=== KZB AI Cart Assistant for WooCommerce ===

Contributors: kzbstudio
Tags: woocommerce, ai, chatbot, cart, mcp
Requires at least: 7.0
Tested up to: 7.0
Requires PHP: 8.3
Stable tag: 1.0.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
WC requires at least: 8.0
WC tested up to: 10.8

Allow AI agents and a storefront chatbot to browse your product catalog and add items to customers' carts. Payment is always completed by a human.

== Description ==

KZB AI Cart Assistant for WooCommerce connects your store to AI systems using the open **Model Context Protocol (MCP)**. It also adds an optional AI-powered chat widget to your storefront, powered by the **WordPress AI Client** built into WordPress 7.0.

**The guiding principle: automation stops at the cart.** The plugin never initiates checkout or processes payments — those actions always require a human.

= Features =

* **MCP server** — REST endpoints that expose your product catalog and allow authenticated AI agents to add products to a customer's cart (`add_to_cart`) and view cart contents (`view_cart`)
* **Storefront chatbot** — floating chat widget powered by the WordPress AI Client; customers can ask product questions and add items to their cart through conversation
* **Bearer token authentication** — per-user tokens that let an AI agent act on a specific customer's behalf
* **My Account integration** — customers can generate and revoke their own tokens from the My Account page
* **Admin panel** — category filters, security limits (max quantity, max cart value), token management, and an audit log of every AI action
* **Privacy-first** — respects the Global Privacy Control (GPC) signal; no API keys are stored by the plugin

= MCP Server =

AI agents discover the MCP endpoint via a `<link rel="mcp-server">` tag automatically injected into your site's `<head>`. The agent can then browse the product catalog (JSON-LD format) and call tools on behalf of an authenticated customer.

Typical agent flow:

1. Agent reads `<link rel="mcp-server">` from your page HTML
2. `GET /wp-json/kzbaca/v1/mcp` — reads available tools and the product catalog URL
3. `GET /wp-json/kzbaca/v1/mcp/resources` — fetches the product list
4. `POST /wp-json/kzbaca/v1/mcp/tools/add_to_cart` — adds a product (Bearer token required)
5. Agent returns the cart URL to the customer for payment

= External Services =

This plugin connects to external AI services **only when the chatbot is enabled and an AI provider is configured in WordPress Settings → AI**. No data is sent to any external service when the chatbot is disabled (the default state).

**WordPress AI Client**
The storefront chatbot uses the WordPress AI Client (built into WordPress 7.0) to communicate with your configured AI provider. The AI provider and its privacy policy are managed in **Settings → AI** in your WordPress admin — this plugin does not communicate directly with any AI provider.
Data sent: conversation messages, product catalog summary, cart context.

No data is ever sent to the plugin author's servers.

== Installation ==

1. Upload the `kzb-ai-cart-assistant` folder to `/wp-content/plugins/`, or install through the WordPress plugin directory.
2. Activate **KZB AI Cart Assistant for WooCommerce** from the Plugins screen.
3. Go to **WooCommerce → KZB AI Cart Assistant** to configure the plugin.
4. To enable the chatbot: configure an AI provider in **Settings → AI**, then open the **Chatbot** tab and enable the widget.
5. To authorise an AI agent: open the **API Tokens** tab, select a user, and generate a Bearer token.

== Frequently Asked Questions ==

= Does this plugin process payments? =

No. The plugin can add items to a WooCommerce cart and view the cart. Checkout and payment always require a human action. This is by design.

= How do I configure the AI provider for the chatbot? =

The chatbot uses the WordPress AI Client, which is built into WordPress 7.0. Go to **Settings → AI** in your WordPress admin to configure your preferred AI provider. No API key is needed in the plugin settings.

= Can customers manage their own tokens? =

Yes. Logged-in customers can generate and revoke their own Bearer tokens from **My Account → AI Assistant**. Admins can also create and revoke tokens for any user from the admin panel.

= What is MCP (Model Context Protocol)? =

MCP is an open protocol that lets AI systems interact with external tools and data sources in a standardised way. This plugin implements an MCP server so that any compatible AI agent can interact with your WooCommerce store.

= Does the plugin work if WooCommerce is not active? =

No. WooCommerce is a required dependency. If it is not active, the plugin displays a warning in the admin and does not initialise.

= What data is sent to external AI services? =

When the chatbot processes a message, the plugin sends conversation history, a summary of your product catalog, and cart context to the AI provider configured in WordPress Settings → AI. No customer personal data beyond the conversation content is sent.

= What is included? =

The plugin includes the full MCP server (add to cart, view cart), the AI chatbot (using the WordPress AI Client), Bearer token authentication, the My Account integration, and the admin panel with audit log and category/limit controls.

== Screenshots ==

1. Admin panel — Settings tab with allowed product categories and security limits.
2. Admin panel — API Tokens tab with token generation and active tokens list.
3. Admin panel — Audit Log showing AI cart operations with status and error codes.
4. Admin panel — Chatbot tab with widget settings (AI provider configured in Settings → AI).
5. Storefront — chat widget open with product recommendation cards.
6. My Account — AI Assistant tab where customers can manage their own tokens.
7. Storefront chatbot — customer asks about outdoor LED lights; assistant replies with matching product cards.
8. Storefront chatbot — product detail panel slides in showing image, price, description, and a link to the product page.
9. Storefront chatbot — after asking to add a product, the assistant confirms and displays a "Go to cart" button; the cart badge updates in the widget header.

== Changelog ==

= 1.0.2 =
* Fixed: product catalog endpoint now excludes products with `catalog_visibility = hidden`, aligning public exposure with WooCommerce storefront behaviour
* Fixed: `add-to-cart` Ability now requires the user to be logged in (`is_user_logged_in()`), consistent with the "authenticated user's cart" contract

= 1.0.1 =
* Migrated chatbot to WordPress AI Client (built-in WP 7.0) — no API key needed in plugin settings
* Renamed internal prefix from `kzb` to `kzbaca` to meet WordPress.org guidelines (4+ character prefix)
* Bumped minimum WordPress requirement to 7.0
* Removed direct Google Gemini API integration from free plugin

= 1.0.0 =
* Initial public release
* MCP server: product catalog (JSON-LD), `add_to_cart` and `view_cart` tools
* AI chatbot widget: Google Gemini integration, product recommendation cards, cart view and removal
* Bearer token authentication per WordPress user
* My Account integration: self-service token generation and revocation
* Admin panel: category filters, security limits, token management, audit log
* Polish translation included (pl_PL)

== Upgrade Notice ==

= 1.0.2 =
Security hardening: product catalog endpoint no longer exposes hidden products; Ability API requires login.

= 1.0.1 =
This update renames internal plugin identifiers (prefix `kzb` → `kzbaca`) and migrates the chatbot to the WordPress AI Client. After upgrading, re-activate the plugin to recreate the audit log table under the new name. Existing Bearer tokens will be invalidated and must be regenerated. Requires WordPress 7.0.
