Add a lockout-state scenario blueprint

[dknauss]

Type: test scenario (WordPress Playground blueprint) · Good for newcomers

Goal

Add a Playground blueprint that stages the rate-limit lockout state so reviewers can see the challenge page load already locked-out (with its countdown) without manually failing the form five times.

Why this is a good first issue

No production or security-sensitive code — it's a demo blueprint (JSON) plus a docs checklist. There's a working template to copy and the state is plain user meta.

Scope

• Add blueprint-lockout.json, modeled on blueprint-recovery-mode.json / blueprint-user-switching.json (derive from blueprint-main.json so the demo seed stays intact).
• Add a runPHP step that puts the admin user into lockout via user meta (constants in includes/class-sudo-session.php):
  • _wp_sudo_failed_attempts (LOCKOUT_META_KEY) = 5
  • _wp_sudo_lockout_until (LOCKOUT_UNTIL_META_KEY) = time() + 300 (LOCKOUT_DURATION)
• Land on the challenge page so the locked-out countdown UI is visible.
• Add a ### 6c checklist to docs/ui-ux-testing-prompts.md (mirror the §6a/§6b format).

Files to touch

• blueprint-lockout.json (new), docs/ui-ux-testing-prompts.md

Files NOT to touch

• Anything in includes/ (no production code), and the other blueprint-*.json files.

Acceptance criteria

• Blueprint is valid JSON and conforms to the Playground schema.
• Loading it lands on the challenge page showing the lockout countdown.
• The demo-seed runPHP step is unchanged (byte-identical to blueprint-main.json).
• ### 6c checklist added.

Pointers

CONTRIBUTING.md; existing scenario blueprints; docs/ui-ux-testing-prompts.md §6. A JSON blueprint is not docs-only, so it needs reviewer-agent approval before commit (see CLAUDE.md).