Zaffro – AI Sales Agent for WooCommerce

Changelog

1.7.25

• Security: The subscription management portal endpoint now requires a signed, time-limited token instead of a plain email address, so a billing portal can only be opened by the verified owner of that email (received in their purchase confirmation).
• Fix: The account login/dashboard scripts now load via the WordPress enqueue system (wp_enqueue_script / wp_localize_script) as required by WordPress.org guidelines.
• Fix: The chat widget no longer sends authentication cookies/nonce on the public chat request, preventing a “security layer is blocking the chat (HTTP 403)” error on cached pages.
• Docs: Documented the Google Gemini and Anthropic Claude APIs as external services used in BYOK mode (with terms and privacy links).

1.7.24

• Fix: All admin scripts and styles now load via the WordPress enqueue system (wp_enqueue_script / wp_add_inline_script) as required by WordPress.org guidelines.
• Fix: The “Powered by Zaffro” branding link in the chat widget footer is now opt-in — disabled by default, with a new toggle in Settings → Appearance.
• Fix: Added Requires Plugins: woocommerce header to declare the WooCommerce dependency.
• Fix: Facebook Graph API (Messenger/WhatsApp channel) documented as an external service in the readme.

1.7.23

• New: Shop category selector — choose your industry (SaaS/plugin sales, jewellery, furniture, food & drink, gardening, B2B, or general retail) and the AI assistant automatically adapts its tone, sales style, and product presentation to match.
• Fix: The AI assistant now correctly reads WooCommerce products and applies the selected industry persona; a proxy architecture change in 1.7.20 had broken this behaviour on existing installs.
• Improvement: One-time automatic migration clears any legacy system-prompt text inserted by older plugin versions, preventing duplicate instructions.

1.7.22

• New: Admin sandbox — send a test message directly from the settings page to preview exactly how the AI will behave with your current configuration, before any customer sees it.
• New: Prompt configuration versioning — every save creates a timestamped snapshot so you can review what changed and roll back if needed.

1.7.21

• New: Structured AI behaviour settings — configure tone (formal/friendly), customer addressing form, negotiation strategy (conservative/balanced/aggressive), discount trigger, minimum cart value for negotiation, bundle suggestions, forbidden topics, and escalation mode — all from the admin panel without touching the system prompt.
• New: Advanced prompt field (L3) — a 1,500-character free-text area for merchant-specific instructions, sanitised server-side against prompt-injection patterns before use.

1.7.20

• Security: Layered prompt protection (Phase 1) — the AI system prompt is now assembled server-side in a locked sandwich architecture (immutable header + admin-configured fields + immutable footer), so core instructions cannot be overwritten by a prompt-injection attempt embedded in a customer message or the merchant’s own text.

1.7.19

• Fix: Multi-product checkout with zero-discount orders — empty coupon tokens are now accepted, so mixed-price bundles reach the checkout page correctly.
• Fix: Free/gift products (price = 0) now add to cart correctly under Zaffro checkout; WooCommerce previously rejected them as “not purchasable”.
• Fix: Automatic language detection now reads the site language (WPLANG option) instead of the current user’s locale, so the widget translates correctly on the storefront regardless of the admin’s language setting.
• Fix: Server-side coupon text and “free” labels now translate to Hungarian on Hungarian-language sites.

1.7.18

• New: Multi-product checkout — the assistant can negotiate and check out multiple products in a single conversation, applying one shared discount across the entire cart.
• Improvement: Chat widget launcher text is now fully internationalised — labels display in the active site language without requiring a translation file.

1.7.17

• Security: Messenger and WhatsApp webhooks are now verified with a cryptographic signature (Meta App Secret), so only genuine messages from Meta are processed. Action required if you use Messenger/WhatsApp: enter your Meta App Secret under Settings → Channels — until then those webhooks stay locked.
• Security: The chat endpoint now has built-in rate limiting to prevent abuse and runaway API usage. Normal conversations are unaffected.

1.7.16

• New: Customer account page — log in with a one-time “magic link” sent by email (no password needed), view your subscription on a personal dashboard, and activate your licence on your store domain directly from the account area.

1.7.15

• Maintenance: Translation-readiness and code-quality improvements (added translator comments and internationalisation fixes) in preparation for the WordPress.org plugin directory.

1.7.14

• Fix: Update loop — after a successful plugin update the “new version available” badge could reappear immediately due to a stale cached server response. The plugin now detects that the installed version is already current, clears the stale cache, and removes the badge correctly.

1.7.13

• Improvement: Widget logo (white-label) is now restricted to the Enterprise plan — visible in settings but locked for Free / Starter / Pro / Agency accounts, with an Enterprise upgrade note.
• Fix: “Online” and “Typing…” status indicators now correctly display in Hungarian (and any other translated language) instead of always showing in English.

1.7.12

• New: Connection diagnostics — a one-click test on the settings page checks whether the chat can reach the WordPress REST API, so a hosting firewall/WAF blocking /wp-json/ is identified instantly instead of being mistaken for a plugin fault.
• Improvement: Clearer chat error messages — when a firewall or hosting security layer blocks the request, the widget now reports the HTTP status and points to /wp-json/ instead of showing a generic “Network error”.

1.7.11

• New: WooCommerce Subscriptions support — the assistant detects subscription products in your catalogue and presents recurring pricing correctly during negotiation.
• New: Subscription-aware coupons — discounts on subscription products are generated with the correct recurring/once-off behaviour, configurable per product.
• New: Subscription-aware add-to-cart and AI prompt context, so the assistant never offers an invalid one-off checkout for a recurring product.
• Improvement: Graceful fallback when WooCommerce Subscriptions is not installed — subscription logic is skipped cleanly and standard products work as before.

1.7.10

• Fix: “Purchase a licence” and upgrade call-to-actions now point to the dedicated pricing page (zaffro.ai/pricing, or /arazas on Hungarian sites) where you can subscribe directly — previously they led to the homepage trial funnel, leaving no clear path to pay.

1.7.9

• New: Trial expiry experience — escalating admin reminders (7 → 3 → 1 days) as a 14-day trial nears its end, with a one-click subscribe call-to-action and the lifetime 20% coupon code.
• New: Expired trial now shows a clear “subscribe to switch the chat back on” notice instead of silently going inactive.
• Improvement: Conversion link and coupon are served by the license API, so they can change without a plugin update.

1.7

• New: Analytics event tracking — wp_zaffro_events table logs chat_started, coupon_offered, checkout_offered, order_completed events (session hash only, no PII)
• New: Revenue & ROI dashboard section — orders closed, revenue generated, discounts given, avg discount %, close rate, revenue/discount ratio
• New: WooCommerce order hook — links completed orders to Zaffro sessions via coupon meta (_zaffro_session_hash)

1.6

• New: Free tier support — plugin works without a paid license key (shared API key, 50 negotiations/month limit)
• New: Monthly negotiation limit enforced server-side for Free plan users (per distinct session)
• Fix: Chat widget enable/disable option no longer resets to empty string on every Settings save
• Fix: Chat header logo now renders correctly instead of displaying raw HTML markup
• Fix: Chat widget visibility condition corrected — empty string value treated as enabled

1.5

• New: Stripe subscription management — customers can update payment method, download invoices, or cancel via [zaffro_manage_subscription] shortcode
• New: Stripe Customer Portal redirect endpoint
• New: Onboarding wizard auto-creates the subscription management page on step 5
• Fix: Portal error messages now redirect back to the shortcode page instead of homepage
• Fix: WordPress Coding Standards (PHPCS WordPress-Extra) — zero errors across all plugin files

1.4

• Fix: All remaining Hungarian strings replaced with English throughout the plugin (catalog, coupon generator, system prompt, JS widget)
• Fix: Currency symbol dynamically loaded from WooCommerce instead of hardcoded as Ft
• Fix: Date format now uses WordPress locale-aware date_i18n() instead of hardcoded Hungarian format
• Fix: Coupon i18n — msgids changed to English so WordPress translation lookup works correctly on non-Hungarian sites
• Fix: Admin debug info removed from customer-facing WooCommerce notices
• Fix: Email webhook authenticated with timing-safe hash_equals()
• Fix: Onboarding wizard Skip buttons use POST form submission instead of plain links
• Fix: Agent name flash on chat widget load (name now set only when non-empty)
• Fix: License status label key mismatch corrected; Last checked timestamp added
• Fix: readme.txt — corrected admin menu path (ZaffroAI, not WooCommerce → Zaffro) and analytics metrics
• New: Stripe trial period days configurable in admin settings (was hardcoded at 14 days)

1.3

• New: Analytics dashboard — sessions, conversions, AI buyer rate, model usage, daily trend chart
• New: Conversation log — full message history with AI summary generation per session
• New: 5-step onboarding wizard — shop details, industry template, discount slider, live test chat
• New: GDPR tooling — WP Privacy API export/erasure, PII masking before DB write
• New: Session DB cleanup cron — configurable retention (7–365 days)
• New: Custom update checker for direct-download builds (not applicable on WP.org)
• Security: Dev API keys moved to gitignored config file (filter-based)
• Fix: Text domain normalised to zaffro throughout
• Fix: All user-facing strings wrapped in i18n functions; Hungarian .po/.mo updated

1.2

• New: Cloud proxy architecture — API keys stay on Zaffro servers
• New: Gemini 2.5 Flash as default model
• New: Gemini 2.5 Pro as upgraded model
• New: Checkout button without coupon ([CHECKOUT:PRODUCT_ID] tag)

1.1

• New: WooCommerce coupon generation via [COUPON:ID:PERCENT] tag in AI response
• New: Manual product list / non-WC catalogue ({{catalog}} admin text field)
• New: AI buyer detection — 7 heuristics, configurable threshold
• New: System prompt onboarding wizard with 10 industry templates

1.0

• Initial release — chat widget, WooCommerce product context, one-click checkout