Unify site provisioning + capability detection into one per-site source

[jkmassel]

Description

Refactors getting-a-site-ready into a single source of truth: one per-site, single-flight pipeline that provisions application-password credentials, recovers the REST root, recovers the XML-RPC endpoint, and detects editor capabilities. This is PR 1 of #22942.

ℹ️ #22943 (the release/26.8 → trunk backmerge that brought #22926's fix) has landed, so this is now based on trunk directly. The core REST fix is already in trunk; this PR's diff is the new architecture plus the removal of #22926's interim coordination layer (CredentialsChangedNotifier).

Provisioning used to be spread across the connectivity banner, the editor preloader, and the application-password card — each triggering its slice of the work, racing the others (a process-global CredentialsChangedNotifier + a getSelectedSite() re-read tried to referee), and mutating its own SiteModel. Two structural problems get fixed:

1. The first-login race — the capability probe could run before the credential was minted. Now auth is awaited first, and the probe is a downstream stage, so the race is impossible, not mitigated.
2. Stale-model writes (Recovered wpApiRestUrl doesn't survive across launches on Atomic sites #22905) — flows held a SiteModel, mutated a field, and wrote the whole row back, clobbering concurrent changes. Now no model is held across stages.

SiteProvisioningSource

A @Singleton exposing a per-site StateFlow<SiteReadiness>; single-flight per SiteModel.id (which also subsumes the card's old 409-safety guard — two concurrent mints destroy the winner's creds). Each stage takes a siteLocalId, reads the SiteModel fresh via getSiteByLocalId, and writes back only the column it changed:

ensureAuth(id)                       -> SiteAuthState        (validate / mint; persists creds)
  +- if Provisioned, in parallel:
       |- recoverRestUrl(id) -> detectCapabilities(id)      -> SiteReadiness   (persistApiRootUrl)
       +- recoverXmlRpc(id)                                  (self-hosted)     (persistXmlRpcUrl)

The REST-capability chain and XML-RPC recovery are independent post-auth probes, so they run in parallel — and because each reads fresh and writes only its own column, the two branches can't clobber each other. (detectCapabilities itself still fans out into the route ∥ theme probes.)

Entry points: stateFor (reactive), await (one-shot, preloader), invalidate (PTR / retry), clear (sign-out).

Consumers render slices of one state

SiteReadiness	Connectivity banner	Application-password card	Preloader
NeedsAuth(Provisioning)	hidden	hidden	wait
NeedsAuth(Unprovisionable)	hidden	auth prompt	wait
Unreachable	show	hidden¹	proceed
Ready	hidden	hidden¹	use caps

¹ a true self-hosted site whose XML-RPC endpoint the pipeline couldn't recover still gets the XML-RPC-disabled card — the card now just reads the (pipeline-recovered) xmlRpcUrl fresh.

• ApplicationPasswordViewModelSlice is now a pure renderer — validate/mint and XML-RPC rediscovery moved into the pipeline; its dependency list drops to four.
• Removes CredentialsChangedNotifier + its wiring (the event bus and getSelectedSite() staleness race, Unify editor capability detection into a single per-site state #22942's defect Implementing WordPress.com Notifications Activities #2).
• Banner / preloader subscribe to / await the source. Sign-out calls source.clear().

FluxC

Adds SiteSqlUtils.updateXmlRpcUrl(localId, url) — a one-column targeted write mirroring the existing updateWpApiRestUrl (the #22905 pattern) — and a SiteXmlRpcUrlRecoverer mirroring SiteApiRestUrlRecoverer.

Out of scope (follow-up)

• Richer terminal-vs-transient mint semantics and the Allow headless application-password creation on Atomic sites #22884 private-host card.

A RELEASE-NOTES.txt entry (26.9) notes the reliability rework.

Testing instructions

Unit tests:

• ./gradlew :WordPress:testJetpackDebugUnitTest + :libs:fluxc:testDebugUnitTest across SiteProvisioningSourceTest, SiteXmlRpcUrlRecovererTest, SiteSqlUtilsTest, ApplicationPasswordViewModelSliceTest, SiteConnectivityBannerViewModelSliceTest, GutenbergEditorPreloaderTest, ApplicationPasswordLoginHelperTest.

Private Atomic site (first login — the banner race):

1. Sign out, sign into a WP.com account with a private Atomic site that has an application password.
2. Open My Site, let it settle — do not pull to refresh.

• The "Unable to connect to your site" banner does not flash; capabilities settle on their own.

3. Pull to refresh; create a new post.

• No banner; the editor opens correctly.

Application-password card (the mint move):

1. A self-hosted site that supports application passwords but has none stored.

• The "authenticate" card appears; tapping it starts the authorization flow.

2. A site whose stored application password was revoked server-side.

• The re-authentication card appears.

3. A self-hosted site with XML-RPC genuinely disabled.

• The XML-RPC disabled card appears (and stays hidden where XML-RPC is reachable — the pipeline recovers it).

Regression checks:

1. Public Atomic site, then a WP.com Simple site — open My Site, pull to refresh.

• No banner; capability detection still completes.

Sign-out:

1. Sign out, then sign back in.

• No crash; provisioning + detection run fresh.

[dangermattic]

	1 Warning
⚠️	This PR is larger than 300 lines of changes. Please consider splitting it into smaller PRs for easier and faster reviews.

	1 Message
📖	This PR is still a Draft: some checks will be skipped.

Generated by 🚫 Danger

[wpmobilebot]

📲 You can test the changes from this Pull Request in WordPress Android by scanning the QR code below to install the corresponding build.

	App Name	WordPress Android
	Build Type	Debug
	Version	pr22944-26b93d5
	Build Number	1493
	Application ID	org.wordpress.android.prealpha
	Commit	26b93d5
	Installation URL	0gn9ngqc5ctug

Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

[wpmobilebot]

📲 You can test the changes from this Pull Request in Jetpack Android by scanning the QR code below to install the corresponding build.

	App Name	Jetpack Android
	Build Type	Debug
	Version	pr22944-26b93d5
	Build Number	1493
	Application ID	com.jetpack.android.prealpha
	Commit	26b93d5
	Installation URL	6okk6il2dv0po

Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

[codecov]

Codecov Report

❌ Patch coverage is 82.60870% with 28 lines in your changes missing coverage. Please review.
✅ Project coverage is 37.36%. Comparing base (d973e15) to head (26b93d5).

Files with missing lines	Patch %	Lines
...ess/android/repositories/SiteProvisioningSource.kt	87.35%	0 Missing and 11 partials ⚠️
...ationpassword/ApplicationPasswordViewModelSlice.kt	54.54%	3 Missing and 7 partials ⚠️
.../main/java/org/wordpress/android/AppInitializer.kt	0.00%	2 Missing ⚠️
...nnectivity/SiteConnectivityBannerViewModelSlice.kt	80.00%	0 Missing and 2 partials ⚠️
...press/android/ui/posts/GutenbergEditorPreloader.kt	71.42%	1 Missing and 1 partial ⚠️
...s/android/repositories/EditorSettingsRepository.kt	0.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##            trunk   #22944      +/-   ##
==========================================
+ Coverage   37.33%   37.36%   +0.03%     
==========================================
  Files        2321     2322       +1     
  Lines      124757   124814      +57     
  Branches    16961    16982      +21     
==========================================
+ Hits        46576    46638      +62     
+ Misses      74417    74403      -14     
- Partials     3764     3773       +9     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[wpmobilebot]

🤖 Build Failure Analysis

This build has failures. Claude has analyzed them - check the build annotations for details.