AuditAE AI Search Toolkit

Changelog

0.19.3

• Branding: the admin screen now shows the new AuditAE logo and green accent so it matches the WordPress.org listing. No functionality change.

0.19.2

• Compliance: changed the text domain to “auditae-ai-search-toolkit” to match the plugin slug, per WordPress.org plugin review. No functionality change.

0.19.1

• Compliance: shortened the display name to “AuditAE AI Search Toolkit” per WordPress.org plugin review. No functionality change.

0.19.0

• New: AI Readiness Score streak — a 🔥 flame appears once your score has climbed two or more readings in a row, on the Score tab, the wp-admin Dashboard widget, and the Score nav chip. Completes the score + 7-day-delta + streak momentum loop, so the number is worth coming back to.
• Improved: the “AI crawlers are reading your site” check is no longer a dead end when no bot has visited yet — it now offers a fix that asks AEBOT for the concrete steps to get discovered (and run a live citation audit on paired sites), so every not-passing check stays actionable.

0.18.1

• Compliance: sanitize the Organization-schema sameAs and redirect source/destination admin form inputs at the point of access (WordPress.org Plugin Check). No behavior change — values were already sanitized downstream.
• Compliance: bumped “Tested up to” to WordPress 7.0 and trimmed the short description to the 150-character limit.

0.18.0

• New: AI Readiness Score — a 0–100 score with a letter grade that summarizes how ready your site is to be read and cited by AI engines, computed entirely from local signals (no account or external call beyond the existing hourly robots.txt fetch). Eight weighted checks: citation bots allowed in robots.txt (20), FAQ schema coverage (16), Organization schema (12), Article/Product schema coverage (12), unresolved AI-bot 404s (12), AI crawlers actually reaching the site (12), llms.txt served (8), and content freshness (8). Each check shows its status, points, a one-line explanation, and a direct “fix” link.
• New: the Score is the new default landing tab and shows a 7-day delta (“▲ +6 points in the last 7 days”) plus a “N points to grade B” target, from a bounded daily score history kept locally. The wp-admin Dashboard widget now leads with the score + delta.
• New: every not-yet-passing check links to the fix — robots.txt/redirects/schema/llms.txt checks deep-link to the right settings tab; schema, FAQ, and freshness checks offer to hand the work to AEBOT (paired sites) or prompt you to connect (unpaired). On paired sites the AEBOT links carry the exact task, so the assistant opens with the fix already requested.

0.17.0

• New: robots.txt audit on the AI Crawlers tab. Fetches your site’s robots.txt and classifies every tracked AI bot as allowed, limited, or blocked — with a red callout when a citation engine (GPTBot, ClaudeBot, PerplexityBot, Bingbot, …) is blocked outright. A stale Disallow aimed at scrapers routinely takes citation bots down with it, and from the outside that looks identical to “AI just doesn’t cite me”. Re-checked hourly; also exposed to paired accounts at GET /auditae/v1/robots-audit (read capability).
• New: persistent crawler statistics. The rolling 500-entry log only spans a few days on a busy site, so 30-day totals, by-bot counts, and “since last hit” silently undercounted or went stale once entries were pruned. The tracker now also keeps compact per-day per-bot counters (90 days, one wp_options row) plus an exact per-bot last-seen timestamp that never falls out of the window.
• New: the By bot breakdown now shows when each bot last hit (“3 hours ago”), not just a count — and a Daily activity table shows per-day hits for the last 14 days.
• New: wp-admin Dashboard widget — 30-day AI hit count, distinct bots, last-hit recency, and the top three bots, without opening Settings → AuditAE.
• New: Export log as CSV button on the AI Crawlers tab (timestamp, bot, path, status).
• New: the llms.txt tab now edits the Optional links section (enable toggle, title, one link per line as Title | URL | description) — previously this was only reachable via the REST API.
• Fix: corrected a stale docblock in the redirect handler that still described the pre-0.15.1 hook ordering.

0.16.0

• Security: capability-consent hardening on three REST surfaces. (1) PATCH /media/{id} (alt text + caption) now requires the write_seo capability as documented — it was previously reachable with read-only consent because the action-dispatch permission gate fell through to read on routes with no action param. (2) POST /llms-txt with action=write, action=reset, or no action now requires write_seo; previously reset and a missing action slipped through the read gate, letting a read-only token rewrite or reset the manifest. (3) Updating a post that is already published (PATCH /posts/{id} and POST /posts/{id}/internal-link) now requires the publish capability — draft consent (“create and update draft posts”) no longer allows changing live content. The bearer token still gates everything; this tightens what each granted capability permits.
• The Permissions card now labels publish as “Publish posts and edit already-published content” to match the enforced behavior. If AEBOT reports a missing publish capability after this update, grant it from Settings → AuditAE → Connect.
• Fix: deleting the plugin now also removes the auditae_redirects option — redirect rules were the one key uninstall.php left behind.
• Fix: the “Redirect to” field in the suggested-redirects table rejected relative destinations like /new-path (it was a url-type input, so browsers demanded an absolute URL). Now a text field, matching the manual-add form.
• Crawler tracker: added Claude-User and Claude-SearchBot (Anthropic’s current fetcher user-agents — previously only ClaudeBot/Claude-Web were detected), MistralAI-User (Mistral’s Le Chat fetcher), and AI2Bot to the signature list.

0.15.1

• Fix: bot hits to URLs that had a matching 404→301 redirect rule were being silently dropped from the AI crawler log. The redirect handler was hooked on template_redirect at priority 0 and called exit before the crawler logger (priority 1) could run, so the AI Crawlers tab’s “since last hit” stat stayed stale while bots actively pinged redirected paths. The logger now runs first (priority 1) and the redirect handler runs after (priority 2). Hits to paths with an active redirect rule are stamped with the rule’s status (301/302) instead of 404, so the suggested-redirects rollup (which keys on status=404) keeps working unchanged.

0.15.0

• New REST surface for the 404 → 301 redirect manager: GET /auditae/v1/redirects (list rules) + POST /auditae/v1/redirects (dispatches on action: list | suggest | write | delete). The suggest action wraps the same “AI bots 404’d here” rollup the admin tab uses, so paired AuditAE accounts can ask AEBOT “check my redirect suggestions” and the assistant returns the same one-click proposals the human-facing tab shows. write and delete are gated by the write_seo capability and write to the existing auditae_audit_log so every bot-initiated rule change is auditable from the admin tab.
• No behavior change for the human-facing admin tab — same storage, same matcher, same template_redirect hook. Drop-in upgrade from 0.14.x, no re-pair required.

0.14.0

• New Redirects admin tab. Wired to the AI crawler log: shows paths that AI bots (GPTBot, ClaudeBot, PerplexityBot, etc.) hit and got a 404, with a one-click form to add a 301 to wherever the content actually lives now. Rules only fire on 404s, so they can never hijack a real page. Also includes a manual add form (301 or 302) and an active-redirects table with per-rule hit counters + “last hit” timestamps. Same wp_options storage pattern as the rest of the plugin — no new tables.

0.13.0

• New Schema admin tab: build site-wide Organization JSON-LD from a small form (name, URL, logo, description, sameAs). Renders on every front-end page so AI engines can resolve “what brand is this site?” without an LLM call. Same shape AuditAE’s hosted Schema Generator emits.

0.12.3

• Plugin Check follow-up: $_POST['sections'] in the llms.txt save handler now flows through map_deep( …, 'sanitize_text_field' ) so every leaf value is sanitized before the per-field casts run. No behavior change.

0.12.2

• WordPress.org Plugin Check pass: hardened JSON-LD output (JSON_HEX_TAG|JSON_HEX_AMP) so </script> breakouts are impossible, ran every $_SERVER and $_POST field through wp_unslash() + a sanitizer, replaced unlink() with wp_delete_file(), removed the redundant load_plugin_textdomain() call (WP auto-loads since 4.6), and aligned the plugin header with the directory title. No behavior changes.

0.12.1

• WordPress.org submission readiness: bundled the Instrument Serif font locally (SIL OFL 1.1) instead of loading it from Google Fonts, so the admin UI makes no third-party requests. Added a translation template at languages/auditae.pot.

0.12.0

• New: Media library REST endpoints (GET /media, GET /media/{id}, PATCH /media/{id}, POST /media). Paired AuditAE accounts can audit images with empty alt text, write descriptive alt + caption in bulk (gated by write_seo), and sideload generated hero images from a URL for AEBOT-drafted posts (gated by draft).
• New: Internal-link graph endpoints (GET /links/graph, GET /links/post/{id}). Surfaces per-post incoming/outgoing counts and orphan posts so AEBOT can recommend where to weave new internal links.
• New: POST /posts/{id}/internal-link — safe text-replace link insertion. Wraps the first unlinked occurrence of an anchor in <a> without rewriting the rest of the post. Refuses external URLs. Returns previous_state for undo. Gated by the same draft/publish rule as wp_update_post.
• Fix: /llms.txt Sections editor table layout. The “On” column header was crashing into “Section title” because the table inherited the activity-log fixed layout.

0.11.0

• New: /llms.txt generator. Serves a markdown manifest at the site root following the llmstxt.org spec. Defaults are auto-built from your public post types; a new admin tab lets you customize the H1, blockquote intro, per-section titles, and an optional links section. Cached in a transient and regenerated on save.
• Three matching REST endpoints (GET /llms-txt, POST /llms-txt, POST /llms-txt/reset) so paired AuditAE accounts can curate the manifest from chat. Gated by the write_seo capability.

0.10.0

• New: Schema Graph. Per-post JSON-LD (Article, Product, HowTo, BreadcrumbList) stored in _auditae_schema_graph post_meta and emitted in wp_head. Site-wide schema (Organization, WebSite) stored in auditae_organization_schema. All nodes linked by @id so AI engines resolve relationships without guessing. Detects and reuses Yoast/Rank Math @id values when present.
• REST endpoints: POST /posts/{id}/schema, POST /organization-schema, GET /probe-schema. Gated by write_seo.

0.9.0

• WordPress.org submission prep: uninstall.php cleans up every option, transient, and per-post meta key on plugin delete. load_plugin_textdomain registered on init and visible admin strings wrapped in __() / esc_html__() so translations can ship without code changes.

0.8.0

• Reorganized admin into tabs. The AI Crawlers tab is the default landing surface; the AuditAE pairing flow moved to its own tab. Reinforces that the crawler tracker works without an AuditAE account.

0.7.0

• New: AI Crawler Tracker. Logs hits from ~27 AI bots on every front-end request and surfaces summary, by-bot counts, and top paths on the admin dashboard. Rolling 500-entry log in wp_options — no custom tables, no telemetry, no external calls.
• New REST endpoint GET /auditae/v1/crawler-hits (gated by the existing read capability) so paired AuditAE accounts can ingest the log into AEBOT.

0.6.0

• Branded admin UI. Settings → AuditAE uses the AuditAE visual language (terracotta accent, serif headings, card-based layout). CSS is scoped to the AuditAE screen so the rest of wp-admin is untouched.

0.5.0

• FAQ JSON-LD schema injection via new POST /posts/{id}/faq-schema endpoint. Stores question/answer pairs in post_meta and emits a schema.org/FAQPage <script type="application/ld+json"> block in <head> on singular post views. Post content is NOT modified. Capped at 25 Q&A pairs per post; gated by the write_seo capability.

0.4.0

• GET /posts — list recent posts with pagination, status filter, search, and post_type. GET /posts/{id} — full post snapshot including per-post SEO meta for Yoast + Rank Math. Both require the read capability.

0.3.0

• HTTPS enforced on /pair and every bearer-protected route. Local dev installs can opt out with define('AUDITAE_ALLOW_INSECURE', true).
• /pair brute-force lockout (10 failed attempts in 10 minutes → 429).
• Drafts now authored by the admin who generated the pairing code, not user 0.
• Create + update now accept excerpt, slug, categories, tags, featured_image_id.

0.2.0

• Per-post SEO meta editing for Yoast SEO and Rank Math via /posts/{id}/seo. Generic post meta passthrough now rejects SEO-prefixed keys so the write_seo consent boundary holds.

0.1.0

• Initial release: pairing flow, /status, /posts (create + update), /seo/yoast/settings, /audit-log, /disconnect.