v4.6.0 β In-editor reauthentication & critical-event alerting
Feature release. Adds block-editor in-editor reauthentication (link-out increment) and an optional push-notification bridge for high-severity audit events, plus the admin user-identity harmonization that had been staged as 4.5.1. Backward-compatible β no migration required.
Highlights
-
In-editor reauthentication for the block editor. When a block-editor request is soft-blocked with
sudo_required, the editor now shows an in-editor snackbar with a "Reauthenticate" action that opens the challenge page, instead of dead-ending on an opaque 403. Editor state is preserved; you grant a sudo session and retry. AnapiFetchmiddleware detects the block (including inside a/batch/v1envelope) and uses the server-emittedchallenge_urlverbatim, degrading to a plain message if that URL is absent or not same-origin. This is the link-out increment: the shipped client only opens the challenge page. Server-side plumbing for the forthcoming in-editor modal (grant-config localization + a logged-in-only nonce-refresh endpoint) also lands but is not yet consumed by the client; the in-editor password/2FA modal and automatic request re-dispatch come in a later release. -
Optional critical-event alert bridge. New optional mu-plugin (
bridges/wp-sudo-critical-alert-bridge.php) that pushes a notification when a high-severity audit hook fires β capability tamper, blocked escalation, reauth lockout, and dropped built-in rules (plus opt-in, throttled recovery-mode) β where the Stream/WSAL bridges only log. Emails the scope-appropriate admin out of the box, with awp_sudo_critical_alert_dispatchfilter to send Slack/Teams/webhook instead. Alerts are dispatched onshutdown(never delaying the gate), deduped per identity, and capped per recipient, with an overflow digest. A demo companion renders alerts inline for sandboxes without outbound network (e.g. WordPress Playground). Inert unless installed. -
Harmonized user identity across admin surfaces. The Session Activity dashboard widget and the Settings β Sudo Access tab now present users identically: full real name primary, username secondary (linked to user-edit when permitted), with an avatar and translated role chips. Also fixes a widget avatar that failed to render when the site's "Show Avatars" setting was off.
Notes
- No migration required. The alert bridge is opt-in β drop it into
wp-content/mu-plugins/. - Requires WordPress 6.4+ and PHP 8.2+.
- Versioning: minor. The new documented public extension filters shipped with the alert bridge are a backward-compatible API addition (see
VERSIONING.md).
Full changelog: see CHANGELOG.md β 4.6.0, or git log v4.5.0..v4.6.0 --oneline.
What's Changed
- chore(release): bump blueprint.json stable-demo target to v4.5.0 [MERGE AT TAG TIME] by @dknauss in #150
- feat(admin): harmonize user identity on the dashboard widget + Access tab by @dknauss in #154
- docs(packaging): exclude blueprint.json from the plugin ZIP + add a blueprint index by @dknauss in #153
- docs(release): record v4.5.0 as the latest tagged release by @dknauss in #152
- chore(release): 4.5.1 by @dknauss in #156
- Add release confidence and Sudo Lite baselines by @dknauss in #155
- docs(planning): block-editor reauth design phase β inventory, reviews, scope, Phase 2 plan by @dknauss in #157
- docs: close missed review findings (5 merged PRs) + enable conversation-resolution gate by @dknauss in #159
- docs(planning): re-land reauth PR #157 review fixes (merged before they landed) by @dknauss in #158
- docs: footprint & performance stats for READMEs by @dknauss in #160
- docs(readme): add Footprint and performance section (missed in #160) by @dknauss in #161
- docs(readme): drop "hand-written PHP" phrasing (re-land, missed by #161 merge race) by @dknauss in #162
- docs(lies-log): record #31 β false '#161 verified clean' confabulation by @dknauss in #163
- feat(bridges): optional critical-event alert bridge + Playground inline demo by @dknauss in #166
- feat(editor): surface sudo_required as link-out snackbar in block editor by @dknauss in #165
- fix: worktree/tooling robustness (merge-aware size gate + verify-metrics .claude exclusion) by @dknauss in #167
- feat(editor): Gutenberg reauth Increment 2, Task 2 β grant plumbing + nonce-refresh endpoint by @dknauss in #168
- docs: critical-hook alerting snippet + roadmap a critical-event alert bridge by @dknauss in #164
- chore(deps-dev): bump phpstan/phpstan from 2.2.2 to 2.2.5 by @dependabot[bot] in #169
- chore(deps): bump actions/checkout from 4 to 7 by @dependabot[bot] in #171
- chore(deps): bump softprops/action-gh-release from 2 to 3 by @dependabot[bot] in #170
- chore(deps-dev): bump @wordpress/env from 11.9.0 to 11.10.0 by @dependabot[bot] in #172
- chore(i18n): refresh translation template by @dknauss in #173
- chore(release): re-scope staged release 4.5.1 β 4.6.0 (minor) by @dknauss in #174
- ci(release-confidence): de-scope the nginx-multisite smoke lane (tracked, non-regression) by @dknauss in #175
Full Changelog: v4.5.0...v4.6.0