Submit Changelog
Track Changelogs

IKAROS Ai Commerce Infrastructure

Changelog

2.3.2

  • Fixed: Activity Log now shows shopping query parameters for add-to-cart and buy-link traffic instead of hiding that signal behind the intent label.
  • Fixed: Activity Log now prefers canonical product URLs when a product ID can be recovered from the log row or shopping query parameters.
  • Improved: Category and tag endpoint display now uses canonical term paths when terms can be resolved.

2.3.1

  • Fixed: Dashboard analytics query blocks hardened for WordPress.org PHPCS compatibility across supported WordPress versions.
  • Fixed: i18n translator comments and SQL lint compliance improvements in admin analytics rendering.
  • Fixed: Admin dashboard stability update for analytics query parsing.

2.3.0

  • Security: Added signed write request verification for ACP/AJAX write surfaces, including timestamp freshness checks, replay protection, and stronger write authorization flow.
  • Security: Added optional agent-key write path (X-Ikaros-Agent-Key) for ACP and AJAX commerce actions.
  • Security: Added one-time automatic generation of missing security secrets/keys during activation and early runtime initialization.
  • Added: Public ACP Mode guardrails with honeypot protection, optional captcha enforcement, and strict per-minute/per-day per-IP throttling.
  • Added: Built-in captcha verification support for Cloudflare Turnstile and Google reCAPTCHA v3.
  • Added: Settings controls for Public ACP mode, captcha provider/secrets, and quota/rate-limit configuration.
  • Changed: Manifest auth metadata extended for agent-key and hardened write-auth expectations.

2.2.9

  • Security: Removed public checkout nonce exposure from manifest and REST manifest discovery payloads.
  • Security: Mutating REST routes (/mcp/call, ACP write actions, and checkout session write actions) now require authenticated access via logged-in session or shared API key.
  • Security: Added transient-based rate limiting to mutating REST and AJAX commerce endpoints to reduce abuse and request flooding.
  • Changed: Checkout API metadata now advertises shared-key authentication (X-Ikaros-Key) instead of public nonce fields.

2.2.8

  • Fixed: Bot tracking allowlist now matches encoded REST route requests (rest_route=%2F…) for Ikaros namespaces and MCP/UCP/ACP paths.
  • Fixed: “API Endpoints Visited by Bot” query now matches both plain and encoded rest_route forms, ensuring REST API rows appear reliably across hosting/cache setups.

2.2.7

  • Fixed: “API Endpoints Visited by Bot” now includes /wp-json/ikaros/ and encoded rest_route endpoint patterns, so capabilities and protocol API hits are visible in the API table.
  • Improved: Bot logging now uses both parse_request and template_redirect (single-write guard) for broader request coverage, including REST requests.
  • Improved: API analytics cache is invalidated immediately after bot log inserts so new endpoint rows appear without delay.

2.2.6

  • Fixed: Bot visit tracking now runs on parse_request, ensuring REST API endpoint hits are logged reliably (not only template-driven frontend requests).
  • Fixed: Free tracking allowlist now includes /wp-json/ikaros/ and equivalent rest_route patterns so capability and protocol endpoints appear in API endpoint analytics.

2.2.5

  • Fixed: Free bot tracking now logs technical AI endpoints (/wp-json/ikaros-ai-manifest/, /wp-json/aigentic/, MCP/UCP/ACP paths, llms.txt, and manifest/feed endpoints) when tracking scope is products-only.
  • Improved: “API Endpoints Visited by Bot” dashboard section now captures and displays API activity more reliably.

2.2.4

  • Added: New AI store capabilities endpoint at /wp-json/ikaros/v1/ai-capabilities exposing active protocols and AI capability flags.
  • Changed: Manifest plugin_type value updated to Ikaros Ai commerce layer across manifest outputs.
  • Fixed: Fallback manifest endpoint handling now returns explicit HTTP 200 for /ai-commerce.json.

2.2.3

  • Added: Agentic Checkout session endpoints under REST API for create, update, get, complete, and cancel checkout session flows.
  • Added: Idempotency handling (Idempotency-Key) and standardized checkout error responses for session endpoints.
  • Added: Session-shaped checkout payloads with line_items, totals, fulfillment_options, messages, and links.
  • Added: Manifest discovery metadata for the new checkout session endpoints.
  • Added: WooCommerce order creation on checkout session completion with returned order permalink payload.

2.2.2

  • Fixed: ACP WooCommerce session bootstrap no longer invokes non-prefixed external hook names, improving WordPress.org PHPCS compliance.

2.2.1

  • Fixed: ACP cart-dependent endpoints now initialize WooCommerce session, customer, and cart during REST requests.
  • Fixed: ACP add-to-cart, status, and checkout endpoints no longer fail with cart unavailable on stores where REST cart bootstrap was missing.
  • Improved: ACP production reliability for end-to-end agent checkout flow.

2.2.0

  • Added: ACP endpoints for products search, add-to-cart, checkout, and status under the REST API.
  • Added: ACP discovery metadata to the REST manifest (acp_supported and ACP endpoint URLs).
  • Changed: Product purchase_url now uses native WooCommerce add-to-cart flow.
  • Changed: Added ai_summary, product_category, and categories fields to manifest catalog items.
  • Changed: Deprecated custom direct-buy handler hook in favor of WooCommerce-native purchase flow.

2.0.0

  • Added: Dashboard page for AI visibility, bot category analysis, and top endpoint/product insights.
  • Added: Analytics page enhancements (date range filtering, bot intent classification, activity table, charts, CSV export).
  • Added: AI Readiness Score in product list (sortable/filterable column and bulk recalculate action).
  • Changed: Renamed “Intelligence” section to “Dashboard”.
  • Changed: Consolidated free settings and policy controls into one unified Settings page.
  • Security: Strengthened nonce validation and request hardening for admin and AJAX flows.

1.1.1

  • Security: Removed API key exposure from JavaScript; keys now only transmitted via AJAX POST.
  • Security: Added null check for product object in schema injection function.
  • Security: Fixed database query preparation for bot log retrieval.
  • Compliance: Removed feature gating on bot statistics charts (now always visible to all users).
  • UX: Added menu icons in admin pages.

1.1.0

  • Feature: Added support for Model Context Protocol (MCP) for AI agents.
  • Feature: Added Universal Commerce Protocol (UCP) discovery endpoint.
  • Fix: Improved security by replacing strip_tags with wp_strip_all_tags.

1.0.0

  • Initial release.

Plugin Website
Visit website

Author
Ikaros Ai
Version:
2.3.2
Last Updated
March 13, 2026
Active Installs
30
Requires
WordPress 6.0
Tested Up To
WordPress 6.9.4
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.