Add AI Instructions Detection Check

[davidperezgar]

Adds a new check to detect AI instruction files and development-only directories that should not be included in production WordPress plugins.

Fixes #1065

Problem

Some WordPress plugins include AI-specific instructions and development-only files in their distributed packages:

• AI tool configuration directories (.cursor, .claude, .aider, etc.)
• GitHub workflow files (.github)
• Unexpected markdown files with development instructions

Including these files in production plugins:

• Exposes internal development instructions
• Creates confusion for users and reviewers
• Reduces code quality

Solution

Enhanced the File_Type_Check to detect and flag:

1. AI Development Tool Directories:

   • .cursor - Cursor IDE configuration
   • .claude - Claude AI assistant configuration
   • .aider - Aider AI pair programming tool
   • .continue - Continue.dev AI code assistant
   • .windsurf - Windsurf AI IDE
   • .ai - Generic AI configuration folder
   • .github - GitHub workflows and actions

2. Unexpected Markdown Files in Plugin Root:

   • Allows only: README.md, readme.txt, LICENSE, LICENSE.md, CHANGELOG.md, CONTRIBUTING.md
   • Flags all other .md files in the plugin root directory

Environment-Based Behavior

• Non-production (local/development): Shows warnings
• Production: Raises validation errors

Implementation Details

Files Modified:

• includes/Checker/Checks/Plugin_Repo/File_Type_Check.php
  • Added TYPE_AI_INSTRUCTIONS constant (256)
  • Updated TYPE_ALL to 511
  • Added 4 new methods:
    • look_for_ai_instructions() - Main orchestrator
    • check_ai_directories() - Detects AI tool directories
    • check_github_directory() - Detects GitHub workflows
    • check_unexpected_markdown_files() - Validates root markdown files

Tests Added:

• tests/phpunit/tests/Checker/Checks/File_Type_Check_Tests.php
  • test_run_with_ai_instructions_errors() - Verifies detection works
  • test_run_with_ai_instructions_in_local_dev() - Confirms warnings in dev environment
  • test_run_without_ai_instructions_errors() - Ensures clean plugins pass

Test Data:

• tests/phpunit/testdata/plugins/test-plugin-ai-instructions-errors/ - Plugin with AI files
• tests/phpunit/testdata/plugins/test-plugin-ai-instructions-without-errors/ - Clean plugin

Examples

Plugin with AI Instructions (detected):

my-plugin/
├── .cursor/
│   └── rules.md
├── .github/
│   └── workflows/
│       └── test.yml
├── DEVELOPMENT.md
├── load.php
└── readme.txt

Detection results:

• ⚠️ AI instruction directory ".cursor" detected
• ⚠️ GitHub workflow directory ".github" detected
• ⚠️ Unexpected markdown file "DEVELOPMENT.md" detected

Clean Plugin (passes):

my-plugin/
├── README.md
├── CONTRIBUTING.md
├── LICENSE
├── load.php
└── readme.txt

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: davidperezgar <davidperez@git.wordpress.org>
Co-authored-by: ernilambar <nilambar@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[ernilambar]

Suggested change

	$allowed_root_md_files = array( 'README.md', 'readme.txt', 'LICENSE', 'LICENSE.md', 'CHANGELOG.md', 'CONTRIBUTING.md' );
	$allowed_root_md_files = array( 'README.md', 'readme.txt', 'LICENSE', 'LICENSE.md', 'CHANGELOG.md', 'CONTRIBUTING.md', 'SECURITY.md' );

[ernilambar]

Why non-MD files included here in the array?

[ernilambar]

Lets avoid list of files here in the message as this list would changing timely.