved button fill and outline defaults into theme.json core button variations, including shared transitions via theme custom tokens.
• Renamed button style variations from dark/light primary/secondary/link variants to fill, outline, and link-oriented variations.
• Updated the button block SCSS to only cover styles that theme.json cannot express, including icon-only button support.
• Updated transition mixins to use WordPress-emitted --wp--custom--transition--* tokens instead of local --afs-trs-* variables.
• Updated block style documentation to reflect theme.json-first style variations and the current token names.
• Updated the editor entry bundle to remove the example style registration side-effect import.
• Updated the index template markup to the current block editor query template structure.

Removed

• Removed JavaScript-based example block style registration and the unused heading/paragraph example stylesheets.
• Removed heading and paragraph style variation JSON partials now handled by global theme typography styles.
• Removed obsolete primary and secondary button style variation partials.

Added

• block-background-image: Add a Background Image block for cover-style section and container backgrounds, with editor image selection and lazy or eager loading.
• block-background-image: Allow Background Image blocks inside Media Background containers for responsive art direction alongside video and Lottie layers.

Added

• environment: Add a shared settings section for overriding the resolved environment while keeping auto-detect as the default.
• block-lottie: Add dedicated block documentation covering attributes, playback modes, lazy loading, events, and poster behavior.

Changed

• Module Manager: require enabled child modules to be disabled before parent dependencies, confirm before disabling critical modules, and link enabled modules directly to available settings tabs and sections.
• Module Manager: remove the module card "More" details popover from the badge row.
• Module taxonomy: clarify tier semantics, add the premium tier value to the UI, and update current module metadata for forms, providers, components menu, and Allow Lottie.
• Admin pages: document that module settings should generally live in Airfleet → Settings rather than standalone submenus.
• Internal: move SVG sanitization into the shared Core\Svg\SvgSanitizer utility for use outside the Allow SVG module.

Fixed

• Dev Containers: Allow the WordPress container to open from Git worktrees by using dynamic workspace paths and preserving worktree Git metadata paths inside the container.
• Dev Containers: Enable visible and logged PHP errors in the WordPress container with explicit WordPress debug constants and PHP ini settings.
• SVG sanitizer: Reject non-fragment url(...) references while avoiding false positives for plain values that merely contain protocol-like substrings.

Fixed

• Fixed license badge fallback color for Preview badge when legacy Admin plugin is not installed