Security: the /inventory write endpoint now performs a per-product capability check (matching WooCommerce’s own product controller) before changing any stock or price, so per-object permission rules are honored rather than bypassed by the single endpoint-level check.
Hardening: per_page/page request bounds are now validated against the schema and clamped server-side.
Performance: the settings option is registered with autoload disabled, so it is no longer loaded on every front-end request.
Compliance: added an “External services” section to the readme disclosing the AutoSync connection and the product/inventory data shared with it.
Internal: store the “last synced” marker under the plugin’s own meta key prefix instead of WooCommerce’s reserved _wc_admin_ namespace.
1.0.4
Settings page: category pickers now use a searchable token field (WordPress FormTokenField) with breadcrumb labels, replacing the checkbox checklist.
Security: split the REST permission callback into read- and write-specific gates so the /inventory endpoint requires edit_others_products rather than just read_private_products.
Internationalization: wrapped all user-facing strings (settings page, meta box, REST error messages, warning header) in gettext calls so the plugin is fully translatable via translate.wordpress.org.
Internal: switched to PHP 8.1 first-class callable syntax for hook/route registrations.
1.0.3
Internationalization: added Text Domain header and matching gettext call so the plugin is translatable via translate.wordpress.org.
