New: Generic Webhook integration. Posts the same pin events as the Teams integration, but as plain JSON to any HTTPS endpoint (Zapier, n8n, Make, Power Automate, IFTTT, or custom receivers). pin_created payloads include the screenshot URL. Opt-in, off by default; URL stored encrypted at rest; per-event toggles; one-click “Send test message”.
Change: AI Integration and Teams Integration are no longer separate submenus. They now live as tabs under a single Proofing → Integrations page, alongside the new Webhook tab. Existing settings carry over untouched.
New: “Report a bug” link in the dashboard header (opens the plugin’s GitHub Issues tracker in a new tab) so users can flag problems without leaving wp-admin.
Polish: refreshed the admin UI on the Integrations and Settings screens — modern underline tabs, more generous spacing under the tab nav, refined card shadows, modern form-field styling with proper focus rings, and a lifted page heading. No HTML structure changes; existing layouts unchanged.
0.1.2
New: tutorial video link in the admin dashboard header (opens on YouTube in a new tab) so first-time users can find the walkthrough without leaving wp-admin.
New: tutorial video auto-embedded on the WordPress.org plugin listing page.
0.1.1
New: Microsoft Teams integration. Post pin activity (new pin, replies, status changes) to a Teams channel via a Workflow webhook. Opt-in, off by default; webhook URL stored encrypted at rest; per-event toggles; one-click “Send test message”.
Security: tighten REST API permission callbacks. GET /pins/{id} now requires the caller to be a manager or the pin’s author; GET /pins requires non-managers to scope the listing to a single page_url and never returns archived pins to non-managers; POST /pins/{id}/replies is restricted to logged-in users with the create capability (guests can no longer reply).
Security: apply identical honeypot + per-IP rate-limit + identity sanitization to any guest-driven write request.
Security: guest rate-limit no longer trusts client-supplied X-Forwarded-For (spoofable — would let attackers bypass rate-limits and inflate wp_options with throw-away transient rows). Only REMOTE_ADDR is used by default; sites behind a trusted reverse proxy can hook the new proofingpins_guest_ip filter to use their proxy’s real-client-IP header.
Cleanup: deleting a pin now also clears any pending AI-suggestion cron event scheduled for that pin (no more orphan cron rows).
Cleanup: uninstall now also clears pending AI cron events and sweeps the plugin’s transients (per-IP rate-limit + cached provider model lists), in addition to deleting pin posts, screenshots, thumbnails, replies, settings, and capabilities.
Rename: all internal identifiers (option names, capabilities, post type, post statuses, post meta keys, transients, comment type, script handles, JS globals, CSS classes, cookies, query parameters) migrated from the pp_ / pp- / PP_ prefix to the longer proopin_ / proopin- / PROOPIN_ prefix to satisfy the WordPress.org 4-character-minimum prefix requirement and prevent collisions with other plugins.
0.1.0
Initial release.
Pin capture via html-to-image with element-anchored responsive positioning.
Admin dashboard (list/grid), status workflow, bulk actions.
Guest comments with identity cookie + rate limit + honeypot.
AI suggestions (OpenAI / Anthropic / Gemini / OpenRouter) with dynamic model discovery.
Elementor-aware suggestions and 1-click Apply / Revert for allowlisted widget settings.
