=== PatchOn Agent ===
Contributors: rocketa
Tags: maintenance, updates, regression, backup, management
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connector plugin that securely links your site to the PatchOn AI automated update verification service.

== Description ==

PatchOn is a solution for safely updating the plugins, themes, and core of your WordPress site. Before applying an update to production, it reproduces your site's configuration in a staging environment, applies the update there, and runs a screenshot comparison (Visual Regression Test) to check for any problems. This plugin acts as the connector between your WordPress site and PatchOn.

**This plugin requires the PatchOn service ([patchon.jp](https://patchon.jp/)) and does not function on its own.** No account is required to get started. Immediately after activation it performs no external communication, and a consent screen is shown in the admin area. Outbound communication with PatchOn begins only after the user explicitly clicks the "Agree and Start" button on that consent screen, which registers the site anonymously. A PatchOn account is needed only to view detailed inspection results in the dashboard or to upgrade to a paid plan.

= Main Features =

* Pre-inspection that simulates updates in a staging environment, with results displayed in your dashboard
* Backup of site files and database before applying updates
* Production rollout of updates that have passed inspection

This plugin (the free distribution on WordPress.org) does **not** write to your site files (`wp-content`, `mu-plugins`, theme directories, etc.), even when it detects a problem. AI auto-repair, which writes patched code to `mu-plugins` or the active child theme, is provided by the separately distributed **PatchOn Agent Pro** extension plugin (available to PatchOn Standard / Business plan subscribers).

= Data Sent =

After the user has consented on the consent screen, when they run a "Pre-inspection" or "Apply update" operation, the plugin sends the following data to PatchOn and related external services. See the [Privacy Policy](https://patchon.jp/privacy-policy) for details.

* Site URL / WordPress version / PHP version / DB version
* List and versions of installed plugins, themes, and MU plugins
* Site files prior to update application (child theme / mu-plugins / wp-config.php, used for backup)
* Contents of WordPress debug.log (used to detect issues)
* Lightweight database dump (only at pre-inspection time; tables and columns containing personal information are excluded)

== External services ==

This plugin depends on the following external services. **No external communication is performed merely by activating the plugin.** Communication starts only after the user explicitly clicks the "Agree and Start" button on the consent screen shown on first use.

= PatchOn API (https://patchon.jp and its subdomains) =

The backend for all inspection, repair, update, and database-dump operations. Two host names are used, both operated by Rocketa Inc. and routed to PatchOn's infrastructure:

* `https://patchon.jp/api/*` — site registration, pre-inspection control, apply-update control, billing
* `https://dump.patchon.jp/*` — database-dump control endpoints and signed-URL chunk uploads used during pre-inspection (the database dump is excluded from the data sent over `patchon.jp/api/*`)

Provider: Rocketa Inc. (rocketa.co.jp)

When data is sent:

* On click of the "Agree and Start" consent button (one-time): anonymous site registration and UUID issuance
* When the user runs a "Pre-inspection": list of plugins / themes, debug.log, lightweight database dump
* When the user runs an "Apply update": backup files, application result

What is sent: see the "Data Sent" section above

* Terms of Service: https://patchon.jp/terms
* Privacy Policy: https://patchon.jp/privacy-policy
* Subprocessors: https://patchon.jp/subprocessors

= AWS S3 (Tokyo region, accessed via PatchOn) =

Storage destination for the pre-update full-site backup (tar.gz). **File uploads are performed only against pre-signed URLs issued by `https://patchon.jp/api/*` on a per-request basis.** The customer site does not hold any S3 credentials.

* Provider: Amazon Web Services, Inc.
* Endpoint: https://*.s3.ap-northeast-1.amazonaws.com (pre-signed URLs only)
* When data is sent: when the user runs an "Apply update"
* What is sent: pre-update site files (tar.gz)
* AWS Privacy: https://aws.amazon.com/privacy/

== Installation ==

1. From the WordPress admin dashboard, go to Plugins > Add New, search for "PatchOn", and install.
2. Activate the plugin. **No outbound communication occurs at this point.**
3. A consent screen ("Welcome to PatchOn") appears in the admin area. Review the data that will be sent, then click "Agree and Start". **Clicking this button is treated as your explicit consent to begin external communication**, and the plugin registers your site anonymously with PatchOn.
4. You can now run pre-inspections and apply updates from "PatchOn > Update Management". No account is required for this step.
5. To view detailed inspection results in the dashboard or to upgrade to a paid plan, open "PatchOn > Settings" and click "Connect this site to a PatchOn account" to register or log in at PatchOn.

== Frequently Asked Questions ==

= Is there a fee to use this plugin? =

The plugin is distributed free of charge, and anyone can run pre-inspections and apply updates. Paid plans add AI auto-repair, additional inspection targets, and more comprehensive support. See https://patchon.jp/ for plan details.

= What's the difference between Free, Standard, and Business plans? =

* **Free**: regression testing on 3 URLs, with detailed results viewable in PatchOn. When no problems are found, apply to production in one click. Pre-update backups are retained for 7 days.
* **Standard** (paid): adds AI auto-repair (which requires installing the separately distributed PatchOn Agent Pro extension plugin), form testing, an expanded URL count, 30-day backup retention, and email support.
* **Business** (paid): adds mobile VRT, 90-day backup retention, and Slack Connect support.

See https://patchon.jp/#pricing for the current pricing.

= Does the plugin send any data to external services just by being activated? =

No. Activation alone does not send any data externally. Communication starts only after the user explicitly clicks the "Agree and Start" button on the consent screen.

= Where is my data stored? =

In AWS (Tokyo region). See the [Privacy Policy](https://patchon.jp/privacy-policy) for details.

= If I delete the plugin, will my data also be deleted? =

When the plugin is deleted, the configuration values it stored in your local database (such as the connection UUID) are removed automatically. However, the corresponding site data on PatchOn is retained. To request full deletion of your cloud-side data, please reach out through the contact form.

= Are automatic updates safe? =

Before running the standard WordPress update flow, the plugin first attempts the same updates in a staging environment to detect issues. If problems are detected, the update is aborted and you are notified through the dashboard.

== Changelog ==

= 1.1.3 =
* Updates on every plan now create a restore point (site files and a full database dump) before applying changes, stored in PatchOn cloud storage with a plan-based retention period and downloadable from the update screen for self-service recovery. The consent screen and privacy policy have been updated to cover this storage.
* Fixed multiple bugs where a failed update could be misreported as successful, including copy failures during the upgrade, concurrent update runs leaving maintenance mode stuck, stale update caches, and a locale-dependent misclassification on Japanese sites.
* The Pro extension required for applying AI repairs can now be installed and activated with one click from the update screen, with clearer guidance when a license is missing or expired.

= 1.1.2 =
* Removed direct `require_once` of WordPress core loading files (`wp-includes/functions.php`, `wp-admin/includes/theme.php`, `wp-admin/includes/misc.php`) in response to plugin review feedback.
* Disabled autoload for frequently updated options (`patchon_update_state`, `patchon_update_flash`, `patchon_site_uuid`) to reduce per-request overhead.
* Escaped all remaining dynamic output (a ternary expression and update/log counts) with `esc_html()` to comply with the late-escaping convention.
* Updated "Tested up to" to WordPress 7.0.

= 1.1.1 =
* Replaced direct cURL calls in the backup upload path with the WordPress HTTP API (`wp_remote_request()`), using the official `http_api_curl` hook to enable streaming uploads of large backup archives without buffering in memory.

= 1.1.0 =
* Removed file write capabilities (no longer writes to `wp-content`, `mu-plugins`, or theme directories). Such writes were moved to the separately distributed PatchOn Agent Pro extension plugin.
* Added an explicit consent screen shown on first activation. The plugin now registers your site anonymously after consent, and no account is required to get started.
* Added CSRF nonce verification on the connection flow to prevent site hijack via crafted redirect URLs.
* Updated plan tiers (Free / Standard / Business) and removed the legacy Enterprise tier from the catalog.

= 1.0.0 =
* Initial release on the WordPress.org official directory.
