IDC: revalidate IDC error

[bindlegirl]

Fixes CONNECT-124

Proposed changes:

Other information:

• Have you written new tests for your changes, if applicable?
• Have you checked the E2E test CI results, and verified that your changes do not break them?
• Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

Does this pull request change what data or activity we track or use?

Testing instructions:

• Go to '..'

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack or WordPress.com Site Helper), and enable the add/idc-revalidate branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack add/idc-revalidate

bin/jetpack-downloader test jetpack-mu-wpcom-plugin add/idc-revalidate

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  
• 🔴 Add a "[Type]" label (Bug, Enhancement, Janitorial, Task).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

---

Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

• WordPress.com Simple releases happen as soon as you deploy your changes after merging this PR (PCYsg-Jjm-p2).
• WoA releases happen weekly.
• Releases to self-hosted sites happen monthly:
  • Scheduled release: January 6, 2026

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Backup plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Boost plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Search plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Social plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Starter Plugin plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Protect plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Videopress plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Mu Wpcom plugin:

• Next scheduled release: WordPress.com Simple releases happen semi-continuously (PCYsg-Jjm-p2)

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Inspect plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Wpcomsh plugin:

• Next scheduled release: Atomic deploys happen twice daily on weekdays (p9o2xV-2EN-p2)

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Automattic For agencies client plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Paypal Payment buttons plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Wpcloud Sso plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[jp-launch-control]

Code Coverage Summary

Coverage changed in 1 file.

File	Coverage	Δ%	Δ Uncovered
projects/packages/connection/src/identity-crisis/class-identity-crisis.php	213/331 (64.35%)	0.11%	15 💔

Full summary · PHP report · JS report

_{If appropriate, add one of these labels to override the failing coverage check: Covered by non-unit tests Use to ignore the Code coverage requirement check when E2Es or other non-unit tests cover the code Coverage tests to be added later Use to ignore the Code coverage requirement check when tests will be added in a follow-up PR I don't care about code coverage for this PR Use this label to ignore the check for insufficient code coveage.}

[Copilot]

Pull request overview

This PR adds IDC (Identity Crisis) revalidation functionality to the Jetpack Connection package. When an IDC is detected, the system will now periodically validate with WordPress.com to check if the issue has been resolved, using progressive backoff delays (1 hour initially, doubling each time, up to 30 days maximum).

Key Changes

• Introduces progressive validation timing for IDC with exponential backoff (1h → 2h → 4h → ... → 30 days max)
• Adds remote validation via API calls to WordPress.com to check if detected IDC still exists
• Ensures backward compatibility by adding timing fields to existing IDC options

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
projects/packages/connection/src/identity-crisis/class-identity-crisis.php	Core implementation: adds constants, validation timing logic, remote API validation, and backward-compatible timing fields to IDC options
projects/packages/connection/tests/php/identity-crisis/Identity_Crisis_Test.php	Test coverage for new validation logic including timing validation, backward compatibility, and error handling scenarios
projects/packages/connection/changelog/add-idc-revalidate	Changelog entry for the connection package
projects/plugins/jetpack/changelog/add-idc-revalidate	Changelog entry for Jetpack plugin (uses "enhancement" type)
projects/plugins/*/changelog/add-idc-revalidate	Changelog entries for other affected plugins (backup, boost, inspect, mu-wpcom-plugin, paypal-payment-buttons, protect, search, social, starter-plugin, videopress, wpcloud-sso, wpcomsh)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Missing array key validation. The method assumes $sync_error['next_check_delay'] and $sync_error['last_checked'] exist but doesn't validate this. If these keys are missing, it will cause PHP warnings or errors. Add checks with isset() or use the null coalescing operator before accessing these array keys.

Suggested change

	if ( $sync_error['next_check_delay'] >= self::IDC_VALIDATION_MAX_DELAY ) {
	return false;
	}
	// Check if enough time has passed since the last check.
	$time_since_last_check = time() - $sync_error['last_checked'];
	return $time_since_last_check >= $sync_error['next_check_delay'];
	if ( ( $sync_error['next_check_delay'] ?? 0 ) >= self::IDC_VALIDATION_MAX_DELAY ) {
	return false;
	}
	// Check if enough time has passed since the last check.
	$time_since_last_check = time() - ( $sync_error['last_checked'] ?? 0 );
	return $time_since_last_check >= ( $sync_error['next_check_delay'] ?? 0 );

[Copilot]

Missing array key validation. The method assumes $sync_error['next_check_delay'] exists at line 532 but doesn't validate this. While the caller validate_sync_error_idc_option() adds these fields, the method is public and could be called from elsewhere. Add validation with isset() or document that this parameter must contain these keys.

[Copilot]

The condition checks if idc_detected is an array, but doesn't verify that it's non-empty. An empty array would pass this check and proceed to call get_sync_error_idc_option() with an empty array, which might not be the intended behavior. Consider adding a check for a non-empty array: isset( $body['idc_detected'] ) && is_array( $body['idc_detected'] ) && ! empty( $body['idc_detected'] )

Suggested change

	if ( isset( $body['idc_detected'] ) && is_array( $body['idc_detected'] ) ) {
	if ( isset( $body['idc_detected'] ) && is_array( $body['idc_detected'] ) && ! empty( $body['idc_detected'] ) ) {

[Copilot]

Missing test coverage for the successful IDC clearing case. There should be a test that mocks a successful 200 response without idc_detected in the body to verify that validate_idc_from_remote() returns true and clears the IDC option. This would complete test coverage for all branches of the method.

[Copilot]

Missing test coverage for the case where idc_detected is present in the response body and the IDC option is refreshed with updated timing fields. This would verify that the exponential backoff logic works correctly and that the IDC option is updated rather than cleared.

[Copilot]

Missing JSON decoding error handling. The json_decode() call should check for JSON errors using json_last_error() to distinguish between malformed JSON and valid JSON that decodes to something other than an array. Currently, both cases are treated the same way, which could mask legitimate JSON decoding errors in debugging.

Suggested change

	if ( ! is_array( $body ) ) {
	// Malformed response - do nothing.
	if ( json_last_error() !== JSON_ERROR_NONE ) {
	// Malformed JSON response - do nothing.
	return false;
	}
	if ( ! is_array( $body ) ) {
	// Valid JSON, but not an array - unexpected response structure.