=== OrderKrab for WooCommerce ===
Contributors: orderkrab
Tags: woocommerce, shipping, parcel-locker, fulfillment, order-sync
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.2.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect WooCommerce to the OrderKrab fulfillment platform: dynamic shipping rates, parcel locker selection, and two-way order sync.

== Description ==

OrderKrab for WooCommerce is a thin integration between WooCommerce and the OrderKrab fulfillment platform. It lets a WooCommerce store offer carrier-driven shipping rates and parcel locker selection at checkout, then keeps order state in sync with OrderKrab as the order moves through fulfillment.

**What it does**

* Adds a shipping method that returns rates from the OrderKrab API, including parcel locker pricing per carrier.
* Renders a parcel locker search field at checkout (native or Shopify-style block).
* Syncs newly created and updated WooCommerce orders to OrderKrab.
* Provides an hourly batch reconciliation for any orders that didn't sync in real time.
* Receives webhooks from OrderKrab for order, product, and connection status updates.

**Who it's for**

Stores that already use (or plan to use) the OrderKrab fulfillment platform to manage shipping with carriers like DPD, LP Express, Omniva, InPost, FedEx, DHL, and others.

== External services ==

This plugin connects to the OrderKrab API (`https://api.orderkrab.com`) — the configured base URL is shown in the plugin's Connection settings and can be overridden by store administrators.

**What is sent and when:**

* When a customer reaches checkout, the plugin sends the shipping destination (country, postcode, city) and cart contents to OrderKrab to retrieve available shipping methods and prices.
* When a customer searches for a parcel locker, the plugin sends the search query plus destination country/city to OrderKrab to retrieve matching locker locations.
* When an order is created or updated in WooCommerce, the plugin sends the order details (line items, shipping address, totals, selected shipping method) to OrderKrab so fulfillment can be coordinated.
* The plugin authenticates each request using an access token that the store administrator pastes into the plugin's Connection tab.

**Why an external service is required:** carrier rate calculation, parcel locker availability lookups, and label/tracking generation depend on real-time data from carriers, which is aggregated by OrderKrab and cannot be performed locally by the plugin.

**Provider links:**

* OrderKrab website: https://orderkrab.com
* Terms of Service: https://orderkrab.com/terms
* Privacy Policy: https://orderkrab.com/privacy

== Installation ==

1. Upload the plugin ZIP via **Plugins → Add New → Upload Plugin**, or extract the folder into `wp-content/plugins/`.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Make sure WooCommerce is installed and active (the plugin requires it).
4. Go to **OrderKrab → Connection** in the WordPress admin, paste your OrderKrab access token, and click **Connect to OrderKrab**.
5. Configure shipping methods and display options under **OrderKrab → Display**.

== Screenshots ==

1. The Connection tab — paste your OrderKrab access token and connect the store to the OrderKrab API.
2. The Display tab — choose between the Native and Shopify-style shipping blocks and customize the styling. Includes a live preview.
3. The Shopify-style shipping block at checkout — distance-based parcel locker options with carrier logos and selectable lockers.
4. The Native shipping block at checkout — WooCommerce shipping methods with an inline parcel locker search field.

== Frequently Asked Questions ==

= Do I need an OrderKrab account? =

Yes. The plugin is a client for the OrderKrab fulfillment service; you'll need an account and an access token to use it.

= Does the plugin work without WooCommerce? =

No. WooCommerce is a hard requirement; the plugin will not bootstrap if WooCommerce isn't active.

= What WordPress and PHP versions are supported? =

WordPress 6.0 or higher and PHP 7.4 or higher.

= Where can I get help? =

Reach the OrderKrab team via https://orderkrab.com.

== Changelog ==

= 1.2.2 =
* Removed code that filtered another plugin's admin notices, per WordPress.org Guideline 11.
* Added an `uninstall.php` handler that removes the integration user, the WooCommerce REST API key row, and all plugin options when the plugin is deleted.
* Added a per-IP transient rate limit to the public `/orderkrab/v1/shipping-points` REST endpoint to protect against abuse of the merchant's upstream API.
* Replaced inline `file_get_contents()` SVG output in the parcel locker search with `<img>` tags pointing at the bundled asset URLs, in line with WordPress's escape-on-output rule.
* Wrapper, style, and method-id attributes in the parcel locker search are now built and escaped at the point of output rather than passed through pre-baked attribute strings.
* Removed the manual WooCommerce REST API key fallback (and its `SHOW COLUMNS` introspection queries). With WooCommerce now declared as a hard dependency, `wc_rest_generate_keys()` is always available.
* Removed the diagnostic `error_log()` call that ran when WooCommerce REST helpers were unavailable.
* Excluded screenshots from the production ZIP; they live in the WordPress.org `/assets/` SVN folder instead.

= 1.2.1 =
* Declared WooCommerce as a formal plugin dependency via the `Requires Plugins` header.
* Removed an unreliable hardcoded fallback to `WP_PLUGIN_DIR . 'woocommerce/'` when locating WooCommerce REST helper files; the plugin now relies on WooCommerce's own getters and `WC_ABSPATH` constant.
* Renamed the main plugin file to match the plugin slug (`orderkrab-for-woocommerce.php`).
* Excluded the development-only `wp-stubs.php` shim from the published build.

= 1.2.0 =
* Activated the batch order sync (hourly reconciliation of pending/on-hold/processing orders).
* Refactored admin assets to use `wp_enqueue_style` / `wp_enqueue_script` / `wp_add_inline_style` / `wp_localize_script` instead of inline `<style>` and `<script>` blocks.
* Fixed: API access tokens are now preserved verbatim instead of being passed through `sanitize_text_field()`, which could silently corrupt valid tokens.
* Modernized `register_setting()` registration with explicit `type` and `sanitize_callback` keys.
* Removed the call to `load_plugin_textdomain()`. WordPress automatically loads translations for plugins hosted in the directory since WordPress 4.6.
* Added `defined( 'ABSPATH' )` guard to template files that execute code on inclusion.
* Removed the self-hosted plugin updater. Updates are now delivered through the WordPress.org plugin directory.
* Removed the `test-weight-logic.php` development test harness from the published plugin.

= 1.1.5 =
* Previous internally distributed release.

== Upgrade Notice ==

= 1.2.2 =
Adds an uninstall handler that fully removes plugin data on deletion, plus a per-IP rate limit on the public locker-search endpoint and several escape-on-output security hardenings. No configuration changes required.

= 1.2.1 =
WooCommerce is now declared as a required plugin via the `Requires Plugins` header; WordPress will block activation if WooCommerce is missing.

= 1.2.0 =
First release on WordPress.org. Updates will be delivered through the WordPress plugin directory going forward; no separate updater is needed.
