ADR-001 Phase 3.5 PR-5 — Disable tenant-side Gateway_Manager in sovereign mode
For #1250. Cross-repo parent: Ultimate-Multisite/ultimate-multisite-multi-tenancy#43. Sibling: PR-4 (Checkout disable — same reasoning).
Goal
Since checkout runs on the main site (PR-4), gateway return URLs and payment-status polling also land on the main site. The tenant-side Gateway_Manager::process_gateway_confirmations and ajax_check_payment_status should not fire in sovereign tenants.
File
inc/managers/class-gateway-manager.php.
Changes
| Method:line |
Action |
process_gateway_confirmations() :105 |
Early-return when defined( 'WU_MT_SOVEREIGN_TENANT' ). Hook still registers but does nothing. |
ajax_check_payment_status() :122 |
Same. |
maybe_process_webhooks() :111 |
No change — already is_main_site()-gated per audit §1 row 25. Verify the gate still applies. |
Reference pattern
public function process_gateway_confirmations() {
if ( defined( 'WU_MT_SOVEREIGN_TENANT' ) && WU_MT_SOVEREIGN_TENANT ) {
return;
}
// ...existing body...
}Verification
- Non-sovereign tenant: gateway confirmations and payment-status AJAX behave exactly as before.
- Sovereign tenant:
template_redirect priority -99999 hook fires but process_gateway_confirmations returns immediately. Confirm via WP_DEBUG log that no wu_payments read happens in sovereign context.
- Main site: gateway return URLs (e.g. Stripe
/?wu-stripe-confirmation=...) work unchanged — they land on the main site, which is non-sovereign, so the disable doesn't apply.
- Webhook handler: confirm
maybe_process_webhooks still fires correctly on the main site for inbound webhook URLs.
Branch
dev-main integration branch.
LOC estimate
~10 lines (2 guards).
Tier
tier:1 — trivial.
aidevops.sh v3.17.27 plugin for OpenCode v1.15.7 with claude-haiku-4-5 spent 5h 48m and 38 tokens on this as a headless worker.
ADR-001 Phase 3.5 PR-5 — Disable tenant-side
Gateway_Managerin sovereign modeFor #1250. Cross-repo parent: Ultimate-Multisite/ultimate-multisite-multi-tenancy#43. Sibling: PR-4 (Checkout disable — same reasoning).
Goal
Since checkout runs on the main site (PR-4), gateway return URLs and payment-status polling also land on the main site. The tenant-side
Gateway_Manager::process_gateway_confirmationsandajax_check_payment_statusshould not fire in sovereign tenants.File
inc/managers/class-gateway-manager.php.Changes
process_gateway_confirmations():105defined( 'WU_MT_SOVEREIGN_TENANT' ). Hook still registers but does nothing.ajax_check_payment_status():122maybe_process_webhooks():111is_main_site()-gated per audit §1 row 25. Verify the gate still applies.Reference pattern
Verification
template_redirectpriority -99999 hook fires butprocess_gateway_confirmationsreturns immediately. Confirm via WP_DEBUG log that nowu_paymentsread happens in sovereign context./?wu-stripe-confirmation=...) work unchanged — they land on the main site, which is non-sovereign, so the disable doesn't apply.maybe_process_webhooksstill fires correctly on the main site for inbound webhook URLs.Branch
dev-mainintegration branch.LOC estimate
~10 lines (2 guards).
Tier
tier:1 — trivial.
aidevops.sh v3.17.27 plugin for OpenCode v1.15.7 with claude-haiku-4-5 spent 5h 48m and 38 tokens on this as a headless worker.