=== DBest ChatBot ===
Contributors: ashez4u
Tags: ai, chatbot, ai chatbot, customer support, lead generation
Requires at least: 5.7
Tested up to: 6.8
Requires PHP: 7.4
Stable tag: 3.2.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

AI chatbot for your website. Captures leads, answers visitor questions, and hands off to a human when needed. All configuration on dbestchatbot.com.

== Description ==

DBest ChatBot is the WordPress companion plugin for the DBestChatBot SaaS — an AI-powered chatbot platform that helps small and mid-size businesses convert more website visitors into leads and customers.

This plugin is intentionally lightweight. It does **three** things, well:

1. **Connect** your WordPress site to a DBestChatBot workspace via a single-click OAuth-style flow
2. **Choose** which chatbot to display on which pages of your site via simple display rules (homepage, blog posts, product pages, URL patterns)
3. **Embed** the chatbot widget by emitting a single optimized script tag in the page footer — no theme edits, no shortcodes needed

All the heavy lifting — AI model selection, system prompt configuration, lead-capture forms, integrations (WhatsApp, Telegram, webhooks, email notifications) — is handled in your DBestChatBot dashboard at dbestchatbot.com. Updates to the chatbot's behavior happen on the dashboard and apply instantly across every WordPress site connected to your workspace.

= Why this lightweight design? =

The plugin itself is a small (~30 KB) shim: it stores your workspace credentials and emits one script tag. All the heavy lifting — AI providers, conversation history, forms, emails — runs on the DBestChatBot SaaS and is updated continuously on our side, so the plugin stays tiny and rarely needs updating.

= Features available via the DBestChatBot SaaS =

* AI chatbots powered by GPT, Claude, Gemini, or DeepSeek (your choice per chatbot)
* Train chatbots on your website content automatically — no manual knowledge-base management
* Lead capture with custom pre-chat fields
* Forward conversations to email, WhatsApp, Telegram, or webhooks
* Human takeover — a real team member can jump into a conversation when needed
* Per-page display rules (different chatbot on /pricing vs. /support)
* Conversation transcripts, analytics, lead inbox
* Multi-language support
* Built-in GDPR compliance helpers

= Built-in safeguards =

* **Health Check panel** runs five diagnostics every time you load the plugin settings: connection status, default chatbot validity, frontend visibility (does the widget actually appear for anonymous visitors?), detected cache plugins, detected cookie consent plugins. Each diagnostic shows a plain-English fix when something's wrong.
* **One-click "Purge all caches"** button — automatically detects and clears SiteGround Optimizer, WP Rocket, LiteSpeed Cache, W3 Total Cache, WP Super Cache, Hummingbird, Autoptimize, and Cloudflare.
* **JS-bundler exclusion attributes** — our script tag carries `data-no-optimize`, `data-noptimize`, and `data-cfasync="false"` so cache and optimization plugins leave it alone, preventing the widget from disappearing for anonymous visitors.
* **WordPress-native auto-updates** — when we ship a new plugin version, you see the standard yellow "Update available" notice in wp-admin, exactly like a plugin from the WordPress.org directory.

== Installation ==

1. Upload the plugin files to `/wp-content/plugins/dbestwpchatbot/`, or install via the WordPress Plugins screen
2. Activate the plugin through the **Plugins** menu in WordPress
3. Go to **DBest ChatBot** in the admin sidebar
4. Click **Connect to DBestChatBot** — you'll be sent to dbestchatbot.com to authorize, then bounced back automatically
5. Pick which chatbot to display on which pages in the **Display Rules** section
6. That's it — the chatbot is now live on your site

== External services ==

This plugin connects to the DBestChatBot SaaS at https://dbestchatbot.com to provide its core functionality. By installing the plugin and clicking "Connect to DBestChatBot" you authorize the following external requests. You can disconnect at any time from the plugin settings page, which immediately stops all of these requests.

= dbestchatbot.com — chatbot widget (the visitor-facing chat) =
* When: every page-view on your site after you connect the plugin
* What: the visitor's browser loads `https://dbestchatbot.com/widget.js` and any chat messages the visitor sends go to `https://dbestchatbot.com/api/v1/chats/submit`
* Why: this is how the AI chatbot actually works — the chat happens in the visitor's browser, talking directly to our API
* Data: chatbot configuration (no personal data), then any chat message text + pre-chat-form fields the visitor enters (typically name, email, phone)
* Terms of Service: https://dbestchatbot.com/legal/terms
* Privacy Policy: https://dbestchatbot.com/legal/privacy

= dbestchatbot.com — workspace + chatbot configuration =
* When: when you load the plugin's admin settings page, plus a cached refresh every 6 hours
* What: GET requests to `/api/v1/wp/account` and `/api/v1/wp/chatbots`
* Why: to verify your connection is still valid and to list the chatbots in your workspace for the Display Rules dropdown
* Data sent: your workspace API key (no site visitor data)
* Privacy Policy: https://dbestchatbot.com/legal/privacy

= dbestchatbot.com — daily health-check report (opt-in, OFF by default) =
* Opt-in: This is DISABLED by default. No health report is ever sent unless you explicitly enable it at DBest ChatBot → Settings → tick "Send daily health reports to DBestChatBot support". Untick at any time to stop.
* When: once per day via WordPress's standard cron, only while enabled
* What: POST to `/api/v1/wp/health-report` with the result of the plugin's 5 internal diagnostic checks
* Why: lets our support team see broken installs before customers complain — reduces support resolution time
* Data sent: your workspace API key, your site URL, plugin version, WordPress version, results of the 5 checks (connected: yes/no, chatbot paired: yes/no, widget reaches visitors: yes/no, cache plugins detected: list of names, cookie-consent plugins detected: list of names). No visitor data, no message contents.
* Privacy Policy: https://dbestchatbot.com/legal/privacy

== Frequently Asked Questions ==

= Do I need a DBestChatBot account? =

Yes. The plugin is the bridge between your WordPress site and our SaaS. Free accounts are available at https://dbestchatbot.com/register — no credit card needed, 100 AI credits per month included.

= Where is the chatbot configuration done — in WordPress or on dbestchatbot.com? =

Everything except the WordPress display rules is configured on dbestchatbot.com. This keeps the plugin small, the WordPress admin clutter-free, and means chatbot behavior updates apply instantly without requiring a plugin update.

= My visitors can't see the chatbot — why? =

Open **DBest ChatBot** in your WordPress admin. The **Health Check panel** at the top runs five diagnostics and tells you exactly what to fix. The most common cause is a caching layer (SiteGround Optimizer, WP Rocket, etc.) serving cached HTML from before you connected the plugin. The panel has a one-click **"Purge all caches"** button that fixes this.

= Does this plugin work with caching plugins? =

Yes. Our script tag carries the standard `data-no-optimize`, `data-noptimize`, and `data-cfasync="false"` attributes that tell SiteGround Optimizer, WP Rocket, LiteSpeed Cache, Autoptimize, Cloudflare Rocket Loader, and similar tools to leave it alone.

= Does this plugin work with Shopify / Wix / Squarespace sites? =

No — this is a WordPress plugin. To embed DBestChatBot on a non-WordPress site, copy the embed snippet from your dashboard at dbestchatbot.com and paste it into your site's HTML head.

= Does the plugin store conversation data on my WordPress site? =

No. The widget talks directly to the DBestChatBot SaaS — conversations, leads, and analytics all live there. The plugin itself stores only:
* Your workspace connection credentials (API key, workspace ID)
* Your display rules (which chatbot shows on which pages)

= Can I deactivate the chatbot without uninstalling the plugin? =

Yes. In **Display Rules**, set the default chatbot to "Hide chatbot here" and set every page-type override to the same. The plugin will emit no script tag.

= How do I update the plugin? =

Just like any other plugin — wp-admin shows the standard "Update available" notice in the Plugins screen and Dashboard → Updates. Click Update Now and WordPress handles the rest.

= Is the plugin GPL? =

Yes — GPLv2 or later.

== Screenshots ==

1. The Health Check panel — five diagnostics that catch the most common reasons a chatbot installation looks broken
2. Display Rules — pick a default chatbot, optionally override per page type or URL pattern
3. The chatbot widget as it appears to your visitors

== Changelog ==

= 3.2.0 =
* DBest ChatBot is now on the WordPress.org plugin directory — updates arrive through WordPress like any other directory plugin.
* Fix: The Leads tab now shows leads for the chatbot this site actually displays (from your Display Rules), instead of whichever chatbot the connection happened to bind to. Agencies running multiple chatbots from one account now see the right leads per site.
* No functional change to the chatbot widget.

= 3.1.7 =
* Privacy: The daily health report is now strictly opt-IN and OFF by default. No data leaves your site unless you explicitly tick the box on the Health Check panel. (Previously it was opt-out.) Complies with Plugin Directory Guidelines 7 & 9.
* Description: Removed comparative marketing language from the readme.
* No functional change to the chatbot widget.

= 3.1.6 =
* Compliance: Annotated the Sequential-Order-Numbers fallback lookup in classes/modules/woocommerce.php with a documented phpcs:ignore for WordPress.DB.SlowDBQuery.slow_db_query_meta_query. The flagged WP_Query is intentionally narrow (posts_per_page=1, exact-match on a single indexed meta_key, fields=ids, only runs as a fallback after the primary wc_get_order(id) miss). The ignore comment explains the scope so a future reviewer doesn't have to re-derive it.
* No functional change.

= 3.1.5 =
* Compliance: Resolved every Plugin Check finding from the v3.1.4 automated scan.
  - Lifted "Requires at least" from 5.6 → 5.7 so wp_print_inline_script_tag() is always available. This let us delete the WP-pre-5.7 fallback branches in classes/modules/chatbot.php that emitted raw `<script>` tags via echo (which Plugin Check correctly flagged for EscapeOutput.OutputNotEscaped on \$loader_js and wp_function_not_compatible_with_requires_wp on the function calls above them).
  - Wrapped both error_log() calls in classes/modules/woocommerce.php behind WP_DEBUG + WP_DEBUG_LOG so they no-op on production hosts. Used the documented phpcs:ignore form on the guarded lines.
  - Trimmed the 3.0.16 upgrade notice in readme.txt under the 300-character cap.
* No functional changes for existing installs running WP 5.7+. Installs still on WP 5.6 (the only WP release affected) will need to upgrade WordPress core; 5.6 left active support in mid-2021.

= 3.1.4 =
* Compliance: Replaced the heredoc string used to build the inline loader JS in classes/modules/chatbot.php with single-quoted string concatenation. WordPress.org's automated Plugin Check scanner enforces PluginCheck.CodeAnalysis.Heredoc.NotAllowed as a hard error during the upload gate, even though heredocs are perfectly legal PHP. The loader's behavior is byte-identical to v3.1.3 — same DOM-injected `<script>` tag, same opt-out attributes, same window.DBESTCHATBOT_CONFIG hand-off. No functional change.

= 3.1.3 =
* Compliance: Removed the two remaining inline `<script>` blocks from the admin settings page. The Display Rules "Add URL rule" button and the Health Check panel (re-run, purge caches, phone-home toggle) are now powered by two enqueued JS files (assets/js/admin-rules.js and assets/js/admin-health.js). Dynamic per-request values (chatbot dropdown options, AJAX nonce, admin-ajax URL) are passed via `wp_add_inline_script()` — the WordPress-blessed path for handing PHP-computed data to enqueued scripts. Both files only enqueue on the plugin's own settings screen so we don't add weight to every wp-admin pageload. Closes the WordPress.org plugin-review "use wp_enqueue commands" item.
* No functional changes — same admin UX, just delivered through the proper script pipeline.

= 3.0.19 =
* Compliance: Added the submitting WordPress.org account (ashez4u) to the Contributors list so it matches across the readme, plugin author, and the submitting account. Closes the WordPress.org plugin-review OWN ownership check.
* Docs: The Plugin URI (https://dbestchatbot.com/wordpress) is now a real landing page explaining what the plugin does, how to install it, and which architectural choices we deliberately made differently from the other AI chatbot plugins. Previously the URI returned 404, which the WordPress.org review process treats as an ownership red flag.
* No functional changes. Existing installations have nothing to do — this is purely a metadata + documentation release.

= 3.0.18 =
* Fix: Plan badge in the WP admin (e.g. "FREE PLAN" / "PRO" / "AGENCY") now reflects the workspace's CURRENT plan on the SaaS side. Previously the plan was snapshotted at the moment you connected and never updated — so customers who upgraded on dbestchatbot.com still saw the old badge for up to 6 hours (and sometimes indefinitely). The plugin now self-heals the stored plan + workspace name on every account-snapshot fetch, and the ↻ Refresh button additionally force-refreshes both the chatbot list AND the account snapshot.

= 3.0.17 =
* Fix: Health Check's "Widget reaches anonymous visitors" diagnostic now recognizes the v3.0.16 inline-loader architecture. Previously it kept looking for the old static `<script src=dbestchatbot.com/widget.js>` tag, which the new architecture deliberately doesn't emit (the script is loaded at runtime instead). Result was a false-negative ✗ when the widget was actually working correctly. The check now accepts either embed style and additionally validates the inline JSON config blob.

= 3.0.16 =
* Architecture: Switched to an inline-loader bootstrap pattern (same approach Intercom, Drift, Crisp, HubSpot use). The plugin no longer relies on wp_enqueue_script for the widget — instead it outputs a small inline config block + a tiny inline loader script that creates the widget.js script tag dynamically at runtime. Why: WP Rocket "Delay JavaScript Execution", SG Optimizer "Combine JS", Cloudflare Rocket Loader, Autoptimize, and similar optimizers scan the static HTML for `<script src=>` tags to defer/combine/lazy. A script element created at runtime via document.createElement('script') isn't in the static HTML, so static-analysis optimizers can't see it. Net effect: the chatbot now survives aggressive optimization plugins that previously made it invisible to anonymous visitors.
* The widget.js itself supports both the new window.DBESTCHATBOT_CONFIG path AND the legacy data-attribute path, so any existing manual embeds on non-WordPress sites keep working.

= 3.0.15 =
* Critical fix: Widget was registered too late to actually render. v3.0.13 introduced wp_enqueue_script() but kept the hook on `wp_footer` at priority 100, which fires AFTER WordPress has already printed its scripts. Moved the registration to `wp_enqueue_scripts` (the correct hook) so the script reaches both admin and anonymous visitors. If you upgraded to v3.0.13 or v3.0.14 and your chatbot disappeared from your site, this release fixes it.

= 3.0.14 =
* Compliance: Shortcode path now also routes through wp_enqueue_script (same as the auto-footer path). The orphan build_script_tag method that emitted a raw <script> tag has been removed entirely. Plugin Check's "scripts must be enqueued" rule now passes with zero special-case ignores.
* Compliance: Added the missing nonce-justification phpcs:ignore on the read of $_GET['dbestwp_msg'] in the settings-page render (read-only flash-message router, no state mutation).

= 3.0.13 =
* Compliance: Widget script now registered via the standard wp_enqueue_script() pipeline (with a script_loader_tag filter for the required data-* attributes) instead of a direct <script> echo — required by the WordPress Plugin Check tool.
* Compliance: Replaced parse_url() with wp_parse_url(), date() with gmdate(), and mt_rand() with wp_rand() — best-practice equivalents that handle PHP-version edge cases and timezones correctly.
* Compliance: Switched wp_redirect() to wp_safe_redirect() for the OAuth-style connect flow (the SaaS host is added to allowed_redirect_hosts inline so the redirect still works).
* Compliance: $_SERVER['REQUEST_URI'] is now properly unslashed before sanitization.
* Compliance: phpcs:ignore comments added in the few legitimate cases where the WPCS rule produces false positives (raw CSV output, cross-plugin do_action calls into third-party hooks, etc.) with explanatory comments per WPCS convention.

= 3.0.12 =
* Compliance: Added an explicit opt-out toggle for the daily health-check report. Pre-checked behavior is unchanged (report is sent), but admins can disable it from the Health Check panel.
* Compliance: Added a full "External services" section documenting every external request the plugin makes.
* Compliance: Replaced raw error_log() calls with WP_DEBUG_LOG-guarded logging so production sites don't get cluttered with our diagnostic breadcrumbs.

= 3.0.11 =
* Compliance: Removed self-hosted updater. Updates now flow through the standard WordPress.org channel.
* Compliance: Text Domain renamed from "dbestwpchatbot" to "dbest-chatbot" to match the WordPress.org slug.
* Compliance: Dropped the unused Domain Path header (no translation files shipped yet).
* Compliance: Bumped "Tested up to" to WordPress 7.0.

= 3.0.10 =
* Fix: Plugin URI and Author URI now point to distinct pages (Plugin Check compliance)
* New: Added "Requires at least" and "Requires PHP" headers so WordPress warns customers before installing on incompatible environments

= 3.0.9 =
* Internal release.

= 3.0.8 =
* New: Health Check panel on the settings page — five automated tests that catch the most common reasons a chatbot install looks broken (caching, JS bundling, cookie consent, missing chatbot pairings)
* New: "Purge all caches" button — fires SiteGround Optimizer, WP Rocket, LiteSpeed Cache, W3 Total Cache, WP Super Cache, etc. in a single click
* New: Daily phone-home — the plugin reports its health status to dbestchatbot.com once a day so support can see broken installs without waiting for you to notice

= 3.0.7 =
* Fix: Added `data-no-optimize`, `data-noptimize`, and `data-cfasync="false"` attributes to the embedded script tag so JS-bundling plugins (SiteGround Optimizer, Autoptimize, Cloudflare Rocket Loader) stop stripping our script for anonymous visitors

= 3.0.6 =
* Fix: "Override by content type" dropdowns set to "Use default" no longer accidentally hide the chatbot

= 3.0.5 =
* Internal release

== Upgrade Notice ==

= 3.1.5 =
WordPress.org compliance pass — no functional changes. Minimum WordPress is now 5.7 (released March 2021); if you're still on 5.6, upgrade core before installing.

= 3.0.19 =
Metadata + docs update only. No functional changes — nothing to do on existing installs.

= 3.0.18 =
Bug fix — the FREE/PRO/AGENCY badge in WP admin now updates when you upgrade your DBestChatBot plan. Previously it stayed frozen at whatever plan you had when you connected.

= 3.0.17 =
Health Check false-negative fix — if you upgraded to v3.0.16 and the panel started showing ✗ on "Widget reaches anonymous visitors" even though the chatbot was working, this release fixes the diagnostic.

= 3.0.16 =
Resilience fix for aggressive JS optimizers (WP Rocket Delay JS, SG Optimizer, Cloudflare Rocket Loader, Autoptimize). If your chatbot disappeared for anonymous visitors on v3.0.13–v3.0.15, this release restores it.

= 3.0.15 =
Critical fix — the widget was silently invisible on v3.0.13 and v3.0.14 because the script was registered too late in WordPress's hook order. Upgrade immediately if you're on either of those versions.

= 3.0.14 =
Final Plugin Check compliance pass. No behavior changes. Safe to upgrade.

= 3.0.13 =
WordPress Plugin Check compliance fixes. No behavior changes, no settings reset. Safe to upgrade.

= 3.0.12 =
Adds the opt-out toggle and "External services" disclosure required by WordPress.org. No breaking changes.

= 3.0.11 =
WordPress.org compliance fixes — removes the self-updater (the directory itself handles updates now), renames the text domain, and bumps the "Tested up to" header. Safe to upgrade.

= 3.0.10 =
Plugin Check compliance fixes. Safe to upgrade — no breaking changes, no settings reset.

= 3.0.8 =
Adds the Health Check panel that diagnoses the most common installation issues automatically. Highly recommended upgrade if your visitors have ever reported "the chatbot isn't showing up."
