*** WonderTax Labs Audita Changelog ***

2026-05-29 - version 1.3.6
* Fixed - Additional WordPress.org plugin review compliance fixes

2026-05-29 - version 1.3.5
* Security - Added WordPress nonce verification to OAuth initiation flow to prevent CSRF attacks
* Security - OAuth callback now requires verified token from user confirmation step
* Security - Added confirmation UI requiring explicit user action before creating API credentials
* Added - New OAuth confirmation page with clear description of requested permissions
* Fixed - WordPress.org plugin review compliance for nonce and user permission checks

2026-05-27 - version 1.3.4
* Security - Added current_user_can() capability checks before processing OAuth initiation
* Security - Added current_user_can() capability check at start of OAuth callback handler
* Security - Removed admin_post_nopriv_wondertax_oauth hook (OAuth now requires authentication)
* Fixed - Tested up to WordPress 7.0

2026-05-19 - version 1.3.3
* Changed - Renamed plugin folder and files to match WordPress.org slug (wondertax-labs-audita)
* Fixed - Text domain changed to match WordPress.org plugin slug
* Fixed - Inline CSS now uses wp_add_inline_style() instead of raw style tags
* Fixed - PHP_VERSION output is now properly escaped

2026-05-18 - version 1.3.2
* Removed - Hidden .gitkeep file from languages folder
* Removed - Domain Path header (not needed for WordPress.org)

2026-05-18 - version 1.3.1
* Removed - Custom plugin updater (now uses WordPress.org update system)
* Update - Ready for WordPress.org plugin directory submission

2026-05-18 - version 1.3.0
* Fixed - WordPress Plugin Check compliance issues
* Fixed - Added proper output escaping in test files
* Fixed - Added wp_unslash() before sanitization for $_GET/$_POST data
* Fixed - Added PHPCS ignore comments for intentional direct database queries
* Fixed - Variable prefixing in uninstall.php
* Fixed - Created languages folder for i18n support
* Fixed - Reduced tags to 5 in readme.txt

2026-05-10 - version 1.2.9
* Removed - Vercel deployment protection bypass code (no longer needed)
* Fixed - Existing users now receive authenticated session during WooCommerce connect flow
* Update - Simplified server-to-server API calls

2026-05-09 - version 1.2.8
* Fixed - Status endpoint URL corrected to /api/integrations/woocommerce/status
* Fixed - Uninstall script now reads option values before deleting them
* Fixed - Transient token expiry extended to 1 hour to match HMAC window

2026-05-09 - version 1.2.7
* Added - Extended HMAC authentication window from 10 minutes to 1 hour

2026-05-08 - version 1.2.6
* Added - Open WonderTax Labs dashboard button with HMAC-signed authentication
* Added - Dual-key mode support for live/test API key switching
* Added - Mode selector UI in WordPress admin for dual-key installations

2025-05-07 - version 1.2.5
* Fixed - Removed debug logging (error_log) calls for WooCommerce marketplace compliance
* Fixed - Added proper output escaping for transaction count display
* Fixed - Added phpcs ignore comment for REST API permission callback

2025-05-07 - version 1.2.4
* Update - Plugin title changed to "WonderTax Labs: Audita" throughout admin UI
* Update - Menu item and page title updated to "WonderTax Labs: Audita"

2025-05-07 - version 1.2.3
* Update - Renamed plugin from wondertax-woocommerce to wondertaxlabs-audita

2025-05-07 - version 1.2.2
* Added - changelog.txt for WooCommerce marketplace compliance

2025-05-07 - version 1.2.1
* Fixed - Minor bug fixes and stability improvements

2025-05-01 - version 1.2.0
* Added - Enhanced admin dashboard UI
* Fixed - Better error handling for API connections

2025-04-25 - version 1.1.0
* Added - Improved connection status indicators
* Fixed - Enhanced security for credential storage

2025-04-23 - version 1.0.17
* Fixed - API credential storage now matches WooCommerce format (consumer_secret stored as-is, not hashed)
* Fixed - Activation redirect now user-scoped to prevent affecting other admins in multi-user sites
* Fixed - Removed non-functional tax toggle form (audit only mode)
* Update - Plugin subtitle updated to reflect sales tax auditing
* Update - Settings page now clearly indicates audit-only mode status

2025-04-23 - version 1.0.12
* Added - Automatically redirect to settings page after plugin activation

2025-04-23 - version 1.0.11
* Fixed - API credential creation (admin and OAuth flows) now properly cleans up orphaned keys before insert
* Fixed - API credential creation validates WooCommerce API functions availability
* Fixed - API credential creation checks for API keys table existence before operations
* Fixed - Improved SQL safety with proper escaping for SHOW TABLES LIKE queries
* Added - User permission verification for manage_woocommerce capability
* Fixed - Database error details logged server-side only, not exposed to users

2025-04-22 - version 1.0.10
* Fixed - Use wp_safe_redirect() instead of wp_redirect() for external redirects
* Fixed - Added DNS rebinding protection to prevent SSRF via hostname resolution
* Fixed - Disabled following redirects in credential exchange fetch
* Added - Unit tests for HMAC validation, URL validation, and DNS resolution

2025-04-22 - version 1.0.9
* Fixed - Credentials now exchanged server-to-server (never in URL or browser history)
* Fixed - Per-install secrets replace shared app secret (each store has unique secret)
* Fixed - One-time tokens with 5-minute expiry for credential exchange
* Added - REST API endpoint for secure credential exchange
* Fixed - Plaintext credentials no longer stored in pending integration state

2025-04-22 - version 1.0.8
* Added - WordPress-initiated OAuth flow with HMAC-signed requests
* Added - Automatic user creation from WordPress admin email
* Added - Entity selection support for users with multiple businesses
* Update - More secure credential exchange
* Update - Better integration with WonderTax Labs entity management

2025-04-22 - version 1.0.7
* Added - WooCommerce Block Checkout (Store API) compatibility
* Added - Cart and Checkout Blocks feature declaration
* Update - Tax calculation now works with both Classic and Block Checkout
* Added - Store API hooks for real-time tax updates during address changes

2025-02-07 - version 1.0.4
* Fixed - OAuth callback redirect field mismatch with SvelteKit backend
* Update - Integration reconnection handling for disconnected stores
* Update - Backend API to properly handle re-authorization of existing connections

2025-02-04 - version 1.0.3
* Fixed - Plugin icon display by bundling PNG logo locally
* Update - Compatibility with WordPress.com hosting environment

2025-02-04 - version 1.0.2
* Fixed - WooCommerce feature compatibility declaration with safer error handling
* Added - Plugin icon display in WordPress plugins list
* Update - Stability with try-catch blocks for compatibility checks

2025-02-04 - version 1.0.1
* Added - Live/Test Mode status indicator in WordPress admin
* Added - Recent transaction activity stats (last 30 days)
* Added - API key status badge (Test/Live/Disabled)
* Added - Link to comprehensive WooCommerce setup documentation
* Update - Error handling and user guidance
* Update - UI with Material Design 3 styling

2025-01-24 - version 1.0.0
* Added - Initial release
* Added - OAuth connection flow
* Added - Real-time tax calculation
* Added - Automatic order webhooks
* Added - Admin settings interface
