WebKernelAI Security

1.0.3

• Added REST route GET /webkernelai/v1/security-overview for dashboard security posture (update transients + readme.html note); advertised as capability security-overview.
• Fixed active theme update detection when WordPress stores update_themes as an object (standard core format).

1.0.2

• Added advanced security mode with signed request validation (HMAC, nonce replay protection, and timestamp freshness checks).
• Added trusted-origin host validation for plugin API access.
• Added rate limiting controls for authentication and selected security endpoints.
• Added production lock profile support and advanced security policy versioning with rollback history.
• Added advanced CSP management support including optional manual policy editing.
• Improved dashboard-facing error messaging and security configuration controls.

1.0.1

• WordPress.org compliance: unique webkernelai_security_* option keys, WebKernelAI_Security_* class names, X-WebKernelAI-Security-Token auth header, automated migration from legacy option names.

1.0.0

• Initial release.