=== Contentosapp Studio - AI Content Writer & SEO (BYOK) ===
Contributors: contentosapp
Tags: ai content, ai writer, seo, content generator, ai
Requires at least: 6.0
Requires PHP: 7.4
Tested up to: 7.0
Stable tag: 1.2.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A 7-agent AI pipeline that researches, writes, illustrates & publishes rank-ready articles in WordPress. Bring your own key — free, unlimited.

== Description ==

Most AI plugins generate slop. Contentosapp Studio generates article drafts that are built to rank.

Paste a topic. A team of seven specialized AI agents researches it, writes it in your brand voice, checks the sources, prepares the images, and drops a finished draft straight into your WordPress editor for you to review and publish. No copy-pasting from ChatGPT. No generic "average of the internet" output. No hallucinated links.

It runs inside your WordPress dashboard, and it is free and unlimited with your own AI key.

### Your 7-agent content team, inside WordPress

Instead of one prompt and one generic draft, each article passes through seven specialists:

1. Discoverer - finds the real search intent and the angle competitors miss.
2. Strategist - turns that into a brief: SEO structure, keyword map, and the gaps to fill.
3. Researcher - grounds the article in real facts, statistics, and source material.
4. Writer - drafts the article in your configured language and brand voice.
5. Editorial Reviewer - checks quality, structure, and factual consistency, and flags anything to verify.
6. Visual Designer - prepares image prompts, visual structure, and Schema.org markup.
7. Social Media - turns the finished article into social media copy for distribution.

### Bring your own AI key - free and unlimited

Connect your own Google Gemini, OpenAI, or Anthropic Claude key and send requests directly from your site to that provider. There is no plugin markup, no per-article cap, and no local production limit - any limits come from your own provider account, pricing, quota, and terms. Bring Your Own Key mode works without a license.

### No AI slop: real research, real links

Claims are grounded in sources the Researcher actually found, not invented. When you add your own reference links, the plugin reads their real content and uses it as grounding material. Internal links point to real URLs, and articles arrive as drafts for human review - the opposite of the thin, mass-produced auto-blogging pattern search engines demote.

### Sounds like you, not like a robot

Save reusable Brand Voice settings once - tone, vocabulary, author persona, and examples, plus per-agent customization - and they are applied across the workflow automatically. "On-brand" becomes a setting, not a per-article rewrite. These settings are stored in WordPress and applied to the local workflow.

### Publishes safely into WordPress

Articles are stored as production history and published to connected WordPress sites over the WordPress REST API using Application Passwords. You choose the destination site and whether each article is sent as a draft or a published post, so you always keep the final review gate.

### Article types

* Pillar articles - long-form reference articles.
* Satellite articles - focused articles for supporting topics.
* Comparison articles - versus-format articles with optional affiliate link support.
* News articles - articles synthesized from source material.
* Content updates - rewrites or updates of existing posts.

### Don't want to manage API keys? Turn on ContentOS Auto

Prefer zero setup? ContentOS Auto is an optional managed service at contentosapp.com that runs the workflow for you - hosted AI processing, managed prompts, managed search/image services, quota tracking, license activation, and account features. The Free plan needs no license or credit card: it includes unlimited Bring Your Own Key usage plus 3 one-time ContentOS Auto trial productions. Limits for ContentOS Auto are enforced by the hosted service.

### Languages

Fully available in English (en_US), Español (es_ES), and Português do Brasil (pt_BR). The selected language is applied to the agent workflow and the generated draft.

### We use it on our own blog

Every article on contentosapp.com is produced with Contentosapp Studio and edited by a human. The blog is the proof of concept, built in the open.

---

### External Services - Required Disclosure

Contentosapp Studio connects to external services only for the features and providers you configure. The data sent depends on the selected mode, provider, and action.

**Contentosapp Studio / ContentOS API (`api.contentosapp.com`)**

Used for optional ContentOS Auto managed generation, managed agent prompts, license activation, quota checks, managed image generation, managed search grounding, hosted job status polling, add-on credit actions, account portal links, and telemetry if you explicitly allow telemetry in the plugin. Depending on the action, requests may include your site URL, plugin version, license/account data, selected settings, usage counters, article briefs, keywords, source URLs, agent prompts, generated output, image prompts, error categories, and technical diagnostic data. Telemetry is not sent until you accept or decline it in the admin UI.

Terms: https://contentosapp.com/terms
Privacy: https://contentosapp.com/privacy

**Google Gemini / Google AI Studio (`generativelanguage.googleapis.com`, `aistudio.google.com`, `vertexaisearch.cloud.google.com`)**

Used when you configure Gemini as an AI provider, test a Gemini API key, discover Gemini models, or use Gemini features supported by your account. Requests may include your API key, selected model, article brief, keywords, prompts, source material, generated context, and image/search prompts when those features are enabled.

When Gemini web search grounding is used, the citation links Gemini returns are `vertexaisearch.cloud.google.com/grounding-api-redirect/...` redirect URLs. To show the real source of each citation, the plugin sends a lightweight `HEAD` request to that host to follow the redirect to its final destination URL. Only the redirect URL itself is requested (no API key, article content, prompts, or credentials are sent), and the resolved result is cached. This happens whenever a grounded citation needs to be resolved.

Terms: https://developers.google.com/terms
Privacy: https://policies.google.com/privacy

**OpenAI (`api.openai.com`)**

Used when you configure OpenAI as an AI provider, test an OpenAI API key, discover OpenAI models, or use OpenAI image features supported by your account. Requests may include your API key, selected model, article brief, keywords, prompts, source material, generated context, and image prompts.

Terms: https://openai.com/policies/terms-of-use/
Privacy: https://openai.com/policies/privacy-policy/

**Anthropic Claude (`api.anthropic.com`)**

Used when you configure Anthropic Claude as an AI provider, test an Anthropic API key, or discover Anthropic models. Requests may include your API key, selected model, article brief, keywords, prompts, source material, and generated context.

Terms: https://www.anthropic.com/legal/commercial-terms
Privacy: https://www.anthropic.com/legal/privacy

**Serper.dev (`google.serper.dev`)**

Used only when you configure Serper.dev as the web search provider and a production step uses web search. Requests include your Serper.dev API key and the search query generated by the agent. Article content, WordPress credentials, and provider API keys for other services are not sent to Serper.dev.

Terms: https://serper.dev/terms
Privacy: https://serper.dev/privacy

**Tavily (`api.tavily.com`)**

Used only when you configure Tavily as the web search provider and a production step uses web search. Requests include your Tavily API key and the search query generated by the agent. Article content, WordPress credentials, and provider API keys for other services are not sent to Tavily.

Terms: https://tavily.com/terms
Privacy: https://tavily.com/privacy

**Exa.ai (`api.exa.ai`)**

Used only when you configure Exa.ai as the web search provider and a production step uses web search. Requests include your Exa.ai API key and the search query generated by the agent. Article content, WordPress credentials, and provider API keys for other services are not sent to Exa.ai.

Terms: https://exa.ai/terms
Privacy: https://exa.ai/privacy-policy

**User-provided reference URLs**

When you add external reference links to a production, Contentosapp Studio fetches those URLs directly from your WordPress server (using the WordPress HTTP API) to read their main text and use it as grounding material for the article. Only the URLs you explicitly provide are requested; no API keys, credentials, article content, or prompts are sent to those sites — it is a plain page read, like a browser visiting the link. Requests are restricted to public http/https addresses (private/loopback hosts are blocked), size-capped, and cached. This happens on every plan and in Bring Your Own Key mode, because reading your own reference links is a local feature.

**Connected WordPress sites**

When you connect a destination WordPress site with an Application Password, Contentosapp Studio communicates with that WordPress site over the WordPress REST API in both directions. The site is a destination you choose and control; there is no fixed third-party domain — it is whatever WordPress address you enter.

- Writing (publishing/updating): when you publish or update an article, the plugin sends the generated content and publishing metadata (title, body, status, categories, featured image) to the selected site.
- Reading (update-existing-post mode): when you choose to update a post that already exists on a connected site, the plugin first fetches that post from the site (a `GET` to `/wp-json/wp/v2/posts/{id}` or `/pages/{id}` requesting only `id, title, content, link, date, modified`) so the editor agent can revise the current content. This read happens only when you select an existing post to update.

Both directions authenticate with the Application Password you saved for that site, and only public http/https hosts are allowed (loopback/private addresses are blocked). No provider API keys or other sites' credentials are sent to the connected site.

Generated content and production history are stored in your WordPress database. In Bring Your Own Key mode, content is sent directly to the AI provider you configure. In ContentOS Auto mode, relevant content is processed by the ContentOS API for the hosted service you requested.

---

[Website](https://contentosapp.com/) | [Support](mailto:contact@contentosapp.com) | [Pricing](https://contentosapp.com/#pricing)

== Installation ==

1. Upload the `contentosapp-studio` folder to `/wp-content/plugins/`, or install directly from the WordPress plugin directory.
2. Activate the plugin through the Plugins menu in WordPress.
3. Go to Contentosapp Studio > Settings and add your AI provider API key, or select ContentOS Auto if you use the optional managed service.
4. Go to Contentosapp Studio > Settings > Sites and connect your WordPress destination site using Application Passwords.
5. Start a production at Contentosapp Studio > New Production.

== Frequently Asked Questions ==

= Is this plugin free to use? =
Yes. Contentosapp Studio can run in Bring Your Own Key mode without a Contentosapp Studio license. AI provider costs, quota, and availability are controlled by the provider account you configure. ContentOS Auto is an optional managed service with service-side quota and account features.

= Will AI content from this plugin get my site penalized by Google? =
Google's systems target low-quality, mass-produced content, not AI authorship. Contentosapp Studio is built to avoid that pattern: real research and sourcing, internal links to real URLs, brand voice, and a human review gate (articles arrive as drafts, not auto-published). You decide what goes live.

= Does Starter require a license? =
Yes. Starter is a paid ContentOS Auto service plan. The Free plan does not require a license or credit card: it includes unlimited Bring Your Own Key usage plus 3 one-time ContentOS Auto trial productions.

= Does the plugin limit Bring Your Own Key productions? =
No. Bring Your Own Key productions are not limited by local license checks in the plugin. Any limits come from the external AI provider account you configure.

= Does it support providers beyond Google Gemini? =
Yes. Contentosapp Studio supports Google Gemini, OpenAI, and Anthropic Claude with user-provided keys where those providers and models are available for your account.

= Can I generate content in languages other than English? =
Yes. Contentosapp Studio supports English (en_US), Brazilian Portuguese (pt_BR), and Spanish (es_ES).

= Is my content sent to third-party services? =
Yes, when you use a feature that requires an external service. AI generation sends prompts, article briefs, keywords, and related context to the AI provider or managed service you choose. Publishing to connected WordPress sites sends generated content to the destination site you configure. See the External Services section for details and policy links.

= Are my API keys safe? =
Yes. The API keys you enter are stored encrypted at rest in your WordPress database and are never exposed in HTML, logs, URLs, or JSON responses.

= What is ContentOS Auto? =
ContentOS Auto is an optional managed service for Contentosapp Studio accounts. It can provide hosted AI processing, managed prompts, managed search/image services, quota tracking, license activation, add-on credits, and account portal actions. Service quotas and entitlements are enforced by contentosapp.com.

= Does upgrading to the full ContentOS platform preserve my data? =
Contentosapp Studio stores production history, settings, and connected sites in WordPress. If you use the ContentOS ecosystem, migration or integration behavior depends on the active ContentOS components and their import tools.

== Screenshots ==

1. Seven specialized AI agents research, write, fact-check, illustrate, and review each article - end to end, inside WordPress.
2. Start an article in seconds: enter your keyword, angle, and reader profile - the pipeline does the rest.
3. Rank-ready drafts land in your WordPress editor, fully formatted and with real internal links. You review and publish.
4. Save a reusable Brand Voice profile - preferred terms, banned cliches, tone - so every article sounds like you, not generic AI.
5. Bring your own OpenAI, Gemini, or Anthropic key - unlimited generation at the provider's real cost, keys stored encrypted.
6. No AI slop: the Researcher grounds every claim in a real, cited source - validated data you can verify before publishing.

== Changelog ==

= 1.2.6 =
* Removes the unimplemented Stability AI image provider (settings option, key-test, and its external-services disclosure).
* Corrects invalid links: fixes the Gemini API Terms URL, points pricing links to the homepage pricing section, and replaces the support link with a contact email.
* Removes the inaccurate Cloudflare DNS external-services disclosure.

= 1.2.5 =
* Escapes every echoed variable late with the context-appropriate function and removes the EscapeOutput suppressions (table rows now echo each value inline; JSON-LD is printed via wp_print_inline_script_tag()).
* Sanitizes AJAX input with WordPress-recognized functions at the point of read (brand-voice JSON via sanitize_textarea_field; array fields via map_deep), per WordPress.org review.

= 1.2.4 =
* Final WordPress.org review hardening: removes the last Plugin Check warning and keeps detail-page query handling inside an authorized admin callback.
* Fixes WP_DEBUG runtime notices found during smoke testing in image publishing and external search setup.

= 1.2.3 =
* Consolidates all admin AJAX input handling through a single nonce-checked reader, so every request field is verified and sanitized in one place (per WordPress.org plugin review).
* Renames the bundled Markdown engine to a plugin-specific namespaced class so it can never conflict with another plugin's copy.
* Documents the Google Vertex grounding-redirect host and the read direction of connected WordPress sites in the External Services disclosure.

= 1.2.2 =
* Strengthens input sanitization and validation across admin AJAX handlers (per WordPress.org plugin review).
* Updates outdated third-party Terms/Privacy links (Serper.dev, Exa.ai) in the external-services disclosure.

= 1.2.1 =
* Sends terminal telemetry immediately when productions fail or require managed-service action.

= 1.2.0 =
* Improves the TL;DR/summary box so emphasis (bold) always renders correctly instead of showing raw asterisks.
* Shows a clearer, actionable message when the optional ContentOS Auto monthly quota is reached.
* Surfaces the exact server message on license management errors instead of a generic "Error".

= 1.1.11 =
* Fixes Plugin Checker findings for WordPress.org review, including i18n comments and JSON-LD output handling.

= 1.1.10 =
* Restores editable JSON-LD Schema blocks in Gutenberg while keeping the meta fallback to avoid duplicate front-end output.

= 1.1.6 =
* Aligns Free/Starter plan wording, removes legacy Starter-free copy, and updates public pricing copy.

= 1.1.4 =
* Forces a fresh ContentOS Auto capability sync on AI settings and accepts the API image limit fallback field.

= 1.1.3 =
* Updated release metadata for the ContentOS Auto quota and image capability sync.

= 1.1.2 =
* Synced the ContentOS Auto image-per-article limit with the server-provided plan capability.

= 1.1.1 =
* Synced ContentOS Auto monthly quota display with the server-provided plan limit.

= 1.1.0 =
* External reference links you add to a production are now read for their actual content: the plugin fetches each URL, extracts its main text, and uses it to ground the article (facts and data come from the source, not just a citation).
* Your own reference links are always honored, including when web search is off — enabling a "use only the sources I provide" curated mode with no fabricated external references.
* Unified the citation numbering so references resolve to the correct source whether they come from web search or your own links.

= 1.0.5 =
* Hardened quota accounting, Stripe webhook idempotency, provider secret handling, async job polling, Customer Portal identity resolution, remote publishing recovery, and uninstall cleanup.
* Improved WordPress.org review readiness with clearer external service disclosure and package metadata alignment.

= 1.0.0 =
* Initial release. Turns a keyword into a complete SEO article draft through a workflow of 7 specialized agents. Bring-Your-Own-Key support for Google Gemini, OpenAI, and Anthropic Claude; optional ContentOS Auto managed service; direct publishing to connected WordPress sites; and an English, Brazilian Portuguese, and Spanish interface.
