=== AudiScale Connector ===
Contributors: platinumwp
Tags: seo, meta description, redirects, schema, open graph
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 5.1.1
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Server-side companion for AudiScale: SEO <head> tags, redirects, and an enumerated catalog of operations over an HMAC-signed channel.

== Description ==

AudiScale Connector is the companion component for the hosted AudiScale service (https://audiscale.com). It unlocks the SEO actions that WordPress core and the standard REST API do not allow — most notably printing a `<meta name="description">` tag in the `<head>` without forcing you to install another SEO plugin.

= Service disclosure (SaaS) =

This plugin communicates with the third-party AudiScale service. **No data is
sent until you have explicitly paired** your site from your AudiScale dashboard.
Once paired, AudiScale can remotely apply a **fixed catalog of operations**
(listed below), each of which is:

* signed with HMAC-SHA256 using a per-site secret (rotatable and revocable);
* subject to a WordPress capability check (`manage_options`);
* logged (who, what, when, before/after value);
* reversible where possible (draft/revision, dry-run).

The plugin **never executes arbitrary code**: there is no code-evaluation
endpoint and no remote code download. "Almost everything" means an enumerated,
hand-coded, audited catalog.

* Terms of service: https://audiscale.com/en/terms
* Privacy policy: https://audiscale.com/en/privacy

= Operation catalog =

* SEO / `<head>`: meta description, SEO title, canonical, robots, Open Graph, Twitter cards
* Redirects: create / update / delete (301, 302, 410)
* Structured data: per-content JSON-LD
* Content & media: field updates (via revision), draft creation, alternative text
* Site (read-only): robots.txt, public settings, content inventory
* Connector: status, pairing, audit log

The plugin detects Yoast, Rank Math and SEOPress and **stands down**
automatically if one of them already manages the `<head>`, to avoid duplicate
tags.

== Installation ==

1. Install and activate the plugin (from wordpress.org or by uploading the ZIP).
2. From your AudiScale dashboard, start pairing: AudiScale calls `POST /wp-json/audiscale/v1/pair` with a secret generated on the AudiScale side.
3. That's it — subsequent operations are signed with that secret.

To revoke access at any time: "Settings → AudiScale → Disconnect", or disconnect
the site from AudiScale.

== Frequently Asked Questions ==

= Does the plugin send data without my consent? =

No. No communication happens until the site is paired, and pairing requires an
administrator (`manage_options`).

= What happens if I already have an SEO plugin? =

AudiScale Connector detects Yoast / Rank Math / SEOPress and prints nothing in
the `<head>` to avoid duplicates.

= How do I revoke access? =

Unpairing erases the pairing secret: the command channel becomes inert
immediately.

== Changelog ==

= 5.1.1 =
* First public WordPress.org release: English readme and service disclosure,
  packaging hygiene, and internationalization (text domain loading).
* `plugins.update` now keeps the target plugin active after upgrading it (the
  WordPress upgrader deactivates during the file swap and does not restore it on a
  programmatic call).

= 5.0.0 =
* Actionable `security.*` operation family: hardenings applied at the PHP
  runtime, without touching wp-config and always reversible in a single call
  (file editor, REST user enumeration, XML-RPC + pingbacks, HTTP headers
  HSTS/nosniff/X-Frame-Options/Referrer-Policy, minor core auto-updates,
  version masking, `?author=N` scan blocking).
* Each op accepts `dryRun` (simulation without writing) and logs the before/after
  value for an undo via the inverse op. `security.state.get` exposes the current
  state. Disconnecting (`unpair`) resets all hardenings.
* `hsts` is set only if HTTPS is actually enforced (anti-lockout guard).

= 4.0.0 =
* New `security.audit` operation (read-only, `manage_options` capability):
  free hardening snapshot (versions, configuration flags, admin accounts, core
  integrity via wordpress.org checksums). No secret is returned.

= 3.0.0 =
* New plugin-management operations: `plugins.list` (read, `activate_plugins`
  capability) and `plugins.update` (live, irreversible update, `update_plugins`
  capability).

= 2.0.0 =
* `content.update_fields` op: URL targeting + `fields` object
  (title/excerpt/content), respecting `publishMode`.
* The body is written faithfully (no destructive filtering on our side,
  Gutenberg block delimiters preserved); `filtered` flag if the user lacks the
  `unfiltered_html` capability.
* `draft` mode for content: the proposal is queued and approved from the
  "AudiScale pending" screen.

= 1.1.0 =
* `draft` mode: proposed values are stored "pending" without changing the live
  render.
* Approval surface: "Pending AudiScale change" metabox on the edit screen + a
  central screen (Settings → AudiScale pending) to approve/reject (nonce +
  capability).
* `promote` operation to approve a field from AudiScale (consent equivalent to
  `direct`).

= 1.0.0 =
* Initial version: SEO `<head>` output, redirects, structured data, HMAC-signed
  operation catalog, audit log.

== Upgrade Notice ==

= 5.1.1 =
First public WordPress.org release.
