=== QMSpace Business Facts for AI Assistants ===
Contributors: qmspace
Tags: ai, chatgpt, claude, schema, local business
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.3.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Make your business visible to AI assistants like ChatGPT, Claude & AI Search. When customers ask about your business, give them the right answer.

== Description ==

**Stop losing customers to wrong AI answers.**

When someone asks ChatGPT, Claude, Gemini, or Perplexity about your business, what do they say? Probably something wrong, outdated, or nothing at all.

QMSpace Business Facts fixes that by creating structured data (JSON-LD) that AI assistants can read and understand. It's like a business card for AI.

= What This Plugin Does =

* Creates a `.well-known/ai-business.json` endpoint that AI crawlers can discover
* Outputs Schema.org JSON-LD data in your site's head
* Creates an optional business profile page
* Works with all major AI assistants: ChatGPT, Claude, Gemini, Perplexity, and more

= Features (Free) =

* **Business Information** - Name, description, business type
* **Contact Details** - Phone, email, website
* **Address** - Full postal address with optional map link
* **Business Hours** - Daily hours or 24/7 setting
* **JSON-LD Output** - Automatic Schema.org structured data
* **Profile Page** - Optional shortcode `[qmsbf_business_profile]`
* **Business Type** - LocalBusiness, Restaurant, Store, and more
* **Multiple Endpoints** - ai-business.json, ai-plugin.json, llms.txt, REST API

= Pro Features =

Upgrade to [QMSpace Business Facts Pro](https://qmspace.com/buy/a-i-business-facts-pro) for:

* **Social Links** - Connect Facebook, Instagram, LinkedIn, etc.
* **AI Visibility Score** - See how AI-ready your business data is
* **AI Analytics** - Track which AI services access your data
* **Test AI Responses** - See what AI says about your business
* **Bot Blocking** - Control which AI crawlers can access your data
* **Activity Insights** - Detailed reports and PDF export
* **Priority Support**

= Why AI Visibility Matters =

* **800% growth** in AI search usage in 2024
* Millions of people ask AI about local businesses daily
* Without structured data, AI makes up answers or says "I don't know"
* Your competitors may already be AI-optimized

= How It Works =

1. Install and activate the plugin
2. Enter your business information
3. Save settings
4. AI crawlers automatically discover your data at `/.well-known/ai-business.json`
5. JSON-LD is also added to your site's head for search engines

== Installation ==

1. Upload the plugin files to `/wp-content/plugins/qmspace-business-facts/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to **QMSpace Business Facts** in the admin menu
4. Enter your business information
5. Click **Save All Settings**

== Frequently Asked Questions ==

= How do I know if it's working? =

After saving your settings, visit `yoursite.com/.well-known/ai-business.json` in your browser. You should see your business data in JSON format.

= How long until AI knows about my business? =

AI services crawl the web periodically. It may take anywhere from a few days to a few weeks for changes to be reflected in AI responses. The JSON-LD in your site's head helps search engines index your data immediately.

= Do I need the Pro version? =

The free version includes all the essential features to make your business visible to AI. Pro adds social links, analytics, AI testing, and bot control for users who want more visibility and control.

= What Schema.org types are supported? =

LocalBusiness, OnlineBusiness, Store, Restaurant, Service Provider, Organization, and Corporation.

= Does this work with ChatGPT? =

Yes! ChatGPT, Claude (Anthropic), Gemini (Google), Perplexity, and other AI assistants can read the structured data this plugin creates.

== Screenshots ==

1. Main admin interface with business information
2. Hours configuration
3. JSON-LD output preview
4. Profile page shortcode output

== External Services ==

This plugin connects to external services in the following situations:

= QMSpace Lead Capture (Optional, Consent Required) =

During the initial setup wizard, you may optionally provide your email address and consent to receive product updates from QMSpace LLC.

**When triggered:** Only when you check the consent checkbox during setup
**Data transmitted:**
* Email address you provide
* Your website URL
* Your website name
* Plugin version
* Timestamp

**Destination:** https://qmspace.com/wp-json/leads/v1/capture

**Purpose:** To send you product updates, tips, and information about QMSpace Business Facts

**Privacy Policy:** https://qmspace.com/privacy

This data transmission is entirely optional. If you do not check the consent checkbox, no data is sent to QMSpace.

== Changelog ==

= 1.3.2 =
* FIXED: Display visibility now applied to ALL endpoints (llms.txt, ai-plugin.json, OpenAPI spec)
* FIXED: Unchecked fields are now hidden from llms.txt output
* FIXED: ai-plugin.json now respects name, description, and email visibility settings
* FIXED: OpenAPI spec now respects name and description visibility settings
* FIXED: Setup wizard website field now correctly defaults to site URL
* FIXED: Profile shortcode now uses consistent display field handling with all other endpoints

= 1.3.1 =
* FIXED: Display visibility settings now properly respected - unchecked fields are hidden from JSON and all endpoints
* FIXED: JSON-LD output now checks display settings before including each field

= 1.3.0 =
* Changed: Plugin renamed to "QMSpace Business Facts for AI Assistants" with slug "qmspace-business-facts"
* Changed: All prefixes changed from "aibf" to "qmsbf" for uniqueness
* Changed: Shortcode changed from `[ai_business_profile]` to `[qmsbf_business_profile]`
* Changed: REST API namespace changed from "aibf/v1" to "qmsbf/v1"
* Improved: Moved inline CSS/JS to properly enqueued stylesheets and scripts
* Improved: WordPress coding standards compliance

= 1.2.1 =
* Fixed: Paywall upgrade button positioning (now properly centered below feature list)
* Changed: Social links feature description from "10+" to "5+" platforms

= 1.2.0 =
* Security: Added proper output escaping for all URLs and dynamic content
* Security: Added wp_unslash() to all POST data before sanitization
* Security: Changed parse_url() to wp_parse_url() for consistency
* Security: Added isset() checks for $_SERVER variables
* Fixed: Changed date() to wp_date() for timezone-aware time display
* Fixed: Reduced readme tags to 5 (WordPress.org limit)
* Fixed: Plugin name in readme now matches plugin header
* Updated: Tested up to WordPress 6.9

= 1.1.9 =
* Changed: Credit footer setting renamed to "Show Powered by" with clearer opt-in logic
* Removed: "Delete data on uninstall" checkbox from UI (data is always preserved)

= 1.1.8 =
* Fixed: "Powered by" credit now defaults to hidden (WordPress.org guideline 10 compliance)

= 1.1.7 =
* Added: Special Hours Note now included in llms.txt for AI discovery
* Removed: Legacy unused wizard endpoint (code cleanup)

= 1.1.6 =
* Fixed: Wizard intro text now correctly indicates email is optional

= 1.1.5 =
* Fixed: Email field in wizard is now truly optional (removed HTML5 required attribute)
* Fixed: Updated label to show "(optional)" for email field
* Fixed: Readme no longer claims logo is a free feature

= 1.1.4 =
* Improved: Email is now optional in setup wizard when consent is not checked
* Added: Special Hours Note now displays on the profile page
* Added: External Services disclosure section for WordPress.org compliance

= 1.1.3 =
* Fixed: Wizard success message no longer misleading ("Setup saved" instead of "Check your inbox")
* Fixed: Special Hours Note can now be cleared (previously couldn't delete saved text)

= 1.1.2 =
* Security: Removed local lead storage fallback (data only goes to vendor or nowhere)
* Security: Simplified payload (removed unnecessary WP/PHP version info)

= 1.1.1 =
* Fixed: Special Hours Note field now saves properly
* Fixed: Auto-populate no longer fills in admin email (prevents accidental publication of private email)

= 1.1.0 =
* Changed: Lead capture now uses webhook POST instead of wp_mail() for reliability
* Added: Fallback local storage if webhook fails
* Improved: More robust lead delivery across all hosting environments

= 1.0.9 =
* Fixed: Added email validation in wizard step 1 (prevents empty submission)
* Improved: Lead notification email now includes proper headers for better deliverability

= 1.0.8 =
* Fixed: Display Settings checkboxes now work correctly (was treating "false" string as truthy)
* Fixed: Profile page URL now works immediately after creation using query string format
* Fixed: All checkbox settings now properly handle JavaScript boolean-to-string conversion

= 1.0.7 =
* Fixed: Created profile page now accessible immediately without manual permalink flush
* Fixed: Improved rewrite rules handling for AJAX page creation

= 1.0.6 =
* Added: "Delete data on uninstall" setting now exposed in admin UI
* Added: Confirmation warning before site-wide cache flush
* Fixed: Robustness check for parse_url() edge cases in fallback handler
* Improved: Lead notification requires explicit user consent via checkbox

= 1.0.5 =
* Critical: Fixed site-wide OPTIONS request hijack - CORS preflight now only handled for plugin endpoints
* Added: Rewrite rule for /.well-known/qmsbf-openapi.json (was only via fallback)
* Added: OPTIONS preflight handling in rewrite-based endpoint handler
* Fixed: Path matching now uses suffix matching for subdirectory WordPress installs
* Hardening: Escaped all URL outputs in profile template footer

= 1.0.3 =
* Security: Removed hard-coded Google Maps API key from JavaScript (was unused dead code, but blocked sale)
* Cleaned up duplicate map URL generation functions

= 1.0.2 =
* Security: Fixed lead capture in full wizard flow - now requires consent before storing/sending (compliance fix)
* Security: Restored TLS verification in diagnostics self-checks (was disabled, enabling MITM risk)
* Security: TLS verification now filterable via 'qmsbf_diagnostics_sslverify' for local dev environments
* Fixed: Privacy policy URL in ai-plugin.json now uses WordPress configured privacy policy page
* Fixed: Version consistency across plugin header, constant, and class property
* Improved: Lead storage now includes consent metadata and date

= 1.0.1 =
* Security: Added explicit consent checkbox for email collection in setup wizard
* Security: Fixed XSS vulnerability in diagnostics output
* Security: Removed admin_email fallback from ai-plugin.json to protect privacy
* Added: OpenAPI 3.0 specification endpoint at /.well-known/qmsbf-openapi.json
* Added: Proper CORS preflight (OPTIONS) handling for all endpoints
* Added: Diagnostics now checks OpenAPI spec endpoint
* Fixed: Logo paths now use reliable AIBF_PLUGIN_URL constant
* Fixed: Lead retention capped at 100 entries
* Improved: Flush cache button label clarifies scope
* Improved: Profile page footer now shows all 5 discovery endpoints

= 1.0.0 =
* Initial release
* Business info, contact, address, hours
* JSON-LD output at /.well-known/ai-business.json
* Schema.org structured data in head
* Profile page shortcode
* Business type selection
* Display settings for controlling what appears
* Multiple AI discovery endpoints

== Upgrade Notice ==

= 1.2.1 =
UI fix: Paywall button positioning corrected.

= 1.2.0 =
WordPress Plugin Check compliance: Security improvements and coding standards fixes.

= 1.1.9 =
UI cleanup: Credit footer setting clarified, uninstall checkbox removed.

= 1.1.8 =
WordPress.org compliance: Credit footer now hidden by default.

= 1.1.7 =
Special Hours Note now visible to AI crawlers via llms.txt. Code cleanup.

= 1.1.6 =
Wizard text updated to clarify email is optional.

= 1.1.5 =
Fixed: Email is now truly optional in setup wizard.

= 1.1.4 =
Email now optional in wizard when not opting in. Special Hours Note displays on profile page.

= 1.1.3 =
Bug fixes: Corrected wizard message, Special Hours Note can now be cleared.

= 1.1.2 =
Security: Lead data no longer stored locally on customer sites.

= 1.1.1 =
Bug fix: Special Hours Note now saves. Auto-populate no longer exposes admin email.

= 1.1.0 =
Major improvement: Lead capture now uses reliable webhook instead of unreliable wp_mail().

= 1.0.9 =
Improved email validation in wizard and better email deliverability.

= 1.0.8 =
Fixed: Display Settings checkboxes now work. Profile page accessible immediately after creation.

= 1.0.7 =
Fixed: Profile page now works immediately after creation without needing to flush permalinks.

= 1.0.6 =
Added delete on uninstall setting to admin UI, cache flush confirmation, and improved consent-based lead capture.

= 1.0.5 =
Critical fix: Resolves site-wide OPTIONS request hijack that could break other plugins and integrations. Required update.

= 1.0.3 =
Removed hard-coded Google Maps API key. Required for marketplace compliance.

= 1.0.2 =
Security update: Fixed consent handling in wizard complete flow, restored TLS verification in diagnostics. Recommended for all users.

= 1.0.1 =
Security update: Improved consent handling, XSS fixes, and privacy enhancements. Added OpenAPI 3.0 spec endpoint.

= 1.0.0 =
Initial release. Make your business visible to AI assistants today!
