Skip to content

v4.6.0 β€” In-editor reauthentication & critical-event alerting

Choose a tag to compare

@dknauss dknauss released this 06 Jul 18:35
9ef1880

Feature release. Adds block-editor in-editor reauthentication (link-out increment) and an optional push-notification bridge for high-severity audit events, plus the admin user-identity harmonization that had been staged as 4.5.1. Backward-compatible β€” no migration required.

Highlights

  • In-editor reauthentication for the block editor. When a block-editor request is soft-blocked with sudo_required, the editor now shows an in-editor snackbar with a "Reauthenticate" action that opens the challenge page, instead of dead-ending on an opaque 403. Editor state is preserved; you grant a sudo session and retry. An apiFetch middleware detects the block (including inside a /batch/v1 envelope) and uses the server-emitted challenge_url verbatim, degrading to a plain message if that URL is absent or not same-origin. This is the link-out increment: the shipped client only opens the challenge page. Server-side plumbing for the forthcoming in-editor modal (grant-config localization + a logged-in-only nonce-refresh endpoint) also lands but is not yet consumed by the client; the in-editor password/2FA modal and automatic request re-dispatch come in a later release.

  • Optional critical-event alert bridge. New optional mu-plugin (bridges/wp-sudo-critical-alert-bridge.php) that pushes a notification when a high-severity audit hook fires β€” capability tamper, blocked escalation, reauth lockout, and dropped built-in rules (plus opt-in, throttled recovery-mode) β€” where the Stream/WSAL bridges only log. Emails the scope-appropriate admin out of the box, with a wp_sudo_critical_alert_dispatch filter to send Slack/Teams/webhook instead. Alerts are dispatched on shutdown (never delaying the gate), deduped per identity, and capped per recipient, with an overflow digest. A demo companion renders alerts inline for sandboxes without outbound network (e.g. WordPress Playground). Inert unless installed.

  • Harmonized user identity across admin surfaces. The Session Activity dashboard widget and the Settings β†’ Sudo Access tab now present users identically: full real name primary, username secondary (linked to user-edit when permitted), with an avatar and translated role chips. Also fixes a widget avatar that failed to render when the site's "Show Avatars" setting was off.

Notes

  • No migration required. The alert bridge is opt-in β€” drop it into wp-content/mu-plugins/.
  • Requires WordPress 6.4+ and PHP 8.2+.
  • Versioning: minor. The new documented public extension filters shipped with the alert bridge are a backward-compatible API addition (see VERSIONING.md).

Full changelog: see CHANGELOG.md β†’ 4.6.0, or git log v4.5.0..v4.6.0 --oneline.

What's Changed

  • chore(release): bump blueprint.json stable-demo target to v4.5.0 [MERGE AT TAG TIME] by @dknauss in #150
  • feat(admin): harmonize user identity on the dashboard widget + Access tab by @dknauss in #154
  • docs(packaging): exclude blueprint.json from the plugin ZIP + add a blueprint index by @dknauss in #153
  • docs(release): record v4.5.0 as the latest tagged release by @dknauss in #152
  • chore(release): 4.5.1 by @dknauss in #156
  • Add release confidence and Sudo Lite baselines by @dknauss in #155
  • docs(planning): block-editor reauth design phase β€” inventory, reviews, scope, Phase 2 plan by @dknauss in #157
  • docs: close missed review findings (5 merged PRs) + enable conversation-resolution gate by @dknauss in #159
  • docs(planning): re-land reauth PR #157 review fixes (merged before they landed) by @dknauss in #158
  • docs: footprint & performance stats for READMEs by @dknauss in #160
  • docs(readme): add Footprint and performance section (missed in #160) by @dknauss in #161
  • docs(readme): drop "hand-written PHP" phrasing (re-land, missed by #161 merge race) by @dknauss in #162
  • docs(lies-log): record #31 β€” false '#161 verified clean' confabulation by @dknauss in #163
  • feat(bridges): optional critical-event alert bridge + Playground inline demo by @dknauss in #166
  • feat(editor): surface sudo_required as link-out snackbar in block editor by @dknauss in #165
  • fix: worktree/tooling robustness (merge-aware size gate + verify-metrics .claude exclusion) by @dknauss in #167
  • feat(editor): Gutenberg reauth Increment 2, Task 2 β€” grant plumbing + nonce-refresh endpoint by @dknauss in #168
  • docs: critical-hook alerting snippet + roadmap a critical-event alert bridge by @dknauss in #164
  • chore(deps-dev): bump phpstan/phpstan from 2.2.2 to 2.2.5 by @dependabot[bot] in #169
  • chore(deps): bump actions/checkout from 4 to 7 by @dependabot[bot] in #171
  • chore(deps): bump softprops/action-gh-release from 2 to 3 by @dependabot[bot] in #170
  • chore(deps-dev): bump @wordpress/env from 11.9.0 to 11.10.0 by @dependabot[bot] in #172
  • chore(i18n): refresh translation template by @dknauss in #173
  • chore(release): re-scope staged release 4.5.1 β†’ 4.6.0 (minor) by @dknauss in #174
  • ci(release-confidence): de-scope the nginx-multisite smoke lane (tracked, non-regression) by @dknauss in #175

Full Changelog: v4.5.0...v4.6.0