=== Conflict Guard ===
Contributors: mwangip
Tags: conflict, troubleshooting, debug, rollback, woocommerce
Requires at least: 6.0
Tested up to: 7.0
Stable tag: 1.0.9
Requires PHP: 8.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Detect, isolate, and fix WordPress plugin conflicts. Safe Test Mode, Smart Isolation, One-Click Rollback, and Real-Time Error Monitoring.

== Description ==

**Conflict Guard** is the ultimate free WordPress plugin troubleshooting tool. Stop manually disabling plugins one-by-one. Our intelligent conflict detection engine finds the problem automatically.

**"Find plugin conflicts before your users do."**

= Core Features =

**🔍 Automatic Plugin Conflict Detection**
Scan all active plugins, detect compatibility issues, monitor PHP fatal errors, JavaScript conflicts, AJAX failures, and REST API errors. Every plugin receives a Stability Score.

**🧪 Safe Test Mode**
Session-based sandbox lets you disable plugins only for your admin session. Visitors continue seeing the live site normally — zero downtime, zero risk.

**🔬 Smart Conflict Isolation Engine**
Binary search algorithm intelligently narrows down which plugin is causing your issue. Disable plugins one-by-one inside Safe Mode until errors disappear.

**⏪ One-Click Rollback**
Download and restore previous plugin versions from WordPress.org. Automatic restore points are created before every plugin update.

**📊 Real-Time Error Monitor**
Live dashboard showing PHP errors, fatal crashes, JavaScript conflicts, AJAX failures, REST API issues, and memory usage.

**🛒 WooCommerce Compatibility Scanner**
Dedicated WooCommerce diagnostics: checkout issue detection, payment gateway conflict analysis, and WooCommerce-safe plugin badges.

**🚨 Emergency Recovery Mode**
If WordPress crashes, use your personal Recovery URL to access a lightweight emergency interface — even when WP Admin is inaccessible.

**📅 Conflict Timeline**
Visual event timeline tracing every plugin activation, deactivation, update, crash, rollback, and conflict detection.

**⚡ Plugin Health Scoring**
Each plugin receives Stability, Security, Update Activity, and Performance impact scores.

= Why Conflict Guard? =

- 100% FREE — no locked features, no aggressive upsells
- Lightweight — uses async background scans, transient caching
- Beginner-friendly — clear, modern SaaS-style dashboard
- Developer-grade — binary isolation, detailed error reporting
- Non-invasive — Safe Mode only affects your admin session
- Secure — nonce verification, capability checks, prepared SQL

= Compatibility =

* WordPress 6.0+
* PHP 8.0+
* WooCommerce (full integration)
* Elementor
* Gutenberg
* WordPress Multisite
* Shared & cloud hosting environments

= How It Works =

1. Install and activate Conflict Guard
2. Go to **Conflict Guard** in your WP Admin menu
3. Click **Run Scan** to analyze all your plugins
4. Review stability scores and conflict risks
5. Use **Safe Mode** to test without plugins one-by-one
6. Use **Rollback** to revert problematic updates
7. Bookmark your **Emergency Recovery URL** just in case

== Installation ==

1. Upload the `conflict-guard` folder to `/wp-content/plugins/`
2. Activate the plugin through the **Plugins** menu in WordPress
3. Navigate to **Conflict Guard** in your admin menu
4. Run your first scan

== Frequently Asked Questions ==

= Does Safe Mode affect my visitors? =
No. Safe Mode is session-based — only your admin browser session sees plugin changes. All visitors continue seeing the normal live site.

= Can I rollback a plugin that's not on WordPress.org? =
Currently, automatic version downloads work for WordPress.org-hosted plugins. For premium/third-party plugins, restore points are created automatically before updates.

= Is this plugin really free? =
Yes, 100% free forever. There are no locked features, no premium version, and no mandatory upgrades.

= What happens when I uninstall? =
All plugin data (database tables, options, transients, scheduled events) is completely removed on uninstall.

= Does it work with WooCommerce? =
Yes! There's a dedicated WooCommerce scanner that checks checkout health, payment gateways, and detects common WooCommerce plugin conflicts.

= I'm testing locally on XAMPP/WAMP/MAMP and got a "not valid JSON" error =
This was caused by a bug fixed in version 1.0.8 — local dev stacks often have display_errors enabled by default, which could leak PHP warnings into the JSON response. Update to the latest version. If you still see this after updating, check your PHP error log (in XAMPP, usually `xampp/php/logs/php_error_log`) for the underlying warning, as something else on the site may also be producing stray output.

= How do I support the plugin? =
The plugin is free forever. If it helped you, you can donate via PayPal from the Settings tab inside the plugin dashboard. Even a small amount helps keep it maintained!

= Who can use the Rollback and Emergency Recovery features on a multisite network? =
On a multisite network, rollback and recovery actions are restricted to network administrators (users with the `manage_network_options` capability), since these actions affect plugin files shared across the entire network. On a single-site install, any user with `manage_options` (typically the site admin) can use them.

== Screenshots ==

1. Main dashboard with site health score and plugin stability table.
2. Safe Test Mode — enable session-based sandbox to test without plugins.
3. Real-time error monitoring dashboard showing PHP, AJAX, and REST errors.
4. Conflict timeline — visual history of every plugin event and crash.
5. One-click rollback — select a plugin and restore a previous version.
6. Emergency recovery mode — accessible even when WP Admin is broken.
7. Diagnostics panel — system info, connectivity tests, and report export.
8. Settings page with donation support section.

== External Services ==

This plugin connects to the following external services:

= WordPress.org Plugin API =
**What it is:** The official WordPress.org plugin information API.
**What it is used for:** Fetching available previous versions of a plugin when you request a rollback. This only happens when you click "Load Versions" on the Rollback tab.
**What data is sent:** The slug (folder name) of the plugin you want to roll back. No personal data, no site data.
**When data is sent:** Only on demand, when you request version history for a specific plugin.
**Endpoint:** `https://api.wordpress.org/plugins/info/1.0/{plugin-slug}.json`
**Service provider:** Automattic / WordPress.org
**Terms of Service:** https://wordpress.org/about/privacy/
**Privacy Policy:** https://automattic.com/privacy/

= WordPress.org Plugin Downloads =
**What it is:** The official WordPress.org plugin download server.
**What it is used for:** Downloading the actual plugin ZIP file for the version you select during a rollback.
**What data is sent:** Plugin slug and version number only. No personal data.
**When data is sent:** Only when you click "Perform Rollback" for a specific plugin and version.
**Endpoint:** `https://downloads.wordpress.org/plugin/{slug}.{version}.zip`
**Service provider:** Automattic / WordPress.org
**Terms of Service:** https://wordpress.org/about/privacy/
**Privacy Policy:** https://automattic.com/privacy/

= PayPal =
**What it is:** PayPal's payment platform.
**What it is used for:** Optional, voluntary donations to support plugin development. This is completely optional.
**What data is sent:** No data is sent automatically. If you click the donate button, you are redirected to PayPal's website where PayPal's own terms apply.
**When data is sent:** Only if you voluntarily click the donate button.
**Service provider:** PayPal, Inc.
**Terms of Service:** https://www.paypal.com/us/legalhub/useragreement-full
**Privacy Policy:** https://www.paypal.com/us/legalhub/privacy-full

== Changelog ==

= 1.0.9 =
* Fixed: Stability scoring summed a penalty for every single logged error row with no time limit, so a plugin that had several errors at any point in its history (even years ago, even already fixed) could be permanently stuck at a low score or 0% stability. The scanner now only considers errors from the last 7 days when calculating scores.
* Fixed: A single root-cause bug that logged the same error repeatedly (e.g. once per page load before it was fixed) was counted as one penalty per occurrence, making one bug look like dozens of "issues." Errors are now deduplicated by type+message before scoring, and the maximum penalty per error type is capped so the score degrades proportionately instead of being able to floor to 0% from one repeated issue.
* Improved: The Diagnostics tab now shows a clear error banner if its data fails to load, instead of silently displaying "undefined" for every field.

= 1.0.8 =
* CRITICAL FIX: "The response is not a valid JSON response" error when running a scan or using any other dashboard action — common on local dev stacks like XAMPP, MAMP, and Local, which often have display_errors enabled by default. The plugin's error monitor registers a global PHP error handler; if any notice/warning/deprecation (from WordPress core, this plugin, or another plugin) occurred during a REST/AJAX request, PHP would echo it directly into the response body, corrupting the JSON before it reached the browser. The error monitor now temporarily disables on-screen error display only for the duration of REST/AJAX requests (errors are still written to the normal PHP error log as usual), restoring the original setting once the request finishes.

= 1.0.7 =
* Fixed: Scanner could cache an empty result set for a full hour if the active-plugins list was momentarily empty for any reason, causing the dashboard to show "0 active plugins" / 0% health even with plugins clearly active — empty results are no longer cached
* Fixed: Helpers::get_active_plugins() was unintentionally affected by Safe Mode's session filter, so the scanner, diagnostics, and Emergency Recovery plugin list could all show a reduced or empty list while Safe Mode was active (or stuck active) — these now always read the true, unfiltered active-plugins list
* Fixed: Safe Mode's active_plugins filter was registered as an anonymous closure, which cannot be reliably removed/bypassed by other code — replaced with a named, removable method
* Improved: The dashboard now surfaces real error messages when a scan fails to load, instead of silently failing with no feedback — check the browser console or the new on-screen error banner if a scan doesn't return data

= 1.0.6 =
* CRITICAL FIX: modules/diagnostics/class-woocommerce-diagnostics.php was declared under the wrong namespace ("CONFGU" instead of "ConflictGuard"), left over from an earlier rename. This caused a fatal "Class not found" error — and a white screen — on every page load whenever WooCommerce was active, since the plugin tried to instantiate a class that, due to the namespace mismatch, did not exist where it was expected.

= 1.0.5 =
* Fixed: DROP TABLE in uninstall.php used an interpolated variable directly in the query string — now uses the %i identifier placeholder (WP 6.2+) with a safe allow-list fallback for older WordPress versions
* Fixed: DELETE FROM query in uninstall.php now uses $wpdb->prepare() with %s/%i placeholders instead of interpolating $wpdb->options directly into the SQL string
* Fixed: Documented why uninstall.php's one-time cleanup queries don't use object-cache functions (wp_cache_get/wp_cache_set) — they run once during uninstall, not on a normal read path, so there's no cacheable result to store
* Fixed: Shortened the 1.0.4 upgrade notice to fit within the 300-character WordPress.org limit

= 1.0.4 =
* Fixed: Emergency Recovery module was never booted (Recovery::instance() was missing from the plugin's init sequence), so the recovery key was never generated and the recovery page never worked
* Fixed: Database table creation used "CREATE TABLE IF NOT EXISTS", which dbDelta() cannot parse correctly (it misreads the table name as the literal word "IF"); also combined three CREATE TABLE statements into a single dbDelta() call, which is unreliable — each table now uses its own statement and call, with the required two-space "PRIMARY  KEY" formatting
* Fixed: Uninstall routine's DROP TABLE used $wpdb->prepare() with a %s placeholder wrapped in backticks, which produced invalid SQL (quotes inside backticks) — table names are plugin-controlled constants, not user input, so they're now sanitized directly
* Fixed: Removed the incorrect "Network: true" plugin header, which forced network-only activation on multisite and hid the plugin from per-site activation — this contradicted the plugin's own per-site, per-user design
* Fixed: Replaced deprecated wp.element.render() (deprecated since WP 6.2) with createRoot(), falling back to render() only on WordPress 6.0/6.1 where createRoot() isn't available
* Fixed: Corrected several stale/incorrect strings in the translation template (languages/conflict-guard.pot): wrong "Author" entry, a malformed support-forum URL, and an outdated project version
* Fixed: Removed a stray empty directory accidentally bundled into the plugin ZIP since an early build

= 1.0.3 =
* Fixed: Recovery page now uses wp_enqueue_style() via template_redirect instead of inline <style> tags
* Fixed: Removed unnecessary core file loads (class-wp-upgrader.php, class-wp-ajax-upgrader-skin.php) from download_version() — these are now only loaded where actually used, in perform_rollback()
* Fixed: Added a stricter permission_callback (check_sensitive_permission) for routes that change plugin files or expose the recovery URL — requires manage_network_options on multisite, manage_options on single-site
* Improved: New assets/css/recovery.css file for the emergency recovery page styling

= 1.0.2 =
* Fixed: SchemaChange phpcs warning in uninstall.php with proper documentation
* Fixed: Short description trimmed to under 150 characters
* Fixed: Prefixed all global variables in uninstall.php
* Fixed: set_error_handler phpcs warning with inline justification
* Fixed: PreparedSQL interpolation warning in DROP TABLE statement
* Improved: All PCD prefixes replaced with CONFGU (4+ chars) per WP.org guidelines
* Improved: Removed load_plugin_textdomain() — auto-loaded since WP 4.6
* Improved: External Services section added to readme.txt

= 1.0.0 =
* Initial release
* Automatic plugin conflict detection
* Safe Test Mode with session sandbox
* Smart binary conflict isolation
* One-click rollback system
* Real-time error monitoring
* WooCommerce compatibility scanner
* Emergency recovery mode
* Conflict timeline
* Plugin health scoring system
* Diagnostic report export

== Upgrade Notice ==

= 1.0.9 =
Fixes stability scores getting permanently stuck low/at 0% from old, already-resolved errors. Scores now reflect the last 7 days only, and repeated identical errors count once instead of inflating the issue count.

= 1.0.8 =
Fixes "response is not valid JSON" errors when scanning or using the dashboard, common on local dev environments like XAMPP with display_errors enabled. Update strongly recommended for local/dev installs.

= 1.0.7 =
Fixes the scanner showing 0 active plugins / 0% health due to an hour-long empty-result cache and a Safe Mode filter leak. Update if Run Scan ever showed no data despite having active plugins.

= 1.0.6 =
CRITICAL FIX: resolves a fatal error and white screen that occurred on every page load when WooCommerce was active, caused by a namespace mismatch. Update immediately if you run WooCommerce.

= 1.0.5 =
Code-quality fix: uninstall.php now uses properly prepared/escaped SQL for table and option cleanup instead of interpolated variables. No functional change for end users — safe to update.

= 1.0.4 =
Important bug fix: Emergency Recovery was not activating in prior versions, and database table creation/removal had SQL formatting bugs. Update recommended, especially if you rely on Emergency Recovery.
