Admin: the EcomAiBridge screen is now a top-level menu item again (it briefly moved under Settings in 1.0.3) for quicker, more discoverable access.
Reliability: product titles now fall back through SKU → “Product #{id}” instead of returning empty strings when post_title is missing (multilingual / partially-imported stores).
Reliability: product descriptions now decode HTML entities before stripping tags, so entity-encoded markup no longer leaks as visible text in AI responses.
Reliability: all /ai/* JSON endpoints now send X-Content-Type-Options: nosniff and Cache-Control: no-store headers; unhandled fatals surface as JSON errors instead of blank 500s.
Reliability: the chat assistant now still runs the product search and shows cards when a smaller model writes its tool call as text instead of a structured call — previously those replies could leak raw search_products>{…} syntax and return no products.
Polish: a final safety gate ensures the assistant always replies with a clean, friendly message — raw internals or empty responses from the AI can never reach the shopper.
Fix & polish: Analytics tab charts no longer stack vertically (a CSS class name had drifted out of sync with the markup). Requests-by-Endpoint/Provider render as horizontal bars, and the Daily Activity and rate-limit trends are now compact sparklines that stay tidy even on low-traffic stores.
Discovery: /.well-known/ai-bridge.json now includes a guidance block warning AI agents that base prices may differ for product variants.
1.0.3
Moved the admin screen from a top-level menu to Settings → EcomAiBridge to follow the WordPress recommended placement for plugins of this scope.
About tab: the companion-plugin link now points to the dedicated upgrade page on ecomaibridge.com and includes the site domain and admin email as query parameters so the form is pre-filled.
1.0.2
Restructured the plugin to comply with WordPress.org Plugin Directory Guidelines on trialware and serviceware. Free is now fully self-contained — no extension hooks, no placeholder tabs, no upsell language tied to gated functionality.
AI Chat Widget tab: added Model and Base URL fields directly in free, alongside Provider, API Key, and rate-limit settings. Removed the dynamic provider help script.
Removed the llms.txt root-file generator. Discovery is now handled solely through the existing /.well-known/ai-bridge.json endpoint.
Removed the standalone api_key setting and the Store Settings tab — neither was used by any free endpoint.
Removed the placeholder “AI Personality”, “Business Info”, and “Behavior & FAQ” admin tabs (these features live in the separate Pro Add-on plugin and were not functional in free).
Renamed the License tab to About; replaced its feature comparison table with a single neutral note about the separate companion plugin.
All inline <script> and <style> blocks in admin views replaced with the standard wp_enqueue_* flow.
uninstall.php no longer references hardcoded WP_PLUGIN_DIR / WP_CONTENT_DIR constants — it now uses plugin_dir_path( __FILE__ ) and wp_upload_dir() for legacy directory cleanup.
Internal: removed all ecomaibridge_* action and filter hooks that existed solely as Pro extension points (LLM providers, chat hooks, widget config, discovery manifest, tier limits, route registration, admin tabs, tab-view replacement, save fan-out). Free-only analytics now records directly to the Stats class instead of fanning through an action.
Internal: simplified the LLM client to Groq plus a Custom OpenAI-compatible option. Removed the unused Anthropic native code path.
1.0.1
Removed the daily-message cap on the chat widget. Per-IP rate limiting (configurable in admin) is unchanged.
“Powered by EcomAIBridge” widget footer now defaults to off and only appears when the site administrator explicitly opts in via the Chat tab.
Added Requires Plugins: woocommerce to the plugin header so WordPress dependency-resolves WooCommerce automatically.
Hardened input handling: $_POST and $_GET arrays are now deep-sanitized before being forwarded to downstream code.
Removed creation of wp-content/ecomaibridge/ and the data/ cache/ logs/ directories inside the plugin folder. The plugin no longer writes any files inside the plugin directory or wp-content/.
Security: validate the configured LLM base URL against private, loopback, link-local, and cloud-metadata IP ranges to prevent SSRF.
Security: cap incoming /ai/chat request body size, JSON nesting depth, and per-message length to prevent unauthenticated memory-pressure DoS.
Security: added a global daily cap on /ai/chat requests (default 200) as a financial-DoS ceiling for stores facing rotating-IP attackers.
Security: restrict CORS on POST endpoints (/ai/chat) to the store’s own origin; read endpoints stay open for AI crawlers.
Security: rate-limit telemetry counter now only increments on actual HTTP 429 responses from the LLM provider.
Security: settings option set to non-autoload so the LLM API key is no longer pulled into memory on every front-end pageload.
Internal: cache-key fingerprinting switched from serialize() to wp_json_encode() so the value can never feed an unserialize sink.
1.0.0
First public release on the WordPress plugin repository.
