Skip to content

Add Service Account experiment #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Jameswlepage wants to merge 4 commits into
base: develop
Choose a base branch
from
Draft

Add Service Account experiment #211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
add9f04
Add service account experiment
Jameswlepage Feb 4, 2026
d83aba2
Align default experiments with upstream
Jameswlepage Feb 4, 2026
a5c2581
Fix service account lint and static analysis
Jameswlepage Feb 4, 2026
58f3e3f
Use core role registration
Jameswlepage Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions docs/experiments/service-account.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Service Accounts

## Summary
Adds a service account user type for automated tools and programmatic access. The experiment registers a dedicated role, customizes the wp-admin user creation flow to auto-generate usernames/emails, and provides a service-focused edit screen with ownership metadata. Service accounts are flagged via user meta so the role can be changed without losing service account behavior. Application Passwords are created manually after the account is saved.

## Key Hooks & Entry Points
- `WordPress\AI\Experiments\Service_Account\Service_Account::register()` initializes the manager, admin UI, and REST routes.
- `Service_Account_Manager::init()` registers the role, filters capabilities, and excludes service accounts from default user queries and counts.
- `Admin_UI::enqueue_new_user_scripts()` injects inline JS on `user-new.php` to show the Service Account name field and auto-populate username/email.
- `Admin_UI::add_service_account_fields()` adds service-specific fields (owner user selector, system, reference) and reorders native fields on the edit screen.
- `Admin_UI::handle_user_register()` sets service account meta for admin-created users.
- `REST_Service_Accounts_Controller` exposes `/wp-json/ai/v1/service-accounts` for CRUD and app-password regeneration.

## Assets & Data Flow
1. Admin UI enqueues inline CSS and JS only on user-related screens (`users.php`, `user-new.php`, `user-edit.php`).
2. On `user-new.php`, selecting the Service Account role reveals the name field and fills username/email using the site domain.
3. During submission, PHP fills missing username/email as a fallback and writes service account meta.
4. On `user-edit.php`, the service account details section moves the key fields (username, email, role, purpose) to the top and adds owner (WordPress user), system, and reference fields stored in user meta. Owner selection requires `list_users`.
5. Service account meta keys (`service_account_owner_id`, `service_account_system`, `service_account_reference`) are registered via `register_meta()` with sanitization and permission callbacks.
6. Application Passwords are created from the user edit screen after the account is saved.

## Testing
1. Enable the **Service Accounts** experiment.
2. Go to `Users > Add New`, select the **Service Account** role, and enter a name.
3. Confirm username/email are populated and the password field remains visible.
4. Submit the form and open the created user to generate Application Passwords in the section below.
5. Edit the created user and confirm it is labeled as a service account and has Application Passwords available.

## Notes
- Application Passwords are generated from the user edit screen (they are not auto-generated on creation).
- Service accounts are excluded from standard user counts and queries unless explicitly requested.
1 change: 1 addition & 0 deletions includes/Experiment_Loader.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ private function get_default_experiments(): array {
\WordPress\AI\Experiments\Excerpt_Generation\Excerpt_Generation::class,
\WordPress\AI\Experiments\Image_Generation\Image_Generation::class,
\WordPress\AI\Experiments\Summarization\Summarization::class,
\WordPress\AI\Experiments\Service_Account\Service_Account::class,
\WordPress\AI\Experiments\Title_Generation\Title_Generation::class,
);

Expand Down
Loading
Loading