=== ActivityPilot ===
Contributors: piyushmultidots
Tags: activity log, audit log, security, timeline, monitoring
Requires at least: 7.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Track, visualize, and analyze admin and user activity in a timeline UI with break detection, workflows, REST API, and exportable audit logs.

== Description ==

ActivityPilot is an activity log and audit-trail plugin for developers, agencies, and security-conscious site owners. Meaningful changes on your site — logins, content edits, plugin and theme operations, role changes, high-impact options, integrations, and more — are stored in a dedicated database table and shown in a modern admin timeline.

= Privacy defaults =

* External-service features are **opt-in**.
* Geolocation (`ip-api.com`) is **disabled by default** (`enable_geo = 0`).
* Outbound webhooks (Slack/Discord/Teams/custom URL) are **disabled by default** until you enable them and provide destination URLs.
* The plugin does not send data to third-party services unless you explicitly enable and configure those features.

= Why use this plugin? =

* **Custom tables** — logs live in `{prefix}apwpm_activity_logs` (not post meta) with indexes for fast queries.
* **Modern admin UI** — dashboard, timeline, filters, search, pagination, exports, dark mode, and keyboard shortcuts.
* **Security-first** — capability checks, REST nonces, prepared SQL, output escaping, and optional sudo mode for destructive actions.
* **Break detection** — spots error spikes and surfaces recent risky changes.
* **Extensible** — REST API (`activitypilot/v1`), hooks, custom event registry, and PSR-3 adapter.

= Core features =

* Activity logging for logins, posts, plugins, themes, users, roles, and important site options
* Timeline view with avatars, severity colors, and structured context
* Filters by user, action, object type, severity, date range, status, assignee, and search
* CSV and JSON exports; daily retention pruning via cron
* Email alerts when break detection finds unusual error activity
* Workflow: acknowledge, resolve, snooze, assign, and comment on events
* Smart insights: bursts, off-hours access, role escalation, and statistical spikes
* Optional rollback for supported change types (sudo-gated)
* Analytics heatmap, hour-of-day chart, and top users
* Scheduled HTML digest reports (daily, weekly, monthly)
* Multisite support with per-site tagging and network overview
* Hash-chain integrity verification (optional)
* File integrity monitoring, IP throttle, PII redaction, GDPR export/erase helpers
* Integrations: WooCommerce, ACF, popular form builders, SEO plugins, page builders
* Optional outbound webhooks (Slack, Discord, Microsoft Teams, generic URL)
* WP-CLI: `wp apwpm list|count|verify|prune|purge|export|digest|scan-files`

= For developers =

Log custom events from your code:

`APWPM_Logger::log( array( 'action_type' => 'my_event', 'description' => 'Something happened' ) );`

Filter hooks include `apwpm_skip_log`, `apwpm_pre_insert_row`, and `apwpm_register_event_types`. The shorter `ap_*` hook names from earlier builds are still fired for backward compatibility.

== Installation ==

1. Upload the `activitypilot` folder to `/wp-content/plugins/`.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Open **Activity Timeline** in the admin menu.
4. Review **Settings** to choose what to track, retention, alerts, and optional features.

On multisite, network-activate for a shared log table under the network prefix.

== Frequently Asked Questions ==

= Will this slow down my site? =

Writes go to an indexed custom table. Heavy hooks are limited to admin and logged-in contexts where possible. Optional async batching groups writes at shutdown.

= Where are logs stored? =

In `{prefix}apwpm_activity_logs`, with optional companion tables `{prefix}apwpm_comments` and `{prefix}apwpm_views`. Data is not stored in `wp_postmeta`.

= Can I export or delete logs? =

Yes. Export from the admin UI or REST API. Prune by age via settings, cron, or `wp apwpm prune`. Full purge requires confirmation and sudo mode when enabled.

= Does it work on multisite? =

Yes. Events are tagged with `blog_id`, and network admins get a network overview.

= Can I extend what gets logged? =

Yes. Call `APWPM_Logger::log()` or register types on `apwpm_register_event_types`. Use `apwpm_skip_log` to skip events and `apwpm_pre_insert_row` to adjust rows before insert.

= Is the log tamper-proof? =

When hash-chain mode is enabled, each row includes an HMAC chain. Run integrity checks from Site Health or `wp apwpm verify`. Append-only mode can block deletions for compliance use cases.

== Screenshots ==

1. Dashboard with activity chart, top actions, and KPI tiles.
2. Timeline with filters, search, severity badges, and pagination.
3. Settings for tracking toggles, retention, break detection, and integrations.
4. Analytics heatmap and hour-of-day charts.
5. Workflow panel with status, assignee, and comments.

== External services ==

This plugin can connect to third-party services **only when you enable the related feature** and, for webhooks, when you provide URLs.

= IP geolocation (optional) =

When **Enable geolocation** is on, the plugin may send the visitor IP address to [ip-api.com](http://ip-api.com/) to resolve country and city. No API key is required. Results are cached in WordPress transients (about 24 hours). See the [ip-api privacy policy](https://ip-api.com/docs/legal) for their terms.

* Data sent: IP address (in the request URL).
* When: On log insert for events that include an IP, if geo is enabled and not already set.
* Purpose: Display country/city on timeline rows and detect logins from new countries.

= Outbound webhooks (optional) =

When webhooks are enabled and URLs are saved in settings, the plugin sends HTTP POST requests to **your** endpoints (for example Slack, Discord, Microsoft Teams, or a custom URL) when qualifying events occur.

* Data sent: Event title, description, severity, site name, and related metadata you configure to receive.
* When: After an event is logged that meets your minimum severity threshold.
* Purpose: Notify external chat or monitoring systems.
* Services/endpoints: Slack, Discord, Microsoft Teams, or any custom HTTPS endpoint that you explicitly configure.
* Terms/privacy (when using those services):  
  Slack: https://slack.com/terms-of-service , https://slack.com/privacy-policy  
  Discord: https://discord.com/terms , https://discord.com/privacy  
  Microsoft Teams (Microsoft): https://www.microsoft.com/servicesagreement , https://privacy.microsoft.com/privacystatement

Webhook delivery is fully optional and disabled by default. No webhook requests are sent until you enable webhooks and provide at least one destination URL.

The plugin does not include bundled third-party API keys. Geolocation and webhooks are optional and disabled by default until configured by a site administrator.

== Changelog ==

= 1.0.0 =
* Initial WordPress.org release.
* Activity timeline with dashboard, filters, search, exports, and REST API (`activitypilot/v1`).
* Break detection, smart insights, workflow (status, assignee, comments), and optional rollback.
* Analytics, reports, multisite support, hash-chain integrity, and Site Health checks.
* Integrations, optional webhooks, geolocation, GDPR tools, file integrity monitoring, and WP-CLI commands.
* Requires WordPress 7.0+ and PHP 7.4+.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
