dev!: refactor for best practices

[justlevine]

What

This PR represents the final plugin cleanup, and is a follow up from #29 .

Highlights include:

• Finish refactoring code into their colocated namespaces.
• Add new OneDesign/Encryptor class and use it for saving api keys.
• Standardize:
  • Core/Assets
  • Core/Rest
  • Settings/*
  • Rest/Abstract_REST_Controller
• Isolated plugin-specific code related to Template Parts and Patterns into the Post_Types namespace.
• Replaced plugin.js with onboarding/index.tsx

For more info see the Copilot summary.

Why

Related Issue(s):

How

Testing Instructions

Screenshots

Additional Info

Checklist

• I have read the Contribution Guidelines.
• I have read the Development Guidelines.
• My code is tested to the best of my abilities.
• My code passes all lints (ESLint etc.).
• My code has detailed inline documentation.
• I have updated the project documentation as needed.

[Copilot]

Pull request overview

This pull request implements a comprehensive refactoring to improve code organization and follow best practices. The changes focus on restructuring the codebase with better separation of concerns and modern PHP/TypeScript patterns.

Key Changes

• Reorganized code into a modular structure with dedicated namespaces (Core, Settings, Multisite, Post_Types, Rest)
• Replaced global constant definitions with simplified constant names and removed unused constants
• Introduced TypeScript support with new onboarding UI components and proper type definitions
• Consolidated utility functions into their respective controller classes, removing the global custom-functions.php file

Reviewed changes

Copilot reviewed 37 out of 39 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
onedesign.php	Simplified plugin constants with better naming and documentation
inc/Main.php	Updated registrable classes to reflect new modular structure
inc/Modules/Settings/Settings.php	New centralized settings management with proper getters/setters
inc/Modules/Rest/Abstract_REST_Controller.php	Moved API validation logic into abstract controller
inc/Modules/Post_Types/*.php	Refactored post types to use abstract methods and static slug getters
inc/Encryptor.php	New encryption utility using AES-256-GCM for secure API key storage
tsconfig.json	Added TypeScript configuration for better type safety
webpack.config.js	Updated to handle TypeScript and new module structure
assets/src/admin/onboarding/*.tsx	New React-based onboarding interface
uninstall.php	Updated option cleanup to match new naming conventions

Comments suppressed due to low confidence (2)

inc/Modules/Post_Types/Admin.php:5

• Typo in package docblock: "OneDesin" should be "OneDesign".
  inc/Modules/Multisite/Settings.php:222
• The || operator with a string fallback will never produce an empty string when $logo_url is falsy. If the goal is to ensure a string type, use ?? '' instead of ?: '' for more predictable behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[up1512001]

returning object will break our UI for setting page.
here's previous response format.

{
    "success": true,
    "shared_sites": [
        {
            "name": "GoDAM",
            "url": "https:\/\/onepress-2.go-vip.net\/",
            "api_key": "xyz***",
            "id": "726b59d2-8ffe-40a5-b183-757d4b702864",
            "logo": "https:\/\/onepress-1.go-vip.net\/wp-content\/uploads\/2025\/08\/256-x-256-Logo.png",
            "logo_id": 200640
        },
        {
            "name": "rtMedia",
            "url": "https:\/\/onepress-3.go-vip.net",
            "api_key": "abc***",
            "id": "a997421e-b957-4962-b3a3-21dcec034a17",
            "logo": "https:\/\/onepress-1.go-vip.net\/wp-content\/uploads\/2025\/07\/rtCamp-logo-512x512-blue.png",
            "logo_id": 200553
        }
    ]
}

here's current response

{
    "success": true,
    "shared_sites": {
        "http:\/\/test.playground-wp.local": {
            "api_key": "pqr***",
            "id": "1731798c-0e5a-42d4-b678-0f5fed50c43b",
            "logo": "",
            "name": "test",
            "url": "http:\/\/test.playground-wp.local"
        }
    }
}

[justlevine]

Good eyes on the logo_id, but what are the pros/cons of returning an array[] over an an array<string,array>?

The latter is a lot easier to manipulate without edge cases, and we can array_values() if we're in a context where we need to (like a WP_REST 'array' vs 'object' type).

[up1512001]

I will prefer object as that will give us look-ups in O(1) with site url but our api's were expected to send array so we have to check endpoints for that and accommodate accordingly.

[justlevine]

Key restored and usage audited in 110e73a

[up1512001]

@justlevine reviewed this PR just few questions/doubts in general.

1. why we are using brand_site as consumer_site its been decided to use brand site & governing site for all reference even in code.
2. multisite functionality is not working at all 😨
3. currently settings is appearing first on admin menu but it should be last so just confirming its not intentional change by you.
4. cross site communication is also not working.

[justlevine]

This one isn't actually needed, it's defensive in case of a future refactor

[up1512001]

LGTM