Connectors: Sanitize provider IDs with hyphens in _wp_connectors_init().

[soderlind]

Patch for #64861: _wp_connectors_init() should sanitize provider IDs

Problem

_wp_connectors_init() passes AI Client provider IDs directly to WP_Connector_Registry::register(), which validates IDs against /^[a-z0-9_]+$/. Third-party providers using hyphens in their ID (e.g. azure-openai) are silently rejected with a _doing_it_wrong notice, causing them to be missing from the connector registry even though they work correctly at the AiClient level.

Approach

Option 1 from the ticket: sanitize hyphens → underscores before passing to the registry, while preserving the original provider ID for AiClient lookups.

Changes

class-wp-connector-registry.php

• register() now accepts and stores an optional provider_id field in connector data, allowing callers to preserve the original AI Client provider ID when it differs from the sanitized connector ID.
• Updated @phpstan-type Connector and $args docblock accordingly.

connectors.php

• In _wp_connectors_init(): the loop variable from getRegisteredProviderIds() is now $provider_id. A sanitized $connector_id = str_replace( '-', '_', $provider_id ) is used as the registry key. getProviderClassName() continues to receive the original $provider_id since the AiClient registry stores providers under their original key. Both existing defaults and new providers store 'provider_id' => $provider_id in the connector data.
• Four downstream functions that iterate over registered connectors and call back into the AiClient API now extract $provider_id = $connector_data['provider_id'] ?? $connector_id and use it for all AiClient calls:
  • _wp_connectors_rest_settings_dispatch() — key validation via _wp_connectors_is_ai_api_key_valid()
  • _wp_register_default_connector_settings() — hasProvider() check
  • _wp_connectors_pass_default_keys_to_ai_client() — hasProvider(), _wp_connectors_get_api_key_source(), setProviderRequestAuthentication()
  • _wp_connectors_get_connector_script_module_data() — hasProvider(), isProviderConfigured(), _wp_connectors_get_api_key_source()
• Updated return-type docblocks for wp_get_connector() and wp_get_connectors() to document the optional provider_id field.

wpConnectorRegistry.php

Four new tests:

• test_register_stores_provider_id — provider_id is preserved in returned connector data
• test_register_omits_provider_id_when_not_provided — no provider_id key when absent from args
• test_register_omits_provider_id_when_empty — no provider_id key when empty string
• test_get_registered_includes_provider_id — provider_id round-trips through get_registered()

Impact

• The three built-in providers (anthropic, google, openai) have no hyphens and are unaffected.
• Third-party providers with hyphenated IDs will now be registered under the underscore variant (e.g. azure-openai → azure_openai) and appear correctly in Settings → Connectors.
• The provider_id field falls back to the connector ID via ??, so existing code consuming connector data is unaffected.

Trac ticket: https://core.trac.wordpress.org/ticket/64861

Use of AI Tools

GitHub Copilot + Opus 4.6 used to review the patch

---

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props pers, jeffpaul.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[github-actions]

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

• All changes will be lost when closing a tab with a Playground instance.
• All changes will be lost when refreshing the page.
• A fresh instance is created each time the link below is clicked.
• Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
  it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

[jeffpaul]

@felixarntz @JasonTheAdams @justlevine ^^^