Commit Graph

7 Commits

Author SHA1 Message Date
Vladimir Bryzgalov ee6a791867 docs: design for silent drop (1.1.0) — hard-rule, score threshold, dry-run, counters
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 15:27:15 +05:00
Vladimir Bryzgalov 8efb82ca43 fix: phone leak, field-by-value detection, strict Flamingo email fallback
Three pilot-surfaced issues in one pass:

1. PhoneParser regex used '\s' in the candidate character class, so a
   digit on a following flattened line bled into the phone. '+7977
   6277470\n1' (phone + trailing checkbox value) parsed as 12 digits,
   producing '+797762774701'. Replaced '\s' with a literal space so
   newlines/tabs stop the candidate.

2. Custom-themed forms don't use 'your-name' / 'your-email' keys
   (washanyanya.ru has text-211 / text-212 / name_user). Added
   FieldDetector::find_name + find_email as fallbacks. Classifier
   and MessageFormatter now call them if no standard key matches,
   so 'Александр' in text-211 is recognised as a cyrillic name and
   scored / displayed accordingly.

3. FlamingoHelper copied '_from_email' into 'your-email' without
   validating it. Flamingo derives that meta from whatever field it
   considers "first"; on phone-first forms it ends up holding the
   phone number. Now we only copy _from_email if it contains '@',
   and dropped the _from_name shortcut entirely — FieldDetector
   handles the name via the actual field values.

Tests: +1 FieldDetectorTest (13 cases); +2 PhoneParserTest cases for
newline/tab bleeds; +1 ClassifierTest case; +1 MessageFormatterTest
case for custom field keys. Full suite 53/53 green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 00:22:39 +05:00
Vladimir Bryzgalov dbdfc9afa9 feat(admin): always-on dashboard widget + default retro days = 0
- Dashboard widget is now registered unconditionally. Header + content
  adapt: shows '⚠️ ошибки доставки' only when failed > 0, otherwise
  plain title with queue state (pending / sent-24h / failed).
  Pilot feedback: the conditional widget felt like the plugin was
  missing — users expect a persistent status readout.
- Retro default window changed from 7 days to 0 (no limit). Most
  pilot uses were 'dump everything since install', so 0 is the more
  useful default. User can still narrow to N days in the form.
- Spec §10 + §14 updated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 00:12:45 +05:00
Vladimir Bryzgalov 2de8f0be57 fix(formatter+telegram): drop tel: inline button, mark all 4xx as permanent
Pilot on washanyanya.ru exposed that Telegram Bot API rejects tel:
URLs in inline_keyboard with HTTP 400 "Wrong port number specified
in the URL". Queue was stuck on 5 items retrying the same failure
4 times each.

- MessageFormatter: always returns reply_markup = null. The phone
  number is already rendered in the '📱 ...' line, and mobile
  Telegram clients linkify it automatically.
- TelegramClient::is_permanent: treat all 4xx except 429 as permanent
  client-side errors, so future payload-shape bugs surface in the
  dashboard widget immediately instead of burning five retry cycles.
- MessageFormatterTest updated: the old test asserting tel: in
  reply_markup is replaced with one asserting reply_markup is null
  and the phone still appears in the text body.
- Spec §9 + §19 updated, §19's open question closed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 23:55:06 +05:00
Vladimir Bryzgalov a7b796d381 docs: honeypot is a hard override on label=spam
Previous plan/spec made honeypot a -5 weighted signal only. That is
insufficient to force 'spam' when the submission also has a RU phone
(+3), cyrillic name (+1), and meaningful text (+1) — a clean +5 cancels
-5, yielding 'unclear'. The honeypot test (test_honeypot_forces_spam_
even_with_phone) caught this.

Honeypot semantics: a filled hidden field is a bot by definition.
No combination of positive signals can make it a legitimate client.
Keeping the -5 weight on 'reasons' list for transparency, but adding
a hard override that sets label='spam' at the end of classify().

Caught by TDD on Task 7.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 22:21:51 +05:00
Vladimir Bryzgalov 558483ef44 docs: fix punycode example and regex delimiter in plan/spec
- xn--80aafmakjldfe1b5h.xn--p1ai decodes to "алквзелчкоеиа.рф", not
  "вашаняня.рф". Correct Punycode for "вашаняня.рф" is
  xn--80aae0ca7d8bb.xn--p1ai. Updated plan Task 2 test and spec §9.
- DomainFormatter strip-path regex '#[/?#].*$#' had the '#' delimiter
  colliding with the literal '#' inside the character class. Switched
  to tilde delimiters: '~[/?#].*$~'.

Both caught by TDD RED/GREEN loop on Task 3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 22:04:15 +05:00
Vladimir Bryzgalov 3a998c36d2 docs: add design spec for cf7-spam-to-telegram plugin
Independent WP plugin that forwards CF7 spam submissions to a Telegram group,
applying a weighted heuristic (client/unclear/spam) to help operators
spot real inquiries mistakenly filtered as spam.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 21:26:51 +05:00