Plugin Conflicts Guardian: batch the probe across all selected plugins

[arthur791004]

Summary

Follow-up to #48261 addressing #48261 (comment): bulk plugin activation no longer scales N round-trips with the number of plugins.

PCG_Load_Tester::test() now takes the full list of plugin main files, stashes them in a single transient, and the probe endpoint require_onces each plugin in order under one WP_SANDBOX_SCRAPING request. Probe cost is constant in N (still one front-end + one admin request, fired in parallel via Requests::request_multiple()).

As a side effect this also catches conflicts that only fire when two plugins load together (duplicate class, shared global, etc.) — which the per-plugin probe model could never see, and which the feature's name implies it should.

Attribution on a fatal

When the batched probe captures a fatal/throwable, the guard maps it back to one plugin in the batch using (in order):

1. The explicit plugin field set on the verdict when a Throwable is caught around the require_once.
2. An exact path match of the captured file against a plugin's main file (covers flat-file plugins like hello.php).
3. A directory-prefix match of file against each plugin's own subdirectory under WP_PLUGIN_DIR (excluding flat-file plugins so they can't false-match siblings).

The whole batch is blocked as a unit; the admin notice names the offending plugin so the admin can retry without it. If attribution can't resolve cleanly (fatal in shared/vendor code), the first plugin in the batch is named — the batch is blocked anyway.

Testing instructions

1. Filter pcg_guard_activation to true.
2. Single Activate on a plugin that fatals during init: same as before — redirected back with the named plugin and captured fatal.
3. Bulk-activate (Activate-selected) two or more plugins, one of which fatals: expect one round-trip's worth of latency (no longer N×); notice names the offending plugin.
4. Two plugins that each load fine alone but conflict together (e.g. both declare the same top-level class): expect the batch to be blocked, attributing to whichever plugin loaded second (its require_once is when the duplicate-class fatal fires).
5. Filter to false — both gates bypassed, behavior unchanged.

Does this pull request change what data or activity we track or use?

No. Same loopback-only probe shape as #48261; only the request count changes (one pair regardless of batch size).

🤖 Generated with Claude Code

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (WordPress.com Site Helper), and enable the add/pcg-batch-probes branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack-mu-wpcom-plugin add/pcg-batch-probes

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

[jp-launch-control]

Code Coverage Summary

Coverage changed in 4 files.

File	Coverage	Δ%	Δ Uncovered
projects/packages/jetpack-mu-wpcom/src/features/plugin-conflicts-guardian/class-pcg-load-tester.php	16/138 (11.59%)	6.79%	23 💔
projects/packages/jetpack-mu-wpcom/src/features/plugin-conflicts-guardian/activation-guard.php	40/126 (31.75%)	5.90%	20 💔
projects/packages/jetpack-mu-wpcom/src/features/plugin-conflicts-guardian/probe-endpoint.php	0/80 (0.00%)	0.00%	13 💔
projects/packages/jetpack-mu-wpcom/src/features/plugin-conflicts-guardian/update-healthcheck.php	19/128 (14.84%)	-0.12%	1 ❤️‍🩹

Full summary · PHP report

_{Coverage check overridden by Coverage tests to be added later Use to ignore the Code coverage requirement check when tests will be added in a follow-up PR .}

[taipeicoder]

@arthur791004 can we rebase this PR after merging #48292?

[taipeicoder]

Let's also check for is_readable() following pcg_maybe_handle_probe()

Suggested change

	static fn( $p ) => '' !== $p && is_file( $p )
	static fn( $p ) => '' !== $p && is_file( $p ) && is_readable( $p )

[arthur791004]

Done in 39711d8 — added is_readable($p) to the up-front filter.

[taipeicoder]

In cases where the $result payload doesn't contain plugin or file (for instance, https://github.com/Automattic/jetpack/pull/48402/changes#diff-babcd1ba3a7b2e3b238816b14f26e591dfd6bfed2dcb3578bb05b6b0ceb4eacaR190-R195), then returning the first plugin might lead to wrong attribution. The batch would still be blocked, but the notice might point to an incorrect plugin.

Maybe we can have a batch-level attribution, something like "One of these plugins caused a fatal error during the pre-flight check: A, B, C. Investigate before trying again.".

[arthur791004]

Done in 59f6cc9 — pcg_guard_get_blocked_plugin returns '' when attribution can't be pinned; caller emits a batch-level notice line: "One of these plugins caused a fatal during the pre-flight check: A, B, C. Reason: …". Renderer drops the <code>plugin</code> prefix when the key is empty.

[taipeicoder]

Bailing on the first bad plugin aborts the entire batch. This can cause a false negative where PCG_Load_Tester::test() returns error, which is ignored by pcg_guard_evaluate_plugins() since it's not fatal/throwable. That means that if a later plugin in the batch causes a fatal error, it wouldn't be blocked. I think we can bail when none of the plugins are readable.

[arthur791004]

Fixed in 16232b1. Endpoint now filters unreadable entries out and continues with the readable subset; only bails 404 when nothing remains. A transient unreadable file no longer masks a fatal in a sibling.

[taipeicoder]

Left some minor feedback. Good to go 👍

[taipeicoder]

This message needs to be updated. Perhaps number-agnostic would be better? Something like "No plugins were activated to prevent a site crash. Investigate the error before trying again."

[arthur791004]

Done in 1ecfcc5

[taipeicoder]

It'd be better to use wp_sprintf_l( '%l', array_keys( $paths ) ) for locale-aware separators.

[arthur791004]

TIL

[taipeicoder]

With batch activation, a PROBE_TIMEOUT of 15 seconds might not be enough. I'm not sure if scaling it with the number of plugins is a good idea. For now, let's add logging to see how often this happens? Properties that we should include in the log: mode, and plugin base names.

[arthur791004]

Done by d4c7cc9.

[StefMattana]

Hey @arthur791004! Just checking this PR and related #48553
Are they going to be shippped via Jetpack standalone or is WP.com-only? I'd like to confirming the scope before creating a doc-related Linear issue for Jetpack. Thanks!