=== TalkDock — Floating Chat Button ===
Contributors: studiomarkas
Plugin URI: https://studio.markashosting.com/plugins/talkdock/
Tags: click to chat, floating button, chat button, whatsapp button, customer support
Requires at least: 5.8
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Add a floating WhatsApp chat button to your site. Visitors click — WhatsApp opens. That's it.

== Description ==

TalkDock adds a floating WhatsApp button to your site in under two minutes. Visitors tap it and WhatsApp opens straight to your number — no forms, no redirects, no friction.

One settings panel covers everything. No accounts, no code, nothing to configure outside WordPress.

= What TalkDock does =

* **Floating chat button** — appears on every page; visitors tap it and WhatsApp opens directly to your number.
* **Full color control** — solid colors or gradients via a built-in picker; matches any brand palette.
* **Flexible positioning** — left or right, with fine-grained offset control.
* **Pre-filled welcome message** — visitors arrive with a conversation starter already typed.
* **Animations & visibility rules** — choose bounce, pulse, shake, or none; show to all visitors, logged-in users, or guests only; hide on mobile with one toggle.
* **Shortcode support** — embed `[talkdock_button]` anywhere in posts or pages.
* **Live preview & clean uninstall** — see changes before saving; plugin removes its own data on uninstall.

= Upgrade to TalkDock Pro =

The free plugin covers everything you need to get a WhatsApp button live. TalkDock Pro is the add-on for teams that want more control, more visibility, and more conversions.

**Free**

* Floating chat button — all pages, all devices
* Full color & gradient control with live preview
* Flexible position and animation presets
* Pre-filled welcome message
* Visitor targeting by login state and device
* Shortcode `[talkdock_button]` for inline embeds
* Accessibility label and clean uninstall

**Pro — everything above, plus:**

* **Page-level targeting** — show or hide the button by page ID, URL pattern, post type, or WooCommerce product
* **Multiple agents & departments** — add unlimited agents with names, avatars, titles, and individual WhatsApp links; visitors pick the right person
* **Business hours & offline routing** — set open/close windows per day; outside hours the widget auto-switches to a lead capture form
* **Offline leads inbox** — missed enquiries saved server-side, reviewable in-dashboard, exportable as CSV
* **Click analytics & conversion tracking** — day-by-day click chart per agent, 7/30/90-day windows, Google Analytics and Meta Pixel event firing, CSV export
* **Greeting bubbles & extra button styles** — pop-up greeting animations, agent typing indicators, and additional button presets
* **Inline Gutenberg block** — drop a fully-styled "Chat with us" CTA anywhere in the block editor

👉 **[Get TalkDock Pro](https://studio.markashosting.com/plugins/talkdock/talkdock-pro/)**

= About WhatsApp =

TalkDock is not affiliated with WhatsApp or Meta. The button opens a standard `wa.me` link — identical to any hand-coded WhatsApp link. The plugin never contacts WhatsApp's servers on your behalf.

== Installation ==

1. Upload the plugin ZIP through *Plugins → Add New → Upload Plugin*, or upload the plugin folder to `/wp-content/plugins/`.
2. Activate the plugin via the *Plugins* screen.
3. Go to **TalkDock** in the admin sidebar.
4. Enter your WhatsApp link in the format `https://wa.me/15551234567` and customize colors and position.
5. Click **Save Changes**. The button will appear on your site.

== Frequently Asked Questions ==

= How do I find my WhatsApp link? =

Use the format `https://wa.me/<country-code><phone-number>` — for example `https://wa.me/15551234567`. No plus sign, no spaces.

= Will this work with my caching plugin? =

Yes. TalkDock enqueues static assets and a sanitized generated stylesheet, so the button renders correctly regardless of page caching.

= Can I show the button only on certain pages? =

The free plugin supports targeting by login state and screen size (hide on mobile). Per-page, per-product, and URL-pattern targeting is available in [TalkDock Pro](https://studio.markashosting.com/plugins/talkdock/talkdock-pro/).

= Will I lose my settings if I deactivate? =

No. Deactivation leaves settings intact. Data is removed only when you delete the plugin — and even then you can opt in to keep it.

= Where do I get support? =

Free support is available through the WordPress.org support forum for this plugin.

== Privacy & External Services ==

TalkDock transmits nothing in normal operation — no tracking, no telemetry, no background requests. The floating button is a plain `wa.me` anchor tag; clicking it opens WhatsApp in the visitor's browser and nothing else. The only outbound connection is the optional **Report a Bug** form, fired solely when an administrator clicks Send.

Data sent only when a bug report is submitted:

* Report subject and message
* Optional reply-to email address (only if you type one)
* Up to three screenshot attachments (validated server-side; never stored in your media library)
* Optional diagnostic info — opt-out, shown to you before sending: plugin, WordPress, PHP, and MySQL versions; active theme; locale; multisite flag; PHP memory limit
* Never auto-collected: site URL, admin email, license keys, user list, active plugin list, or any visitor data
* A local copy is saved in `tlkd_feedback_log` (last 50 entries; removed on uninstall)

External service used:

* **Service:** [Markas Studio Bug Report Receiver](https://projects.markas.cloud/wp-json/markas/v1/plugin-bug)
* **Purpose:** Deliver administrator-submitted bug reports for support investigation. Data is sent only after clicking Send — never automatically.
* **[Terms of Use](https://studio.markashosting.com/plugins/talkdock/terms/)** · **[Privacy Policy](https://studio.markashosting.com/plugins/talkdock/privacy-policy/)**

WhatsApp `wa.me` links are standard browser anchor tags. The plugin makes no server-side requests to WhatsApp or Meta.

== Screenshots ==

1. General tab — enter your WhatsApp link, toggle the widget on or off, and set the accessibility label. Live preview updates on the right.
2. Design & Position tab — pick gradient colors, set horizontal alignment, adjust side and bottom distance, and choose a button animation.
3. Message tab — enable and configure a pre-filled message so visitors land with a conversation starter already typed.
4. Visibility tab — control who sees the button (all visitors, logged-in only, or guests) and hide it on mobile with one toggle.
5. Pro Features tab (free plugin) — overview of the TalkDock Pro add-on with feature cards covering business hours, multi-agent, page targeting, analytics, greeting bubbles, and inline embeds.
6. Pro License tab — active Pro workspace showing license details, plan, validity, and the full list of enabled Pro features.
7. General tab with Pro active — the full Pro tab bar unlocked: Business Hours, Offline Leads, Agents, Targeting, Analytics, Shortcode & Block, and Pro License.
8. Design tab with Pro active — advanced animation options including Pro-exclusive motion styles; button preview reflects multi-agent bubble rendering.
9. Message tab with Pro active — agent-aware prefill routing; assign prefilled messages to specific agents for personalised touchpoints.
10. Visibility tab with Pro active — full visibility and targeting panel with device, page ID, URL pattern, and agent-specific display logic.
11. Business Hours tab (Pro) — schedule-aware availability engine with per-day open/close windows, timezone selection, and automatic offline routing.
12. Agents tab (Pro) — multiple agents and departments panel; assign names, titles, avatars, departments, and individual WhatsApp links with drag-to-prioritise ordering.
13. Offline Leads tab (Pro) — captured offline lead messages with CSV export; visitor enquiries submitted outside business hours are stored and ready to review.
14. Targeting tab (Pro) — page-level targeting with include/exclude rules by post ID and URL pattern; deploy the button on checkout pages, hide it everywhere else.
15. Shortcode & Block tab (Pro) — inline embed tools showing the shortcode with inline and label variants plus a native Gutenberg block, with a live preview of the styled CTA.
16. Analytics tab (Pro) — click analytics dashboard with 7/30/90-day windows, a day-by-day bar chart, per-agent breakdown table, and CSV export.

== Changelog ==

= 1.1.6 =
* Refreshed plugin description copy for clarity and readability.

= 1.1.5 =
* Resolved the Plugin Check nonce-verification warning in settings checkbox payload handling.
* Reconfirmed AJAX no-refresh settings saving, persisted-value verification, and POST fallback.
* Maintained save status feedback and live-preview refresh after successful saves.

= 1.1.2 =
* Added the TalkDock Pro integration hooks while keeping all free features fully functional without the add-on.
* Hardened settings saves, feedback uploads, frontend asset enqueues, and generated CSS output for WordPress.org review.
* Refined the admin UI, responsive tab layout, and shadow-free design system.
* Preserved the existing privacy posture: no background telemetry and no visitor data sent by the free plugin.

= 1.0.9 =
* Fixed WordPress.org review blockers: all JavaScript is enqueued through WordPress, the text domain is consistently `talkdock` across plugin headers, gettext calls, and the POT template, external service disclosure is explicit, Report-a-Bug uploads are sanitized and validated at the boundary, and frontend design CSS is generated from validated values instead of printed as raw inline CSS.
* Removed the remote Google Fonts admin dependency and uses the system font stack instead.
* Cleaned admin/front-end markup output and tightened late escaping for dynamic values.
* Normalized Markas Studio public links under `https://studio.markashosting.com/plugins/talkdock/`, including docs, support, TalkDock Pro, Terms of Use, and Privacy Policy permalinks.
* Removed the optional author homepage header because the plugin-specific URL is intentionally used as the Plugin URI; this avoids duplicate URL validation errors during WordPress.org submission.

= 1.0.8 =
* FIX (Report-a-Bug delivery): the modal showed "Thanks — your report has been recorded" even when the cross-site bug-report receiver returned HTTP 413 (payload too large). Two underlying issues: (a) the dispatcher treated any non-WP_Error response from `wp_remote_post` as success, so a 413 / 429 / 500 from the receiver slipped through as `ok = true`; (b) the receiver's body cap was 1 MB while the plugin permits up to 3 × 5 MB images, so a typical multi-screenshot bug report exceeded the cap. The dispatcher now requires an actual 2xx status before reporting success; on non-2xx the modal shows an honest "Saved locally — receiver was unreachable" warning and leaves itself open so the user can resend. The receiver-side cap (in the Markas Studio dashboard's plugin-bug intake) has been raised to 12 MB to match the plugin's spec'd wire budget with comfortable headroom.
* FIX (response parsing — receiver entry_id): the cross-site receiver responds with `{ success: true, id: <post_id>, message: '...' }` on a successful intake, where `id` is the reference number of the recorded report on the receiver side. The previous dispatcher discarded the body entirely on 2xx and returned only `{ ok, status }` upstream, so the receiver's reference number was lost between layers. The dispatcher now decodes the response body, extracts the `id` field (accepting `entry_id` as a forward-compat alias), and propagates it as `remote_entry_id` through the dispatch result → local log row → AJAX response → modal history pill. The user-facing success message now includes the receiver-assigned reference ("Thanks — your report has been recorded (ref #847)."), and the Previous Reports panel renders sent rows as "Sent · #847" so the user has a number to cite in any follow-up. Pre-1.0.8 log entries that lack the field render as "Sent" with no reference, gracefully — no data migration required.
* NEW (Smart auto-resize): screenshots are now optimized client-side before submission. Images larger than the per-image target are scaled to a 1920px longest edge and re-encoded as JPEG with progressive quality steps (0.85 → 0.72 → 0.6) until they fit. A typical 5 MB retina screenshot lands at ~400–600 KB without visible quality loss, and the 413 budget becomes practically unreachable from the UI.
* NEW (Paste-from-clipboard): you can now paste a screenshot directly into the open modal with Cmd / Ctrl + V. Captured images run through the same auto-resize pipeline. A timestamped filename is synthesized so multiple pastes don't collide. Text pastes into the subject / message inputs are left untouched.
* NEW (Previous reports panel): an opt-in "Show previous reports" disclosure inside the modal lists the most recent submissions from this site with their delivery status (`Sent` / `Local only` / `Not delivered`). Reads from the existing bounded local log; no new options are created. Lazy-loaded on first expand.
* FIX (wp_options bloat): the local `tlkd_feedback_log` option no longer stores the base64-encoded attachment binary. With 50 entries × up to 15 MB raw attachments, the option row could theoretically reach ~750 MB and slow every admin page load. The log now stores per-attachment metadata only (name, MIME, byte count); the audit trail is preserved, the bloat hazard is gone.
* FIX (privacy / wire format): the dispatcher's outbound `User-Agent` no longer includes `home_url()`. The readme privacy section already promised the plugin never auto-attaches your site URL, but the previous header `TalkDock/1.0.7; <home_url>` shipped it on every dispatch. The receiver-side dashboard derives the source host from the `Origin` / `Referer` header (unchanged), so the `User-Agent` is now plain `TalkDock/1.0.8`.
* HARDENING (PHPCS hygiene): the `$_FILES` superglobal is read in three places inside `process_attachments()` (existence check, raw-array capture, per-file loop). The previous build used an inline `phpcs:ignore` that only covered one line and left the other two flagged. Replaced with a method-scoped `phpcs:disable` / `phpcs:enable` pair stacking both `WordPress.Security.NonceVerification.Missing` and `WordPress.Security.ValidatedSanitizedInput.InputNotSanitized`. Each suppression carries a one-line justification naming the mitigation. No behavioural change.
* HARDENING (link-rel sweep): every `target="_blank"` link in the plugin's admin views now uses `rel="noopener noreferrer"` (was `rel="noopener"`). `noopener` neutralizes reverse-tabnabbing; `noreferrer` additionally suppresses the `Referer` header so the destination site does not learn which `wp-admin/admin.php?page=…` page the click came from.
* No change to the AJAX action names, the nonce, the option keys, the validation rules, the JSON payload schema, the diagnostic block, or what is opt-in vs opt-out. The 5 MB per-image cap and 3-image cap are unchanged. The set of fields transmitted is unchanged — except that the outbound `User-Agent` header no longer contains `home_url()`, per the readme's privacy guarantee.

= 1.0.7 =
* Polished the Report-a-Bug modal. The submit button now shows an inline spinner during dispatch and a brief checkmark on success instead of swapping its text; the form is disabled while the request is in flight so the loading state is clearly bounded.
* Fixed a desktop layout regression where the modal could overflow the viewport once the "Sending…" status banner appeared, clipping the footer off the bottom of the screen. The dialog → wrapping form → body now form a proper flex column, so the body scrolls internally instead of pushing the dialog past its `max-height` cap. The status banner is also auto-scrolled into view when it appears. The dialog now also offsets for the WordPress admin bar (32px / 46px) so it never sits beneath it on desktop.
* Replaced the fragile `backdrop-filter: blur(8px)` scrim with a solid dim (`rgba(15, 16, 20, 0.62)`) that renders deterministically regardless of WP admin chrome stacking contexts. The previous blur approach caused "ghost" rendering where tabs and buttons bled through the backdrop. Removed the associated defensive `isolation: isolate` and `z-index: 0` hacks that were only propping up the broken filter.
* Switched the admin CSS and JS enqueue from a static plugin-version cache key to a `filemtime()`-based version. Any byte-level change to `admin/css/admin.css` or `admin/js/admin.js` now forces an immediate browser refetch even when the plugin version has not been bumped. The headline plugin version stays visible in `?ver=…` because the new format is `TLKD_VERSION.MTIME` with a graceful fallback to plain `TLKD_VERSION` if the file cannot be stat'd.
* Refined the modal visuals toward a minimalist, system-style aesthetic: clean solid-dim backdrop, tighter typography, larger corner radius on desktop, and a primary-indigo Send action that matches the rest of the admin brand instead of the accent terracotta.
* Mobile rendering hardened: switched the full-screen breakpoint to `100dvh` (fixes iOS Safari toolbar overlap), added safe-area-inset padding for notched devices, and reduced the body padding so all fields stay reachable on narrow screens.
* Accessibility: animations honor `prefers-reduced-motion`; the spinner is hidden from assistive tech; the live status region continues to announce send/success/error.
* No change to the AJAX endpoint, validation rules, payload shape, dispatcher behavior, or privacy posture.

= 1.0.5 =
* Suppressed five false-positive Plugin Check warnings in `TLKD_Feedback`. No behavioural change.

= 1.0.4 =
* Added an optional "Report a Bug" button on the settings page sidebar. Opens a modal that accepts a subject, message, optional reply-to email, and up to three image attachments.
* The feedback flow is transparent: nothing is transmitted until the administrator clicks Send. Diagnostic environment info is opt-out and the full payload is shown to the user before submission.
* Submissions are recorded locally in a bounded log (`tlkd_feedback_log`, 50 most recent entries, removed on uninstall unless data is preserved).
* New `talkdock_feedback_payload` and `talkdock_feedback_dispatch` filters let extensions modify the payload or replace the default dispatcher.
* Added a `== Privacy ==` section to this readme describing exactly what the Report-a-Bug flow transmits.

= 1.0.3 =
* Renamed plugin to "TalkDock — Floating Chat Button" to comply with WordPress.org Plugin Check trademark rules.
* Updated admin hero subtitle to match the new name.
* No functional changes.

= 1.0.2 =
* Rebranded from the previous internal name to "TalkDock".
* Reworked description and admin copy to be factual rather than promotional.
* Removed the red upgrade link from the plugins list row.
* Added an explicit non-affiliation notice regarding WhatsApp.
* Shortcode renamed to `[talkdock_button]`.

= 1.0.0 =
* First release.
* Floating chat button with color, position, and animation controls.
* Prefilled message support.
* Visibility rules (login state, hide on mobile).
* Accessibility-first markup.
* Inline shortcode for placing buttons inside content.
* Auto-migration from the legacy `custom_wa_*` standalone snippet.

== Upgrade Notice ==

= 1.1.6 =
Description copy refresh only. No functional or database changes.

= 1.1.2 =
WordPress.org review hardening and Pro-ready architecture update from 1.0.9. No migration steps are required.

= 1.0.9 =
WordPress.org review hardening: enqueue compliance, text-domain slug alignment, external-service disclosure, upload validation, and generated stylesheet output.

= 1.0.8 =
Critical fix. The Report-a-Bug modal showed success on receiver HTTP 413; the dispatcher now requires 2xx and surfaces failures honestly. Adds smart auto-resize, paste-from-clipboard, and a Previous Reports panel. No change to what is collected or to the privacy posture.

= 1.0.7 =
Polished the Report-a-Bug modal with a refined loading state, system-style minimalist visuals, and hardened mobile rendering. No change to what is transmitted or to the privacy posture.

= 1.0.5 =
Plugin Check false-positive suppression in the bug-report attachment handler and MySQL version probe. No behavioural change.

= 1.0.4 =
Adds a Report-a-Bug button on the settings page. No data is transmitted unless you click Send. See the Privacy section for details.
