EcomAIBridge for WooCommerce

Changelog

1.0.3

• Moved the admin screen from a top-level menu to Settings → EcomAiBridge to follow the WordPress recommended placement for plugins of this scope.
• About tab: the companion-plugin link now points to the dedicated upgrade page on ecomaibridge.com and includes the site domain and admin email as query parameters so the form is pre-filled.

1.0.2

• Restructured the plugin to comply with WordPress.org Plugin Directory Guidelines on trialware and serviceware. Free is now fully self-contained — no extension hooks, no placeholder tabs, no upsell language tied to gated functionality.
• AI Chat Widget tab: added Model and Base URL fields directly in free, alongside Provider, API Key, and rate-limit settings. Removed the dynamic provider help script.
• Removed the llms.txt root-file generator. Discovery is now handled solely through the existing /.well-known/ai-bridge.json endpoint.
• Removed the standalone api_key setting and the Store Settings tab — neither was used by any free endpoint.
• Removed the placeholder “AI Personality”, “Business Info”, and “Behavior & FAQ” admin tabs (these features live in the separate Pro Add-on plugin and were not functional in free).
• Renamed the License tab to About; replaced its feature comparison table with a single neutral note about the separate companion plugin.
• All inline <script> and <style> blocks in admin views replaced with the standard wp_enqueue_* flow.
• uninstall.php no longer references hardcoded WP_PLUGIN_DIR / WP_CONTENT_DIR constants — it now uses plugin_dir_path( __FILE__ ) and wp_upload_dir() for legacy directory cleanup.
• Internal: removed all ecomaibridge_* action and filter hooks that existed solely as Pro extension points (LLM providers, chat hooks, widget config, discovery manifest, tier limits, route registration, admin tabs, tab-view replacement, save fan-out). Free-only analytics now records directly to the Stats class instead of fanning through an action.
• Internal: simplified the LLM client to Groq plus a Custom OpenAI-compatible option. Removed the unused Anthropic native code path.

1.0.1

• Removed the daily-message cap on the chat widget. Per-IP rate limiting (configurable in admin) is unchanged.
• “Powered by EcomAIBridge” widget footer now defaults to off and only appears when the site administrator explicitly opts in via the Chat tab.
• Added Requires Plugins: woocommerce to the plugin header so WordPress dependency-resolves WooCommerce automatically.
• Hardened input handling: $_POST and $_GET arrays are now deep-sanitized before being forwarded to downstream code.
• Removed creation of wp-content/ecomaibridge/ and the data/ cache/ logs/ directories inside the plugin folder. The plugin no longer writes any files inside the plugin directory or wp-content/.
• Security: validate the configured LLM base URL against private, loopback, link-local, and cloud-metadata IP ranges to prevent SSRF.
• Security: cap incoming /ai/chat request body size, JSON nesting depth, and per-message length to prevent unauthenticated memory-pressure DoS.
• Security: added a global daily cap on /ai/chat requests (default 200) as a financial-DoS ceiling for stores facing rotating-IP attackers.
• Security: restrict CORS on POST endpoints (/ai/chat) to the store’s own origin; read endpoints stay open for AI crawlers.
• Security: rate-limit telemetry counter now only increments on actual HTTP 429 responses from the LLM provider.
• Security: settings option set to non-autoload so the LLM API key is no longer pulled into memory on every front-end pageload.
• Internal: cache-key fingerprinting switched from serialize() to wp_json_encode() so the value can never feed an unserialize sink.

1.0.0

• First public release on the WordPress plugin repository.