Add --auto-update-indicated flag to plugin update command

[Copilot]

Implementation Plan: Add --auto-update-indicated flag to plugin update

• Explore repository structure and understand update mechanism
• Understand how plugin update information is retrieved and processed
• Add --auto-update-indicated flag to Plugin_Command::update() method
• Extract autoupdate field from WordPress.org API response in get_item_list()
• Filter plugins based on autoupdate flag when --auto-update-indicated is used
• Set default version to server-indicated version when flag is used
• Display auto-update-indicated information in plugin list output
• Run linter and code quality checks (all passing)
• Add Behat tests for the new functionality
• Run unit tests (passing)
• Address code review feedback
• Add validation for --minor/--patch incompatibility
• Add validation for plugin names with --auto-update-indicated
• Add comprehensive test scenarios
• Run security checks with CodeQL (no issues)

Summary

This PR implements support for WordPress.org's server-indicated automatic updates by adding a --auto-update-indicated flag to wp plugin update.

Changes Made

1. New field auto_update_indicated: Extracted from WordPress.org API response and displayed in plugin lists
2. New flag --auto-update-indicated: Filters updates to only plugins with server-indicated automatic updates
3. Comprehensive validation:
   • Cannot be combined with --version (version determined by server)
   • Cannot be combined with --minor or --patch (version determined by server)
   • Cannot be used with specific plugin names (updates all plugins with flag set)
4. Complete test coverage: 7 test scenarios covering all validation cases and behaviors
5. Documentation: Updated inline docs to describe constraints

Usage

# View which plugins have server-indicated updates
wp plugin list --fields=name,version,update,auto_update_indicated

# Update only plugins with server-indicated automatic updates
wp plugin update --auto-update-indicated

# Preview which plugins would be updated
wp plugin update --auto-update-indicated --dry-run

Files Changed

• src/Plugin_Command.php: Main implementation with validation
• src/WP_CLI/CommandWithUpgrade.php: Display conversion
• features/plugin-update.feature: 7 comprehensive test scenarios

Code Quality

✅ All checks passing (lint, phpcs, phpstan, phpunit, CodeQL)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Feature: "plugin update" should identify plugins where the server response indicates automatic update</issue_title>
<issue_description>## Feature Request

• Yes, I reviewed the contribution guidelines.

Describe your use case and the problem you are facing

Background: when wordpress.org (or a third-party server) is asked about updates for a plugin, the response includes a flag that indicates whether an automatic update of the plugin should be carried out. (This is not to be confused with the WordPress saved settings for automatically updating plugins). wordpress.org use this flag to push automatic updates in the case of large plugins with security vulnerabilities (there is code in WordPress core to recognise it and respond to it). When this flag is set, the response indicates the recommended update (which is not necessarily the latest - sometimes, the plugin may have multiple updates available which update the "minor" version series, so that things aren't broken by an undesired major update; e.g. there are releases of Foo 1.3.2, 1.2.4 and 1.1.5 which contain only the fixes for the security issues in 1.3.1, 1.2.3 and 1.1.4 ).

Use case: I wish to update only plugins which have this flag set, and update to the indicated version. My WordPress install does not update automatically because it is locked down to prevent WordPress self-modifying plugin/theme files when within an "HTTP" context. But those restrictions are not active in a "CLI" context, and there, WordPress can self-modify.

Describe the solution you'd like

1. Add a --auto-update-indicated switch to https://developer.wordpress.org/cli/commands/plugin/update/ to indicate only to update plugins with this flag set (and in this case, the default value of --version should be the version indicated by the server response, not the otherwise default of the latest release available).

2. Also perhaps include the "auto update indicated" information in the output rendered.</issue_description>

Comments on the Issue (you are @copilot in this section)

@danielbachhuber Thanks for the suggestion, @DavidAnderson684.

If this is data that WordPress.org provides, adding a flag in the manner you described seems reasonable.</comment_new>
<comment_new>@danielbachhuber
@jcvignoli I'm open to a pull request! Feel free to submit one, if you'd like. Here is some guidance on our pull request best practices.</comment_new>

• Fixes Feature: "plugin update" should identify plugins where the server response indicates automatic update #367

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR adds support for WordPress.org's server-indicated automatic updates by introducing a --auto-update-indicated flag to the wp plugin update command. WordPress.org sets an autoupdate flag in plugin update API responses to push critical security patches to specific version branches, and this feature enables WP-CLI users to filter updates to only those plugins where the server indicates automatic updates are recommended.

Changes:

• Extracts autoupdate flag from WordPress.org plugin update API responses and exposes it as auto_update_indicated field
• Adds --auto-update-indicated flag to wp plugin update command to filter and update only plugins with server-indicated automatic updates
• Includes validation to prevent combining --version with --auto-update-indicated since the version is determined by the server

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
src/WP_CLI/CommandWithUpgrade.php	Adds display conversion logic to show auto_update_indicated as "yes"/"no" in plugin list output
src/Plugin_Command.php	Core implementation including field extraction from API, filtering logic, and flag validation
features/plugin-update.feature	Test scenarios covering field display, flag behavior, validation errors, and dry-run functionality

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The test coverage for the --auto-update-indicated flag is missing scenarios for incompatibility with --minor and --patch flags. Consider adding test scenarios similar to the existing "Error when using --version with --auto-update-indicated" test (line 303) for these flags:

Scenario: Error when using --minor with --auto-update-indicated
Scenario: Error when using --patch with --auto-update-indicated

This would ensure the validation logic is properly tested.

[swissspidy]

@copilot apply changes based on this feedback

[Copilot]

Added test scenarios for --minor and --patch incompatibility in commit 7db7e24. The tests now cover:

• Error when using --minor with --auto-update-indicated
• Error when using --patch with --auto-update-indicated
• Error when specifying plugin names with --auto-update-indicated

[Copilot]

When --auto-update-indicated is used, any plugin names passed in the command arguments are silently ignored. This could be confusing to users who might expect the flag to act as a filter on the specified plugins. Consider adding validation to error if both plugin names and --auto-update-indicated are specified, similar to how the codebase validates that either plugin names or --all must be provided (see check_optional_args_and_all at src/WP_CLI/ParsePluginNameInput.php:19). For example:

if ( $auto_update_indicated && ! empty( $args ) ) {
    WP_CLI::error( 'Cannot specify plugin names with --auto-update-indicated. This flag updates all plugins with server-indicated automatic updates.' );
}

This would make the behavior explicit and prevent user confusion.

[Copilot]

Added validation to error when both plugin names and --auto-update-indicated are specified in commit 7db7e24. The error message clearly states: "Cannot specify plugin names with --auto-update-indicated. This flag updates all plugins with server-indicated automatic updates."

This prevents user confusion by making the behavior explicit - the flag is designed to update all plugins with the server-indicated flag, not to filter specific plugins.