=== BoltAudit – AI Performance Audit Advisor for WordPress ===
Contributors: heymehedi, halalbrains
Tags: performance, audit, ai, optimization, site health
Requires at least: 6.0
Tested up to: 6.8
Stable tag: 0.2.0
Requires PHP: 7.4
License: GPL v3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html

BoltAudit helps you diagnose what is actually slowing down your WordPress site with plugin analytics, database diagnostics, and the new AI Audit root-cause workflow.

== Description ==

BoltAudit is built to answer one question clearly: why is this site slow?

Alongside local diagnostics, BoltAudit now includes **AI Audit** for deeper, evidence-backed investigation through your BoltAudit dashboard.

What BoltAudit covers:
- AI Audit root-cause analysis with prioritized actions
- Plugin audit (inactive, outdated, abandoned, and high-impact plugins)
- Plugin-level impact signals (hooks, cron behavior, queries, assets)
- Database health (autoload bloat, transients, table size and usage)
- Post details and orphaned metadata checks
- WooCommerce-focused performance visibility
- Environment snapshots (PHP/server configuration)


== Features ==

- Root-cause-first AI Audit workflow
- Bottleneck layer identification (frontend, backend, database, infrastructure)
- Evidence-backed findings and recommended fixes
- Prioritized action plan with expected impact
- Confidence-aware reporting when firewalls/security tools limit visibility
- Continue Audit mode for deeper follow-up investigation
- One-click connection from plugin to BoltAudit cloud dashboard
- Deep Scan permission control from inside WordPress
- Read-only diagnostics designed for safe production use

== Installation ==

1. Upload the `boltaudit` folder to `/wp-content/plugins/` or install via **Plugins → Add New**.
2. Activate **BoltAudit** through the **Plugins** menu in WordPress.
3. Open **Tools → BoltAudit**.
4. To use AI Audit, open the **AI Audit** tab and connect your site to your BoltAudit account.

== Frequently Asked Questions ==

= Does BoltAudit change or delete my data? =
No. BoltAudit is read-only and does not auto-delete plugins, posts, options, or tables.

= Does BoltAudit slow down my site? =
No. Audits run on demand and are designed to avoid front-end runtime impact.

= How does AI Audit work? =
Connect your site from the plugin's AI Audit tab, run an audit from the BoltAudit dashboard, and review the generated bottleneck analysis, findings, and top fixes.

= What is Deep Scan? =
Deep Scan is an explicit permission toggle that allows expanded diagnostics for richer AI Audit evidence.

= What if security/firewall tools block checks? =
BoltAudit flags blocked measurements, lowers confidence where appropriate, and provides guidance so you can re-check connectivity and rerun for a complete result.

= Will this work on large or complex WordPress sites? =
Yes. BoltAudit is built for real production stacks, including plugin-heavy and WooCommerce environments.

== Changelog ==

= 0.2.0 – 2026-05-08 =
* New: Public `/v2/manifest` REST endpoint exposing the plugin's capability list for dashboard discovery
* New: Local Audit summary redesigned as five detail-area previews (frontend, backend, database, infrastructure, environment)
* New: Backend layer collectors expanded to cover wave 1–4 data paths, giving AI Audit richer evidence
* Improved: Check collectors are multisite-aware and no longer pre-cap administrator enumeration
* Improved: TTFB performance endpoint now respects an optional `?url` query parameter for single-page audits
* Fixed: Namespaced collector edge cases surfaced during PR #37 review

= 0.1.0 – 2026-05-02 =
* New: Plugin-side guided fix endpoints covering all 10 guided action keys
* New: Batch data collectors for the backend check registry
* New: Active plugin summaries exposed in baseline
* Improved: Local Audit and AI Audit admin screens redesigned
* Improved: HS256 JWT replaces HMAC on backend-authenticated endpoints (WAF-friendly)
* Improved: Audit request/response logging for easier diagnostics
* Fixed: WP_Site_Health class lookup in namespaced collector
* Fixed: Local Audit status pills now reflect actual state
* Fixed: Performance-budget target labels and hardened HTTPS check
* Fixed: Relative asset URL resolution and lazy-load behavior via MU plugin

= 0.0.9 – 2026-04-23 =
* New: AI Audit workflow inside BoltAudit
* New: Bottleneck-focused report model with evidence-backed findings
* New: Connection and Deep Scan controls for AI Audit setup
* New: Confidence-aware reporting and continuation workflow

= 0.0.8 – 2025-09-05 =
* Introduced Database Details page
* Introduced WooCommerce Details page
* Fixed uncaught error

= 0.0.7 – 2025-08-08 =
* Introduced Post Details page with orphaned metadata and orphaned post record reports
* Fixed environment "get user ID" issue to ensure accurate username

= 0.0.6 – 2025-07-30 =
* Introduced WooCommerce Performance Insights section
* Added "Settings" link in the plugin page area for quicker navigation
* Fixed plugin fetch error

= 0.0.5 – 2025-07-25 =
* Added asset impact metrics: script/style file size and load duration
* Enhanced SinglePluginRepository caching for faster repeated audits
* UI improvements for metrics breakdown
* Bug fixes and performance optimizations

= 0.0.4 – 2025-07-16 =
* Added Site Details section
* Fixed Plugin Audit for too many plugins
* Improved table UI

= 0.0.3 – 2025-07-13 =
* Added full Plugin Audit section to detect inactive, outdated, or abandoned plugins
* Warnings for unused or risky plugins
* Improved environment and database reporting
* UI refinements and performance improvements

= 0.0.2 – 2025-07-05 =
* Introduced Database Overview: table sizes, row counts, autoloaded options, transients, and bloat detection
* Improved post type detection and metadata analysis
* Minor UI tweaks and wording fixes

= 0.0.1 – 2025-07-03 =
* Initial beta release: post-type analyzer and environment report

== Upgrade Notice ==

= 0.2.0 =
Adds a public capability manifest, a redesigned Local Audit summary, and broader backend evidence coverage for AI Audit.

= 0.1.0 =
Adds guided fix endpoints, redesigned Local Audit and AI Audit screens, and a more WAF-friendly JWT-based authentication scheme.

= 0.0.9 =
Introduces the new AI Audit workflow with root-cause analysis and action-focused reporting.
