=== Sutrify Post Relay ===
Contributors: aayushshrestha
Tags: rest-api, sync, multisite, content, export
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.0.0
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Securely push posts from one WordPress site to another via the REST API, with AES-256 encryption, a retry queue, and full audit logs.

== Description ==

Sutrify Post Relay lets you automatically replicate posts from one WordPress site to another using the standard WordPress REST API. All credentials are encrypted in the database using AES-256-CBC so nothing sensitive is stored in plain text.

**Key Features:**

* **AES-256-CBC Encryption at Rest** — API credentials are encrypted with a SHA-256 derived key before being stored in the database.
* **Granular Status Rules** — Choose exactly which status transitions (Publish, Draft, Pending, Private) trigger a sync dispatch.
* **Custom Post Type Mapping** — Map local CPT slugs to the matching slugs registered on the remote site.
* **Retry Queue** — Failed syncs are queued in a custom log table and retried automatically via WordPress Cron.
* **Audit Log Viewer** — Browse request payloads and response bodies from the admin dashboard and export them as CSV.
* **Bulk Sync** — Retroactively push any existing set of posts with a batched, progressive bulk runner.
* **Multisite Compatible** — Fully network-compatible, storing settings in network option tables when running on a multisite installation.

== Installation ==

1. Upload the `sutrify-post-relay` folder to `/wp-content/plugins/`.
2. Activate the plugin from the **Plugins** screen (or Network Activate on Multisite).
3. Go to **Settings → Sutrify Post Relay** (or **Network Settings → Sutrify Post Relay** on Multisite).
4. Enter your target site URL, WordPress application username, and application password.
5. Tick **Test Connection** to verify credentials, configure your post type mappings, then click **Save Settings**.

**Generating an Application Password on the target site:**

1. On the target site, go to **Users → Profile**.
2. Scroll to **Application Passwords**, enter a label (e.g. "Sutrify Post Relay"), and click **Add New Application Password**.
3. Copy the generated password and paste it into the Application Password field in this plugin.

== Frequently Asked Questions ==

= Does this plugin modify the public-facing site? =

No. All output is limited to the WordPress admin area. Nothing is added to your public pages.

= Is the REST API password stored securely? =

Yes. The application password is encrypted with AES-256-CBC before being saved to the database. The encryption key is derived from your site's `SECURE_AUTH_KEY` constant.

= Does it work on WordPress Multisite? =

Yes. When Multisite is active, settings are stored in the network options table and the plugin appears under **Network Settings**.

= Can I test against a local development site? =

Yes. Enable **Allow non-HTTPS / local URLs** in the Connection settings. This skips HTTPS enforcement and private IP blocking. Disable this option before using in production.

= What happens if a sync fails? =

Failed syncs are logged in the Sync Logs tab. If the **Auto-Retry Failures** option is enabled, WordPress Cron will automatically retry failed entries every 5 minutes, up to the configured maximum retry count.

= Will the plugin clean up after itself when uninstalled? =

Yes. When the plugin is deleted through the WordPress admin, it removes the encrypted settings option and drops the custom sync log table from the database.

== Screenshots ==

1. Connection settings tab — configure target URL, credentials, and test the connection.
2. Post type mapping tab — map local post types to their remote equivalents.
3. Sync rules tab — choose which status transitions trigger a sync.
4. Sync logs tab — audit every sync attempt with payload and response inspection.
5. Bulk sync tab — retroactively push existing posts with a progress bar.

== Changelog ==

= 1.0.0 =
* Initial release.
* Redesigned admin UI with tabbed navigation and dark-mode support removed for WordPress admin compatibility.
* Setting to sync automatically when post is published, updated or moved to trash.
* Bulk sync runner with batched dispatch and live progress bar.
* CSV export for audit logs.
* Retry queue via WordPress Cron.
* Added Allow non-HTTPS / local URLs toggle for development environments.
* Improved URL validation to correctly bypass WordPress's internal SSRF guard in dev mode.
